In general, we may collect Personal Data in the following ways:

2.1 D’OFFIS collects Personal Data to provide our services or products to customers. The data is collected when you:

• Register your information on our website.
• Provide your details to our company representatives.
• Enter into any agreement or submit other documentation related to your interactions with us.
• Submit your Personal Data to us directly.
• Access our property and/or premises, during which your images may be captured by CCTV cameras, or through photographs or videos taken by us or our representatives at our events.
• Complete sales orders, requests, or applications for our products and services (via phone, in person, by mail, or electronically).
• Interact with our staff regarding our products and services, including customer service representatives, through various means such as telephone calls (which may be recorded), direct mail, fax, face-to-face meetings, social media platforms, emails, or other communication methods.
• Use and/or subscribe to any of our products and services, including assembly/installation services, training services, and maintenance or after-sales service programs.
• Conduct transactions, such as making payments.
• Engage with us during promotions, competitions, contests, special events, workshops, or respond to requests for additional Personal Data.
• Receive your Personal Data from business partners, public agencies, former employers, referral intermediaries, and other third parties or relevant authorities, particularly when you have been referred by business partners or when we seek information about you in connection with your relationship with us, including for our products and services or job applications.
• Submit your Personal Data to us for any other purpose.

2.2 As a Service Provider: D’OFFIS collects Personal Information on behalf of our customers (Employers). The data is collected when:

• Customers input employee details such as name, date of birth, gender, contact information, emergency contact number, address, nationality, family member information, and national security/identity number to maintain employee records.
• Customers provide payment-related bank and tax information.
• Employees update their Personal Information.
• The D’OFFIS platform captures facial images and location data for attendance and payroll calculations.

3.1 Subject to applicable laws, we may collect, use, and disclose your Personal Data for the following purposes, depending on the nature of your interaction with us:

• To communicate with you.
• For marketing communications regarding D’OFFIS or other products and services that may interest you, in line with your marketing preferences.
• To assess, process, and provide products, services, and/or facilities to you, including fulfilling obligations related to the goods and services you request.
• To administer and process payments related to the products, services, and/or facilities you request or your commercial transactions with us.
• To verify your identity and background.
• To respond to your inquiries, feedback, requests, or complaints, and to resolve any issues or disputes that may arise from your dealings with us.
• To facilitate your participation in and our administration of events, including workshops, promotions, contests, or campaigns.
• To maintain and update internal records.
• For internal administrative purposes, including managing and planning D’OFFIS's business operations and ensuring compliance with internal policies and procedures.
• To share your Personal Data as required by any agreement or document you have entered into with us for the purpose of seeking legal and/or financial advice or initiating legal action.
• For detecting, investigating, and preventing fraudulent, prohibited, or illegal activities, as well as analyzing and managing commercial risks, including those related to disputes, billing, fraud, and prosecutions.
• To enable us to fulfill our obligations and enforce our rights under any agreements or documents we are party to.
• To transfer or assign our rights, interests, and obligations under any agreements with you.
• To meet any applicable legal or regulatory requirements and to disclose information as mandated by law, regulation, court order, or other applicable guidelines.
• To enforce or defend our rights and your rights, and to comply with our obligations under applicable laws and regulations.
• For purposes necessary to operate, maintain, and better manage our business and your relationship with us, which we will notify you of at the time of obtaining your consent.
• To facilitate business asset transactions, including mergers, acquisitions, or asset sales.
• To match any Personal Data we hold that relates to you for any of the purposes listed herein.
• To manage the safety and security of our premises and services, including conducting CCTV surveillance and security clearances.
• To monitor or record phone calls and customer interactions for quality assurance, employee training, performance evaluation, and identity verification purposes.
• In connection with any claims, actions, or proceedings, including drafting and reviewing documents, obtaining legal advice, and facilitating dispute resolution, as well as protecting and enforcing our contractual and legal rights and obligations.

