About Us

About PSC

Reciprocal Clubs

PERSONAL DATA PROTECTION NOTICE

(Members, Applicants and Related Individuals)

This Personal Data Protection Notice (“Notice”) is issued by Penang Swimming Club (“PSC”) in accordance with the Personal Data Protection Act 2010 and any amendments thereto (“PDPA”).

For the purposes of this Notice, “Personal Data” shall have the meaning assigned under the PDPA. References to “you” include members, applicants, former members, dependants and any individual whose Personal Data is provided to PSC.

1. COLLECTION OF PERSONAL DATA

PSC may collect, record, hold, store, use and otherwise process Personal Data obtained from:

  • Membership application and update forms;
  • Supporting documents and declarations;
  • Communications and interactions with PSC;
  • Third parties authorised by you or otherwise permitted by law.

Personal Data processed may include, without limitation:

  • Identification details (e.g. name, NRIC/passport, date of birth, nationality, photographs);
  • Contact details (e.g. address, telephone, email, emergency contacts);
  • Family and dependant information;
  • Employment and professional details;
  • Financial and transactional data (e.g. billing, payment records, banking details where required);
  • Vehicle and access-related information;
  • Any other information necessary for the purposes described herein.

2. PURPOSES OF PROCESSING

PSC processes Personal Data for purposes including:

2.1 Membership Administration

  • Processing and evaluating membership applications;
  • Maintaining membership records and accounts;
  • Managing subscriptions, billing and payments;
  • Administering access to facilities, services and events.

2.2 Operations and Governance

  • Internal administration, reporting and record-keeping;
  • Audit, compliance, disciplinary and security matters;
  • Enforcement of PSC’s rules, bye-laws and policies.

2.3 Communication

  • Corresponding with you on matters relating to your membership or application;
  • Responding to enquiries, feedback or requests.

2.4 Legal and Regulatory Compliance

  • Complying with applicable laws and regulatory requirements;
  • Responding to lawful requests, investigations or proceedings.

2.5 Post-Membership Matters

  • Managing matters following resignation, termination or cessation of membership;
  • Retaining records for legal, financial or administrative purposes.

PSC may also process Personal Data for any purpose that is reasonably related to the above.

3. OBLIGATION TO PROVIDE PERSONAL DATA

The provision of Personal Data is necessary. Failure to provide sufficient Personal Data may result in PSC being unable to process your application, administer your membership or provide relevant services.

4. ACCURACY OF PERSONAL DATA

You are responsible for ensuring that all Personal Data provided is accurate, complete and kept up to date. PSC shall not be liable for any consequences arising from inaccurate or incomplete data supplied by you.

5. DISCLOSURE OF PERSONAL DATA

PSC may disclose Personal Data, where necessary, to:

  • Service providers supporting PSC’s operations (including IT systems, cloud storage and administration);
  • Professional advisors (including auditors, legal counsel, insurers and consultants);
  • Government authorities, regulators or enforcement agencies;
  • Any other party where required or permitted by law or necessary for the purposes stated above.

Where you provide Personal Data of third parties, you represent and warrant that you have obtained their consent.

6. RETENTION AND STORAGE OF PERSONAL DATA

Personal Data will be retained only for as long as necessary to fulfil the purposes set out in this Notice or to comply with legal and regulatory obligations.

PSC will take reasonable steps to ensure that data no longer required is securely destroyed or anonymised.

6A. PERSONAL DATA STORAGE, SYSTEM SECURITY AND ACCESS CONTROL

PSC stores and manages membership-related Personal Data primarily through a dedicated membership management system, namely the Club++ membership system (“System”).

6A.1 Centralised Data Storage

  • All core membership data is stored in the Club++ system as the primary authorised database for membership administration.
  • The System serves as the single source of truth for membership records, including personal details, membership status, billing records, and related administrative information.
  • Where necessary, limited supporting records may be maintained in secure PSC-controlled repositories for operational, governance, or statutory purposes.

6A.2 Access Control and Segregation of Duties

PSC implements strict access control measures within the Club++ system and related platforms to ensure that Personal Data is only accessible on a need-to-know basis.

