Page 43 - LGB Group
P. 43

(iii)  Should the processing of personal data be outsourced to a third party,
                               the Management shall conclude a confidentiality agreement with that
                               third party requiring the protection of our personal data.

                         (iv)  When  it  is necessary  or upon  the  instruction  by  the  Management  to
                               transfer  personal  data  from  one  location  to  another  location  using
                               electronic  mail  or  digital  storage  appliances,  all  such  data  must  be
                               encrypted and /or password protected.

                               Personal data should not be copied or transferred in whatever form for
                               personal use.

                         (v)  Do not disclose or divulge the personal data to any Employee or third
                               party, except when you under a lawful duty of care to do so, or when
                               under the lawful instruction of authorised Management representatives.

                         (vi)  When  it  becomes  necessary  to  discard  personal  data  for  whatever
                               reason (e.g. old records exceeding seven (7) years, unsuccessful job
                               applicants’  details  etc.),  such  data  must  be  destroyed  in  a  proper
                               manner.  Examples  include  using  paper  shredders,  deletion  from
                               computer system or storage media, outsourced documents destruction
                               etc.

                         (vii)  The collection, retention and processing of personal data shall comply
                               with all laws, government guidelines and other regulations governing
                               the protection of personal data.

                         (viii)  The  Management  shall  continually  review  and  improve  its  Personal
                               Data  Protection  Management  System  in  line  with  changes  in  its
                               business  operations  as  well  as  changes  in  the  legal,  social,  and  IT
                               environment.  As  and  when  there  are  changes  to  such  system,  all
                               relevant Employees shall be notified accordingly.

                         (ix)  All employees have the right of access and request for amendment to
                               their personal data held the Company. An employee may direct such
                               request to the HR Department. In accordance with the Personal Data
                               Protection Act 2010 (Act), the Company reserves the right to charge an
                               employee  a  reasonable  fee  for  the  processing  of  any  data  access
                               request.


               35.  WHISTLE BLOWING POLICY

                     a)  All  Employees  are  encouraged  to  raise  genuine  concerns  about  possible
                         improprieties  in  matters  of  financial  reporting,  compliance  and  other
                         malpractices at the earliest opportunity, and in an appropriate way.









                                                             38
   38   39   40   41   42   43   44   45   46   47   48