PRIVACY NOTICE

Personal Data Protection Notice for Leisure Farm

Leisure Farm Corporation Sdn Bhd (“Leisure Farm”, “we”, “us” or “our”) respects and is committed to the protection of your personal information and your privacy. This Privacy Notice (“Notice”) explains how we collect and handle your personal information in accordance with the Malaysian Personal Data Protection Act 2010 (“PDPA”). Please note that we may amend this Notice at any time without prior notice and will notify you of any such amendments via our website or by email.

1. Personal information

1.1. Type of personal information

Personal information means any information which relates directly or indirectly to you, who is identified or identifiable from that information or from that and other information which was collected or provided to us for the purposes stated in Section 2 below. Your personal information that we collect and process may include but is not limited to your name, NRIC number, contact details, address, financial and banking account details (when making payment to us), CCTV/security recordings and location tracking/GPS information.

We do not generally collect or process any sensitive personal information unless explicit consent has been obtained from you, or where such processing is otherwise permitted or required under any applicable law. However, should you voluntarily provide us with any sensitive personal information, it will be deemed that you have given us your explicit consent by conduct to collect, use, disclose or process the sensitive personal information solely for the purpose for which it was provided. Sensitive personal information includes, but is not limited to, the following:

your physical or mental health conditions;
your political opinions;
your religious beliefs or other beliefs of similar nature;
your commission or alleged commission of any offence; or
biometric data.

1.2. Source of personal information

Customer or potential customer: We collect your personal information directly from you or indirectly from your legal representatives, agents (e.g. property agents) and/or employer when you, your legal representatives, agents and/or employers send us completed enquiry, application and/or registration forms via various means, including online and physical hardcopies at public venues or in any of our premises. Personal information may also be collected when you make enquiries about our properties, products or services, make reservations with us, attend or participate in our events (as a ticket holder, exhibitor, or applicant), subscribe to our mailing lists or updates, enter into competitions with us, complete voluntary surveys for research purposes, or become a member of our clubs. We may further collect information when you access and interact with our website or connect to our Wi-Fi, including through the use of cookies and similar technologies which record statistics on website activity, marketing campaign performance, and web traffic sources.
Vendor, supplier, tenant or service provider: We collect your personal information directly from you or indirectly from your employer, authorised representatives and/or credit reference agencies when tendering for projects, or when you send us completed enquiry, credit application and/or registration forms via various means, including online and physical hardcopies. Personal information may also be collected when you propose to provide or do provide products or services to us or our customers, or when you receive goods or services from us. We may also collect personal information through cookies and similar technologies when you visit our website.
Third Parties: We may also collect your personal information from third parties with whom you have directly engaged or to whom you have provided your personal information and consented for that information to be shared with us. These include our service providers who assist in delivering our properties, products or services, booking agents through whom you make enquiries or reservations for dining, accommodation, events or related services, as well as other goods or service providers, clients or business partners, for example, where you provide a trade or finance reference in connection with an agreement. We may further receive your personal information from your financial adviser, accountant, agent or other authorised intermediaries where you have agreed to such disclosure, or from persons appointed as your personal representative, attorney or legal representative.

1.3. Obligatory personal information

All information requested for in the relevant forms is obligatory to be provided by you unless stated otherwise. Should you fail to provide the obligatory information, we would be unable to process your request, provide you with relevant products or services and/or maintain our relationship with you.

2. Purposes of collecting and further processing (including disclosing) your personal information

2.1. Customer or potential customer

Your personal information is collected and further processed by us as required or permitted by law and to give effect to your requested commercial transaction, including the following:

to process your requested products or services;
to facilitate your participation in any contests or events;
to administer and communicate with you in relation to our services and/or events;
to process any payments related to your requested service;
for insurance purposes;
for internal investigations, audit or security purposes;
to conduct internal marketing analysis and analysis of customer patterns and choices;
to comply with our legal and regulatory obligations in the conduct of its business;
to contact you regarding products, services, upcoming events, promotions, advertising, marketing and commercial materials which we feel may interest you;
to ensure that the content from our website is presented in the most effective manner for your and for your computer and/or device; and/or
for our internal records management, customer relations events and activities, and or any customer loyalty reward program.