3.2 Additionally, we may collect, use, and disclose your Personal Data for the following purposes, depending on our relationship with you:

• If you have an account with us:
  • To process and maintain your account.
  • To administer and process your requests, including creating and maintaining user profiles in our system database for administrative purposes (including tracking your use of the Platform).
  • To manage debt recovery and debt management.
• If you are an employee, officer, or owner of a vendor, contractor, or other external service provider, or a prospective vendor or contractor of D’OFFIS:
  • To conduct appropriate due diligence checks.
  • To evaluate your organization’s suitability as a vendor, contractor, or external service provider for D’OFFIS and to conduct background checks.
  • To create and maintain profiles of our vendors, contractors, and external service providers in our system databases.
  • To process and facilitate necessary actions related to the work or engagement of said vendors, contractors, and external service providers.
  • To respond to emergencies.
  • For facilities management purposes, including issuing visitor access passes and facilitating security clearances.
  • To communicate with your deployed staff, post-contract award, who are on our premises to perform work or services, and for any emergency or security concerns.

3.3 You have rights regarding D’OFFIS's collection, use, or disclosure of your Personal Data. If you choose not to provide the Personal Data as described in this notice, we may be unable to fulfill our obligations as outlined in this clause. You have the right to object to the processing of your Personal Data and to withdraw your consent as described in Clauses 6 and 11.

3.4 In relation to specific products or services or your interactions with us, we may have informed you of additional purposes for which we collect, use, or disclose your Personal Data. If so, we will also collect, use, and disclose your Personal Data for these additional purposes unless we have specifically notified you otherwise.

3.5 D’OFFIS is committed to protecting the Personal Data in its possession or under its control by implementing reasonable security measures to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar

4.1 Subject to applicable laws, your Personal Data may be disclosed for the purposes outlined above (where relevant) to the following entities or parties, whether located domestically or internationally:

• Other companies within the D’OFFIS group.
• Third-party service providers, agents, and other organizations we have engaged to perform functions related to the aforementioned purposes.
• D’OFFIS entities located overseas, to fulfill their job responsibilities while implementing appropriate technical and organizational measures; this includes assisting with the resolution of technical support issues related to the Software, whether through a ticketing system, phone calls, or other means.
• Any business partner, investor, assignee, or transferee (actual or prospective) to facilitate business asset transactions, which may include mergers, acquisitions, or the sale of debt or assets.
• Relevant government regulators, ministries, statutory boards, embassies, or authorities, as well as law enforcement agencies, whether local or international, to comply with any directives, laws, rules, guidelines, regulations, or schemes issued or administered by them.
• Any other party to whom you have authorized us to disclose your Personal Data.

4.2 Information Processed by D’OFFIS on Behalf of Our Customers

D’OFFIS shares employees' Personal Information only with third-party Cloud Service providers. The data collected by D’OFFIS is hosted on Microsoft Azure Cloud in the respective regional data centers, equipped with advanced security features.

Facial data will also be stored on the user's mobile device and in the cloud. When users utilize face authentication, the system verifies the image from mobile storage to authenticate access to the application. Cloud-stored images will be restored if the user's mobile device loses the stored data (for instance, during a device change or app reinstallation).

D’OFFIS implements, enforces, and maintains security policies to prevent unauthorized or accidental access to, destruction, loss, modification, use, or disclosure of Personal Data, and continuously monitors compliance with these policies.

We will take reasonable measures to ensure that the Personal Data we collect about you is accurate, complete, not misleading, and kept up to date, considering its intended use. Whenever possible, we will verify the Personal Data you provide using widely accepted practices and guidelines. If we maintain an ongoing relationship with you, it is essential that you inform us of any changes to your business contact information.

You have the right to:

• Submit a request for access to a copy of the Personal Data we hold about you or information regarding how we use or disclose your Personal Data.
• Submit a correction request to update or correct any of your Personal Data that we hold.

To make a request, please submit it in writing or via email to our Data Protection Officer ("DPO") using the contact details provided below. In accordance with Data Protection Laws, we will strive to respond to your access and/or correction request within 30 days of receiving it. If we are unable to respond within this timeframe, we will notify you in writing within 30 days, indicating when we expect to be able to address your request.

