NES Group Rewards Loyalty Programme Privacy Policy

The NES Group Rewards Loyalty Programme is operated by NES Group (“we”/”us”). NES Group is acting as data controller with respect to the collection and the processing of personal data as described in this Privacy Policy.

We take security and protection of your personal data very seriously. When participating in the NES Group Rewards Loyalty Programme, we gather certain personal data from you, or you will make certain personal data available to us. This Privacy Statement explains how we use and disclose this personal data and answers specific questions that you may have regarding privacy and security.

Please therefore read the following conditions carefully to understand our views and practices concerning personal data and our treatment of it.

What personal data do we collect? >

This Privacy Statement applies to all personal data collected by or submitted to us. "Personal data" is any information relating to a living individual which can be identified.

We may collect personal data on the following occasions:

- Data that you submit by filling out forms on our application. This includes data you send us when registering to use our application, subscribing to our services, publishing content, as well as requesting additional services. Occasionally we also ask for data if you take part in an advertising event sponsored by us, register to participate in marketing activities, sign up for our newsletter or have a problem concerning our application.

- If you make contact with us, we can keep a file of our correspondence with you.

- We also occasionally ask you to fill out questionnaires for marketing and opinion research purposes, where your answers are voluntary.

- Details about transactions (i.e. company name, individual contact name, postal address, email address, telephone and/or fax address) made by you on our application as well as the fulfilment of premiums ordered by you.

- Details of your visits to the application (especially data on communication such as date and time of your visit, your browser version, web-logs and other data, required for our own purposes to send an invoice).

- When entering our application, we may also record the IP address you use to connect to the internet. An IP address is a unique identifier that devices use to identify and communicate with each other on the Internet.

For which purpose do we use your personal data >

We process the personal data provided by you for the following purposes:

- to operate our applications, in particular to ensure that the content of our application is presented in the most effective way for you and your computer and to analyse possible errors,

- to prepare information, products and services you have requested from us,

- to fulfil our obligations resulting from agreements with you, to provide service and support in connection with the NES Group Rewards Loyalty Programme and to carry out the transactions you have requested;

 -to enable you to take part in interactive features of our services if you so desire,

- to respond to your inquiries and fulfill your requests,

- to provide you promotional materials and to inform you about products and services that may be of interest to you (but only if you have chosen to receive such promotional materials and information from us) and

- for own security purposes.

On what legal basis do you process your personal data >

We base the above-mentioned processing activities of your personal data on the following legal basis:

Where you have given consent to the processing of your personal data, we base the processing activities on the PDPA Act 2010.

Where the processing is necessary for the performance of the NES Group Rewards Loyalty Programme or other contracts with you or in order to take steps at your request prior to you entering the NES Group Rewards Loyalty Programme or another contract, we base the processing activities on PDPA Act 2010.

Where the processing is necessary for compliance with a legal obligation to which we are subject we base the processing activities on the PDPA Act 2010.

Where the processing is based on our legitimate interest, i.e. because of technical necessity, for web analytics and statistics to monitor, to improve and protect our content, services and applications; for providing application customized experience, we base the processing activities on the PDPA Act 2010. You can obtain information on any of our balancing tests by contacting us using the details set out later in this notice.

Who will we share your personal data with, where and when >

We will share your personal data with our group of companies within NES Group who may assist us to run the Programme.

Personal data will also be shared with third party service providers, who will process it on our behalf for the purposes identified above. In particular, we use third party providers of application hosting, maintenance and marketing services.

In the event that the business is sold or integrated with another business, your details may (subject to the applicable laws) be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.

Moreover, your personal data can be transferred to third parties, in case we are legally obligated to reveal your personal data or to carry out or apply our terms of use (see general terms and conditions of the NES Group Rewards Loyalty Programme) or other terms under contract with you, or to safeguard the rights, property and security of us, and of our customers and others.

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.

Consent, withdrawing consent or otherwise objecting to direct marketing >

In case we collect and process your personal data on basis of consent, we will inform you respectively in a separate document.

Wherever we rely on your consent, you will always be able to withdraw that consent (e.g. by informing us respectively by), although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us at support@nesgroup.my.

Cookies and similar technologies we use >

We collect certain information by automated means when you visit our application, using technologies such as cookies.

When you visit our application, you should be aware that we use cookies. Cookies are small text files sent to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. These text files do, for example, allow us (i) to save the country and the language settings, (ii) to help us to optimize our application and to analyse possible errors (iii) to store information about your preferences and thus adapt our application according to your individual interests and (iii) enable us to detect certain kinds of fraud. We use both session cookies (for session-tracking purposes) as well as permanent cookies (for country and language selection).

You can prevent the storage of any cookies by activating a suitable setting on your browser. If you choose this setting, you may then not be able to access certain pages on our application and/or to complete certain activities on our applications.

Data security >

The security of your data is very important to us we have implemented an information and data security program that contains administrative, technical (such as industry-standard encryption technology) and physical controls that are designed to reasonably safeguard your personal data. Unfortunately, the transmitting of data over the Internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data submitted on our application. Everything entered is at your own risk. As soon as we receive your data, we apply strict procedures and security functions to prevent unauthorized access as much as possible.

Your rights to access, correct and delete your personal data >

You have the right to access your personal data to correct, delete or restrict (stop any active) processing of your personal data and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller PDPA Act 2010.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing - PDPA Act 2010).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

The easiest way to access and update the information you provided to us is to log into your account. To exercise any of the above-mentioned rights, you can get in touch with us – or our data protection officer – using the details set out below. When addressing us, please always provide your name, address and/or email address as well as detailed information about the change you require.

If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.

How do I get in touch with you or your data protection personnel >

We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at support@nesgroup.my.

How long will you retain my personal data >

We will retain your personal data only for limited period of time needed to fulfil the purposes of processing mentioned above. After that time your personal data will be erased. If we process your personal data based on your consent, we will retain your personal data for a limited period of time needed to fulfil purposes of processing.

Where you participate in the NES Group Rewards Loyalty Programme, we will keep your information for the duration of the contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice. The criteria to determine the storage period are statutory and contractual requirements, the nature of our relationship with you, the nature of the data concerned, technical necessities. Laws may require us to hold certain information for specific periods.

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.

In other cases, we may retain data for an appropriate period after any relationship with you ends to protect itself from legal claims, or to administer its business.

Changes in our data protection guidelines >

Any changes we make in the future to our data protection guidelines will be announced on this page and communicated to you by e-mail as necessary.

How to contact us >

If you have any questions about the processing of your personal data, please feel free to contact us at support@nesgroup.my