DATA PROTECTION & PRIVACY POLICY

AJINORIKI MSG (M) SDN BHD

PERSONAL DATA PROTECTION AND PRIVACY POLICY (“POLICY”)

We, Aji-No-Riki (Malaysia) Sdn. Bhd. (collectively, referred to as “Aji”, “us”, “our” or “we” in this Policy) is committed to protecting and respecting your Personal Data in accordance with the provisions of the Personal Data Protection Act 2010 (“PDPA”). This Policy explains how we collect, process, manage and protect the Personal Data of our customer.

1. Collection of Personal Data

1.1 During the course of your dealings with us, we will request that you provide your Personal Data, to enable

us to enter into transactions with you or to communicate with you on the services and/or products related to

our business. These may be done through various means, including but not limited to:

(a) directly from you or indirectly from your representatives, agents and/or employer when you, your

representatives, agents and/or employer send us a completed enquiry, application and/or registration

forms via various means, including online and physical hardcopies at public venues or in any of our

premises;

(b) directly from you or indirectly from your employer or credit reference agencies, when you send us

enquiry and/or new account application forms via various means including online and physical

hardcopies;

(c) our forms (i.e. invoice, delivery order, statement of accounts, new account application form etc.)

whether in electronic or hardcopy format;

(d) any correspondence that we have received from you requesting for information or making any

inquiries;

(e) business cards or other information provided to us or that were dropped at our premises or given to our

employees or sales and marketing or other agents; and/or

(f) collected from cookies through the use of our website.

2. Types of Personal Data

2.1 Such Personal Data may include, but is not limited to information concerning your name, age, identity card number, passport number, driver’s licence number, address, email address, user ID’s and passwords, gender, date of birth, marital status, occupation, income range, bank account details and credit card information, financial information, contact information such as telephone, mobile and facsimile number, race, nationality, type of loans (including but not limited to hire purchase) applied for in relation to the purchase of goods and/or services, any goods, services or credit provided to you, credit information and credit eligibility information, personal website usage information and information of third parties such as your emergency contact person, authorised representatives, contractors, lawyers, and financiers, which may be subject to applicable data protection and other similar laws.

2.2 The list of Personal Data stated above is not exhaustive and may include other personal data depending on the nature of dealings or transaction.

3. Purposes of Collection and Processing

3.1 Your Personal Data is collected and further processed by us as required or permitted by law and to give effect to your requested commercial transaction, including the following: (collectively, “Purpose”):

(a) the delivery to you of our services and/or products, notices, information in connection with our

current and future services or products and the marketing of such services or products as well as

new product launches, events, promotional events and contests;

(b) preparing and executing all necessary documents and agreements with you to carry out the

obligations under the agreement, for our products and/or services necessary for purposes of

conducting and administering our business including but not limited to sales and administration;

(c) general business operations which include but are not limited to:

(i) collection of outstanding payments;

(ii) those purposes provided for in any particular service or product offered by us or our business partners;

(iii) to administer and carry out our customer and prospective customer relationship management procedures;

(iv) maintaining our records of our customers and prospective customers and our internal record keeping;

(v) conducting marketing, client profiling and business development activities as well as market research and statistical analysis and customer surveys regarding our projects, products and/or

services;

(vi) complying with any legal or regulatory requirements and to make the necessary disclosures under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular and/or code which are applicable to us and for the prevention of crime; and

(d) improving our websites.

3.2 By providing your Personal Data to us, you have agreed to give your consent to the processing of your Personal Data by us for the stated lawful purposes when your Personal Data was collected. “Processing” means collecting, recording, holding or storing your Personal Data or carrying out any operation or set of operations on your Personal Data.

4. Disclosure of Personal Data

4.1 Your Personal Data provided to us is processed by entities (in or outside of Malaysia) within our group. We will ensure that

(i) access to your Personal Data is restricted to staff who are contractually required to process your Personal Data in accordance with their respective job requirements, and

(ii) only necessary information is released to the relevant employees.

4.2 Your Personal Data may be disclosed to relevant third parties (in or outside of Malaysia) as required by law. In such event, you consent to the following disclosures of the Personal Data by us to these classes of third parties for reasons relating to the Purpose:

(a) third parties appointed by us to provide services to us or on our behalf (such as auditors,

lawyers, company secretaries, consultants, contractors, professional advisors, service providers,

printing companies, contractors, advisers);

(b) our business partners or affiliates who may jointly provide the service requested for;

(c) public amenities and utilities providers, including but not limited to Indah Water Konsortium,

Syarikat Bekalan Air Selangor SdnBhd and TenagaNasionalBerhad;

(d) government agencies, statutory authorities, local councils and/or industry regulators including

but not limited to the ministries, the Employees Provident Fund Board the Inland Revenue

Board, as well as to any other third party pursuant to any court order; and/or

(e) such other third parties that are necessary to carry out the purposes stated herein.

