Privacy Policy

Privacy Policy

Bandar Utama Promenade Sdn Bhd (hereinafter referred to as “BUPSB”) respects and is committed to the protection of your personal information and privacy. In this Personal Data Protection Notice and Privacy Policy, BUPSB is referred to as “our”, “us” or “we” whereas “you” and “your” refers to you as a data user including third parties whose personal data you have provided to BUPSB.

The Personal Data Protection Act 2010 (hereinafter referred to as the “Act”) regulates the processing of personal data in commercial transactions. Please note that we may amend this Personal Data Protection Notice at any time without prior notice and will notify you of any such amendment via our website or by email.

We may collect and process personal data of children under the age of 18 years old. If you are under 18 years old, please obtain your parent’s or guardian’s consent before you provide your personal data to BUPSB. If we learn that we have collected such information from a child under 18 without verification of parental consent, we will delete the information. If you believe we might have any information from or about a child under 18 without parental consent, please contact us at the information provided below.

 

1. Personal information

1.1 Type of personal information
Personal information means any information which relates to you and which was collected or provided to BUPSB for the purposes stated in Section 2 below. Your personal information may include your name, NRIC number, contact details, financial and banking account details, CCTV/security recordings, information regarding your family, relatives or third party that you provide to us and location tracking/GPS information and all other information which may be provided by you to BUPSB via:

  1. FLOWRIDER 1 Utama’s Website;
  2. 1 Utama SuperApp;
  3. Electronic or physical forms at FLOWRIDER 1 Utama;
  4. E-mail; and/or
  5. Social media and other communication messaging platforms.

 

1.2 Source of personal information

  • Customer or potential customer: BUPSB collects your personal information directly from you or indirectly from your legal representatives, agents (e.g. travel agents) and/or employer when you, your legal representatives, agents and/or employers send us completed enquiry, application and/or registration forms via various means, including online and physical hardcopies at public venues or in any of our premises.
  • Vendor, supplier, tenant or service provider: BUPSB collects your personal information directly from you or indirectly from your employer or credit reference agencies when tendering for projects, when you send us completed enquiry and/or credit application forms via various means, including online and physical hardcopies.

 

1.3 Obligatory personal information
All information requested for in the relevant forms is obligatory to be provided by you unless stated otherwise. Should you fail to provide the obligatory information, we would be unable to process your request and/or provide you with relevant services.

 

2. Purposes of collecting and further processing (including disclosing) your personal information

  1. Customer or potential customer: Your personal information is collected and further processed by BUPSB as required or permitted by law and to give effect to your requested commercial transaction, including the following:
  • to process your requested services;
  • to administer and communicate with you in relation to our services and/or events;
  • to process any payments related to your requested service;
  • for insurance purposes;
  • to operate our premises in a manner which is physically safe, secure and befitting of health and safety requirements;
  • for internal investigations, audit or security purposes;
  • to conduct internal marketing analysis and analysis of customer patterns and choices;
  • to comply with BUPSB’s legal and regulatory obligations in the conduct of its business;
  • to contact you regarding products, services, upcoming events, promotions, advertising, marketing and commercial materials which we may feel interest you;
  • to ensure that the content from our website is presented in the most effective manner for your and for your computer and/or device;
  • for BUPSB’s internal records management, customer related events.
  1. Vendor, supplier, tenant or service provider: Your personal information is collected and further processed by BUPSB as required or permitted by law and to give effect to your requested commercial transaction, including the following:
  2. to process your requested services;
  3. to process your credit account application;
  4. to assess your credit worthiness;
  5. to administer and give effect to your commercial transaction (tender award, contract for service, tenancy agreement);
  6. to process any payments related to your commercial transaction;
  7. for insurance purposes;
  8. for internal investigations, audit or security purposes;
  9. to comply with BUPSB’s legal and regulatory obligations in the conduct of its business;
  10. to contact you regarding products, services, upcoming events, promotions, advertising, marketing and commercial materials which we may feel interest you;
  11. to ensure that the content from our website is presented in the most effective manner for your and for your computer and/or device;

Where you have indicated your consent to receiving marketing or promotional updates from BUPSB, you may opt-out from receiving such marketing or promotional material at any time. You may contact BUPSB at the details provided in Section (6) below.

 

3. Disclosure of personal information

3.1 Entities within BUPSB
Your personal information provided to us is processed by entities (in or outside of Malaysia) within BUPSB.  BUPSB will ensure that:

  • access to your personal information is restricted to staff who are contractually required to process your personal information in accordance with their respective job requirements; and
  • only necessary information is released to the relevant employees.

 

3.2 Classes of third parties

Your personal information may be disclosed to relevant third parties (in or outside of Malaysia) as required under law, pursuant to relevant contractual relationship (for example, where we appoint third party service providers) or for the purposes stated in Section 2 above (or directly related to those purposes). The aforesaid relevant third parties may include the following:

  • Third parties appointed by us to provide services to us or on our behalf (such as auditors, lawyers, company secretary, consultants, contractors, professional advisors, service providers, printing companies, contractors, conference/training/event organiser, other advisers, travel agencies and insurance companies);
  • Our business partners or affiliates who may jointly provide the service requested;
  • Utility companies;
  • Law enforcement agencies, including the local police; and
  • Relevant governmental authorities, statutory authorities, local council and industry regulators.

 

3.3 Transfer of your personal data outside Malaysia.

It may be necessary for us to transfer your personal information outside of Malaysia if any of the third parties mentioned in section 3 (Disclosure of personal information) above including our service providers or business partners who are involved in providing any services to us are located or have processing facilities in countries outside of Malaysia.

