Personal Data Processing Statement

This Personal Data Processing Statement (“PDPS”) is prepared in accordance with the requirements of the Personal Data Protection Act 2010 (the “Act”). This PDPS sets out the policies and procedures of the Group with regard to your personal data and your agreement to the usage and processing of your personal data for purposes set out below.

YOU MUST READ AND UNDERSTAND THE PROVISIONS OF THIS PDPS BEFORE YOU DISCLOSE ANY OF YOUR PERSONAL DATA TO THE GROUP.

1. Definition

1.1 “Group” means Genting Malaysia Berhad and/or its holding company, subsidiaries, related and associated companies and companies using or may be using the brands of “Genting” and/or “Resorts World”, regardless whether such company(ies) are incorporated in or outside Malaysia (collectively known as “Affiliates”). Any reference to the “Group” in this PDPS shall be Genting Malaysia Berhad and/or any one or more of its Affiliates.

1.2 “Personal Data” means personal data as defined under the Act, including without limitation your name, nickname, age, gender, date of birth, address(es), email address(es), telephone number(s), CCTV and audio recording(s), biometric data, photograph(s), opinion(s), comment(s), any infectious or contagious disease related information including without limitation, COVID-19 testing and/or vaccination records available at the relevant time, information in connection to the programmes and/or packages you have participated in and such other personal information or your views/opinions that are, have been and/or may be collected, compiled, recorded, received, used, stored, in possession, processed, maintained, keep and/or dealt with by the Group in such manner(s) as the Group may deem fit from time to time.

2. Provision of Personal Data (including sensitive personal data) and Consent

2.1 The Group will obtain your Personal Data when you provide your Personal Data to the Group in any way or manner including pursuant to any transactions and/or inquiries made with the Group or upon request from the Group. The Group will also collect, compile, record, receive, use, store, possess, process, maintain, keep and/or deal with (collectively known as “Process”) your Personal Data when you register at and/or enter the Group’s websites, social networking sites, applications and/or blogs and/or participate in any of the events or activities of the Group that you may have participated at any time and for whatever purposes.

2.2 The Group may also Process your Personal Data which are provided or made available by any third parties, credit reference bodies, regulatory and law enforcement authorities, and other casino operators, for such purposes that are relevant at the material time, including but not limited to delivery of the Group’s services (for example, conducting appropriate checks and risk assessments to facilitate the provision of any services and facilities that are or may be offered by the Group), performance of conditions of agreements and/or to fulfil or comply with the Group’s standard operating procedures, legal and/or regulatory obligations.

2.3 Express consent and/or agreement for the Group to Process your Personal Data (including sensitive personal data defined under the Act) in accordance with terms and conditions of this PDPS is given upon you providing your Personal Data to the Group and/or you continue to utilise, maintain, participate, enjoy or use any one or more of the hotel rooms, food and beverages, theme parks, customer loyalty programmes, products, goods, services, facilities, events, activities, promotions, programmes, packages, tools, equipment, websites and/or applications that have been or may be provided, introduced, made available or offered by the Group at the relevant time (collectively referred as “Services & Facilities”) in whatever manners and/or for whatever purposes. This express consent shall continue until you notify the Group of your intention to limit the right to Process your Personal Data as set out herein, it is considered you have expressly agreed for the Group to Process your Personal Data.

3. Purposes of Processing

3.1 The Group may Process your Personal Data for any one or more of the purposes listed below (collectively known as “Purposes”):-

(a) To process your application/form;
(b) To communicate with you via SMS, phone call, email, fax, mail and/or any other appropriate communication channels;
(c) To respond to questions and comments from you;
(d) To provide the Services & Facilities as you may have requested or of interest;
(e) For administrative purposes;
(f) To notify you of any changes to our Services & Facilities which may affect you via SMS, phone call, email, fax, mail and/or any other appropriate communication channels;
(g) To market and promote the Services & Facilities that may be of interest to you from time to time via SMS, phone call, email, fax, mail and/or any other appropriate communication channels;
(h) To process and analyse your Personal Data either individually or collectively with other persons (including companies);
(i) To monitor, access and/or evaluate your fitness and properness to join, participate, enjoy or utilise any of the Services & Facilities, including but not limited to any customer loyalty programme(s);
(j) For direct marketing purposes via SMS, phone call, email, fax, mail and/or any other appropriate communication channels;
(k) Other purposes which the Group may reasonably deem fit and/or other purposes that may be set out in the document(s) that are related or relevant to you;
(l) To provide and/or verify your Personal Data, to carry out security or financial checks and to conduct risk assessments with other casino operators, service providers, banks, regulatory, judicial and enforcement authorities for the purposes of facilitating or processing any of your financial transactions;
(m) For fraud prevention and detection;
(n) For the Group to comply with and/or discharge obligations required under the law within and/or outside Malaysia, such as reporting requirements under the Anti Money Laundering and Anti-Terrorism Financing Act 2001 and the Registration of Guests Act 1965;
(o) Contact and restrict movement of all persons into and out of our properties, including without limitation, you, our guests, suppliers, contractors and tenants in the event of any individual or close contact testing positive for any infectious and/or contagious diseases;
(p) To monitor, evaluate, assess and/or take any applicable action in respect of any infectious and/or contagious disease, including without limitation, the records and/or status of COVID-19 testing and/or vaccination and/or your health condition;
(q) To assist and provide to the authorities relevant information to support contact tracing efforts to reduce the spread of infectious and/or contagious diseases;
(r) To be shared with other relevant authorities as may be required by Malaysian Communication and Multimedia Commission (MCMC) in order to carry necessary medical and administrative interventions;
(s) For such other purposes as may be required or permitted by laws within and outside Malaysia, including laws relating to evidence.

