1. Purpose

This Personal Data Protection Policy outlines GenoByte’s commitment to protecting the privacy and security of personal data in compliance with applicable Malaysian laws (PDPA) and regional regulations. The policy establishes principles and procedures for the collection, use, storage, and disclosure of personal information to ensure the rights of individuals are respected and upheld.

2. Scope

This policy applies to all GenoByte employees, contractors, and third parties who handle personal data on behalf of GenoByte, regardless of location or role. It covers all forms of personal information, whether held digitally or in hard copy.

3. Definitions

• Personal Data: Any information relating to an identified or reasonably identifiable individual, including but not limited to names, contact details, health records, identification numbers, and online identifiers.
• Processing: Any operation performed on personal data, such as collection, recording, organisation, storage, alteration, retrieval, use, disclosure, or destruction.
• Data Subject: The individual to whom the personal data relates.

4. Principles

• Lawfulness and Fairness: Personal data will only be collected, used, and disclosed in a lawful and fair manner.
• Purpose Limitation: Data will be processed solely for specified, explicit, and legitimate purposes relevant to GenoByte’s operations.
• Data Minimisation: Only personal data that is necessary and relevant for the stated purposes will be collected and retained.
• Accuracy: GenoByte will take reasonable steps to ensure personal data is accurate, up to date, and complete.
• Security: Appropriate technical and organisational measures will be implemented to protect personal data against unauthorised access, loss, misuse, or disclosure.
• Transparency: Data subjects will be informed about the types of personal data collected, the purposes for processing, and their rights under this policy.
• Accountability: GenoByte will regularly review and update data protection practices and ensure staff are trained in their responsibilities.

5. Collection of Personal Data

Personal data will only be collected when necessary for GenoByte’s legitimate business purposes or as required by law. Individuals will be informed of the purpose of collection and, where applicable, their consent will be obtained.

6. Use and Disclosure of Personal Data

Personal data will only be used or disclosed for the purposes for which it was collected, or as otherwise permitted or required by law. Where GenoByte engages third parties to process personal data, appropriate safeguards will be put in place to ensure data protection obligations are met.

7. Data Security

GenoByte will implement security controls, such as encryption, access controls, and secure storage, to protect personal data from unauthorised access, modification, or disclosure. Regular audits and risk assessments will be conducted to ensure ongoing data security.

8. Data Subject Rights

• Access: Individuals have the right to request access to their personal data held by GenoByte.
• Correction: Individuals may request correction of inaccurate or incomplete personal data.
• Withdrawal of Consent: Where consent has been provided, individuals may withdraw consent at any time, subject to legal or contractual restrictions.
• Complaints: Individuals may lodge complaints regarding the handling of their personal data with GenoByte or relevant authorities.

9. Data Retention

Personal data will be retained only as long as necessary for the purposes for which it was collected, or as required by law. Data that is no longer required will be securely destroyed or de-identified.

10. Breach Notification

In the event of a suspected or actual data breach, GenoByte will take immediate steps to contain the breach, assess the risks, and notify affected individuals and relevant authorities in accordance with legal requirements.

11. Roles and Responsibilities

The Data Protection Officer (DPO) will be responsible for overseeing the implementation and maintenance of this policy. All GenoByte personnel are required to comply with this policy and complete regular data protection training.

12. Policy Review

This policy will be reviewed and updated at least annually or as needed to reflect changes in regulations, technology, or organisational practices. The DPO is responsible for initiating and managing the policy review process, in consultation with legal counsel.

13. Related Documents

• Privacy Policies and Procedures (including regional regulations)
• Data Breach Notification Policy and Procedures
• Third-Party Data Processing Agreements
• Acceptable Use Policy
• Information Security Procedures
• Mobile Device Security Policy

This policy provides a framework for GenoByte’s approach to personal data protection. For further guidance or questions, please contact the Data Protection Officer:

Email: genobytemy@gmail.com
Phone: +6018-319 2219
Address: Unit A-3-3, Arena Mentari, Block A, No 1 Jalan PJS 8/15, Dataran Mentari, 46150 Petaling Jaya, Selangor, Malaysia