You consent to us transferring your personal information outside Malaysia to such third parties and for the purposes set out in section 2 (Purposes of collecting and further processing (including disclosing) your personal information).

We shall take necessary steps to ensure that any such third parties are contractually bound to protect your personal information and that they can only process your personal information under our instructions.

 

4. Websites

4.1 Links to other sites

Links to other sites is provided for your convenience and information. These sites may have their own privacy statement in place, which we recommend you review if you visit any linked websites. We are not responsible for the content on the linked sites or any use of the site.

4.2 Location enabled products or applications

Location enabled products or applications transmit your location information to us. We do not use the information sent or provided other than to provide the service you request. Location enable features are opt-in and you have control over your participation and can turn these services off at any time or uninstall them.

Some mobile applications will utilize Google Analytics (or similar tool) to help us better serve you through improved products, services, and revisions to the mobile applications. This collected information will not identify you to us. It may, however, let us know anonymously, which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.

4.3 Cookies

A cookie may be used in the processing of your information. A cookie is a text file placed into the memory of your computer and/or device by our computers. A copy of this text file is sent by your computer and/or device whenever it communicates with our server. We use cookies to identify you. We may also collect the following information during your visit to our website and/or the fully qualified domain name from which you accessed our site, or alternatively, your IP address:

  1. the date and time you accessed each page on our web site;
  2. the URL of any webpage from which you accessed our site (the referrer); and
  3. the web browser that you are using and the pages you accessed.

 

Some web pages may require you to provide a limited amount of personal information in order to enjoy certain services on our websites (system login credentials, email address and contact, etc). This personal information will only be used for its intended purposes only, i.e. to respond to your message or deliver the requested services.

 

5. Right to access and correct personal information

You have the right to access and correct your personal information held by us (subject always to certain exemptions). We will make every endeavour to ensure your personal information is accurate and up to date therefore we ask that if there are changes to your information you should notify us directly. If you would like to access or correct your personal information, please do reach out to the contact details in Section 6 below.

 

6. Limiting the processing of personal information, further enquiries and complaints

If:

  1. you would like to obtain further information on how to limit the processing of your personal information or withdraw your consent on personal data processing;
  2. you would like to request to limit your personal information or withdraw your consent on personal data processing (note that we may retain your data where there is a legal basis to do so);
  3. you have any further query; or
  4. you would like to make a complaint in respect of your personal information,

 

Contact:

Bandar Utama Promenade Sdn Bhd
1, Dataran Bandar Utama,
Bandar Utama, PJU 6,
47800 Petaling Jaya,
Selangor
Tel: +603 7710 0833
E-mail: marketing@flowrider1utama.com.my

 

7. Data security

We have implemented reasonable physical, technical and procedural measures to secure your personal information from accidental loss and from unauthorized or accidental access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers. The measures we implement may include the following:

  1. Register our employees handling personal data into a system/registration book before being allowed access to personal data;
  2. Terminating our employee’s access rights to personal data after his/her resignation, termination of contract or agreement, or adjustment in accordance with changes in BUPSB;
  3. Controlling and limiting our employee’s access to personal data system for the purpose of collecting, processing and storing of personal data;
  4. Providing user ID and password for authorized employees to access personal data;
  5. Terminating user ID and password immediately when our employee who is authorized access to personal data is no longer handling the data;
  6. Establishing physical security procedures as follows:
    1. control the movement in and out of the data storage site;
    2. store personal data in an appropriate location which is unexposed and safe from physical or natural threats;
    3. provide a closed-circuit camera at the data storage site (if necessary); and
    4. provide a twenty-four (24) hours security monitoring (if necessary)
  7. Updating the Back Up/Recovery System and anti-virus to prevent personal data intrusion;
  8. Safeguarding the computer systems from malware threats to prevent attacks on personal data;
  9. Prohibiting the transfer of personal data through removable media device and cloud computing service unless consent has been obtained from the top management of BUPSB and appropriate safeguards have been implemented;
  10. Recording any transfer of data through removable media device and cloud computing service unless consent has been obtained from the top management of BUPSB and appropriate safeguards have been implemented;
  11. Ensuring that personal data transfer through cloud computing service comply with the personal data protection principles in Malaysia, as well as with personal data protection laws of other countries;
  12. Maintaining a proper record of access to personal data periodically and making such record available for submission when directed by the Personal Data Protection Commissioner;
  13. Ensuring that all our employees involved in processing personal data always protect the confidentiality of the data subject’s personal data; and
  14. Binding a third party appointed by us with a contract for operating and carrying out personal data processing activities.

 

We also ensure that any third party service providers storing or processing your personal information has implemented similar acceptable standards of security.

Unfortunately, the transmission of information via the internet is not completely secured. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted on our website.

 

8. Retention of personal data

We will process your personal data for as long as we have a legal basis to do so. Your personal information would only be stored for the period as necessary to fulfil the purposes stated above.

We may also implement the following measures for the management and deletion of personal data that is stored by us:

  1. Maintaining a system for proper record of personal data disposal periodically and making such record available for submission when directed by the Personal Data Protection Commissioner;
  2. Conducting reviews and disposing all unwanted personal data that in the database from time to time;
  3. Prohibiting the storage of personal data through removable media device and cloud computing service unless written consent is obtained from an officer authorized by the top management of BUPSB.

 

This Personal Data Protection Notice was last updated on 1 November 2023.