Privacy Policy

  1. Purpose

    This Privacy Policy explains how the Company collects, processes, uses, stores, discloses, and protects personal data through the Company Intranet, which supports Human Resources functions including recruitment, onboarding, payroll support, compensation & benefits, leave management, performance appraisal, training & development, employee engagement, disciplinary matters, and other employment-related processes. This Policy is established in compliance with:

    • Personal Data Protection Act 2010 (PDPA)
    • Employment Act 1955
    • Employees Provident Fund Act 1991
    • Employees' Social Security Act 1969
    • Employment Insurance System Act 2017
    • Income Tax Act 1967
    • Industrial Relations Act 1967
    • Occupational Safety and Health Act 1994
    • Companies Act 2016
    • Other applicable Malaysian laws and regulations

    This Policy applies to all employees, candidates, interns, contractors, temporary staff, management personnel, and authorised users.

  2. Types of Personal Data Collected

    The Company may collect and process personal data including but not limited to:

    2.1 Employee Data

    • Full name
    • NRIC / Passport details
    • Residential address
    • Contact number and email address
    • Emergency contact details
    • Gender
    • Nationality
    • Marital status
    • Date of birth
    • Educational qualifications
    • Employment history
    • Bank account details
    • Salary and remuneration details
    • EPF, SOCSO, EIS and tax information
    • Attendance and leave records
    • Performance appraisal records
    • Training and development records
    • Disciplinary and grievance records
    • Medical certificates submitted for leave administration
    • Employment contracts and related HR documentation

    2.2 Candidate Data

    • Resume / Curriculum Vitae
    • Application forms
    • Interview records
    • Assessment results
    • Reference checks
    • Background screening documents
    • Offer letters and hiring documentation

    2.3 System Data

    • Login records
    • Access history
    • User activity logs
    • IP address
    • Device details
    • Uploaded documents
    • Approval records
    • Audit trails

  3. Purpose of Processing

    Personal data is collected and processed for legitimate employment and business purposes including:

    • Recruitment and selection
    • Employment administration
    • Payroll and benefits administration
    • Performance management
    • Training and development
    • Industrial relations and disciplinary matters
    • Internal investigations
    • Statutory contributions and legal compliance
    • Insurance and medical claims administration
    • Workforce planning
    • Internal reporting and audit
    • Security management
    • Employee communication and engagement
    • Business continuity and succession planning

    The Company shall process only data reasonably necessary for lawful business purposes.

  4. Consent

    By providing personal data and using the Intranet, users consent to the collection, use, processing, and disclosure of personal data for employment-related and lawful business purposes.

    Where required by law, specific consent may be obtained separately.

    Failure to provide necessary personal data may affect employment administration or access to HR services.

  5. Disclosure of Personal Data

    Personal data may be disclosed to:

    • Human Resources personnel
    • Reporting managers and authorised management
    • Finance and payroll teams
    • Internal auditors
    • External auditors
    • Legal advisors
    • Insurance providers
    • Medical panel providers
    • Background screening agencies
    • Government agencies and statutory bodies
    • External system vendors and service providers
    • Authorities where disclosure is required by law

    All disclosures shall be limited to legitimate business needs and legal compliance.

  6. Data Security

    The Company shall implement reasonable security measures including:

    • Role-based access control
    • Password-protected access
    • Secure authentication procedures
    • Audit trails and monitoring
    • Encryption where appropriate
    • Access reviews
    • Confidentiality obligations for authorised personnel
    • Secure storage and document retention controls

    Employees are responsible for protecting their login credentials and maintaining confidentiality.

  7. Data Retention

    • Personal data shall be retained only for as long as necessary to fulfil employment, statutory, legal, audit, and operational requirements.
    • Records may continue to be retained after cessation of employment in accordance with Malaysian legal retention obligations and internal retention schedules.

  8. Rights of Data Subjects

    Subject to the PDPA and applicable legal limitations, employees may request:

    • Access to personal data
    • Correction of inaccurate or incomplete data
    • Clarification regarding the use of personal data
    • Withdrawal of consent where legally permissible

    Requests must be submitted in writing to the Human Resources Department.

    The Company reserves the right to refuse requests where permitted by law.

  9. Cross-Border Data Transfer

    Where personal data is transferred outside Malaysia for legitimate business operations, the Company shall ensure appropriate safeguards and compliance with applicable PDPA requirements.

  10. Policy Review

    • The Company reserves the right to amend this Privacy Policy from time to time to ensure compliance with legal and operational requirements.
    • Updated versions shall be communicated through official channels.

  11. Contact Details

    For any privacy-related enquiries, requests, or complaints, please contact:

    Human Resources Department

    GO HUB CAPITAL BERHAD

    hr@gohub.com.my

    +60383227555

  12. Effective Date

    This Privacy Policy takes effect from 1 May 2026.