Privacy  Notice - PixelByte Employee and Contractor and Dependents’ Personal Data

What does this Privacy Notice cover?

This notice sets out what personal data we collect, for what purposes and your rights in this respect.

Every individual within PixelByte Sdn. Bhd (hereinafter referred to as ‘PixelByte’ and also known as doing business as ParkEasy) is responsible for protecting personal data about each other as well as that of our customers, business partners and suppliers.  PixelByte is part of the Shell Group of companies.  You can find further information about how the Shell group protects personal data here: www.shell.com.my/privacy.html

This Privacy Notice provides information about personal data processed by PixelByte in relation to individuals who are or were employees, interns or individual contractors as well as dependents of PixelByte employees (‘PixelByte Staff’).

For individuals who apply to work for PixelByte, or who attend a recruitment event or undertake an assessment for PixelByte, please refer to the Privacy Notice – PixelByte Recruitment.

As well as this Privacy Notice, bespoke privacy notices and supplementary privacy statements may contain further information about how we process your personal data. In those instances, such privacy notices will be communicated to you separately. This Privacy Notice explains what personal data are processed about you, why we are processing your personal data and for which purposes, how long we hold your personal data for, how to access and update your personal data, as well as the options you have regarding your personal data and where to go for further information.

What personal data do we process about you?

The categories of personal data we collect about you.

We process personal data necessary to manage the employment relationship, to engage contractors and interns and to provide benefits to certain dependents of PixelByte employees.

This includes personal home contact information, date of birth, marital status, payroll and bank account information, wage and benefit information including beneficiary information, emergency contacts, work performance information, information required to ensure you have the right to work in the country you are engaged in, as well as any other information necessary for managing the employment relationship, for engaging contractors and for providing benefits to certain dependents of PixelByte employees.

Sensitive personal data

We also process some special categories of personal data (’sensitive personal data’) such as data relating to an individual’s health, their racial or ethnic origin, religious or philosophical beliefs, sexual orientation, political opinions and trade union membership. We will only process such personal data where it is necessary for the purposes of complying with employment and social security laws, for the establishment, exercise or defense of claims or where necessary for the purposes of providing occupational medical advice and support, to protect the vital interests of an individual (such as in an emergency), where necessary for reasons of public health or where the individual has provided their explicit consent.

Why do we process your personal data?

We will only process your personal data where we have a legal basis to do so.

We process your personal data:

  • in order to satisfy our obligations to comply with local laws and regulations;

  • for legitimate business interests (for example performance management in order to ensure we have qualified and competent personnel or for health, safety and security purposes to ensure that only authorized personnel can access certain sites or assets, litigation and defense of claims); or

  • where we have your explicit consent.

Please note that as a general principle, PixelByte does not seek or rely on the consent of PixelByte Staff for processing personal data. However, there are limited circumstances when consent is required, such as if required by applicable local law.

Personal data requested from PixelByte Staff are the minimum required in order to fulfil legal and/or contractual requirements and to provide opportunities to take part in programs or to provide a benefit. Failure to provide us with the information requested may negatively affect your ability to remain in employment, internship or engagement as a contractor or from participating in a program or receiving a benefit.

In those cases where processing is based on consent, and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent. Withdrawal of consent may however impact your ability to remain employed or otherwise engaged or from participating in a program or receiving a benefit.

For what purposes do we process your personal data?

The purposes for which we process your personal data.

We process personal data covered by this Privacy Notice for the following purposes:

  • Human Resources, personnel management, business process execution, internal management, management reporting, organizational analysis and development - including budgetary, financial and organizational planning, administration, compensation, performance management;

  • Health, safety and security - including protection of PixelByte Staff’s life or health, occupational health and safety, protection of PixelByte assets and authentication of PixelByte Staff status and access rights; or

  • Legal and/or regulatory compliance - including compliance with legal or regulatory requirements.

We may also process your personal data for a secondary purpose where it is closely related, such as:

  • storing, deleting or anonymizing your personal data;

  • fraud prevention, audits, investigations, dispute resolution or insurance purposes, litigation and defense of claims; or

  • statistical, historical or scientific research.

Monitoring

All activities on the PixelByte and Shell IT equipment and/or when connected to the PixelByte’s or Shell’s IT network may be monitored for legitimate business purposes.

The data from the access and security systems are used:

  • for health, safety and security purposes, to prevent fraud and specifically the protection of PixelByte assets and PixelByte Staff;

  • to comply with legal and regulatory requirements, specifically where there is a local legal requirement to provide information to government/regulatory authorities.

Screening

In order to comply with legal and regulatory obligations, to protect PixelByte’s assets and employees/contractors and specifically to ensure that the PixelByte and Shell can comply with trade control, anti-money laundering and/or bribery and corruption laws and other regulatory requirements, we carry out screening on all employees and contractors on a periodic basis. This screening takes place against publicly available or government issued sanctions lists and is compared with information held about you by PixelByte and Shell (for example the Conflict of Interest register).

