With enforcement of Personal Data Protection Act – PDPA 2010 Malaysia, we are here to ensure that your personal data collected and maintained by us is safeguarded and protected.
Who we are
Welcome to our website – nutribrownrice.com. This website is owned by a Malaysia private company – Abrand Food Manufacturing Sdn Bhd.
The term ‘ Abrand Food Manufacturing Sdn Bhd’ or ‘Abrand Food” or ‘us’ or ‘we’ refers to the owner of the website whose registered office is no 51, Jalan IKS Bukit Tengah, Taman IKS Bukit Tengah, 14000 Bukit Mertajam, Pulau Pinang, Malaysia and its branch in Plot 80 & 81, Jalan TTC 2, Taman Teknologi Cheng, 75260 Melaka, Malaysia. Our company registration number is 1024648H. The term ‘you’ refers to the user or viewer of our website.
- The content of the pages of this website is for your general information and use only. It is subject to change without notice.
- Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
- Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.
- This website contains material which is owned by or licensed to us. This material includes, but is not limited to the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
- All trade marks reproduced in this website which are not the property of, or licensed to, the operator are acknowledged on the website.
- Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.
- From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).
- Your use of this website and any dispute arising out of such use of the website is subject to the laws of Malaysia.
- We do not intend to treat or cure any illnesses. Kindly consult your doctor if you are in doubts, having chronic illnesses or long term medications.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Your Contact Information
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, credit card information or other details to help you with your experience. We collect information from you when you register on our site, place an order, subscribe to a newsletter, fill out a form or enter information on our site. It is collected for the purpose of:
- To assist us in providing our services, or to provide certain services such as analysing customer lists, providing marketing assistance or consulting services. These third parties may have access to information needed to perform their function but cannot use that information for other purposes;
- To further improve our products and services and/or better tailor the type of information presented to you;
- To carry out marketing activities such as sales reporting, market surveys, statistical analysis etc;
- Protection against or identifying possible fraudulent transactions;
- To deal with financial aspects of membership including but not limited to billing, processing of credit card, payment processing relating to your membership;
- To verify and record your personal particulars including comparing it with information from other sources and using the information to communicate with you;
- To communicate and provide you with information our group of companies and our products and services unless you have otherwise notified us in writing that you do not wish for us to process your data for such purpose;
- To provide you with after sale service with relation to the membership including but not limited to handling of complaints and any other matter with relation hereto;
- To comply with any order of court or directive from authorities investigating any alleged offence, misdeed and/or abuse or to enforce any of the terms in the agreements between us, where such action is necessary to protect and defend our right; and
- For all other purposes incidental and associated with the above. (hereinafter collectively referred to as the “Purposes”)
- Help remember and process the items in the shopping cart.
- Understand and save user’s preferences for future visits.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
If you disable cookies off, some features will be disabled It will turn off some of the features that make your site experience more efficient and some of our services will not function properly.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Types of personal data collection
We wish to inform you that we may collect and process your personal data. In this regards, we may process your personal data which shall include, but not limited to your name, identity card number or passport number; email address, telephone and fax number; correspondence address, and/or billing address; payment details, including credit card and banking information; contact details, including contact name and telephone number or email address; your image taken at our premises with a web cam / CCTV (or like equipment ) for visual identification; your age; gender; weight; height; salary range and employment details; education and Profession; hobbies and leisure activities; other related products and services subscribed to; and family and household demographics.
Source of data collection
Your personal data is collected from various sources, including information you have provided us (whether in our website or our various forms), information from third parties and information in the public domain, during the exhibitions, event sampling, promotion event and etc.
Who we share your data with
All personal data held by us will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:
- Any subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with the Company;
- Any person or company who is acting for or on behalf of the Company, or jointly with the Company, in respect of the purpose or a directly related purpose for which the data was provided;
- Any other person or company who is under a duty of confidentiality to the Company and has undertaken to keep such information confidential, provided such person or company has a legitimate right to such information; and
- Any financial institutions, charge or credit card issuing companies, credit information or reference bureaux, or collection agencies necessary to establish and support the payment of any services being requested.
Personal data may also be disclosed to any person or persons that have a right under Malaysian law to gain access to such information provided they are able to prove their authority to access such information. For example, if we were served with a court order demanding certain customer information then the Company would disclose the information to the duly appointed officer of the court or such other persons as the court orders.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Third Party Disclosures
We employ third party companies and individuals to facilitate our Website (“Service Providers”), to provide our Website on our behalf, to perform Website-related services or to assist us in analyzing how our Website is used. These third-parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Facebook’s Pixel Tag
The foundation uses Facebook’s “pixel tag” to deliver Facebook ads to website visitors or to similar Facebook users. The data we collect in this way is anonymous to us; we do not see personal data of individual users. However, this data is stored and processed by Facebook and Facebook may use it for its own promotional purposes outlined here: https://www.facebook.com/about/privacy. You can object to the collection of your data by Facebook pixel or object to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Third Party Links
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
How we protect your data
Personal data shall be subject to additional safeguards to ensure this data is processed securely. For example, we work hard to ensure data is encrypted when in transit and storage, and access to this data will be strictly limited to a minimum number of individuals and subject to confidentiality commitments.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to any of our websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. When possible, encryption is used, both in transit and storage. Access controls within the organisation limit who may access information.
What data breach procedures we have in place
The notification should include the following information, where available:
- Extent of the data breach
- Type and volume of personal data involved
- Cause or suspected cause of the breach
- Whether the breach has been rectified
- Measures and processes that the organization had put in place at the
- time of the breach
- Information on whether affected individuals of the data breach were notified and if not, when the organization intends to do so
- Contact details of Abrand Food staff with whom the supervisory authority can liaise for further information or clarification
- Where specific information of the data breach is not yet available, Abrand Food should send an interim notification comprising a brief description of the incident.