Depending on the complexity and nature of your access and/or correction request, we may need to charge a fee to cover our administrative costs. This will be evaluated on a case-by-case basis by our DPO. If a fee is applicable, we will inform you of the amount before processing your request. Please note that we will only proceed with your request once you have agreed to pay the fee. In some cases, we may also require a deposit before processing the access request, and you will be informed if this is necessary.

D’OFFIS does not have a direct relationship with individuals whose Personal Information is provided to us through our Services. If you are or were employed by one of our customers and wish to access, correct, amend, object to the processing or profiling of, or delete your Personal Information on the platform, please direct your inquiry to the HR department of the customer organization that utilizes the platform and for which you are or were employed, especially if you cannot make the necessary changes through your access to the platform provided by the customer.

7.1 You have the right to withdraw your consent for the collection, use, and/or disclosure of your Personal Data that we hold or control for any or all of the purposes listed above. To do so, please submit your request in writing or via email to our Data Protection Officer ("DPO") using the contact details provided below.

7.2 Upon receiving your written request to withdraw consent, we may need a reasonable amount of time (depending on the complexity of the request and its impact on our relationship with you) to process your request and inform you of the consequences of our compliance, including any legal implications that may affect your rights and obligations towards us. As a result, you may continue to receive communications during this period.

7.3 If you withdraw your consent for any or all uses of your Personal Data, depending on the nature of your request, D’OFFIS may be unable to continue providing its products and services to you or managing any existing contractual relationships. This may lead to the termination of any agreements with D’OFFIS and could result in a breach of your contractual obligations or commitments. D’OFFIS reserves all legal rights and remedies in such cases.

7.4 Please be aware that withdrawing your consent does not affect our right to continue collecting, using, and disclosing Personal Data where such actions are permitted or required by applicable laws without consent.

8.1 We generally rely on you to ensure that any Personal Data provided by you (or your authorized representative) is accurate and complete. To keep your Personal Data current, complete, and accurate, please promptly inform us of any changes by contacting our Data Protection Officer ("DPO") in writing or via email using the contact details provided below. Until we receive such notification, we will consider your Personal Data (as provided by you or your authorized representative) to be accurate and complete.

8.2 We may retain your Personal Data for as long as necessary to fulfill the purpose for which it was collected, to meet legal or business requirements, or as required or permitted by applicable laws.

Where applicable, your Personal Data may be stored on external servers located in specific countries or regions. Additionally, as outlined above, we may need to transfer your Personal Data between our subsidiaries located in other countries as part of our business operations. For instance, your Personal Data stored in the Software may be transferred internationally for support functions. Such transfers will comply with the requirements set forth in applicable data protection laws to ensure that a standard level of protection is maintained for your Personal Data. Please be assured that when we disclose Personal Data to a third party in another country, we implement safeguards to ensure that your Personal Data remains protected.

In the event of a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, we will promptly evaluate the impact. If we determine that it constitutes a notifiable data breach, we will report it to the relevant regulatory body or data protection authority within 3 calendar days. D’OFFIS will also notify affected customers without undue delay, within 24 hours of confirming that the breach is likely to cause significant harm or impact to the individuals involved, or if it is of a significant scale.

11.1 When you visit or interact with our Platform, we or our authorized service providers may utilize cookies, web beacons, and other similar technologies to collect and store information, enhancing your web experience by making it better, faster, and safer.

11.2 The information gathered by us or our authorized service providers may identify a visitor as a unique user and can include details such as how a visitor arrives at our Platform, the type of browser being used, the operating system in use, the visitor's IP address, as well as clickstream data and timestamps (for instance, which pages were viewed, when they were accessed, and the duration spent on each page).

11.3 The use of cookies, web beacons, and similar technologies on our Platform serves various purposes. They may be essential for the functionality of our services, help us enhance performance, or provide additional features. These technologies may also be employed to deliver content that is more relevant to you and your interests or to target advertising to you both on and off our Platform.

