Personal Data Protection Act 2010

The Personal Data Protection Act is an act enacted by the Malaysian government in 2010 which came into effect on 15th November 2013 to protect individual’s personal data and it applies to any person who processes and any person who has control over or authorizes the processing of any personal data in respect of commercial transaction.

Brighton Group (“BG”, “we” or “us” or “our”) is required to comply with the Personal Data Protection Act 2010 (the “Act”).


For the purpose of this Policy, the following words shall have the following meanings assigned to them:

ActMeans the Personal Data Protection Act 2010.
NoticeMeans this Privacy Notice and any other amendments, supplements and/or additions as may be provided from time to time.
Personal DataMeans any information or data or a combination of information or data that can be used to uniquely identify or contact an individual.
ProcessingMeans collecting, recording, holding/storing or carrying out operations on any data including organization, adaptation or alteration, retrieval, consultation or use, disclosure by transmission, transfer, dissemination or otherwise making available, or the alignment, combination, correction, erasure or destruction of Personal Data.
Sensitive Personal DataShall includes an individual’s mental or physical health or condition, political opinions of an individual, religious beliefs or other beliefs of similar nature, the commission or alleged commission of any offence or any other information to be gazetted under the Act.

In case of discrepancies between the English and Bahasa Malaysia versions of this Notice, the English version shall prevail.

Source of your personal data

Registration is not required for you to use our Website. If you are merely a visitor, we do not collect any personal information about you. However, there may be circumstances in which you choose to register to ongoing updates from us or wish to send us an enquiry or feedback.

Your personal data may also be collected from various sources, including information you have provided us in our application form or other means, information from third parties, information in the public domain, social networks, in-person seminars and staff’s personal contacts. We may verify or source personal information about you from third party sources (both public and private) such as world check, credit bureaus or credit reference agencies, Registrar of Companies, Insolvency Department, legal representatives, industry / financial related associations and social networks.

Personal data processed by us

This may include your name, occupation, identity card or passport number, race or ethnic origin, nationality, residential and business addresses, company’s name, telephone and fax numbers, email address, wealth information and any other personal data required for the purposes set out below. In some situation, we may request for a resume or curriculum vitae which include your work experience, academic qualification, professional membership and references.

We do not intentionally collect any sensitive personal data unless legally required to do so, for example recruitment purposes. Sensitive personal data includes physical or mental health, political opinions, religious or other beliefs of a similar nature, criminal records, personal income tax file number, social security numbers, employee provident fund numbers and in some cases financial information.

Such personal data will remain confidential. We will not share your information for commercial purposes with third parties unless you give us your prior permission to do so. We will take such reasonable steps to protect the confidentiality of your information and to safeguard your privacy.

Information use and Purpose

BG collects processes and retains such of your personal data that is necessary to perform its functions and activities which include:-

  1. provide information about our services and solutions as requested by you;
  2. processing any applications that you have submitted to us;
  3. providing you our services and/or solutions which you have subscribed for and notifying you about important changes or development to the features;
  4. communicate with you on confirmation of your personal data, updating and managing the accuracy of our records;
  5. notify you of any developments, updates, training, seminar and other events from time to time;
  6. to communicate with you and respond to your enquiries or complaints;
  7. marketing, promotional materials or communications regarding services and solutions provided by us or our Network that we feel may be of interest to you;
  8. feedback on our services or for market or other research purposes;
  9. protect our interests and that of our users and where appropriate, to comply with legal process;
  10. prevention, detention or prosecution of crime, and complying with legal and regulatory obligations;
  11. such other administrative purposes which relate to the above.

If you receive a marketing e-mail from BG, you will be provided with an automated way to opt out (unsubscribe) (Appendix I) from that particular communication or from all marketing e-mails sent by us. Please follow the instructions on the e-mail you received.

Disclosure of information

BG may share your personal information among companies with the Group, our Network, third party service providers, banks or financial institutions or other third parties in order to provide you with information that could be of interest to you and conduct market or other research. We may also in limited circumstances share personal information with regulatory bodies, government agencies, the police, law enforcement bodies and courts and such persons or bodies to whom we are legally required to disclose.

All of these disclosures may involve the transfer of personal information to countries or regions without data protection rules similar to those in effect in your area of residence. By providing your personal information to us, you represent and warrant that you had or have consent to the disclosures described above or are otherwise entitled to provide the information to us.

No personal information should be disclosed to third party (except for disclosure for the original purpose(s) intended at the point of collection) without consent from you (Appendix II).

Security Measures

BG have in place reasonable commercial standards of technical and organizational security measures to protect the security of your personal information against destruction, misuse, unauthorized access, disclosure or alteration.

