top of page

Protection of Personal Data Policy

​Information Technology Policy

  • This policy serves as a guide on LS Human Capital Sdn Bhd’s commitment to protecting all forms of personal data that we may come across in the course of our business activities. We expressly commit to ensure the protection of User Privacy and we recognise that such privacy is an important aspect in helping us effectively carry out our business mission and activities.

 

  • This recognition of the right to User Privacy extends to our customers, employees, suppliers, business partners and any other third parties in which we come into contact with. At the same time, there may exist circumstances in which broad concerns may outweigh the user’s expectations of privacy and warrant access to personal data. This typically will be confined but not limited to situations involving the need to preserve public health and safety, the need to comply with a law or regulation, and the need to carry out essential business functions.

 

  • Where any form of access to particular individual personal data of our customers is required to fulfil such a function, explicit written approval from the company’s Chief Executive Officer will be required who will serve as the custodian of personal data held by our organisation.  

 

  • Save for circumstances where there is a need to preserve public health or safety, the need to comply with a law or regulation or the need to carry out essential business functions, no internal/external sharing of personal data is permitted within our organisation without the prior written consent of the company’s Chief Executive Officer.

 

  • Internally, any sharing of personal data will only be permitted to the extent of us performing our business functions. This includes situations (that are not limited to):

  1. where a customer query is being routed within our organisation for purposes of resolving and processing the customer related inquiry or process,

  2. pertaining to processing of employee personal information essential to the administrative functioning of processes such as insurance, payroll and salary administration,

  3. managing queries raised by the authorities with regard to any billing/collections or account related functions,

  4. where access to any IT systems become necessary to identify or diagnose systems or security vulnerabilities and problems or otherwise preserve the integrity of the systems,

  5. where there is a violation of law or a significant breach of our company policy and inspection or monitoring may produce evidence of misconduct, or

  6. where a user’s employment has ended and there is a legitimate business need to access the user’s former device or system.

 

  • In all circumstances where personal data is shared, care will be taken to only share information deemed essential for the processing of that function or business activity and all other forms of personal data (deemed non-essential) will be deleted prior to sharing.

 

Process for Access

  • In the event there is a need to access a user’s private data or communications without his or her consent, explicit written approval from the Chief Executive Officer will be obtained.

 

  • All instances of access without consent will additionally need to be logged.

 

  • The affected user will then be notified of such access either before, during or after the access. In the case of former employees, logging or notice need not be required. All care will be taken to ensure the user is first informed and consent is obtained, where practical save for the exceptions specified under item (4) of this policy.

 

Personal, Peripheral and Mobile Devices

  • Any information pertaining to customers, employees, business partners and third parties deemed confidential can only be stored within the company’s personal computers and laptops. There is no copying of any company held confidential information such as customer’s personal information (such as e-mails, phone numbers, names) onto any employees personal mobile devices without the prior written consent of the Chief Executive Officer. No company laptop is permitted to be taken home by employees under any circumstances.

 

  • Any e-mail communication utilising the employee’s company administered email address can only be accessed via the company’s personal computers or laptops and during office hours and no access to the company’s email network via an employee’s personal or smartphone is permitted without the express written consent of the company’s Chief Executive Officer. Where such access is provided, the employee shall consent to a remote wipe software to be installed into the employee’s personal or smartphone prior to such access being granted.

 

  • Copying of customer, employee, business partners and third party corporate and personal data into any external device is strictly prohibited.

 

Guiding Principle

  • All employees must take steps to actively protect any form of personal data that he/she comes into contact with. Sharing of personal data cannot be shared with any third parties  without prior written approval of the company’s CEO.

 

  • Any decision on the sharing of personal data will not be released without the company CEO first contacting the party involved to obtain his/her consent, save for any circumstances involving public safety or health, legal or regulatory requirements or for purposes of carrying our essential business functions.

bottom of page