Personal Data Processing Statement

This Personal Data Processing Statement (“PDPS”) is prepared in accordance with the requirements of the Personal Data Protection Act 2010 (the “Act”) and the General Code of Practice of Personal Data Protection issued by the Personal Data Protection Commission. This PDPS sets out the policies and procedures of the Group (as defined below) with regard to (1) your Personal Data (as defined below), (2) source of your Personal Data, (3) your consent, (4) purposes of using and/or Processing (as defined below) of your Personal Data, (5) disclosure of Personal Data, and (6) your rights under the Act.

YOU MUST READ AND UNDERSTAND THE PROVISIONS OF THIS PDPS BEFORE YOU DISCLOSE ANY OF YOUR PERSONAL DATA TO THE GROUP.

1. Definition

1.1 “Authorised Personnel” means the consultants, advisors, suppliers, service providers, agents, independent contractors, employees and/or staff of the Group that are and/or may be engaged by the Group from time to time to undertake, discharge, carry out and perform any of the purposes set out in Paragraph 4 herein, either wholly or partially. For clarification purpose, the Authorised Personnel shall include entities incorporated under the law of Malaysia or any other jurisdictions.

1.2 “Group” means Genting Malaysia Berhad and/or its holding company, subsidiaries, related and associated companies and companies using or may be using the brands of “Genting” and/or “Resorts World”, regardless whether such company(ies) are incorporated in or outside Malaysia (collectively known as “Affiliates”). Any reference to the “Group” in this PDPS shall be Genting Malaysia Berhad and/or any one or more of its Affiliates, as the case may be.

1.3 “Personal Data” means personal data as defined under the Act, including without limitation your name, nickname, age, gender, date of birth, address(es), email address(es), telephone number(s), bank account(s), CCTV and audio recording(s), images, biometric data, photograph(s), opinion(s), comment(s), enquiry(s), feedback(s), information in connection to the programmes and/or packages you have participated in, sensitive personal data like religion, health condition (including any infectious or contagious disease related information like COVID-19 testing and/or vaccination records available) that are available at the relevant time, and such other personal data that are, have been and/or may be collected, compiled, recorded, received, used, stored, in possession, processed, maintained, kept, disclosed, and/or dealt with by the Group and/or disclosed to the Group (collectively known as “Process”) in such manner(s) as the Group may deem fit from time to time.

2. Source of Personal Data (including sensitive personal data) and Consent

2.1 The Group will and may collect and obtain your Personal Data when you provide your Personal Data to the Group in any way or manner including pursuant to any transactions and/or inquiries made with the Group or upon request from the Group. The Group will also Process your Personal Data that are gathered from the application form, reservation, booking, transactional documents, inquiries, cookies, public domains, verbal conversation, correspondences and any other manner(s) as the Group may deem fit from time to time, including without limitation when you register at and/or enter the Group’s websites, social networking sites, applications and/or blogs and/or participate in any of the events or activities of the Group that you may have participated at any time and for whatever purposes.

2.2 The Group may also Process your Personal Data which are obtained or downloaded from public domain and/or provided or made available by any third parties, credit reference bodies, regulatory and law enforcement authorities, and other casino operators (either within and/or outside of Malaysia, including but not limited to the Authorised Personnel), for such purposes that are relevant at the material time, including but not limited to delivery of the Group’s services (for example, conducting appropriate checks and risk assessments to facilitate the provision of any services and facilities that are or may be offered by the Group), performance of conditions of agreements and/or to fulfil or comply with the applicable Group’s standard operating procedures, legal and/or regulatory obligations.

3. Your Consent and Consent of Guardian (as hereinafter defined)

3.1 Your consent and/or agreement for the Group to Process your Personal Data (including sensitive personal data defined under the Act) in accordance with this PDPS (including transferring of Personal Data to any jurisdictions other than Malaysia) is given:

(a) upon receipt of your express consent, either in writing or verbal;
(b) if you voluntarily provide your Personal Data to the Group;
(c) If you do not object to the Processing of your Personal Data.