2.2. Vendor, supplier, tenant or service provider

Your personal information is collected and further processed by us as required or permitted by law and to give effect to your requested commercial transaction, including the following:

to process your requested products or services;
to process your credit account application;
to assess your credit worthiness;
to administer and give effect to your commercial transaction (tender award, contract for service, tenancy agreement);
to process any payments related to your commercial transaction;
for insurance purposes;
for internal investigations, audit or security purposes;
to comply with our legal and regulatory obligations in the conduct of its business;
to contact you regarding products, services, upcoming events, promotions, advertising, marketing and commercial materials which we may feel interest you;
to ensure that the content from our website is presented in the most effective manner for your and for your computer and/or device; and/or
for our internal records management, customer relations events and activities, and customer loyalty reward program.

Where you have indicated your consent to receiving marketing or promotional updates from us, you may opt-out from receiving such marketing or promotional material at any time. You may select the “unsubscribe” option provided in our email blasts or you may contact our data protection officer at the details provided in Section 8 below.

3. Disclosure of personal information

3.1. Entities related to Leisure Farm

Your personal information provided to us is processed by entities (in or outside of Malaysia) related to Leisure Farm (including any other related companies, subsidiaries, holding companies, associated companies and outsourcing partners). We will ensure that:

access to your personal information is restricted to staff who are contractually required to process your personal information in accordance with their respective job requirements; and
only necessary information is released to the relevant employees.

3.2. Classes of third parties

Your personal information may be disclosed to relevant third parties (in or outside of Malaysia) as required under law, pursuant to relevant contractual relationship (for example, where we appoint third party service providers) or for the purposes stated in Section 2 above (or directly related to those purposes).

In the event of a potential, proposed or actual sale of business, disposal, acquisition, merger or re-organization (“Transaction”), your personal information may be required to be disclosed or transferred to a third party as a result of the Transaction.

By continuing to engage with us, you hereby acknowledge and consent that such disclosure and transfer, including to third parties outside of Malaysia, may occur and permit us to release your personal information to the other party and its advisers/representatives. The list of third parties are as follows and may be updated time to time:

Customer or potential customer:

Your personal information may be disclosed to the following classes of third parties:

Third parties appointed by us to provide products or services to us or on our behalf (such as auditors, lawyers, company secretary, consultants, contractors, professional advisors, service providers, printing companies, conference/training/event organizer, other advisers, and insurance companies);
Our business partners or affiliates who may jointly provide the service requested for (such as third-party hotels or resorts or shopping mall tenants);
Utility companies;
Property management companies for management of property purchased;
Foreign embassies (including agencies appointed by foreign embassies to carry out their services) if we assist you in your visa application as part of your requested travel services;
Law enforcement agencies, including the local police; and
Relevant governmental authorities, statutory authorities, local council and industry regulators.

Vendor, supplier, tenant or service provider:

Your personal information may be disclosed to the following classes of third parties:

Third parties appointed by us to provide products or services to us or on our behalf (such as auditors, lawyers, company secretary, printing companies, contractors, conference/training/event organizer, other advisers, and insurance companies);
Law enforcement agencies, including the local police; and
Relevant governmental authorities, statutory authorities, local council and industry regulators.

3.3. Security Measures for Disclosure

In circumstances set out in this Notice where we share personal information to a third party, we will ensure that the disclosure is done in a safe and secure manner. These measures include access controls and role-based permissions, multi-factor authentication for accessing of sensitive systems, principle of least privilege, encryption and secure data handling, the adoption of third-party contractual safeguards, the implementation of physical and environmental security measures (e.g., restricted access to data centres and physical archives, CCTV surveillance, biometric entry controls, and secure disposal of printed records), and the maintenance of logs or audit trails for all disclosures. We will also take reasonable steps to ensure that the security measures implemented by the third party are at least as stringent as those employed by us, if not better. This does not apply where we are required under PDPA or applicable law to pass the information to a third party.

4. Websites

4.1. Links to other sites

Links to other sites is provided for your convenience and information. These sites may have their own privacy statement in place, which we recommend you review if you visit any linked websites. We are not responsible for the content on the linked sites or any use of the site.

4.2. Location enabled products or applications

Location enabled products or applications transmit your location information to us. We do not use the information sent or provided other than to provide the service you request. Location enable features are opt-in and you have control over your participation and can turn these services off at any time or uninstall them.

Some mobile applications will utilize Google Analytics (or similar tool) to help us better serve you through improved products, services, and revisions to the mobile applications. This collected information will not identify you to us. It may, however, let us know anonymously, which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.

