Graces Consultancy

Menu

PRIVACY NOTICE

PERSONAL DATA PROTECTION NOTICE (PDPA)

This Personal Data Protection Act (“PDPA”) Privacy Notice is issued pursuant to the Personal Data Protection Act 2010 of Malaysia.

It applies to the following entities:
1. Graces Consultancy (Training & Consultancy Services)
2. Agensi Pekerjaan Graces Connect Sdn. Bhd. (Recruitment Services)

1. COLLECTION OF PERSONAL DATA

We may collect your personal data from various sources, including but not limited to:

  • Information you provide in registration, training, consultancy, or recruitment forms;
  • Resumes, cover letters, LinkedIn profiles, and other job applications;
  • Business cards, referrals, networking sessions, training sign-ups;
  • Through our website, email communications, and social media platforms;
  • From publicly available sources and third parties (e.g., references, background checks).

The types of personal data we collect include, but are not limited to:

  • Name, NRIC/passport details, nationality, gender, date of birth;
  • Contact information (address, phone number, email);
  • Employment history, qualifications, skills, referees;
  • Financial, payment, and invoicing details;
  • Photographs, audio/video recordings during training sessions;
  • Sensitive data such as biometric data (e.g., fingerprints, facial recognition), processed only where required and with your explicit consent;
  • Any other personal data necessary for providing our services.


2. PURPOSE OF PROCESSING

Your personal data may be processed for purposes including:

For Graces Consultancy (Training & Consultancy Services):

  • Course registration, administration, delivery, and certification;
  • Customization of training programs, consultancy projects, and follow-up;
  • Issuance of invoices, receipts, and record keeping;
  • Marketing, events, and program updates;
  • Compliance with legal and regulatory obligations.

For Agensi Pekerjaan Graces Connect (Recruitment Services):

  • Processing job applications and matching candidates with potential employers;
  • Communicating with candidates and clients regarding opportunities;
  • Conducting background checks, reference checks, and verifications;
  • Managing contractual relationships with clients and candidates;
  • Complying with obligations under the Employment Agencies Act 1981 and other applicable laws.


3. DISCLOSURE OF PERSONAL DATA

We may disclose your personal data to:

  • Our group entities, partners, associates, and affiliates;
  • Potential employers, clients, training partners, and business associates;
  • Service providers including IT, audit, payroll, HR, legal, insurance, and marketing;
  • Regulatory authorities, government agencies, and law enforcement when required;
  • Any third party authorised by you.

We will not sell, rent, or trade your personal data.

4. CONSENT

By providing your personal data to us, you consent to the processing of your personal data in accordance with this Notice. You may withdraw consent at any time by contacting us (see Section 8 below). However, withdrawal of consent may affect our ability to continue serving you.

5. DATA RETENTION & SECURITY

We will retain your personal data for as long as necessary to fulfil the purposes stated in this Notice, or as required by law. We implement reasonable physical, technical, and administrative safeguards to protect personal data against loss, misuse, modification, unauthorised or accidental access or disclosure.

Our appointed processors are directly bound by the PDPA’s Security Principle and must implement appropriate security measures to safeguard your personal data.

In the event of a personal data breach that results in, or is likely to result in, significant harm, we will notify the Personal Data Protection Commissioner within 72 hours and affected individuals within 7 days, in accordance with the PDPA.

6. CROSS-BORDER TRANSFER

Cross-border transfers will be conducted based on adequacy, contractual safeguards, or other permitted grounds under the PDPA. We will assess risks and implement appropriate measures (including Transfer Impact Assessments) before transferring your data overseas.

7. YOUR RIGHTS

Under the PDPA (as amended 2025), you have the right to:

  • Access your personal data;
  • Request correction of inaccurate or incomplete data;
  • Withdraw consent to processing;
  • Request deletion (erasure) of personal data where applicable;
  • Object to direct marketing;
  • Request restriction of processing or data portability (where applicable);
  • Lodge a complaint with the Personal Data Protection Commissioner. You may also lodge a complaint with the Commissioner via www.pdp.gov.my

All requests must be made in writing (refer Section 8 below).

8. CONTACT DETAILS

We have appointed a Data Protection Officer (DPO) who is responsible for PDPA compliance for both entities:
Graces Consultancy [Company No.: 202403172746 (003619043-D)]
Agensi Pekerjaan Graces Connect Sdn. Bhd. [Company No.: 202501035958 (1637368-T)]

You may contact the DPO at:
Email: grace@graces-consultancy.com
Website: www.graces-consultancy.com

9. CHANGES TO THIS NOTICE

This Notice may be revised from time to time in line with changes to laws, regulations, and business practices. The updated Notice will be posted on our website with the effective date indicated.

Effective Date: 1 August 2025


NOTIS PERLINDUNGAN DATA PERIBADI (PDPA)

Notis Perlindungan Data Peribadi ini (“Notis”) dikeluarkan selaras dengan Akta Perlindungan Data Peribadi 2010 Malaysia (“PDPA”).

Notis ini melibatkan entiti-entiti berikut:
1. Graces Consultancy (Perkhidmatan Latihan & Perundingan)
2. Agensi Pekerjaan Graces Connect Sdn. Bhd. (Perkhidmatan Pengambilan Pekerja)

1. PENGUMPULAN DATA PERIBADI

Data peribadi anda mungkin dikumpul daripada:

  • Borang pendaftaran latihan, perundingan, atau pengambilan;
  • Resume, surat permohonan, profil LinkedIn;
  • Kad perniagaan, rujukan, sesi rangkaian, pendaftaran latihan;
  • Laman web, e-mel, dan media sosial kami;
  • Sumber awam dan pihak ketiga (contoh: rujukan, semakan latar belakang).