3.2 If you proceed and/or continue to (1) visit and/or browse the websites, social networking sites and/or applications, or (2) utilise, maintain, participate, enjoy or use any one or more of the services and/or facilities that are currently offered and/or may be offered by the Group from time to time, including but not limited to hotel rooms, food and beverages, theme parks, customer loyalty programmes, products, goods, utilities, services, facilities, events, activities, promotions, programmes, packages, tools, equipment, that have been or may be provided, introduced, made available or offered by the Group from time to time and/or at any one time (collectively referred as “Services & Facilities”) in whatever manners and/or for whatever purposes.

Save and except you notify the Group of your intention to limit the right for the Group to Process your Personal Data or to withdraw your consent as set out herein, it is considered you have read, understood, consented and agreed for the Group to Processing and/or to continue Processing your Personal Data.

3.3 The Group does not collect Personal Data of children below the age of 18 years old without consent from his/her parent, guardian or person who has parental responsibility on the said child (collectively referred to as “Guardian”). If the Group discovers that Personal Data of a child below 18 years old were collected for whatever reasons and/or via any channels without the requisite consent from any of his/her Guardian being recorded, the Group will contact the child’s Guardian and/or take such steps as the Group may deem fit to obtain the requisite consent; and failing which, to remove that child’s Personal Data from the Group’s record or database within a reasonable time.

4. Purposes of Processing

4.1 The Group may Process your Personal Data for any one or more of the purposes listed below (collectively known as “Purposes”): -

(a) To Process your application and/or form and/or purchase of any one or more of the Services & Facilities;
(b) To communicate with you via SMS, phone call, email, fax, mail, WhatsApp and/or any other appropriate communication channels available at the relevant time;
(c) To respond to questions and comments from you by the Group;
(d) To provide the Services & Facilities and related information as you may have requested or of interest from time to time;
(e) For administrative purposes;
(f) To notify you of any changes to our Services & Facilities which you may of interest or may affect you via SMS, phone call, email, fax, mail, WhatsApp and/or any other appropriate communication channels available at the relevant time;
(g) To market and promote the Services & Facilities that may be of interest to you from time to time via SMS, phone call, email, fax, mail, WhatsApp and/or any other appropriate communication channels available at the relevant time;
(h) To Process and analyse your Personal Data either individually or collectively with other persons (including companies);
(i) Subject to the applicable terms and conditions, to monitor, assess and/or evaluate your fitness, qualifications and properness to join, participate, purchase, take part, enjoy or utilise any of the Services & Facilities (either directly and/or indirectly), including but not limited to any customer loyalty programme(s) at each and every relevant time;
(j) Subject to Paragraph 7 herein, for direct marketing purposes via SMS, phone call, email, fax, mail, WhatsApp and/or any other appropriate communication channels that may be available at the relevant time;
(k) Other purposes which the Group may reasonably deem fit and/or other purposes that may be set out in the document(s) that are related or relevant to you;
(l) To provide and/or verify your Personal Data, to carry out security or financial checks and to conduct risk assessments with other casino operators, service providers, banks, regulators, judicial and enforcement authorities for the purposes of facilitating or processing any of your financial transactions;
(m) For fraud prevention, investigation and/or detection by internal and/or external authorised personnel and/or relevant authorities;
(n) For crime detection, prevention and/or investigation by internal and/or external authorized personnel and/or relevant authorities, including without limitation surveillance recording of your images;
(o) For reporting and/or Processing within the Group and/or to the relevant authorities, as the case may be;
(p) For the Group to comply with and/or discharge obligations required under the law within and/or outside Malaysia, such as reporting requirements under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (“AMLA”) and the Registration of Guests Act 1965;
(q) Contact and restrict movement of all persons into and out of our properties, including without limitation, you, our guests, suppliers, contractors and tenants in the event of any individual or close contact testing positive for any infectious and/or contagious diseases;
(r) To monitor, evaluate, assess and/or take any applicable action in respect of any infectious and/or contagious disease, including without limitation, the records and/or status of COVID-19 testing and/or vaccination and/or your health condition as may be required by law or in accordance with the requirements that may be set by the Group at the relevant times;
(s) To assist and provide to the authorities relevant information to support contact tracing efforts to reduce the spread of infectious and/or contagious diseases as may be required by law;
(t) To be shared with other relevant authorities as may be required by law from time to time for medical and administrative interventions; or
(u) For such other purposes as may be required or permitted by laws within and outside Malaysia, including laws relating to evidence.

