The Recruiters’ Association Malaysia (RAM) is committed to ensuring the privacy and protection of personal data collected from candidates who submit their CVs/resumes to RAM and its associated recruiters. This policy outlines the measures we undertake to comply with the requirements of the Personal Data Protection Act (PDPA) and protect the personal data entrusted to us.
This policy applies to RAM and its associated recruiters who handle and process personal data collected from candidates for job matching purposes.
3. Collection of Personal Data
RAM and its associated recruiters will obtain the explicit consent of candidates before collecting their personal data. The purpose and extent of data collection will be clearly communicated to candidates, and their consent will be sought in accordance with applicable laws and regulations.
3.2. Types of Personal Data Collected
RAM and its associated recruiters may collect the following types of personal data from candidates:
3.2.1 Contact information (name, address, email address, phone number, etc.)
3.2.2 Educational background
3.2.3 Employment history
3.2.4 Skills and qualifications
3.2.5 Other relevant information provided voluntarily by the candidate
4. Use and Disclosure of Personal Data
4.1. Purpose of Use
The personal data collected from candidates will be used solely for job matching purposes, which includes but is not limited to:
4.1.1 Assessing candidate qualifications and suitability for job opportunities
4.1.2 Facilitating communication between candidates and potential employers
4.1.3 Providing career-related information and updates to candidates
4.2. Disclosure to Third Parties
RAM and its associated recruiters will not disclose personal data to any third parties without the explicit consent of the candidate, unless required by law or as necessary to fulfill the purpose of job matching. In such cases, appropriate measures will be taken to ensure the confidentiality and security of the personal data shared.
5. Data Retention
RAM and its associated recruiters will retain personal data for as long as necessary to fulfill the purpose for which it was collected, unless a longer retention period is required by law or to protect legitimate business interests. Personal data that is no longer needed will be securely disposed of or anonymized.
5.1. Data Validity
Data collected shall be kept for usage within a period of 36 months. After this period, the personal data will be securely disposed of or anonymized unless a longer retention period is required by law or to protect legitimate business interests.
6. Security Measures
RAM and its associated recruiters will implement reasonable technical, physical, and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include but are not limited to:
6.1 Access controls and authentication mechanisms
6.2 Secure storage and transmission of personal data
6.3 Regular system monitoring and audits
6.4 Training and awareness programs for staff handling personal data
7. Rights of Candidates
Candidates have the following rights regarding their personal data:
7.1 Right to access: Candidates can request access to their personal data held by RAM and its associated recruiters.
7.2 Right to correction: Candidates can request the correction of inaccurate or incomplete personal data.
7.3 Right to withdrawal of consent: Candidates can withdraw their consent for the collection, use, or disclosure of their personal data at any time.
7.4 Right to erasure: Candidates can request the deletion of their personal data, subject to legal obligations and legitimate business interests.
8. Request to Remove Data
Candidates may write to email@example.com to officially inform RAM of their request to withdraw their data from the database. RAM will promptly process such requests and take necessary actions to remove the candidate’s personal data from its systems, subject to legal obligations and legitimate business interests.
9. Compliance and Accountability
RAM and its associated recruiters are committed to complying with the PDPA and other applicable data protection laws and regulations. We will regularly review and update our policies, procedures, and security measures to ensure ongoing compliance. Any complaints or concerns regarding the handling of personal data should be addressed to the designated data protection officer at firstname.lastname@example.org.