  • Access rights are assigned according to job roles and functional responsibilities.
  • Segregation of duties (SOD) is enforced to ensure that no single individual has end-to-end control over critical processes.
  • Functions such as member data entry, approval, billing, payment processing, reconciliation, and data modification are separated among authorised personnel.
  • Administrative and supervisory access is restricted to designated authorised officers only.
  • Access rights are reviewed periodically and updated when there are changes in role, responsibility, or employment status.

6A.3 System Security Controls

PSC and its service providers implement appropriate technical safeguards within the Club++ system, including but not limited to:

  • User authentication and password protection;
  • Role-based access control (RBAC);
  • Audit trails and activity logs to record access and amendments to Personal Data;
  • Secure hosting environments with restricted administrative access;
  • Regular system maintenance, updates, and security monitoring by authorised personnel or service providers.

6A.4 Third-Party Access, Project Support and Data Management

From time to time, PSC may engage or appoint third-party service providers, consultants, or vendors to support club operations, system development, enhancement projects, or other club-related services.

  • Third parties may be granted limited and controlled access to Personal Data strictly on a need-to-know basis for the purpose of carrying out assigned tasks (including system development, maintenance, integration, reporting, or operational support).
  • All such access is subject to prior authorisation by PSC and is governed by written agreements imposing strict confidentiality, security, and PDPA-compliant data protection obligations.
  • Third parties are strictly prohibited from using Personal Data for any purpose other than those instructed by PSC.
  • PSC ensures that all third-party access is properly managed, monitored, and reviewed, including restrictions on scope, duration, and system permissions.
  • Where practicable, PSC adopts data minimisation principles, ensuring that only necessary data is shared for the specific purpose.
  • Upon completion of services or termination of engagement, third-party access will be promptly revoked, and any retained data will be returned or securely deleted in accordance with PSC’s instructions.

6A.5 Data Integrity and Monitoring

  • All updates and modifications to Personal Data in the Club++ system are traceable through system audit logs.
  • Any suspicious or unauthorised access activity is subject to internal review and investigation.
  • PSC reserves the right to suspend or revoke access immediately where misuse, breach, or non-compliance is suspected.

7. TRANSFER OF PERSONAL DATA

PSC may transfer Personal Data outside Malaysia where necessary for operational, administrative or legal purposes, subject to appropriate safeguards in accordance with applicable law.

8. SECURITY MEASURES AND DATA BREACH MANAGEMENT

PSC implements appropriate technical and organisational measures to safeguard Personal Data against unauthorised access, loss, misuse or disclosure.

In the event of a data breach, PSC will take reasonable steps to:

  • Contain and assess the breach;
  • Notify relevant authorities where required under the PDPA;
  • Inform affected individuals where there is a risk of harm;
  • Implement corrective measures to prevent recurrence.

9. ACCESS AND CORRECTION RIGHTS

If you would like to make enquires relating to your Personal Data, you may contact the Membership Department:

Email: info@penangswimmingclub.com or Member@penangswimmingclub.com
Tel: +604 - 8907 370 / +6014 - 7555 222/23/24

Any request pertaining to your Personal Data is subject to compliance of such requests and not being refused under the provisions of the PDPA and/or other existing laws or regulations. Where appropriate, a fee may be imposed for any request to access or retrieve your Personal Data depending on the information that is required.

10. DATA PROTECTION GOVERNANCE

PSC has designated personnel responsible for overseeing compliance with the PDPA, including matters relating to Personal Data protection, handling of requests and data breach management.

11. AMENDMENTS

PSC reserves the right to amend or update this Notice from time to time. Any revisions will be communicated through appropriate channels and shall take effect upon notification.

12. CONSENT AND ACKNOWLEDGEMENT

By submitting your Personal Data and/or engaging with PSC, you:

  1. Acknowledge that you have read and understood this Notice;
  2. Consent to the processing of your Personal Data in accordance with this Notice;
  3. Consent to the transfer of your Personal Data outside Malaysia where required; and
  4. Confirm that you have obtained consent from any third parties whose Personal Data you provide.