4.3. Cookies

A cookie may be used in the processing of your information. A cookie is a text file placed into the memory of your computer and/or device by our computers. A copy of this text file is sent by your computer and/or device whenever it communicates with our server. We use cookies to identify you. We may also collect the following information during your visit to our website and/or the fully qualified domain name from which you accessed our site, or alternatively, your IP address:

the date and time you accessed each page on our web site;
the URL of any webpage from which you accessed our site (the referrer); and
the web browser that you are using and the pages you accessed.

Some web pages may require you to provide a limited amount of personal information in order to enjoy certain services on our websites (system login credentials, email address, contact, and etc.). This personal information will only be used for its intended purposes only, i.e. to respond to your message or deliver the requested services.

5. Security Measures

We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. These measures include but are not limited to role-based access control, multi-factor authentication, periodic access review of accounts with access to internal systems, encryption and secure data handling, use of cybersecurity infrastructure (e.g., firewalls, endpoint protection, managed threat response services, internet access gateway, application delivery controllers, data loss prevention), regular risk assessments and testing (e.g., cybersecurity risk assessments, penetration testing, vulnerability scans and patch management), and adoption of operational policies and procedures on data classification, retention and secure disposal, third-party management, and policies on personal devices. While we take reasonable precautions to implement security measures to protect your personal information, no system can be entirely free from risk.

6. Retention and Disposal

We will retain your personal information for as long as necessary to fulfil the purposes for which it was collected, and following the fulfilment of those purposes, we may continue to retain your personal information for a further period of up to seven (7) years to comply with legal or regulatory requirements, to protect our legitimate interests, or for any other lawful purposes.

Once the retention period has lapsed or as long as the personal information is no longer necessary for the fulfilment of the purposes outlined above, or as required by law, including tax, regulatory, and compliance purposes, we will ensure that all personal information is disposed and permanently deleted when such data is no longer required.

7. Right to access and correct personal information

You have the right to access, update and correct your personal information held by us (subject always to certain exemptions). We will make every endeavor to ensure your personal information is accurate and up to date therefore we ask that if there are changes to your information you should notify us directly. If you would like to access or correct your personal information, please refer to our Data Protection Officer’s contact details in Section 8 below:

8. Limiting the processing of personal information, further enquiries and complaints

If:

you would like to limit the processing of your personal information or to obtain further information on how to do so;
withdraw your consent to our processing of your personal information;
you have any further query; or
you would like to make a complaint in respect of your personal information,

you may contact our Data Protection Officer at 03-77186288.

For information of all other businesses, please submit your enquiry at https://www.mulpha.com.au/contact-us/

9. Language

This Notice is available in English and Bahasa Malaysia. In case of any discrepancy between the English version and the Bahasa Malaysia version, the English version of this Notice shall prevail.

2010	HONOUR AWARD: BAYOU WATER VILLAGE, LEISURE FARM RESORT IN THE PROFESSIONAL CATEGORY FOR EXCELLENT LANDSCAPE
2009	WINNER: PENDAS CREEK PARK IN THE PROFESSIONAL CATEGORY FOR EXCELLENT LANDSCAPE DESIGN & PLANNING
2007	WINNER: KAYU MANIS ORCHARD & NURSERY FOR RESORT CATEGORY

2010	HONORARY MENTION: MULTIPLE RESIDENTIAL BUILDING (LOW RISE) – BAYOU WATER VILLAGE
2008	WINNER: BEST MULTIPLE RESIDENTIAL (LOW RISE) BEST POLICE BEAT – COLOUR ON BUILDINGS BEST POLICE BEAT – PUBLIC AND CIVIL BUILDING

2007	WINNER: RESIDENTIAL DEVELOPMENT (LOW RISE) CATEGORY – PINGGIRAN BAYOU VILLAGE HOMES
2011	WINNER: RESIDENTIAL DEVELOPMENT (LOW RISE) CATEGORY – BAYOU WATER VILLAGE
2005	WINNER: MASTER PLAN DEVELOPMENT CATEGORY FOR MIND, BODY & SOUL

2012	WINNER: RESIDENTIAL DEVELOPMENT (LOW RISE) CATEGORY – BAYOU WATER VILLAGE
2008	WINNER: BEST RESIDENTIAL CATEGORY – PINGGIRAN BAYOU VILLAGE HOMES
2005	FINALIST: BALE EQUESTRAIN AND COUNTRY CLUB