Privacy Policy of the Automation Valley Malaysia (as of 1st March 2022)

I. Name and address of the controller

The controller in the sense of the General Data Protection Regulation (“GDPR”) and other national data protection laws of the Member States as well as the Personal Data Protection Act 2010 of Malaysia (“PDPA”) is:

Malaysian-German Chamber of Commerce and Industry (“MGCC”)
Lot 20-01 Menara Hap Seng 2 No. 1 Jalan P. Ramlee
50250 Kuala Lumpur Malaysia
Phone: +603-9235 1800
Email: info@malaysia.ahk.de
Website: www.malaysia.ahk.de

II. Name and address of the data protection officer

The data protection officer of MGCC is:

Mr Yanick Röhricht
mip Consult GmbH
Wilhelm-Kabus-Str. 9
10829 Berlin Germany
Phone: +49 30-20 88 999 0
Email: pdpa@malaysia.ahk.de
Website: www.sofortdatenschutz.de

The Representative of MGCC according to Section 27 GDPR is:

mip Consult GmbH
Wilhelm-Kabus-Str. 9
10829 Berlin Germany
Phone: +49 30-20 88 999 0
Email: malaysia.ahk(at)mip-consult.de
Website: www.sofortdatenschutz.de

III. General information regarding data processing

1. Scope of processing of personal data

In principle, we collect and use personal data of our users only to the extent it is required to provide a functioning website as well as for our content and services. The processing of personal data of our users is carried out regularly only after consent is given by our users. An exception applies in cases in which a previous obtaining of a consent is not possible for actual reasons and where the processing of data is permitted on the basis of statutory provisions.

2. Legal basis for the processing of personal data

We process personal data in compliance with the regulations of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act ”Bundesdatenschutzgesetz” (BDSG) as well as the Malaysian Personal Data Protection Act 2010 (PDPA) especially on the basis of the following statutory grounds:

To the extent that we obtain consent from the data subject for the processing of personal data, Section 6 Subsection 1 lit. a GDPR and Section 6 Subsection 1 lit. a PDPA serves as legal basis for the processing of personal data.

For the processing of personal data required to execute a contract whose contractual party is the data subject, Section 6 Subsection 1 lit. b GDPR and Section 6 Subsection 2 lit. a PDPA serve as legal basis. This also applies to processing that is required for the execution of pre-contractually measures.

If such processing is required to maintain a legitimate interest of our company or a third party, and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the former interest, Section 6 Subsection 1 lit. f GDPR and Section 6 Subsection 2 lit. f PDPA serve as legal basis for such processing.

3. Data deletion and duration of storage

Personal data of the data subject will be deleted or blocked as soon as the purpose for storing such data no longer applies. Storage beyond such a period can be affected if such storage is prescribed by the European or national legislative body in provisions pertaining to European Union law or Malaysian law. Blocking or deletion of data is also affected if a storage period expires that is prescribed by the cited standards, unless there is a requirement for further storage of such data to enter into a contract or to execute a contract.

The Personal Data will be stored for ten (10) years unless another divergently legal provision applies or if the purpose has not ceased to exist. After the fulfilment of the This is because of the commercial and tax regulations, which obligate to keep records.

IV. Provisioning of website and creation of logfiles

1. Scope of processing of personal data

Any time our web page is visited, our system collects data and information in an automated fashion from the computer system of the accessing computer. The following data is collected in the process: Information regarding the browser type and the version used; the operating system of the user; the internet service provider of the user; date and time of access; referrer URL (recently visited website); notification of successful retrieval.

2. Legal basis for the processing of data

Legal bases for the temporary storage of data and the logfiles are Section 6 Subsection 1 lit. f GDPR and Section 10 PDPA.

3. Purpose of data processing.

The temporary storage of the IP address by the system is necessary to facilitate delivery of the website to the computer of the user. To do so, the IP address of the user must remain stored for the duration of the session.

Storing of logfiles is effected to ensure the functionality of the website. In addition, such data helps us to optimize the website and to ensure the security of our information technology systems. An analysis of such data for marketing purposes will not be carried out in this context.