NOTIS PERLINDUNGAN DATA PERIBADI

(Ahli, Pemohon dan Individu Berkaitan)

Notis Perlindungan Data Peribadi ini (“Notis”) dikeluarkan oleh Penang Swimming Club (“PSC”) selaras dengan Akta Perlindungan Data Peribadi 2010 dan sebarang pindaan daripadanya (“PDPA”).

Bagi tujuan Notis ini, “Data Peribadi” mempunyai maksud yang diberikan di bawah PDPA. Rujukan kepada “anda” termasuk ahli, pemohon, bekas ahli, tanggungan dan mana-mana individu yang Data Peribadinya diberikan kepada PSC.

1. PENGUMPULAN DATA PERIBADI

PSC boleh mengumpul, merekod, menyimpan, menggunakan dan memproses Data Peribadi yang diperoleh daripada:

  • Borang permohonan dan kemas kini keahlian;
  • Dokumen sokongan dan pengisytiharan;
  • Komunikasi dan interaksi dengan PSC;
  • Pihak ketiga yang dibenarkan oleh anda atau dibenarkan oleh undang-undang.

Data Peribadi yang diproses mungkin termasuk, tanpa had:

  • Butiran pengenalan (contohnya nama, NRIC/pasport, tarikh lahir, kewarganegaraan, gambar);
  • Butiran perhubungan (contohnya alamat, telefon, emel, kenalan kecemasan);
  • Maklumat keluarga dan tanggungan;
  • Butiran pekerjaan dan profesional;
  • Data kewangan dan transaksi (contohnya bil, rekod pembayaran, butiran bank jika diperlukan);
  • Maklumat kenderaan dan akses;
  • Apa-apa maklumat lain yang diperlukan bagi tujuan yang dinyatakan di sini.

2. TUJUAN PEMPROSESAN

PSC memproses Data Peribadi bagi tujuan termasuk:

2.1 Pentadbiran Keahlian

  • Memproses dan menilai permohonan keahlian;
  • Menyimpan rekod dan akaun keahlian;
  • Mengurus langganan, bil dan pembayaran;
  • Mengurus akses kepada kemudahan, perkhidmatan dan acara.

2.2 Operasi dan Tadbir Urus

  • Pentadbiran dalaman, pelaporan dan penyimpanan rekod;
  • Audit, pematuhan, disiplin dan keselamatan;
  • Penguatkuasaan peraturan, undang-undang kecil dan polisi PSC.

2.3 Komunikasi

  • Berkomunikasi dengan anda berkaitan keahlian atau permohonan;
  • Menjawab pertanyaan, maklum balas atau permintaan.

2.4 Pematuhan Undang-Undang dan Peraturan

  • Mematuhi keperluan undang-undang dan peraturan;
  • Menjawab permintaan, siasatan atau prosiding yang sah.

2.5 Perkara Selepas Keahlian

  • Mengurus perkara selepas peletakan jawatan, penamatan atau penamatan keahlian;
  • Menyimpan rekod bagi tujuan undang-undang, kewangan atau pentadbiran.

PSC juga boleh memproses Data Peribadi bagi apa-apa tujuan yang munasabah berkaitan dengan perkara di atas.

3. KEWAJIPAN MEMBERIKAN DATA PERIBADI

Pemberian Data Peribadi adalah perlu. Kegagalan untuk memberikan Data Peribadi yang mencukupi boleh menyebabkan PSC tidak dapat memproses permohonan anda, mengurus keahlian anda atau menyediakan perkhidmatan yang berkaitan.

4. KETEPATAN DATA PERIBADI

Anda bertanggungjawab memastikan semua Data Peribadi yang diberikan adalah tepat, lengkap dan dikemas kini. PSC tidak akan bertanggungjawab terhadap sebarang kesan akibat data tidak tepat atau tidak lengkap yang diberikan oleh anda.

