PETRONAS Privacy Notice

Data Protection


  1. Where PETRONAS processes any personal data, PETRONAS will comply with all requirements and obligations under applicable privacy and data protection laws.

  2. PETRONAS shall notify all Users of the:
    1. nature and identity of the Company as a data processor;
    2. categories of personal data transferred; and
    3. PETRONAS Corporate Privacy Policy.

  3. PETRONAS shall:
    1. update the PETRONAS Corporate Privacy Policy (where necessary to remain compliant with applicable privacy and data protection laws); and
    2. maintain a valid and subsisting registration with the Data Protection Commissioner’s Office to process the Employee Data (where required to do so).

  4. PETRONAS shall only process the Personal Data it reasonably requires to provide this service. All Personal Data processed by PETRONAS shall be in accordance with the PETRONAS Corporate Privacy Policy (to the extent it complies with applicable privacy and data protection laws).

  5. PETRONAS shall:
    1. ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of, and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected (having regard to the state of technological development and the cost of implementing any measures);
    2. ensure that all personnel, contractors, agents or representatives who have access to and/or process personal data at any time are:
      1. limited only to those natural persons who need access to the personal data for PETRONAS to meet its obligations under these General Conditions;
      2. informed of the confidential and sensitive nature of personal data; and
      3. are aware of their obligations, and data subjects’ rights, under applicable privacy and data protection laws.
    3. assist the Data Subject within a reasonable period in responding to any request from a data subject in connection with any exercise of any of its rights under applicable privacy and data protection laws and to provide assistance with respect to security, breach notifications, impact assessments and consultations, where requested;
    4. provide, on request, a copy of all personal data held by PETRONAS in the format and on the media reasonably specified by the data subject (where reasonably practicable);
    5. notify the data subject as soon as reasonably practicable on becoming aware of a personal data breach, including if any personal data is lost, destroyed or becomes damaged, corrupted or unusable, and where requested or required to assist, to notify the data subject of such breach;
    6. keep and maintain complete and accurate records and information of any processing of personal data it carries out on behalf of the data subject, and permit (on reasonable notice), the data subject (or the data subject’s representative) to inspect all such records relating to the processing of personal data by PETRONAS to demonstrate its compliance with this clause; and
    7. notify the data subject (as soon as reasonably practicable), if it has been given an instruction which doesn’t comply with applicable privacy and data protection laws.

  6. The Data Subject acknowledges that the Data subject’s personal data will be processed by PETRONAS through:
    1. hosting on third party systems that comply with the applicable privacy and data protection laws; or
    2. processed by staff in offices located outside of the EEA or a territory deemed to ensure adequate protection of personal data by the European Commission. Detailed information about the Customer Data affected, and relevant third parties, is available in the PETRONAS Corporate Privacy Policy and Master Guidelines to the PETRONAS Corporate Privacy Policy.