4.2 Provision of your Personal Data for the purposes listed in Paragraph 4.1(a) to Paragraph 4.1(l) above is voluntary and optional. However, failure to provide the requested Personal Data or any limitation against the Group to Process your Personal Data may result in the Group being (a) unable to process the relevant application/form; (b) unable to provide all or part(s) of the Services & Facilities that the Group is providing to you in a continuous manner; (c) unable to provide the Services & Facilities to the extent as stated in the promotional materials of the Group; (d) unable to provide any of the new Services & Facilities that may be introduced, provided, made available or offered by the Group from time to time; and/or (e) to discontinue, cancel, withdraw and/or terminate the provision of the Services & Facilities without prior notice.

4.3 Provision of your Personal Data for the purposes listed in Paragraph 4.1 (m) to Paragraph 4.1(t) above is mandatory and your failure or refusal to provide Personal Data for these purposes may constitute an offence under the law and/or the Group may immediately discontinue or terminate the provision or supply of the Services & Facilities to you without prior notice.

4.4 Should you decide to visit any of our properties and not provide the data for the purposes listed in Paragraph 4.1(q) to Paragraph 4.1(t) above, we reserve the right to refuse you into our properties.

5. Disclosure of Personal Data

5.1 For purposes as described herein and to facilitate the provision of the various Services & Facilities to you, the Group may share with and/or transfer your Personal Data to: -

(a) the other entities within the Group;
(b) the Group’s Authorised Personnel;
(c) any person under a duty of confidentiality to the Group;
(d) any actual or proposed assignee, transferee, nominee, participant or sub-participant of the Group that may be created pursuant to any transactions, deals, contracts and/or agreements that may be entered by the Group from time to time (either in writing or not);
(e) your immediate family members and/or emergency contact person as may be notified to the Group from time to time and/or such contact(s) which is maintained, kept or available in the records of the Group at the relevant time; and
(f) regulatory and government authorities in order to comply with statutory and/or government requirements; including without limitation the Ministry of Health, Ministry of Science, Technology and Innovation, Special Committee for Ensuring Access to COVID-19 Vaccine Supply (JKJAV) or authorised persons including but not limited to any authorized officer as defined under the Prevention and Control of Infectious Disease Act 1988, hospitals, health clinics, vaccination centres and/or medical practitioners for reporting purposes.

5.2 The Group may also share your Personal Data where required by law or where disclosure is necessary to comply with applicable laws, legal processes or queries from the relevant authorities and/or the court.

6. Transfer, Process and/or Storage of Personal Data in Other Jurisdiction(s)

6.1 Your Personal Data may be transferred to, stored in, and/or Processed in any jurisdiction(s) other than Malaysia by the Group and/or the Authorised Personnel for purposes stipulated in Paragraph 4 herein.

6.2 Subject to Paragraph 4.2 and Paragraph 4.3 herein, you may request to limit the Processing of your Personal Data in jurisdiction outside of Malaysia.

7. Rights to Limit Processing and Right to Prevent Processing for Direct Marketing

7.1 Subject to Paragraph 4.2 and Paragraph 4.3 herein, if you:

(a) wish to change and/or limit the manner in which the Group is permitted to Process your Personal Data as described herein;
(b) withdraw your consent for the Group to Process your Personal Data as described herein;
(c) do not wish to receive any marketing communications from the Group; or
(d) wish for the Group to stop Processing your Personal Data for marketing purposes or any direct marketing purposes;

you may submit a request in writing to the address or email address stated in Paragraph 11 below.