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfil the purpose of its collection. In the event of collection of data for the provisioning of the website this is the case whenever the respective session ends.

In the event of storing of data in logfiles this is after thirty (30) days the case at the latest. Storage to exceed such a period is not possible because the deletion is automatic after the end of the storage period. In such a case, the IP addresses of the users are deleted or redacted so that an allocation of the accessing client is no longer possible.

5. Option of objection and removal

Collection of data for the provisioning of the website and storing of data in logfiles is required for the operation of the web page. If you do not provide this data, you will not be able to use this website.

V. Use of cookies

We use cookies on our website. Cookies are small text files, that generally consist of letters and numbers and are stored on the user’s computer when visiting certain websites.

Some of these cookies are essential for the functioning of our website.

Generally, we only use essential cookies. Essential cookies enable the core functionality of our website. Without these essential cookies, our website cannot be displayed correctly, respectively certain parts of the website do not work correctly. Essential cookies can only be disabled in your internet browser settings. Legal basis for the processing of personal data while using essential cookies are Section 6 Subsection 1 Sentence 1 lit. f GDPR and Section 6 Subsection 2 lit. f PDPA.

Please click the button “Manage Consent” on the bottom right corner of this webpage here, to get further information about the Cookies we use and change your cookie settings.

Alternatively, you can prohibit the storage of cookies in each case individually via the settings of your browser (with the “help”-setting of your browser, you will learn about how to change your cookie-settings).

You can find help on cookie management in the most popular browsers at the following addresses:

• Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
• Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
• Google Chrome: https://support.google.com/accounts/answer/32050?hl=en&co=GENIE.Platform%3DDesktop
• Opera: http://www.opera.com/de/help
• Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE.

VI. Newsletter

1. Description and scope of data processing

With the following description, we inform you about our newsletter as well as the registration, dispatch and evaluation procedure and inform you about your rights of objection. If you subscribe to our newsletter, you agree to receive the newsletter and the described procedures.

Newsletter content: We use free newsletter, Emails and other electronic notifications with advertising information (hereinafter “Newsletter”) only on the ground of the consent of the user or statutory permission. If we specifically describe individual newsletters as part of the registration process, this description is crucial for the consent of a Newsletter subscriber. If there is no separate description, you will receive information about our products, offers and promotions as well as information about our company in our Newsletters.

Opt-Out: The registration to our Newsletter is carried out by registration as a member on our Platform. During the registration process, you will have the opportunity to opt-out of the registration to our newsletter, by clicking on a respective button. We will save the registration to our Newsletter to prove the registration according to statutory provisions. This includes the time of registration and confirmation as well as the IP-address. Also, any changes of your data made at the Newsletter-service-provider will be saved.

The Newsletter will be sent through XXXX. You can find their Privacy-Policy at xxx.xxxxxx.com

2. Legal basis for the processing of data

The dispatch of the newsletter and the measurement of success take place on the basis of Section 6 Subsection 1 lit. a, Section 7 GDPR in conjunction with Section 7 Subsection 2 No. 3 UWG (Act Against Unfair Competition) and Section 6 Subsection 1 lit. a PDPA, respectively on the basis of statutory permission according to Section 7 Subsection 3 UWG.

The recording of the registration process is based on our legitimate interests according to Section 6 Subsection 1 sentence 1 lit. f) GDPR as well as Art. 6 Subsection 1 lit a PDPA and serves as proof of consent to receive the newsletter.

As far as it concerns the newsletter dispatch in the context of the membership to the contacts of our data base registered with us, Section 6 Subsection 1 lit. b GDPR and Sec. 6 Subsection 2 lit. b PDPA are valid as legal basis.

3. Purpose of data processing

Collection of the email address of the user is done to deliver the newsletter.

4. Duration of Storage

Data is deleted as soon as it is no longer required to fulfil the purpose of its collection. If subscribers to the Newsletter cancel their subscription, the personal data will be deleted.