11.4 Cookies are small text files (typically composed of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies enable a website to recognize a specific device or browser. There are several types of cookies:

a) Session cookies expire at the end of your browser session and allow us to link your actions during that session.

b) Persistent cookies remain on your device between browser sessions, enabling us to remember your preferences or actions across multiple sites.

c) First-party cookies are set by the site you are currently visiting.

d) Third-party cookies are set by a site other than the one you are visiting.

11.5 Cookies can be disabled or removed using tools available in most commercial browsers. You will need to set preferences for each browser you use, as different browsers offer varying functionalities and options.

11.6 Web beacons are small graphic images (also referred to as "pixel tags" or "clear GIFs") that may be included on our Platform. Web beacons typically work in conjunction with cookies to profile each unique user and their behavior.

11.7 Similar technologies include methods that store information in your browser or device using local shared objects or local storage, such as flash cookies, HTML5 cookies, and other web application software techniques. These technologies can function across all your browsers.

11.8 In our policies, we may use the terms "cookies" or "similar technologies" interchangeably to refer to all technologies we may use to collect or store information in your browser or device, or that help identify you as a unique user as described above.

11.9 Certain features and services of the Platform are only accessible through these technologies. You are always free to block, delete, or disable these technologies if your browser allows.

11.10 However, if you choose to decline cookies or other similar technologies, you may not be able to fully utilize the Platform and certain features or services. For more information on how to block, delete, or disable these technologies, please consult your browser settings.

Our Platform may include links to other websites operated by third parties, such as our business partners. We are not responsible for the data protection practices of these third-party websites linked to our Platform. We encourage you to familiarize yourself with the data protection policies of any third-party sites you visit. Some of these third-party websites may feature our logo or trademark, even though they are not operated or maintained by us. Once you leave our Platform, we recommend reviewing the privacy policy of the third-party website to understand how they will manage any information they collect from you.

13.1 If you have any questions or feedback regarding your Personal Data or this Policy, wish to withdraw your consent for any use of your Personal Data as outlined in this Policy, or would like to request access to and make corrections to your Personal Data records, please reach out to us using the following contact information:

D'OFFIS Team

Residensi UTMKL No 8 Jalan Maktab

Kampung Datuk Keramat 54100

Kuala Lumpur, Malaysia

Email: [email protected]

14.1 D’OFFIS will retain your Personal Data for as long as necessary to fulfill the services you have requested, comply with applicable laws and regulations, resolve disputes, and enforce our agreements. D’OFFIS may retain your data for a longer period if there is a legitimate business interest that does not outweigh your personal rights and freedoms. Data entered into D’OFFIS services will be retained in accordance with any relevant agreements between D’OFFIS and its customers.

14.2 Information Processed on Behalf of Our Customers
Regarding the data of employees of D’OFFIS customers, the responsibility for defining the data retention period lies solely with the customers, who must consider relevant laws and regulations. Customers should establish the data retention period based on the purpose for which the data was collected and processed, applicable legal requirements, and their own data retention policies. The retention period should not exceed what is necessary to fulfill the purpose for which the data was collected or to comply with legal obligations. Data entered into D’OFFIS will be retained in accordance with any applicable agreements between D’OFFIS and its customers.

We will retain customers’ facial data for as long as they continue to use D’OFFIS. Upon termination of a customer’s account, their facial data will be removed from the active database 30 days after the termination date. Customers will receive prior notice via email before the permanent deletion of their data. Complete backups will be deleted 7 days after the deletion of the active database.

We may periodically revise the terms of this Policy at our sole discretion to ensure it aligns with our future developments, industry trends, and any changes in legal or regulatory requirements. Subject to your legal rights, you agree to be bound by the current terms of this Policy as updated from time to time on our platform at https://www.doffis.my/dataprotectionpolicy. We encourage you to visit this website regularly to stay informed about our latest policies regarding privacy.