To safeguard against unauthorized access to Personal Data by third parties, all electronic Personal Data held by BG is maintained on systems that are protected by secure networks. BG limits access to internal systems that hold Personal Data to a select group of authorized users who are given access to such systems through the use of a unique identifier and password. Access to Personal Data is limited to and is provided only to relevant users for the purpose of performing their official duties.

Links to Other Web Sites

The privacy practices set forth in this Policy are for our Website only. This Website may contain links to other sites. BG is not responsible for the privacy practices or the content of such sites. If you link to or otherwise visit any other site, please review the privacy policies posted at that site.

Cookies and Passive Tracking

A “cookie” is an element of data that can be sent to your browser. Your browser may then store it on your system based on the preferences you have set on your browser. Cookies gather information about your operating system including, but not limited to, browser type, and Internet Protocol (IP) address. BG Website uses this information to analyze the traffic on our Website, and better serve you when you return to our Website. It is not our intention to use such information to personally identify a user. You have the option to configure your Internet browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. Further, you have the option to block all cookies. Please note, however, that if you refuse or otherwise block cookies you may not be able to use all of the functionality available on our Website.

You may wish to participate in the various blogs, forums, wikis and other social media platforms hosted by BG (“Social Media Platforms”) which we make available to you. The main aim of these Social Media Platforms is to facilitate and allow you to share content. However, we cannot be held responsible if you share personal information on Social Media Platforms that is subsequently used, misused or otherwise appropriated by another user.

BG may also provide links to other social media platforms maintained on separate servers by individuals or organizations over which we has no control. We make no representations or warranties regarding the accuracy or any other aspect of the information located on such servers.

A link to a third party’s website should not be construed as an endorsement by either BG or that third party of the other or its products and services. We make no representations or warranties regarding how user data is stored or used on third-party servers. We recommend you to review the privacy policy of each third-party site linked from our Website to determine their use of your personal data.

Rights of Access and Correction

If you have registered for any of our updates via email blasts, newsletters or marketing materials, you may request for access to, correct and update your personal information or limit the processing thereof. If you do not wish to receive future updates from us, you may unsubscribe it at any time.

There are also cases where the personal data that we request from you is necessary for us to perform our functions and services in relation to the purpose for which your data is collected. Failure or refusal to provide the data or wish to limit the personal data you disclose may render us unable to carry out the purposes for you. Also, the extent in which we can comply with your request without affecting our mutual rights and obligations in relation to the transaction, depend on the stage of the transaction. If such rights or obligations are impacted for, we may not be able to stop processing your personal data.

We are committed to ensure that the personal data we hold about you is accurate, complete, not misleading and up-to-date. If there are any changes to your personal data or if you believe that the personal data we have about you is inaccurate, incomplete, misleading or not up-to-date, please contact us so that we may take steps to update your personal data.

You have the right to access your personal data.  If you would like to request access to your personal data, please fill in the Access Request Form (Appendix III) and send to us via email to the Personal Data Protection Officer at PDPA [at] brighton [dot] asia. Please note that depending on the information requested we may have the right to charge a small fee for the processing of any data requested in accordance with the Act. We may also take steps to verify your identity before fulfilling your request for access to your personal data per the PDPA Internal Control Process Flow as illustrated in Table 1.

Table 1: Access Request Flow Chart


BG will keep your personal data for the duration of time to carry out the purpose for which your personal data was collected and also for the other purposes set out in this Privacy Policy, including handling enquiries, audit, complaints or legal proceedings and marketing purposes. We will also abide by legal, tax and other regulatory and industry requirements/guidelines for keeping records including our retention of record policy i.e. for not less than six (6) years.

Changes to our policy

BG may modify or amend this Privacy Policy from time to time at our discretion. Please check this page periodically to be informed about how we are protecting your information. We also display the effective date of the policy at the bottom of this page.

Questions or Comments

If you have any questions or concerns regarding your privacy or if you need assistance accessing or updating your personal information, please contact us via email: enquiry [at] brighton [dot] asia

Notices and Communications

In the event you have any enquiries, please contact:

Personal Data Protection Officer
Brighton Management Limited
Brighton Place
Lot U0213 – U0215,
Jalan Bahasa,
P.O. Box 80431,
87014 FT Labuan, Malaysia
Telephone No. : +6087 442899
Fax No. : +6087 – 451899
E-mail : PDPA [at] brighton [dot] asia

All communications to BG must be made in writing, legible and contain your full name, current address, NRIC number and contact particulars. BG reserves the right not to entertain any notices or communications which do not contain the foregoing particulars, are illegible, incomprehensible or where the party concerned cannot be contacted or where contact particulars are found to be incomplete, inaccurate or in error.

Brighton Group
13 February 2014
12 May 2023 (Updated)