7.2 When you visit any of the Group’s websites and/or applications for whatever purposes, there is automatic collection of some information about your computer such as IP address, web browser software, and referring website. Such information is only used for the purpose of creating a better user experience and to identify areas for improvement on the Group’s websites and/or applications.

7.3 As a visitor to the Group’s websites, you may also be assigned a permanent cookie file on your computer’s hard drive. You may always choose not to receive a cookie file by enabling your web browser to refuse cookies or prompt before accepting a cookie. By refusing to accept a cookie, you may not be able to access certain services and tools offered on the website(s).

8. Integrity, Access and Correction of Personal Data

8.1 The Group is taking steps to ensure your Personal Data is Processed in accordance with the details that have or may be provided, updated, amended and/or corrected by you from time to time.

8.2 You may request to access, correct and/or update your Personal Data by submitting a request in writing to the Group to the address or email address stated in Paragraph 11 below.

8.3 In respect of your right to access, correct and/or update to your Personal Data, the Group has the right to: -

(a) refuse your request to access, correct and/or update to your Personal Data in the manner provided in the Act, such as where expense of such request is disproportionate to the risks to your privacy, or where the rights of others may also be violated, amongst other reasons;
(b) refuse your request to access, correct and/or update to your Personal Data as permitted under the Act, including where your Personal Data is being Processed by the Group in order to discharge regulatory functions and providing you access and/or the right to correct and/or update to your Personal Data is likely to prejudice proper discharge of those functions by the Group;
(c) charge a fee as may be allowed under the Act for processing of your request to access your Personal Data; and
(d) Notwithstanding that access is granted to you or any correction / updating of your Personal Data is performed, this PDPS shall remain valid and effective at all times.

9. Security of the Personal Data

Controls, measures and steps are taken by the Group in protecting the Personal Data that are Processed by the Group and/or the Authorised Personnel (including transfer of Personal Data out of Malaysia) of which such controls, measures and steps are subject to review from time to time.

10. Retention of Personal Data

10.1 Your Personal Data will be retained by the Group as long as it is necessary and expedient for the fulfilment of any one or more of the Purposes stated herein as required (either impliedly or expressly) under the regulatory requirements, legal and accounting requirements and/or the policies and procedures of the Group.

10.2 Wherever applicable, the retention period will start from the date your request to withdraw and/or limit the Process of your Personal Data in accordance with the PDPS is received and administered by the Group.

10.3 The Group will within a reasonable time, take such steps and processes to remove, delete, destroy and/or cancel your Personal Data upon expiration of the applicable retention period.

11. Enquiries and Contact

Subject to the provisions of the Act, you may request to (1) limit the Processing of your Personal Data; (2) withdraw your consent for the Process of your Personal Data; (3) access, correct and/or update of your Personal Data; or (4) make any inquiries or complaints in relation to the Processing of your Personal Data by contacting the following personnel:-

HEAD OF DEPARTMENT
Compliance Department, Genting Malaysia Berhad
Resorts World Genting,
69000 Genting Highlands,
Pahang Darul Makmur,
Malaysia.
Tel. No. : +603-61059439
E-mail : pdp@rwgenting.com

Compliance Department Working Hours
Monday to Friday: 9:00AM to 6:00PM
Closed on Weekend, National and Pahang State Public Holidays (Including Replacement Public Holiday)

Updated and take effect from 09 January 2024

ADDITIONAL CONDITIONS:

(1) The Group reserves the right to revise this PDPS from time to time due to changes in applicable laws and regulations and you shall be deemed to have agreed to such revision(s) if you continue your relationship with the Group without any objection.

You are welcome to obtain the latest version of this PDPS from the Group’s website or from our customer service counters.

(2) In case of discrepancies between the English version and other translated versions of this PDPS, the English version shall apply and prevail.

(3) Please take note that the above designated email address is only for personal data related matters. For other enquiries, please refer www.rwgenting.com.