- Notifications made by organizations or the lack of notification, as well as whether organizations have adequate recovery procedures in place, will affect supervising authorities’ decision(s) on whether an organization has reasonably protected the personal data under its control or possession.
Responding to a Data Breach
DATA BREACH MANAGEMENT PLAN
Upon being notified of a (suspected or confirmed) data breach, the Data Breach Team should immediately activate the data breach & response plan Abrand Food’s data breach management and response plan is:
Confirm the BreachContain the BreachAssess Risks and ImpactReport the IncidentEvaluate the Response & Recovery to Prevent Future Breaches
CONFIRM THE BREACH
The Data Breach Team (DBT) should act as soon as it is aware of a data breach. Where possible, it should first confirm that the data breach has occurred. It may make sense for the DBT to proceed Contain the Breach on the basis of an unconfirmed reported data breach, depending on the likelihood of the severity of risk.
CONTAIN THE BREACH
The DBT should consider the following measures to Contain the Breach, where applicable:
- Shut down the compromised system that led to the data breach.
- Establish whether steps can be taken to recover lost data and limit any damage caused by the breach. (eg: remotely disabling / wiping a lost notebook containing personal data of individuals.)
- Prevent further unauthorized access to the system.
- Reset passwords if accounts and / or passwords have been compromised.
- Isolate the causes of the data breach in the system, and where applicable, change the access rights to the compromised system and remove external connections to the system.
ASSESS RISKS AND IMPACT
Knowing the risks and impact of data breaches will help PBworks determine whether there could be serious consequences to affected individuals, as well as the steps necessary to notify the individuals affected.
Risk and Impact on Individuals
- How many people were affected?
A higher number may not mean a higher risk, but assessing this helps overall risk assessment.
- Whose personal data had been breached?
Does the personal data belong to employees, customers, or minors? Different people will face varying levels of risk as a result of a loss of personal data.
- What types of personal data were involved?
This will help to ascertain if there are risk to reputation, identity theft, safety and/or financial loss of affected individuals.
- Any additional measures in place to minimize the impact of a data breach? eg: a lost device protected by a strong password or encryption could reduce the impact of a data breach.
Risk and Impact on organizations
- What caused the data breach?
Determining how the breach occurred (through theft, accident, unauthorized access, etc.) will help identify immediate steps to take to contain the breach and restore public confidence in a product or service.
- When and how often did the breach occur?
Examining this will help PBworks better understand the nature of the breach (e.g. malicious or accidental).
- Who might gain access to the compromised personal data?
This will ascertain how the compromised data could be used. In particular, affected individuals must be notified if personal data is acquired by an unauthorized person.
- Will compromised data affect transactions with any other third parties?
Determining this will help identify if other organizations need to be notified.
REPORT THE INCIDENT
Abrand Food is legally required to notify affected individuals if their personal data has been breached. This will encourage individuals to take preventive measures to reduce the impact of the data breach, and also help Abrand Food to rebuild consumer trust.
Who to Notify:
- Notify individuals whose personal data have been compromised.
- Notify other third parties such as banks, credit card companies or the police, where relevant.
- Notify GDPR especially if a data breach involves sensitive personal data.
- The relevant authorities (eg: police) should be notified if criminal activity is suspected and evidence for investigation should be preserved (eg: hacking, theft or unauthorized system access by an employee.)
When to Notify:
- Notify affected individuals immediately if a data breach involves sensitive personal data. This allows them to take necessary actions early to avoid potential abuse of the compromised data.
- Notify affected individuals when the data breach is resolved
How to Notify:
- Use the most effective ways to reach out to affected individuals, taking into consideration the urgency of the situation and number of individuals affected (e.g. media releases, social media, mobile messaging, SMS, e-mails, telephone calls).
- Notifications should be simple to understand, specific, and provide clear instructions on what individuals can do to protect themselves.
What to Notify:
- How and when the data breach occurred, and the types of personal data involved in the data breach.
- What Abrand Food has done or will be doing in response to the risks brought about by the data breach.
- Specific facts on the data breach where applicable, and actions individuals can take to prevent that data from being misused or abused.
- Contact details and how affected individuals can reach the organization for further information or assistance (e.g. helpline numbers, e-mail addresses or website).
EVALUATE THE RESPONSE & RECOVERY TO PREVENT FUTURE BREACHES
After steps have been taken to resolve the data breach, Abrand Food should review the cause of the breach and evaluate if existing protection and prevention measures and processes are sufficient to prevent similar breaches from occurring, and where applicable put a stop to practices which led to the data breach.
- Confirm the Breach
- Contain the Breach
- Assess Risks and Impact
- Report the Incident
- Evaluate the Response & Recovery to Prevent Future Breaches
Change of Policies
We reserve the right to alter any of the clauses contained herein in compliance with local legislation, to meet its global policy requirements, and for any other purpose deemed necessary by the Company.
Subject to any exceptions under applicable law, you may at any time, make written request to access to and to request correction or rectification of the personal data/information or limit the processing of your personal data by submitting such request to us via post, email or facsimile transmission to the following address: –
- Designated contact person: PDPA Administrator
- Phone Number: + (604) 5041555
- Fax Number: + (604) 5041666
- Email: [email protected]
- Mailing Address: No 51, Jalan IKS Bukit Tengah, Taman IKS Bukit Tengah, 14000 Bukit Mertajam, Pulau Pinang