Introduction

This Privacy Policy sets out the approach which Brightstar and its related companies (this includes Brightstar Supply Chain Services Sdn Bhd) will take in relation to the treatment of your Personal Information. It includes information on how Brightstar collects, uses, discloses and keeps secure, your Personal Information. It also covers how Brightstar makes the Personal Information it holds available to you for access and correction by you in the event that such information is inaccurate or incomplete.

Brightstar may collect the following types of information: the customer’s name, email address, mail address, user name and password and any faxes or mail sent to us and the IMEI numbers of any mobile device used in any transaction with Brightstar, and other information that clients may provide in their course of communication with Brightstar. 

Information can sometimes include identification information to comply with relevant second hand trading legislation and your rights or title to sell goods to Brightstar in addition to financial information pertaining to the financial processing of a transaction.

We may also use ‘cookies’ which will collect information about you such as your IP address and how you have used our website – this is discussed further below (see 2.7 below).

This policy has been drafted having regard to Brightstar’s obligations under the Personal Data Protection Act 2010  as that Act or those principles may be updated from time to time (the Personal Data Protection Act). 

Contacting Brightstar 

If you require further information regarding Brightstar’s Privacy Policy, you can contact our Privacy Officer on:

Telephone: +603 – 7940 2888

Website: www.brightstarcorp.com.my

Address: Unit L5-4, Level 5, Wisma Kemajuan, 2 Jalan 19/1, Seksyen 19, 46300 Petaling Jaya, Selangor, Malaysia Attention: Brightstar Privacy Officer

Note that terms that are capitalised (the first letter of each word is a capital) are defined in the Glossary at the end of this Policy.

1.          Collection 

1.1     Brightstar will only collect Personal Information where the information is necessary for Brightstar to perform one or more of the functions or activities set out in this Privacy Policy or in the particular consent we may ask you to give then your Personal Information is collected. In this context, “collect” and “collected” means gather, acquire or obtain information which qualifies as “Personal Information” under the Personal Data Protection Act which in broad terms is information which contains details about you which identify you or from which you are identifiable or you can be identified (see glossary for the full definition). In some instances, we may collect or be provided with, your Personal Information from or through a third party. This Privacy Policy will still apply to your Personal Information as a minimum but in some instances, your Personal Information will be governed by the consent you gave to that third party

and the third party’s privacy policy depending on whether or not we are obligated to treat your Personal Information in accordance with the third party’s privacy policy or not (see below).

1.2     Brightstar collects Personal Information primarily to supply customers with the services it or its related companies have contracted to supply to that customer and/or to purchase goods from its customers. But Brightstar also collects and uses Personal Information for secondary purposes including:

  • business planning and development; and
  • to provide individuals with information about Brightstar’s other services, as well as the services of other related companies.

If there are additional purposes for which we propose to use your Personal Information which are not specified in this

Privacy Policy, they will be contained in the terms of any consent we may ask you to agree to when we collect your Personal Information. We will always give you the option to decline to provide your Personal Information or to decline to allow us to use that Personal Information for the purposes for which we have proposed to use it.

1.3     Brightstar will take reasonable steps to notify you of the matters listed below at the point in time where we are collecting any Personal Information from you:

                   i)        the main reason that we are collecting Personal Information (this reason will be the Primary

Purpose); ii)             other related Uses or Disclosures that we may make of the Personal Information (to the extent not set out in this Privacy Policy) (Secondary Purposes); and

  1. our identity and how individuals can contact us, if this is not obvious.
  2. that individuals can access the Personal Information that Brightstar holds about them; v)          where applicable, any law that requires the Personal Information to be collected ; and vi) viii) the consequences (if any) for the individual if all or part of the Personal Information is not provided to Brightstar.
    1. Brightstar will not collect Sensitive Information from individuals except with consent and only where it is necessary for Brightstar to collect such information for an activity or function. 
    1. Brightstar may collect personal information directly from you when you:-
  3. communicate with us (for example when you submit an application form to become our customer, or when you contact us for any enquiries including by calling our customer service);
  4. register or subscribe for a specific product and/or service or our publications; 
  5. participate in any of our surveys;
  6. register interest and/or request for information of (through our online portals or other available channels) or subscribe to our products and/or services;
  7. respond to any marketing materials we send out;
  8. commence a business relationship with us (for example, as a service provider/business partner);
  9. visit any of our offices;
  10. visit or browse our websites;
  11. lodge a complaint with us; and
  12. provide feedback to us (for example via our websites or in hard copy).

Other than personal information obtained from you directly (as detailed above), we may also obtain your personal information from third parties we deal with or are connected with you (credit reference agencies or financial institutions), and from such other sources where you have given your consent for the disclosure of information relating to you, and/or where otherwise lawfully permitted.

2.          Use

2.1     Brightstar Uses Personal Information primarily to supply customers with the services it or its related companies have contracted to supply to that customer and/or to purchase goods from its customers as noted in 1.2 above.