3.2 Provision of your Personal Data for the purposes listed in Section 3.1 (a) to (l) above is voluntary and optional. However, failure to provide the requested Personal Data or any limitation against the Group to process your Personal Data may result in the Group being unable (a) to process the relevant application/form; (b) to provide all or part(s) of the Services & Facilities that the Group is providing to you in a continuous manner; (c) to provide the Services & Facilities to the extent as stated in the promotional materials of the Group; and/or (d) to provide any of the new Services & Facilities that may be introduced, provided, made available or offered by the Group from time to time.

3.3 Provision of your Personal Data for the purposes listed in Section 3.1 (m), (n), (r) and (s) above is mandatory and your failure or refusal to provide Personal Data for these purposes may constitute an offence under the law and/or the Group may immediately discontinue or terminate the provision or supply of the Services & Facilities to you.

3.4 Your Personal Data may be transferred to, stored in, and processed in a jurisdiction other than Malaysia. You understand and consent that your Personal Data may be transferred outside of Malaysia to those third parties with whom the Group share it as described in this PDPS.

3.5 Should you decide not to provide the data for the purposes listed in Section 3.1(o), (p) and (q) above, we reserve the right to refuse you into our properties.

4. Disclosure to Third Parties

4.1 For purposes as described herein and to facilitate the provision of the various Services & Facilities to you, the Group may share with and/or transfer your Personal Data to:-

(a) the other entities within the Group;
(b) the Group’s third-party service providers;
(c) any person under a duty of confidentiality to the Group;
(d) any actual or proposed assignee, transferee, participant or sub-participant of the Group’s rights or business;
(e) your immediate family members and/or emergency contact person as may be notified to the Group from time to time; and
(f) regulatory and government authorities in order to comply with statutory and/or government requirements; including without limitation the Ministry of Health, Ministry of Science, Technology and Innovation, Special Committee for Ensuring Access to COVID-19 Vaccine Supply (JKJAV) or authorised persons including but not limited to any authorized officer as defined under the Prevention and Control of Infectious Disease Act 1988, hospitals, health clinics, vaccination centres and/or medical practitioners for reporting purposes.

4.2 The Group may also share your Personal Data where required by law or where disclosure is necessary to comply with applicable laws, legal processes or queries from the relevant authorities.

5. Rights to Limit Processing

5.1 If you:

(a) do not wish to receive any marketing communications from the Group; or
(b) wish for the Group to stop Processing your Personal Data for marketing purposes or any direct marketing purposes; or
(c) wish to change the manner in which the Group is permitted to Process your Personal Data as described under Section 3 above;

you may submit a request in writing to the address stated in Section 9 below.

5.2 When you visit the Group’s websites and/or applications, there is automatic collection of some information about your computer such as IP address, web browser software, and referring website. Such information is only used for the purpose of creating a better user experience and to identify areas for improvement on the Group’s websites and/or applications.

5.3 As a visitor to the Group’s websites, you may also be assigned a permanent cookie file on your computer's hard drive. You may always choose not to receive a cookie file by enabling your web browser to refuse cookies or prompt before accepting a cookie. By refusing to accept a cookie, you may not be able to access certain services and tools offered on the website.

6. Integrity, Access and Correction of Personal Data

6.1 The Group is taking steps to ensure your Personal Data is Processed in accordance with the details provided by you.

6.2 You may, request to access to and/or to make any correction to your Personal Data by submitting a request in writing to the Group to the address stated in Section 9 below.

6.3 In respect of your right to access and/or correct your Personal Data, the Group has the right to:-

(a) refuse your request to access and/or make any correction to your Personal Data in the manner provided in the Act, such as where expense of providing access to you is disproportionate to the risks to your privacy, or where the rights of others may also be violated, amongst other reasons;
(b) refuse your request to access and/or make any correction to your Personal Data as permitted under the Act, including where your Personal Data is being processed by the Group in order to discharge regulatory functions and providing you access and/or the right to make any correction to your Personal Data is likely to prejudice proper discharge of those functions by the Group; and
(c) charge a fee as may be allowed under the Act for processing of your request to access your Personal Data.

6.4 Notwithstanding that access is granted to you or any correction / updating of your Personal Data is performed, this PDPS shall remain valid and effective at all times.

7. Security of the Personal Data

Controls, measures and steps are taken by the Group in protecting the Personal Data that are Processed by the Group of which such controls, measures and steps are subject to review from time to time.

8. Retention of Personal Data

8.1 Your Personal Data will be retained by the Group as long as it is necessary and expedient for the fulfilment of any one or more of the Purposes stated herein as required (either impliedly or expressly) under the regulatory requirements, legal and accounting requirements and/or the policies and procedures of the Group.

8.2 The Group observes reasonable steps and processes in removing, deleting, destroying and/or cancelled your Personal Data which is not required to be retained.

9. Enquiries and Contact

You may request for access and/or request for correction of your Personal Data or make any inquiries or complaints in relation to the processing of your Personal Data by contacting the following personnel for further assistance:-

Head of Department
Compliance Department, Genting Malaysia Berhad
Address : Genting Highlands Resort, 69000 Genting Highlands, Pahang Darul Makmur, Malaysia.
Tel. No. : +603-61059439
E-mail : pdp@rwgenting.com

Updated and take effect from 19 October 2022

Notes:

(1) The Group reserves the right to revise this PDPS from time to time due to changes in applicable laws and regulations and you shall be deemed to have agreed to such revision(s) if you continue your relationship with the Group without any objection.
You are welcome to obtain the latest version of this PDPS from the Group’s website or from our customer service counters.

(2) In case of discrepancies between the English version and other translated versions of this PDPS, the English version shall apply and prevail.

(3) Please take note that the above designated email address is only for personal data related matters. For other enquiries, please refer www.rwgenting.com.