4.3 In the event of a potential, proposed or actual sale of business, disposal, acquisition, merger or re-organisation (“Transaction”), your Personal Data may be required to be disclosed or transferred to a third party as a result of the Transaction. You hereby acknowledge that such disclosure and transfer may occur and permit us to release your personal information to the other party and its advisers/representatives.

5. Websites

5.1 Links to other sites — Our website may link or direct you to other websites or external content resources which are not within our control. Links to other sites is provided for your convenience and information. Whilst we will use our best endeavour to ensure that we link or direct you only to websites that share our privacy and security standards, we are not in the position to guarantee the same and we will not be responsible for the protection and privacy of any Personal Data which you provide on those websites. These sites may have their own privacy statement in place, which we recommend you review if you visit any linked websites. You should therefore exercise caution including reviewing the privacy policy of those websites before disclosing any Personal Data.

5.2 Cookies – A cookie (small text files that store information on your hard drive) may be used in the processing of your Personal Data. A copy of this text file is sent by your computer and/or device whenever it communicates with our server. Cookies help us to understand which sections of our websites are frequently visited. With this information we are able to adapt our website to suit your demands and to provide you with a more customised and personalised user experience. We may collect the following information during your visit to our website and/or the fully qualified domain name from which you accessed our site, or alternatively, your IP address:

(i) the date and time you accessed each page on our web site;

(ii) the URL of any webpage from which you accessed our site (the referrer); and

(iii) the web browser that you are using and the pages you accessed. Some web pages may require

you to provide a limited amount of personal information in order to enjoy certain services on

our websites (system login credentials, email address and contact, etc.). These personal

information will only be used for its intended purposes only, i.e. to respond to your message or

deliver the requested services. You may configure your browser to accept all cookies, reject all

cookies, or notify you when a cookie is sent.

6. Accuracy and Correction of Personal Data

6.1 We take all reasonable steps to ensure that your Personal Data provided to us is accurate and relevant only to the lawful purposes to which it was obtained for and is kept in the manner whereby the accuracy and completeness of your Personal Data is not affected and your Personal Data is up-to-date.

7. Protection of Personal Data

7.1 Your Personal Data will be kept and processed in a secured manner. The appropriate administrative and security safeguards, policies and procedures will be implemented, as far as practicable, in accordance to the applicable laws and regulations. We will, as far as practicable, aim to prevent any unauthorized and/or unlawful processing of, and the accidental loss, destruction or damage to your Personal Data.

8. Retention of Personal Data

8.1 We will retain your personal data for the period necessary to fulfill the many different purposes outlined in this Policy or for such period as may be necessary to protect the interests of the company and/or its customers as may be deemed necessary, or where otherwise required by the law and/or where required by the Company’s relevant policies.

9. Third party consent

9.1 In the event you have provided personal data of third parties (e.g. your emergency contact person, authorised representatives, contractors, lawyers, financiers, advisors) to us, we rely on you to have sufficiently obtained the prior consent of such third parties to allow us to process their personal data in relation to the Purpose.

10. Changes to our Policy

10.1 We may, from time to time, need or be required to change our Policy to comply with or be consistent with changes in applicable law and regulations as well as our business operations or policies. As such, you may wish to review any changes to our Policy from time to time.

11. Exclusion of Liability

11.1 We shall not be liable for any purported violation, breach or non-compliance with any precepts of privacy or the protection of Personal Data in the following instances:

(a) Where an act of nature or event outside our control results in the damage or malfunction or

destruction in any equipment or machinery used to secure, store or process Personal Data;

(b) Where the Personal Data is readily available or able to be found in the public domain; and

(c) Where despite our best efforts, there is unauthorised access, modification, alteration, misuse,

tampering or abuse of Personal Data caused by the malicious or fraudulent or criminal acts or

conduct of a third party not being under our control or direction.

12. Notices

12.1 If you wish for any clarification by us via any mode of communication, you may contact us @ 603-3271 9888 and email us @ aji-no-riki@aji-no-riki.com.my