5. PENDEDAHAN DATA PERIBADI

PSC boleh mendedahkan Data Peribadi, jika perlu, kepada:

  • Pembekal perkhidmatan yang menyokong operasi PSC (termasuk sistem IT, storan awan dan pentadbiran);
  • Penasihat profesional (termasuk juruaudit, penasihat undang-undang, syarikat insurans dan perunding);
  • Pihak berkuasa kerajaan, pengawal selia atau agensi penguatkuasaan;
  • Mana-mana pihak lain yang dikehendaki atau dibenarkan oleh undang-undang atau perlu bagi tujuan di atas.

Sekiranya anda memberikan Data Peribadi pihak ketiga, anda mengesahkan bahawa anda telah memperoleh persetujuan mereka.

6. PENYIMPANAN DATA PERIBADI

Data Peribadi akan disimpan hanya untuk tempoh yang diperlukan bagi memenuhi tujuan dalam Notis ini atau untuk mematuhi keperluan undang-undang dan peraturan.

PSC akan mengambil langkah yang munasabah untuk memastikan data yang tidak lagi diperlukan dimusnahkan dengan selamat atau dianonimkan.

6A. PENYIMPANAN DATA PERIBADI, KESELAMATAN SISTEM DAN KAWALAN AKSES

PSC menyimpan dan mengurus Data Peribadi berkaitan keahlian terutamanya melalui sistem pengurusan keahlian khusus, iaitu sistem keahlian Club++ (“Sistem”).

6A.1 Penyimpanan Data Berpusat

  • Semua data utama keahlian disimpan dalam sistem Club++ sebagai pangkalan data sah utama bagi pentadbiran keahlian.
  • Sistem ini menjadi sumber rujukan tunggal bagi rekod keahlian termasuk butiran peribadi, status keahlian, rekod bil dan maklumat pentadbiran berkaitan.
  • Jika perlu, rekod sokongan terhad boleh disimpan dalam repositori selamat di bawah kawalan PSC bagi tujuan operasi, tadbir urus atau keperluan statutori.

6A.2 Kawalan Akses dan Pengasingan Tugas

PSC melaksanakan kawalan akses yang ketat dalam sistem Club++ dan platform berkaitan bagi memastikan Data Peribadi hanya boleh diakses berdasarkan keperluan tugas.

  • Hak akses diberikan mengikut peranan kerja dan tanggungjawab fungsi.
  • Pengasingan tugas (segregation of duties) dilaksanakan bagi memastikan tiada individu mempunyai kawalan menyeluruh ke atas proses kritikal.
  • Fungsi seperti kemasukan data ahli, kelulusan, pengebilan, pemprosesan pembayaran, penyelarasan dan pindaan data diasingkan antara kakitangan yang dibenarkan.
  • Akses pentadbiran dan penyeliaan dihadkan kepada pegawai yang dilantik sahaja.
  • Hak akses disemak secara berkala dan dikemas kini apabila berlaku perubahan peranan atau jawatan.

6A.3 Kawalan Keselamatan Sistem

PSC dan pembekal perkhidmatannya melaksanakan langkah keselamatan teknikal yang sesuai dalam sistem Club++, termasuk tetapi tidak terhad kepada:

  • Pengesahan pengguna dan perlindungan kata laluan;
  • Kawalan akses berasaskan peranan (RBAC);
  • Jejak audit dan log aktiviti bagi merekod akses dan pindaan Data Peribadi;
  • Persekitaran hos yang selamat dengan akses pentadbiran terhad;
  • Penyelenggaraan sistem, kemas kini dan pemantauan keselamatan secara berkala oleh kakitangan atau pembekal yang dibenarkan.

6A.4 Akses Pihak Ketiga, Sokongan Projek dan Pengurusan Data

Dari semasa ke semasa, PSC boleh melantik pembekal perkhidmatan pihak ketiga, perunding atau vendor bagi menyokong operasi kelab, pembangunan sistem, projek penambahbaikan atau perkhidmatan berkaitan kelab.