Any personal data collected through the screening will not involve profiling or automated decision-making regarding suitability for continued employment, internship or engagement as a contractor.

Who is responsible for any personal data collected?

PixelByte Sdn Bhd, whose business address is Suite 11.01, Level 11, South Wing, Menara OBYU, 4, Jalan PJU 8/8A, Damansara Perdana, 47820 Petaling Jaya, Selangor, Malaysia will be responsible for processing your personal data (including that of dependents), together with its affiliates within the Shell group of companies.

Who will we share the personal data with?

Your personal data are exclusively processed for the purposes referred to above and will only be shared on a strict need to know basis with:

  • Other companies within the Shell group of companies, including to those which may be located outside of your location;

  • Authorized third party agents, service providers, external auditors and/or subcontractors of PixelByte and/or Shell;

  • A competent public authority, government, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which the relevant PixelByte company/companies is subject to or as permitted by applicable law; or

  • Any person to whom PixelByte proposes to transfer any of its rights and/or duties.

 

Transfers of your personal data to other countries

Your personal data may be transferred outside of your country, subject to appropriate safeguards.

Where your personal data have been transferred to companies within the Shell group and/or to authorized third parties located outside of your country we take organizational, contractual and legal measures to ensure that your personal data are exclusively processed for the purposes mentioned above and that adequate levels of protection have been implemented in order to safeguard your personal data. These measures include Binding Corporate Rules for transfers among the Shell group. You can find a copy of Shell Binding Corporate Rules at or by contacting [email protected]

 

Security of your personal data

PixelByte is committed to safeguarding your personal data.

We have implemented technology and policies with the objective of protecting your privacy from unauthorized access and improper use. We use encryption for some of our services, we apply authentication and verification processes for access to PixelByte services and we regularly test, assess and evaluate the effectiveness of our security measures.

 

How long do we hold your personal data for?

PixelByte only holds your personal data for a defined period of time.

All information, including personal data, is managed in line with the Shell group standards for Information and Records Management and securely deleted once no longer required for a legitimate business purpose or for a legal/regulatory purpose.

With some exceptions required to comply with local legal requirements:

  • information contained within personnel files is held for no longer than 10 years once your employment has terminated;

  • information relating to retirement benefits are held for no longer than 99 years from the commencement of employment;

  • any personal data gathered as part of the screening against publicly available or government issued sanctions lists and media sources are held for no longer than 15 years after they were first gathered;

  • where an individual has been dismissed or had their contract terminated due to serious misconduct, including breaching the Shell Life Saving Rules or breaching the Shell Code of Conduct, that information is held for up to 30 years post termination.

In all cases information may be held for (a) a longer period of time where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for the legal or regulatory purpose) or (b) a shorter period where you object to the processing of the personal data and there is no longer a legitimate business purpose to retain it.

Your rights in relation to your personal data

Your rights and how to exercise them.

We aim to keep our information about you as accurate as possible. You can request:

  • access to your personal data;

  • correction or deletion of your personal data (but only where they are no longer required for a legitimate business purpose);

  • that the processing of your personal data is restricted; and/or

  • that you receive personal data that you have provided to PixelByte, in a structured, digital form to be transmitted to another party, if this is technically feasible.

Please contact your HR adviser within Pixelbyte for any of the above requests. If you are a contractor, you should speak with your external contracting/employing company/agency. For former employees or dependents, please contact PixelByte HR. 

Cookies and similar technologies

We use cookies on our websites to provide you with the best user experience possible.

PixelByte may use cookies and similar technologies that aim to collect and store information when you visit a PixelByte website. This is to enable PixelByte to identify your internet browser and collect data on your use of our website, which pages you visit, the duration of your visits and identify these when you return so that we improve your experience when visiting our website(s). You can control and manage your cookies preferences by adjusting your browser settings or using the PixelByte cookies preference tool on PixelByte websites - for more information, please refer to the PixelByte Cookie Policy at https://www.parkeasy.co/cookie-policy.

 

Who can you contact if you have a query, concern or complaint about your personal data?

If you have any issues, queries or complaints regarding the processing of your personal data please contact PixelByte HR. 

You may also contact the Shell Group Chief Privacy Officer at Shell International B.V. The Hague, The Netherlands - Trade Register, No. 27155369 Correspondence: PO Box 162, 2501 AN, The Hague or by email [email protected].

If you are unsatisfied with the handling of your personal data by Shell, then you have the right to lodge a complaint with the Personal Data Protection Commissioner Malaysia, Level 6, Kompleks Kementerian Komunikasi dan Multimedia, Lot 4G9, Persiaran Perdana, Presint 4 Pusat Pentadbiran Kerajaan Persekutuan, 62100 Putrajaya, Malaysia or the Dutch Data Protection Authority whose address is Hoge Nieuwstraat 8, 2514 ELThe Hague, The Netherlands. Please visit https://autoriteitpersoonsgegevens.nl/en.

 

Changes to this Privacy Notice

This Privacy Notice may be changed over time. You are advised to regularly review this Privacy Notice for possible changes. This Privacy Notice was last updated in April 2024