World Asia Logistics (M) Sdn. Bhd. Data Privacy Policy
Summary for external publication purposes1
What is World Asia Logistics (WAL) Data Privacy Policy?
The WAL Data Privacy Policy is a corporate guideline for the data protection standards applicable within the Group and is designed to satisfy legal data protection requirements. All companies within the Group are bound by these regulations with reference to the use of personal data belonging to customers, employees, shareholders and suppliers. The WAL Data Privacy Policy provides appropriate safeguards for WAL’s transmission of personal data belonging to its customers and employees to Group companies around the world, and ensures compliance with the Postal Service Act 2012.
The principles of data protection
Group companies are obliged to protect your personal data. Personal data is any data which can directly or indirectly identify you as an individual, for example your contractual data, such as your name and surname, postal or email address, telephone number or, should an employment relationship exist, your personnel number or data from your personnel file. Insofar as your data has been collected within the scope of WAL’s services, all Group companies must observe the following basic principles, in particular:
- – Your personal data is only processed in the event that a legal basis to do so exists. This legal basis may be derived from a law, a contract or your previous express consent, insofar as the processing of your personal data is required (Principle of legitimating basis).
- – Group companies may only process such personal data required in terms of type and scope for the fulfilment of authorized purposes. Such data must be relevant and appropriate (Principle of purpose limitation).
- – As a matter of principle, you will be informed of the concrete purpose of the data processing in question and of the controller, being the unit responsible for these activities, insofar as no special exceptions exist with reference to the duty to inform, e.g. you have already been informed via another channel or the data is already publicly accessible. Information is available in the Privacy Statements on our websites or within the framework of written contracts (Principle of transparency).
- – Your personal data is deleted as soon as it may no longer be retained pursuant to WAL storage guidelines or applicable legislation. Where at all possible and economically viable, anonymization and pseudonymization measures are applied to ensure that your actual identity is not discernible or cannot be re-established without recourse to a disproportionate amount of effort (Principle of data minimization and data avoidance).
- – All necessary technical and organizational measures are taken to ensure your personal data is protected against unauthorized use and publication, and its security and confidentiality guaranteed. All data stored is up to date (Principle of data security and data quality).
Group companies may transmit your personal data to third parties, such as internal or external service providers or suppliers commissioned by WAL to render services on your behalf. Your personal data shall, however, only be transmitted to companies who are obliged to observe data secrecy and who abide by the relevant legislation in the processing of your data.
Should you, under exceptional circumstances, provide WAL with personal data which is, according to some legal standards, classified as particularly sensitive – such as ethnic origin, religion or health issues – the Group is obliged to only process such sensitive personal data in compliance with the applicable legislation, which can often first require your express consent.
Your rights as the data subject
Group companies are obliged to protect and uphold the rights of the person whose data is processed (data subjects’ rights). As a customer or employee, the following, in particular, fall under such rights in accordance with EU privacy legislation:
- – In your capacity as data subject you may, at any time, request to be informed which data pertaining to you is stored by a given Group company, and also to whom such personal data has been transferred. WAL is however not obliged to comply with your request for information in the event that it affects the interests of a third party in a manner which is not legally permissible, or in the event that, in a specific case, a legitimate interest in protecting business secrets contradicts such a course of action (Right to information).
- – As the data subject, you retain the right of rectification should the saved data pertaining to you be incomplete or incorrect (Right of rectification).
- – Group companies must delete your personal data in the event that data processing was illegal or the requirement for data processing no longer exists. Should statutory retention periods apply, or if deletion is not possible or unreasonable, data shall be blocked (Right to deletion and blocking).
- – You retain the right to object to the use of your data in the event that a contractual or legal right to object exists. In the event you are approached for the purposes of advertising or market/opinion research, the Group company must, upon first contact, inform you once again of your right to object as regards the use or transfer of data for direct marketing purposes. In the event you have consented to the use of your data, you retain the right to revoke your consent at any time (Right to object and right of revocation).
- – The exercising of your rights may not result in discrimination against your person (Prohibition of discrimination).
- – You retain the right to approach the data protection officer of the respective Group company or WAL with questions at any time (Right to express concerns).
Should you require any further information regarding the WAL Data Privacy Policy, please contact the Corporate Data Protection team at enquiry@wal-my.com.