  • Pihak ketiga boleh diberikan akses terhad dan terkawal kepada Data Peribadi hanya berdasarkan keperluan tugas bagi melaksanakan tugasan yang ditetapkan (termasuk pembangunan sistem, penyelenggaraan, integrasi, pelaporan atau sokongan operasi).
  • Semua akses tersebut tertakluk kepada kelulusan awal PSC serta perjanjian bertulis yang mengandungi obligasi kerahsiaan, keselamatan dan pematuhan PDPA.
  • Pihak ketiga adalah dilarang sama sekali menggunakan Data Peribadi untuk tujuan selain yang diarahkan oleh PSC.
  • PSC memastikan semua akses pihak ketiga diurus, dipantau dan disemak dengan baik termasuk skop, tempoh dan kebenaran sistem.
  • Di mana boleh, PSC mengamalkan prinsip pengurangan data (data minimisation), memastikan hanya data yang perlu dikongsi.
  • Selepas tamat perkhidmatan, akses pihak ketiga akan ditamatkan serta-merta dan sebarang data akan dipulangkan atau dipadam dengan selamat mengikut arahan PSC.

6A.5 Integriti Data dan Pemantauan

  • Semua kemas kini dan pindaan Data Peribadi dalam sistem Club++ boleh dijejak melalui log audit sistem.
  • Sebarang aktiviti akses yang mencurigakan atau tidak dibenarkan akan disiasat secara dalaman.
  • PSC berhak menggantung atau membatalkan akses serta-merta jika berlaku penyalahgunaan atau ketidakpatuhan disyaki.

7. PEMINDAHAN DATA PERIBADI

PSC boleh memindahkan Data Peribadi ke luar Malaysia jika perlu bagi tujuan operasi, pentadbiran atau undang-undang, tertakluk kepada perlindungan yang sesuai mengikut undang-undang yang terpakai.

8. LANGKAH KESELAMATAN DAN PENGURUSAN PELANGGARAN DATA

PSC melaksanakan langkah teknikal dan organisasi yang sesuai bagi melindungi Data Peribadi daripada akses tidak dibenarkan, kehilangan, penyalahgunaan atau pendedahan.

Sekiranya berlaku pelanggaran data, PSC akan mengambil langkah munasabah untuk:

  • Membendung dan menilai pelanggaran;
  • Memaklumkan pihak berkuasa berkaitan jika diperlukan di bawah PDPA;
  • Memaklumkan individu terjejas jika terdapat risiko kemudaratan;
  • Melaksanakan tindakan pembetulan bagi mengelakkan kejadian berulang.

9. HAK AKSES DAN PEMBETULAN

Jika anda ingin membuat pertanyaan berkaitan Data Peribadi anda, anda boleh menghubungi Jabatan Keahlian:

Emel: info@penangswimmingclub.com atau Member@penangswimmingclub.com
Tel: +604 - 8907 370 / +6014 - 7555 222/23/24

Sebarang permintaan berkaitan Data Peribadi adalah tertakluk kepada pematuhan dan tidak akan ditolak di bawah peruntukan PDPA dan/atau undang-undang lain yang berkaitan. Yuran mungkin dikenakan bagi permintaan tertentu bergantung kepada maklumat yang diperlukan.

10. TADBIR URUS PERLINDUNGAN DATA

PSC telah melantik kakitangan yang bertanggungjawab untuk memantau pematuhan PDPA termasuk perkara berkaitan perlindungan Data Peribadi, pengendalian permintaan dan pengurusan pelanggaran data.

11. PINDAAN

PSC berhak meminda atau mengemas kini Notis ini dari semasa ke semasa. Sebarang pindaan akan dimaklumkan melalui saluran yang sesuai dan berkuat kuasa selepas dimaklumkan.

12. PERSETUJUAN DAN PENGESAHAN

Dengan memberikan Data Peribadi anda dan/atau berurusan dengan PSC, anda:

  1. Mengakui bahawa anda telah membaca dan memahami Notis ini;
  2. Memberikan persetujuan kepada pemprosesan Data Peribadi anda selaras dengan Notis ini;
  3. Memberikan persetujuan untuk pemindahan Data Peribadi anda ke luar Malaysia jika diperlukan; dan
  4. Mengesahkan bahawa anda telah memperoleh persetujuan daripada pihak ketiga yang Data Peribadinya anda berikan.

X