top of page
KSM. Group logo icon

Personal Data Protection Policy

11. Awareness and Training

  • KSM Group will conduct regular training and awareness programs for all employees and relevant stakeholders.

  • All employees are responsible for understanding and complying with this Policy and related procedures.

KSM Group, Kejuruteraan Semangat Maju Sdn Bhd and its subsidiaries, affiliates, associated entities and any of their branches and offices (collectively referred to as “KSM Group”, “KSM”, “we”, “our”, or “us”) is committed to protecting personal data in accordance with the Malaysia Personal Data Protection Act 2010 (PDPA) and promoting responsible, lawful, and secure handling of personal data across all aspects of our operations and business practices.

1. Purpose

The purpose of this Policy is to establish a group-wide framework for the protection, processing, and management of personal data in compliance with the Malaysia Personal Data Protection Act 2010 (PDPA). This Policy serves as the master reference for all KSM Group entities and provides guidance for subsidiary policies, procedures, and operational practices to ensure that personal data is handled responsibly, securely, and lawfully across all business functions, processes, and systems.

2. Scope

This Policy applies to:

  • All personal data collected, stored, processed, or transmitted by KSM Group.

  • All employees, contractors, vendors, partners, and third parties who have access to KSM Group’s personal data.

  • All business functions and activities across all KSM Group entities, regardless of location, medium, or system used.

3. Definition of Personal Data

For the purposes of this Policy, personal data refers to any information that identifies or can identify an individual, either directly or indirectly. Examples include, but are not limited to:

  • Name, identification number, contact information, and employment details

  • Financial, contractual, or commercial information

  • Any data submitted through KSM Group websites, forms, or other communication channels

4. Principles of Personal Data Protection

KSM Group commits to the following PDPA-aligned principles for all personal data:

  • Lawful Processing: Data will be collected and processed only for legitimate purposes with a lawful basis.

  • Consent: Personal data will be collected and processed with consent where required.

  • Purpose Limitation: Data will only be used for the purposes for which it was collected.

  • Data Accuracy: Reasonable steps will be taken to ensure personal data is accurate and up to date.

  • Data Retention: Data will be retained only as long as necessary to fulfil its purpose or comply with legal obligations.

  • Security: Appropriate technical, administrative, and physical measures will be implemented to protect personal data.

  • Transparency: Individuals will be informed of the purposes for which their data is collected and processed.

For the purposes of this Policy, personal data refers to any information that identifies or can identify an individual, either directly or indirectly. Examples include, but are not limited to:

  • Name, identification number, contact information, and employment details

  • Financial, contractual, or commercial information

  • Any data submitted through KSM Group websites, forms, or other communication channels

5. Roles and Responsibilities

a. KSM Group Management

  • Ensure overall compliance with this Policy and PDPA obligations.

  • Approve procedures, guidelines, and sub-policies relating to personal data protection.

  • Monitor and review personal data management practices across all entities.

b. Data Protection Officer (DPO)

  • Acts as the central authority for PDPA compliance.

  • Provides guidance, training, and support to all employees regarding personal data protection.

  • Monitors, audits, and reports on personal data handling across the Group.

c. Employees, Contractors, and Third Parties

  • Comply with this Policy and related sub-policies.

  • Take responsibility for safeguarding personal data they access or process.

  • Report any suspected data breaches, misuse, or non-compliance to the DPO immediately.

6. Data Collection and Processing Procedures

a. Collect personal data only for legitimate business purposes.

b. Ensure that individuals are informed of the purpose and, where required, provide consent.

c. Limit access to personal data to authorized personnel only.

d. Ensure that personal data is accurate, complete, and up to date.

e. Avoid unnecessary duplication and minimize storage of sensitive information.

7. Data Security Measures

KSM Group implements technical, administrative, and physical controls to protect personal data, including:

  • Secure network systems, password protection, and encryption where necessary

  • Access control and role-based data permissions

  • Secure storage of physical records and restricted access to offices or storage areas

  • Regular backups, monitoring, and vulnerability assessments

  • Clear guidelines for remote work, data transfers, and device security

8. Data Retention and Disposal

  • Personal data will be retained only as long as necessary for operational, legal, or regulatory purposes.

  • Data no longer required will be securely disposed of or anonymized, following internal guidelines and industry best practices.

9. Third-Party Management

  • Third-party vendors or partners with access to KSM Group personal data must comply with PDPA and KSM Group requirements.

  • Written agreements or contracts must include clauses for data protection, confidentiality, and breach reporting.

10. Breach Management

  • Any actual or suspected personal data breach must be reported immediately to the DPO.

  • The DPO will coordinate investigation, mitigation, and notification in accordance with PDPA and internal procedures.

  • Corrective actions, including updates to processes or training, will be implemented as necessary.

11. Awareness and Training

  • KSM Group will conduct regular training and awareness programs for all employees and relevant stakeholders.

  • All employees are responsible for understanding and complying with this Policy and related procedures.

12. Policy Review

  • This Policy will be reviewed at least annually or as required by changes in legislation, business operations, or risk assessments.

  • Updates will be communicated to all employees and stakeholders.

13. References to Sub-Policies

  • This Policy serves as the master reference for all related KSM Group policies. All sub-policies should align with this Policy to ensure consistent protection of personal data across the Group.

  • This Policy will be reviewed at least annually or as required by changes in legislation, business operations, or risk assessments.

  • Updates will be communicated to all employees and stakeholders.

14. Contact Information

For questions, concerns, or requests regarding this Policy or personal data protection:

KSM Group – Data Protection Officer

Email: info@ksmgroup.co
Phone: +603-8084 1870
Address: 7 & 9, Jalan USJ 10/1d, Taipan Business Centre, 47620 Subang Jaya, Selangor.

bottom of page