← Back

Notis Privasi / Privacy Notice

Personal Data Protection Act 2010 (Act 709), as amended by the PDP (Amendment) Act 2024 · Version 2026-07

Bahasa Melayu

Notis ini dikeluarkan menurut Akta Perlindungan Data Peribadi 2010 ("APDP"). HRPay memproses data peribadi bagi pihak majikan anda untuk tujuan pengurusan sumber manusia dan penggajian, termasuk: maklumat pengenalan (nama, No. KP), maklumat pekerjaan, maklumat gaji dan bank, rekod kehadiran dan cuti, rekod tuntutan, serta dokumen pekerjaan.

  • Tujuan: pentadbiran HR, pemprosesan gaji, caruman berkanun (KWSP, PERKESO, SIP, PCB), dan pematuhan undang-undang buruh Malaysia.
  • Pendedahan: kepada agensi kerajaan berkaitan (KWSP, PERKESO, LHDN) dan pembekal perkhidmatan yang dilantik sahaja.
  • Keselamatan: data disimpan dengan kawalan akses berasaskan peranan, storan fail peribadi, dan log audit capaian.
  • Hak anda: anda berhak mengakses dan membetulkan data peribadi anda (Seksyen 30–34), menarik balik persetujuan, dan mendapatkan salinan data anda (kemudahsanaan data). Gunakan portal pekerja atau hubungi pentadbir HR syarikat anda.
  • Penyimpanan: data disimpan selagi perlu untuk tujuan pekerjaan dan keperluan undang-undang (7 tahun selepas tamat pekerjaan), kemudian dianonimkan secara automatik.
  • Kewajipan membekalkan data: maklumat pengenalan, bank dan statutori adalah wajib untuk pemprosesan gaji dan caruman berkanun; kegagalan membekalkannya boleh menghalang pembayaran gaji dan caruman KWSP/PERKESO anda.
  • Penarikan persetujuan: anda boleh menarik balik persetujuan melalui portal pekerja (Profil → My Data Rights); pemprosesan atas dasar kontrak pekerjaan atau kewajipan undang-undang akan diterangkan jika ia perlu diteruskan.

English

This notice is issued pursuant to the Personal Data Protection Act 2010 ("PDPA"). HRPay processes personal data on behalf of your employer for human resource and payroll management purposes, including: identification details (name, NRIC), employment details, salary and bank details, attendance and leave records, claim records, and employment documents.

  • Purpose: HR administration, payroll processing, statutory contributions (EPF, SOCSO, EIS, PCB), and compliance with Malaysian labour laws.
  • Disclosure: only to relevant government agencies (EPF, SOCSO, LHDN) and appointed service providers.
  • Security: data is protected with role-based access control, private file storage, and access audit logging.
  • Your rights: you may access and correct your personal data (Sections 30–34), withdraw consent, and obtain a copy of your data (data portability). Use the employee portal or contact your company's HR administrator.
  • Retention: data is retained only as long as necessary for employment and legal purposes (7 years after employment ends), then automatically anonymised.
  • Obligation to supply: identification, bank and statutory details are obligatory for salary processing and statutory contributions; failure to supply them may prevent payment of your salary and EPF/SOCSO contributions.
  • Withdrawal of consent: you may withdraw consent via the employee portal (Profile → My Data Rights); where processing continues on an employment-contract or legal-obligation basis, this will be explained to you.

If your organisation processes personal data of more than 20,000 data subjects, the appointment of a Data Protection Officer (DPO) is mandatory under the PDP (Amendment) Act 2024. Data breaches that cause or are likely to cause significant harm must be notified to the Personal Data Protection Commissioner within 72 hours.