KEBUN RIMAU SDN. BHD. (047875-k)
Balung Plantation

Personal data protection policy

KEBUN RIMAU SDN BHD respect the privacy of individuals and recognises the importance of the personal data entrusted to us and believe that it is our responsibility to properly manage, protect, process and disclose personal data. We are also committed to adhering to the provisions and principles of the Personal Data Protection Act 2010 and rules and regulations made thereunder (“PDPA”).

By interacting with us or submitting information to us, you agree and consent to KEBUN RIMAU SDN BHD, its holding company, subsidiaries, related companies and business entities (collectively, “the Company”), as well as their respective representatives and/or agents collecting, using, disclosing and sharing amongst themselves your personal data, and disclosing such personal data to the relevant third parties in the manner set forth in this Data Protection Policy. In this Policy, the term “personal data” shall have the same meaning ascribed to it in the PDPA.

We will collect, use or disclose personal data for reasonable business purposes only if there is consent or deemed consent from the individual and information on such purposes have been notified. We may also collect, use or disclose personal data if it is required or authorised under PDPA.

Collection of personal data

We collect personal data from clients, customers, business contacts, employees, personnel, contractors and any other individuals. Such personal data may be provided to us by individuals, face to face meetings, letters, email messages, facsimile messages, telephone conversations, through our website or provided by third parties. If you contact us, we may keep a record of that contact.

We collect these personal data when it is necessary for business purposes or to meet the purposes for which you have submitted the information. We will only collect, hold, process, use, communicate and/or disclose such personal data, in accordance with this Policy and PDPA. If you supply us with personal data of a third party (such as an employee or a client of yours), you undertake that you have obtained all necessary consents from such third party to the collection, processing, use and disclosure by us of their personal data. Because we are collecting the third party’s data from you, you undertake to make the third party aware of all matters listed in this Policy preferably by distributing a copy of this Policy to them or by referring them to our website.

Use pf personal data

We use personal data for the following purposes:-

  1. Vendors / Service Providers / Business Partners
    1. (a) to facilitate our business relationship with you;
    2. (b) for the purpose of the supply of services and support to the Company;
    3. (c) to keep you updated on changes to the Company policies;
    4. (d) to evaluate and to improve the Company’ services; and
    5. (e) for purposes that are ancillary to or in furtherance of the above purposes.
  2. Customers
    1. (a) to facilitate our business relationship with you;
    2. (b) to provide products and services and to communicate with customers as part of providing products and services;
    3. (c) to evaluate the Company’ services and how the Company can improve its services;
    4. (d) to respond to queries or comments;
    5. (e) to communicate with you on developments on the Company’ services, the business of the Company and other updates;
    6. (f) for security clearance/entry access into any of the Company’ premises and
    7. (g) for purposes that are ancillary to or in furtherance of the above purposes.
  3. Employees

    In order to comply with its contractual, statutory and management obligation and responsibilities, the Company is required to process personal data relating to its employees. All such data will be processed in accordance with the provisions of your employment contract, PDPA and the relevant Company rules and policies, including data protection, as may be amended from time to time. We will use your personal data:

    1. (a) for administering, maintaining and updating personnel records;
    2. (b) for processing and reviewing salary and other remuneration and benefits;
    3. (c) for processing performance appraisal and review;
    4. (d) for training and developmental records including internal publication of training matrices and reports;
    5. (e) to maintain sickness and other absence records, including reasons for absence;
    6. (f) to provide and administer medical and insurance benefits (including health records);
    7. (g) to process disciplinary policy/investigations and procedures including formal and informal warnings;
    8. (h) for internal publication i.e. newsletters, intranet etc (including but not limited to photo);
    9. (i) to monitor email/internet usage;
    10. (j) for providing references and information to the appropriate bodies/governmental bodies (including but not limited to the Employees Provident Fund and the relevant tax authorities) for social security, contributions, income tax and other purposes;
    11. (k) for the purposes of third party employment references;
    12. (l) as may be required by law or regulation and for protecting the interests of the Company; and
    13. (m) for purposes that are ancillary to or in furtherance of the above purposes.
  4. For the Public and Other Third Parties
    1. (a) to evaluate applications for employment/job positions within the Company;
    2. (b) to evaluate applications for internships and industrial attachments;
    3. (c) to conduct due diligence/background checks on job applicants;
    4. (d) to facilitate business relationships;
    5. (e) to organise and manage events for community and charitable purposes;
    6. (f) to evaluate potential suppliers, vendors or business partners;
    7. (g) for security clearance/entry access into any of the Company’ premises; and
    8. (h) for purposes that are ancillary to or in furtherance of the above purposes.
Disclosure of personal data to third parties

We do not disclose personal data to third parties except when required by law, when we have your consent or deemed consent or in cases where we have engaged the third party such as data intermediaries or subcontractors specifically to assist with the Company’ activities. We may disclose personal data to the related corporations and business units in the Company’s group, where it is necessary for the purposes set out above. We may also transfer all data in our possession to a successor-in-interest to our business or assets.

Access to and correction of personal data

Upon request, we will provide you with access to their personal data or other appropriate information on their personal data in accordance with the requirements of the PDPA. Upon request, we will correct an error or omission in the individual’s personal data that is in our possession or control in accordance with the requirements of the PDPA. We may charge for a request for access in accordance with the requirements of the PDPA.

Withdrawal of consent

Upon reasonable notice being given by an individual of his or her withdrawal of any consent given or deemed to have been given in respect of our collection, use or disclosure of his or her personal data, we will inform the individual of the likely consequences of withdrawing his or her consent. We will cease (and cause any of our data intermediaries and agents to cease) collecting, using or disclosing the personal data unless it is required or authorised under applicable laws.

Accuracy of personal data

We will make a reasonable effort to ensure that personal data collected by us or on our behalf is accurate and complete.

Security and protection of personal data

We have implemented technological and operational security measures to protect the personal data in our possession or under our control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Only the Company’s authorised personnel are provided access to personally identifiable information and these personnel are required to ensure confidentiality of this information.

Retention of personal data

We will cease to retain personal data, as soon as it is reasonable to assume that the purpose for collection of such personal data is no longer being served by such retention, and such retention is no longer necessary for legal or business purposes.

Transfer of personal data

We will ensure that any transfers of personal data to a territory outside of the country in which it is collected will be in accordance with the applicable laws so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the PDPA.

Privacy on our web sites

This Policy also applies to any personal data we collect via our websites. Cookies may be used on some pages of our websites and may be placed on your computer hard drive. If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites, however other functionality in the site may be impaired. After termination of the visit to our site, you can always delete the cookie from your system if you wish.

We may provide a number of links to third party websites. We assume no responsibility for the information practices of these third party websites that you are able to access through ours. When a visitor to our website links to these third party websites, our privacy practices no longer apply. We encourage you to review each website’s privacy policy before disclosing any data.

Data protection officer

If you believe that information we hold about you is incorrect or out of date, or if you have concerns or further queries about how we are handling your personal data, or any problem or complaint about such matters, please contact our Data Protection Officer at [email protected]


We reserve the right to modify or amend this Policy at any time. Subject to your rights at law, you agree to be bound by the prevailing terms of the Policy as updated from time to time on our website.