Jenis data peribadi termasuk:

  • Nama, butiran NRIC/pasport, kewarganegaraan, jantina, tarikh lahir;
  • Maklumat hubungan (alamat, nombor telefon, e-mel);
  • Sejarah pekerjaan, kelayakan, kemahiran, rujukan;
  • Butiran kewangan, pembayaran, invois;
  • Gambar, rakaman audio/video semasa sesi latihan;
  • Data sensitif seperti data biometrik (contohnya cap jari, pengecaman wajah), yang hanya akan diproses jika perlu dan dengan persetujuan nyata anda;
  • Data lain yang berkaitan dengan perkhidmatan kami.


2. TUJUAN PEMPROSESAN

Untuk Graces Consultancy (Latihan & Perundingan):

  • Pendaftaran, pentadbiran, penyampaian, dan pensijilan kursus;
  • Penyesuaian program latihan dan projek perundingan;
  • Pengeluaran invois, resit, dan rekod;
  • Pemasaran, acara, dan makluman program;
  • Pematuhan undang-undang dan peraturan.

Untuk Agensi Pekerjaan Graces Connect (Pengambilan Pekerja):

  • Memproses permohonan kerja dan padanan calon dengan majikan;
  • Berkomunikasi dengan calon dan klien mengenai peluang;
  • Menjalankan semakan latar belakang, rujukan dan pengesahan;
  • Mengurus kontrak dengan klien dan calon;
  • Pematuhan kepada Akta Agensi Pekerjaan 1981 dan undang-undang berkaitan.


3. PENDEDAHAN DATA PERIBADI

  • Data peribadi anda mungkin didedahkan kepada:
  • Entiti kumpulan, rakan kongsi, dan sekutu kami;
  • Majikan berpotensi, klien, rakan latihan;
  • Penyedia perkhidmatan termasuk IT, audit, HR, undang-undang, insurans, pemasaran;
  • Pihak berkuasa, agensi kerajaan, dan penguatkuasaan undang-undang;
  • Mana-mana pihak ketiga yang dibenarkan oleh anda.

Kami tidak akan menjual, menyewa, atau memperdagangkan data peribadi anda.

4. PERSETUJUAN

Dengan memberikan data peribadi kepada kami, anda dianggap telah bersetuju dengan pemprosesan data anda seperti dalam Notis ini. Anda boleh menarik balik persetujuan pada bila-bila masa dengan menghubungi kami (lihat Seksyen 8).

5. PENYIMPANAN & KESELAMATAN DATA

Data peribadi anda akan disimpan selagi diperlukan untuk tujuan yang dinyatakan atau mengikut undang-undang. Langkah keselamatan fizikal, teknikal, dan pentadbiran dilaksanakan bagi melindungi data daripada kehilangan, penyalahgunaan, atau pendedahan tidak sah.

Pemproses yang dilantik oleh kami juga tertakluk secara langsung kepada Prinsip Keselamatan PDPA dan mesti melaksanakan langkah keselamatan yang sesuai untuk melindungi data peribadi anda.

Sekiranya berlaku pelanggaran data peribadi yang mengakibatkan atau mungkin mengakibatkan kemudaratan ketara, kami akan memaklumkan Pesuruhjaya Perlindungan Data Peribadi dalam masa 72 jam dan individu terjejas dalam masa 7 hari, selaras dengan PDPA.

6. PEMINDAHAN KE LUAR NEGARA

Pemindahan rentas sempadan akan dijalankan berdasarkan kecukupan, perlindungan kontrak, atau alasan lain yang dibenarkan di bawah PDPA. Kami akan menilai risiko dan melaksanakan langkah sewajarnya (termasuk Penilaian Impak Pemindahan) sebelum pemindahan data anda.

7. HAK ANDA

Di bawah PDPA (pindaan 2025), anda berhak untuk:

  • Mengakses data peribadi;
  • Memohon pembetulan data yang tidak tepat;
  • Menarik balik persetujuan;
  • Memohon pemadaman data (jika berkenaan);
  • Membantah pemasaran langsung;
  • Meminta sekatan pemprosesan atau pemindahan data (portabiliti data) jika berkenaan;
  • Membuat aduan kepada Pesuruhjaya Perlindungan Data Peribadi. Anda juga boleh mengemukakan aduan melalui www.pdp.gov.my .

Segala permintaan hendaklah dibuat secara bertulis (rujuk Seksyen 8 di bawah).

8. MAKLUMAT HUBUNGAN

Kami telah melantik Pegawai Perlindungan Data (DPO) yang bertanggungjawab terhadap pematuhan PDPA untuk kedua-dua entiti berikut:
Graces Consultancy [No. Syarikat: 202403172746 (003619043-D)]
Agensi Pekerjaan Graces Connect Sdn. Bhd. [No. Syarikat: 202501035958 (1637368-T)]

Anda boleh menghubungi DPO di:
Emel: grace@graces-consultancy.com
Laman web: www.graces-consultancy.com

9. PERUBAHAN NOTIS

Notis ini boleh dipinda dari semasa ke semasa selaras dengan undang-undang dan amalan semasa. Notis terkini akan diterbitkan di laman web dengan tarikh kuat kuasa.

Tarikh Kuat Kuasa: 1 Ogos 2025

error: Content is protected