5. Newsletter tracking

To optimize our Newsletter-offer, we use personalized newsletter tracking. The Newsletters contain a so-called Web-Beacon. This is a pixel-sized file that is retrieved from the server of the newsletter service provider when the Newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and your reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

6. Option for objection and removal

A newsletter subscription may be cancelled by the respective user at any time. A special link is provided in every newsletter for this purpose. Alternatively, you may also opt out by selecting opt-out in your profile.

VII. Registration

1. Description and scope of data processing

You can become a member of the Automation Valley Malaysia. As part of the registration process under “Membership” and/or “Become A Member”, we collect personal data. This includes in particular first and last name, position in the company or organisation, affiliation if applicable, phone number and e-mail address. At the time of registration, the date and time of registration, the browser used and the operating system are also collected. To prevent unauthorized access to your personal data by third parties, the registration process is encrypted using TLS_AES_128_GCM_SHA256, 128 bit key, TLS 1.3. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you e-mails with technical information.

2. Legal basis for the processing of data

Legal basis for the processing of data are Section 6 Subsection 1 lit. a GDPR and Section 6 Subsection 1 lit. a PDPA if the consent of the user is on hand. If the registration serves the execution of a contract whose contractual party is the user, or the execution of pre-contractual measures, the additional legal bases for the processing of data are Section 6 Subsection 1 lit. b GDPR and Section 6 Subsection 2 lit. b PDPA.

3. Purpose of data processing

A registration of the user is required for the execution of a contract with the user, or for the execution of pre-contractual measures. Your registration may be an application for membership, tendering for projects or an event registration.

More information can be found in our information requirements:

1. Membership Application;
2. Event Registration;
3. Tendering for Projects;
4. Searching for Projects;
5. Newsletter subscription;
6. Networking.

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfil the purpose of its collection. This is the case for data collected during the registration process for the execution of a contract or for the execution of pre-contractual measures if such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfil contractual or statutory requirements.

Under German and Malaysian law, a statutory retention period of ten (10) years applies to personal data collected. This requirement results from the accounting and record-keeping obligations under commercial and tax law.

5. Option for objection and removal

As user, you have at any time the option to cancel the registration. Your stored personal data can be amended at any time. To delete your data, please click on the button “Cancel my Membership”. Your data will be deleted according to the statutory provisions.

In case of an early cancellation of your membership, there will be no refunds paid out by us.

If the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.

VIII. Forwarding of personal data

Within our company, access to your data is granted to those departments that need it to fulfil our contractual and legal obligations.

Processors consulted by us (Section 28 GDPR) may also receive data for the above-mentioned purposes. These are companies in the categories of IT services, logistics, banks and payment providers, telecommunications, debt collection, advice and consulting, and sales and marketing. If we pass on data to our service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organizational measures in place to protect the rights of the data subjects, ensure an appropriate level of data protection and are carefully monitored by us.

Data is only passed on to third parties who are not order processors within the framework of legal requirements. We only pass on users’ data to third parties if this is necessary, for example, on the basis of Section 6 Subsection 1 sentence 1 lit. b) GDPR or Section 6 Subsection 2 lit. a PDPA for contractual purposes or on the basis of legitimate interests pursuant to Section 6 Subsection 1 sentence 1 lit. f) GDPR or Section 6 Subsection 2 lit. f PDPA in the economic and effective operation of our business operations, or if you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties.

IX. FPX Payment

For membership payments, we use FPX as a paying method. FPX Payment is an external tool to provide immediate and direct payments. When you make a membership payment, you will be directed to the FPX website to complete said payment. On this website you will be informed separately about any personal data that will be processed by FPX during this process in their privacy policy.

For more Information regarding FPX, please visit https://paynet.my/business-fpx.html.

X. Processing of personal data in the context of the use of external online services

1. Social Media Sharing Button

General note: Social media plugins usually result in every visitor to a page being immediately recorded by these services with their IP address and their further browsing behavior being logged. This can happen even if you do not press the button. To prevent this, we use the Shariff method. In doing so, our social media buttons only establish direct contact between the social network and you when you click the respective share button. If you are already logged in to a social network, this is done without another window for Facebook and Google+. On Twitter, a pop-up window appears in which you can still edit the text of the tweet. You can thus publish our content on social networks without them being able to create complete surf profiles.

