HR2000 :: Personal Data Protection Act 2010 (PDPA) - Malaysia

Q) What is PDPA?
The Personal Data Protection Act 2010 (¡°PDPA¡±) is an Act that regulates the processing of personal data in regards to commercial transaction. It was gazetted in June 2010.


Q) How does HR2000 comply with PDPA ?

HR 2000 SDN BHD (Co. No. 475163-M) respects the privacy of individuals with regard to personal data and is committed to protecting the privacy of our users, and strives to provide a safe, secure user experience. This privacy policy is formulated in accordance with the Personal Data Protection Act 2010 ("Act"), which describes how your information is collected and used and your choices with respect to your Personal Data.

1.Information collected
We collect information about users during the registration process for certain parts of our websites/applications; through their participation in certain activities and through the use of cookies. When you request pages from our websites/applications, it automatically collects some information about your preferences, including your IP address. We use this to help diagnose problems with our server, and to administer our site. The user-supplied information collected is not shared with other organizations for commercial purposes.

2. Purpose of Personal Data collected
Personal Data that you provide to us voluntarily on our website and its other related channels will be processed for the following purposes ("Purposes"): to complete transactions with you; to direct market to you; to understand and analyze our sales, and your needs and preferences; to develop, enhance, market and provide products and services to meet your needs; to improve our services; and, to respond to requests or complaints. Although the precise details of the Personal Data collected will vary according to the specific purpose whether via online or otherwise, we may typically collect the following Personal Data from or in relation to you: Name; Address; Phone number(s); Date of birth; Email address; Gender; Identity card number or passport number; Other personal particulars and salary related information  

3. Use and Disclosure
We may disclose your Personal Data to other subsidiaries within our group. These subsidiaries will treat your Personal Data as confidential, in accordance with this Privacy Policy and with all applicable Data Protection legislation and will process such Personal Data only for the Purposes and within the terms set out herein. We are responsible for the Personal Data under our control, including Personal Data disclosed by us to a Vendor (often referred to as the data processor). "Vendor" in this Privacy Policy means in relation to Personal Data any person or entity (other than an employee of HR 2000 SDN BHD) who processes the Personal Data on behalf of us. "Processing", in relation to Personal Data means for example obtaining, recording, holding or using the Personal Data in carrying out any operation or set of operations on the Personal Data including organization, compilation, retrieval disclosure of the Personal Data for verification Purposes. We take every measure to provide a comparable level of protection for Personal Data should the information be Processed by a Vendor.

4. Storage and Retention of Personal Data
Your Personal Data shall be stored either in hard copies in our offices or stored in servers and operated by us or our service providers. Any Personal Data supplied by you will be retained by our organization as long as necessary for the fulfillment of the purposes stated in (2) above or is required to satisfy legal regulatory, accounting requirements or to protect our interests.

5. Internet Cookies
When you access our websites, we may collect non-personal data (e.g. type of Internet browser and operating system used, domain name of the website from which you came, number of visits, average time spent on the site, pages viewed). When you view our websites, we may store some data on your computer in the form of a "cookie" to automatically recognize your personal computer next time you visit. Cookies can help us in many ways, for example, by allowing us to tailor a website to better match your interests or to store your password to save you having to re-enter it each time. If you do not wish to receive cookies, please configure your Internet browser to erase all cookies from your computer's hard drive, block all cookies or to receive a warning before a cookie is stored.

6. Third Party Links
You are responsible for checking the privacy policy of any third-party websites we link to. Our Website may contain links to third-party websites. We take no responsibility for the privacy practices or content of these websites.

7. Confidentiality & Security
Personal Data held by us will be kept confidential in accordance with this Privacy Policy pursuant to any applicable law that may from time to time be in force. The websites/applications have security measures in place to protect the loss, misuse and alteration of the information under our control. For the internet, unfortunately, no data transmission over the internet can be guaranteed as completely secure. So while we strive to protect such Personal Data, we cannot ensure or warrant the security of any Personal Data transmitted to us and individuals do so at their own risk. We will take reasonable steps to protect that information from misuse and loss and from unauthorized access, modification or disclosure.

8. Right of Access to Personal Data
Under the Act, you have the right of access to your Personal Data held by us. If you have any questions regarding this Privacy Policy or if you wish to request access to your Personal Data or if you wish to correct your Personal Data or if you wish to withdraw your consent to us for the processing of your Personal Data for the purposes as set out in (2) above or for the transfer of your Personal Data to the parties stated in (3) above, you may send your request in writing to us.

9.Changes to Privacy Policy
We reserve the right to amend this Privacy Policy from time to time without prior notice. We advise that you check this Privacy Policy on a regular basis.

Q) Why PDPA only protects latest products ?


This policy shall ONLY apply to our latest products namely QUICK PAY/STAFF Version 7, QUICK TMS Version 5, and E-OFFICE application.
Customers using older application versions are regrettably not protected under this policy due to outdated software development tools.

PDPA requires vendors to ensure data security. Older product versions are mostly no longer being upgraded. As our latest products are developed with updated data security protection, we recommend customers to upgrade their products accordingly.

Q) HR2000 implemented steps to ensure PDPA compliance.

1. Create awareness in the organisation
    • Awareness of internal policies for securing personal data
    • To create a culture of high awareness

2. Knowing your current compliance level
    • Understand the impact of PDPA
    • Identify the gaps

3. Designate a Chief Data Protection Officer or Committee
    • Define an information protection strategy
    • Develop short term compliance programmes

4. Developing polices for PDPA
    • Policies spanning across legal, IT, marketing, human resource, customer services, etc.
    • Focus on end-to-end Data Privacy & Protection Governance processes, policies and procedures in line with PDPA

5. Periodic compliance review
    • Conduct annual compliance or specific audit checks

Additional PDPA information on HR2000 Software Products

* Sending email payslips using HR2000 SMTP host
HR2000 SMTP server does not keep email content of email should customers chose to send email payslips via our SMTP server (ie.
However, due to international email spamming rule, it is highly recommended for customers to use their own SMTP server instead of using HR2000 SMTP server.