1.1 At Urusharta Jamaah Sdn Bhd (“we,” “our,” “UJ,” or “Company”) we are committed to protecting the privacy and confidentiality of personal data entrusted to us. This Privacy Notice outlines how we collect, use, store, and protect personal data in compliance with the Personal Data Protection Act 2010 (PDPA) as amended by the Personal Data Protection (Amendment) Act 2024 in Malaysia, as well as other applicable data protection laws and regulations.
1.2 This notice applies to all employees, contractors, vendors, and third parties who interact with UJ and whose personal data is processed by the Company. It also applies to all data that is collected, stored, or processed by the Company, whether electronically or in physical form.
2.1 We may collect and process various types of personal data in the course of our business operations, including but not limited to:
a) Employee & Applicant Data: Name, contact information, identification numbers (NRIC/Passport), employment history, salary, compensation, performance- related data, and CV/resume details (education, certifications, etc).
b) Vendor Data: Business contact details, payment information, contractual data, project details, and communication records.
c) Website & IT Data: IP addresses, cookies, browser versions, operating systems, and website usage analytics.
d) Customer Data: Including contact information, project details, payment history, and communication records.
e) Special Category Data: Where permitted by law, we may process sensitive personal data revealing matters such as racial or ethnic origin, legal convictions or offences, and insolvency status.
3.1 Your personal data may be collected:
a) Directly from you: Through contact forms, application forms, correspondence, or interactions with our social media channels (which may include when you like or comment on a post).
b) From Third Parties: Including regulatory authorities, government agencies, credit reporting agencies, recruitment agencies, and pre-engagement screening providers.
c) Publicly Available Sources: Including social network information and public records.
d) Premise Surveillance: When you visit our offices or premises, we may collect and process your personal data in connection with your visit. Such personal data will include your contact information (such as name, address, email address and telephone number), identification information (such as national identification number, passport identification number or driver’s license information); business information such as name of organization, reason for visit, date and time of visit, biometric and facial recognition and access limitations.
4.1 We collect personal data for the following purposes:
a) Contractual & Employment Management: To fulfil contractual obligations with employees, customers, and vendors.
b) Due Diligence: To carry out “Know Your Customer” (KYC) screening, background checks, and financial probity checks prior to entering legal relationships.
c) Business Communications: To respond to queries, resolve disputes, and update internal contact lists.
d) Security & Safety: To ensure the physical security of visitors, prevent fraud, and manage health crises or disease outbreaks (e.g. health assessments).
e) Regulatory Compliance: To comply with legal obligations, internal audits, and risk management.
5.1 In compliance with the PDPA, we process personal data based on the following legal grounds:
a) Consent: Where required, we obtain explicit consent from data subjects for processing their personal data.
b) Contractual Necessity: Personal data is processed when necessary for the performance of a contract (e.g., employment contracts, vendor agreements.).
c) Legal Obligation: Personal data may be processed to comply with legal obligations or regulatory requirements.
6.1 We do not sell, trade, or rent personal data to third parties. However, we may share personal data with the following categories of recipients:
a) Service Providers: Third-party vendors who provide services such as IT support, payroll processing, legal advisory, and project management services.
b) Regulatory Authorities: Government bodies, law enforcement agencies, or other regulatory bodies as required by law or in response to legal requests.
c) Affiliates: With entities within UJ for business operations, compliance, and risk management purposes.
6.2 All third-party recipients of personal data are required to comply with strict data protection standards and ensure that personal data is handled in accordance with applicable laws and this notice.
7.1 We are committed to ensuring the security of personal data and have implemented appropriate technical and organisational measures to protect it from unauthorised access, disclosure, alteration, or destruction. These measures include:
a) Use of encryption and secure data storage solutions.
b) Regular security assessments and audits.
c) Restricted access to personal data based on job responsibilities.
d) Regular staff training on data protection and security protocols.
8.1 We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws, regulations, or contractual obligations. Once the data is no longer needed, we will securely dispose of or anonymise it to prevent unauthorised access.
9.1 Under the PDPA, data subjects have certain rights regarding their personal data. These rights include:
a) Right to be informed if your data is being processed.
b) Right to access personal data.
c) Right to rectify personal data.
d) Right to withdraw consent to process personal data.
e) Right to object to processing that may cause damage or distress.
10.1 Our team is prepared to respond effectively to any incidents involving unauthorised access, loss, or disclosure of personal data. The key elements of our data breach management approach include:
a) Detection and Reporting: Employees and third parties are required to promptly report any suspected or actual data breaches to us.
b) Investigation and Containment: Upon notification, we will investigate the breach, determine its scope and impact, and implement immediate measures to contain it.
c) Notification: Where applicable, affected data subjects and the Personal Data Protection Commissioner (PDP Commissioner) will be notified within 72 hours of discovering a significant breach, as required by the PDPA.
d) Remediation: Corrective actions, including system updates, process changes, and additional safeguards, will be implemented to prevent future breaches.
11.1 We may update this Privacy Notice from time to time to reflect changes in legal requirements, our business practices, or the way we handle personal data. We encourage you to review this notice periodically to stay informed about how we are protecting your personal data.
If you have any questions or concerns about this Privacy Notice, or if you wish to exercise any of your rights, please contact us at:
Strategic Management Department
Level 28, MOF Inc. Tower, No. 9, Persiaran KLCC, 50088 Kuala Lumpur.
Email: communications@ujsb.com.my
Phone Number: +603-2022 5556
We are an investment holding and asset management company, wholly owned by the Minister of Finance (Incorporated), with the mandate to restructure and rehabilitate assets transferred in 2018.
Level 28, MOF INC. Tower,
No. 9, Persiaran KLCC,
Kuala Lumpur,
50088 Kuala Lumpur,
Wilayah Persekutuan Kuala Lumpur
Tel: 03-2022 5556
Fax: 03-2022 5501
© 2021 Urusharta Jamaah Sdn Bhd 201801045610 (1307642-V). All Rights Reserved. Terms and Conditions. Privacy Notice.
This site is best viewed with a screen resolution of 1920 x 1080 pixels, and is also mobile responsive.