2. Google Fonts

Google Fonts, external fonts of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland, https://www.google.com/fonts. The integration of Google Fonts is carried out locally from our server. In this case a transmission of the IP address to Google no longer takes place.

You can find Google’s data protection information at https://policies.google.com/privacy and an opt-out is possible at https://adssettings.google.com/authenticated.

3. Font Awesome

On our website we use “Font Awesome”, external fonts from Fonctions, Inc, Bentonville, AR, United States, https://fontawesome.com/. For this purpose, the browser you use must connect to the servers of Fonticons, Inc.

The integration of Font Awesome is carried out locally from our server. In this case, a transmission of the IP address to Fonticons Inc. does not take place.

You can find more information about Font Awesome at https://fontawesome.com/help and in the privacy policy of Fonticons, Inc.: https://fontawesome.com/privacy.

4. Our social media presence

You will find us with presences within social networks and platforms so that we can also communicate with you there and inform you about our services on them.

We would like to point out that your data may be processed outside the European Union and that the data is usually processed for market research and advertising purposes. Usage profiles can be created from the usage behaviour and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the users’ computers, in which the users’ usage behaviour and interests are stored. Other data may also be stored in these usage profiles, especially if the users are members of the respective platforms and are logged in to them.

We only link to our company profiles on the respective social networks on our website. However, please note that when you click on a link to the social networks, data is transmitted to their servers. If you are logged in to the respective social network at that time with your username and password, the information that you have visited our company profile on the respective social network from our website will be transmitted and the respective provider can store this information in your user account.

In principle, we have no significant influence on the data processing of the social networks. However, we receive statistics from the providers about the use of and visits to our company profiles on the social networks (e.g., information about the number of views, interactions such as likes and comments, and aggregate demographic and other information or statistics). For more information on the data used by the providers, please refer to the privacy notices of the providers linked below.

Insofar as we receive your personal data in the context of our social media presences (e.g. in the context of a communication), you are entitled to the rights mentioned in this data protection information above in this regard. You can address your inquiries with regard to data processing within the scope of our company profiles to us via the contact data mentioned above.

If, in addition, you wish to assert rights against the provider of the social network, the easiest way to do so is to contact the respective provider directly. The provider knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in each case in the data protection information linked below. We will also be happy to support you in asserting your rights, insofar as this is possible for us.

The processing of personal data of the users is generally based on your consent according to Section 6 Subsection 1 sentence 1 lit. a) GDPR and Section 6 Subsection 1 lit. a) PDPA. Legal basis is Section 6 Subsection 1 sentence 1 lit. b) GDPR and Section 6 Subsection 2 lit. a PDPA, if we receive and process your data in the context of a contract-relate inquiry via our social media presence. The legal basis for the linking and operation of our company profiles in the social networks, including the receipt of statistics on the use of our company profiles, is Section 6 Subsection 1 sentence 1 lit. f) GDPR and Section 6 Subsection 2 lit. f) PDPA based on our legitimate interest in our company communication in the respective social networks.

For information on the respective processing and the respective objection options, we refer to the data protection information of the providers linked below:

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), social network for maintaining existing and making new business contacts – privacy information https://www.linkedin.com/legal/privacy-policy , opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

XI. Rights of the data subject

According to the GDPR and the PDPA, you have the following rights: If your personal data is processed, you have the right to obtain information about the data stored about you (Section 15 GDPR and Section 7 PDPA). If incorrect personal data is processed, you have the right to rectification (Section 16 GDPR and Section 12 PDPA). However, a right according to Section 16 GDPR to rectification does not exist in the case of processing for archiving purposes that are in the public interest.

If the legal requirements are met, you may request erasure or restriction of processing as well as object to processing (Section 17, 18 and 21 GDPR and Section 10 PDPA).

If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have a right to data portability (Section 20 GDPR).

Should you make use of your above-mentioned rights, MGCC will check whether the legal requirements for this are met.

In the event of data protection-related complaints concerning Malaysian data protection law, you may contact the competent supervisory authority: Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi). For data protection complaints that do not concern Malaysian data protection law, contact the supervisory authority responsible for you.