2.2     Brightstar will obtain your consent for Use of Personal Information for specific Secondary Purposes at the time of collection, unless such Use is identified in this Privacy Policy or is a related Secondary Purpose which would be within your Reasonable Expectations.

         2.3     Regardless, Brightstar will only use or disclose Personal Information about you:

i)   in accordance with this Privacy Policy; ii)            for any other purpose communicated to you at or near the time your Personal Information is collected;

  1. as permitted or required by law (this includes Use to avoid an imminent threat to a person’s life or to public safety. It may also use Personal Information for reasons related to law enforcement or internal investigations into unlawful activities);
  2. if we believe it necessary to provide you with a service you have requested; v)             to implement our service; vi)      to protect the rights, property or personal safety of another Brightstar client, any member of the public or Brightstar;
  3. if some or all of the assets and operations of our business are or may be transferred to another party by way of sale of some or all of the business; or
  4. if you have provided your consent to such use or disclosure.

2.4     If Brightstar relies on the Direct Marketing (see glossary) exception to Direct Market to individuals it will ensure that:

i)        individuals are clearly notified of their right to Opt Out (see glossary) from further Direct Marketing. We will facilitate your Opting Out by giving you the option in each Direct Marketing communication to “UNSUBSCRIBE” or “OPT OUT” by checking the appropriate box or sending us an email or

SMS asking to be removed from our Direct Marketing list; ii)    there is only one Use of the information before the Opt Out right is given and this Use applies across all Brightstar’ Related Bodies Corporate (if the information is shared between those Related

Bodies Corporate); iii)           the individual is given an Opt Out in all further instances of Direct Marketing if they have not previously chosen to Opt Out; and

iv)      if the individual Opts Out of all Direct Marketing the Opt Out will be respected by Brightstar and all its Related Bodies Corporate and we will not longer use your Personal Information for Direct Marketing.

         2.5     Brightstar will not, if collected, use Sensitive Information for Direct Marketing.

2.6     Brightstar will not use Personal Information without taking reasonable steps to ensure that the information is accurate, complete and up to date.

2.7     When you come to a Brightstar website, our server attaches a small text file to your hard drive — a cookie. A “cookie” assigns you a unique identifier so that we can recognise you each time you re-enter the website, so we can recall where you’ve previously been on our site, and which keeps track of the pages you view on the website. Cookies help us deliver a better website experience to our users.

This information collected by using a cookie is sometimes called “clickstream.” We use this information to understand how our users navigate our websites, and to determine common traffic patterns, including what site the user came from. We may use this information to make site navigation and product recommendations, and to help redesign our Site in order to make your experience on our Site more efficient and enjoyable. We may also use this information to better personalize the content, banner ads, and promotions that you and other users will see.

You also have choices with respect to cookies. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject all cookies you will be unable to use those services or engage in activities that require the placement of cookies. Certain aspects of the Site may not function properly if you set your browser to reject all cookies.

3.          Disclosure

3.1     Brightstar may Disclose Personal Information to related or unrelated third parties if consent has been obtained from you to do so. 

3.2     Brightstar may Disclose Personal Information between Related Bodies Corporate. Where information is Disclosed to such a Related Body Corporate, that Related Body Corporate is bound by the original Primary Purpose for which the information was collected.

3.3     We also use service providers to help us maximise the quality and efficiency of our services and our business operations. This means individuals and organisations outside of Brightstar, such as mail houses, information technology service providers, website hosts and back-up service providers, will sometimes have access to Personal Information held by Brightstar and may use it on behalf of Brightstar.  We ensure that our contracts with our service providers require them to adhere to strict privacy guidelines and to only Use your Personal Information for purposes we have authorised to comply with the Use and Disclosure requirements of the Personal Data Protection Act. 

3.4     Brightstar may also disclose your Personal information outside of Malaysia to our Related Body Corporates and to service providers noted in 3.3 above. Currently, the countries to which we transfer information include Singapore, Australia, Hong Kong and the United States. 

3.5     Brightstar may Disclose Personal Information to law enforcement agencies, government agencies, courts or external advisers where permitted or required by law.

3.6     Brightstar may Disclose Personal Information to avoid an imminent threat to a person’s life or to public safety.

3.7     Except for Disclosure for a Primary Purpose or for a related Secondary Purpose or where your consent has been obtained to such Disclosure, Brightstar will not Disclose your Personal Information otherwise than in accordance with the exceptions set out at 3.1 to 3.7 above.

4.          Data security

4.1     Brightstar will review, on an ongoing basis, its collection and storage practices to ascertain how improvements to security and protection of Personal Information can be achieved.

4.2     Your Personal Information is protected when it comes into our possession regardless of whether it is in electronic or hard copy format, in accordance with the Personal Data Protection Act and industry accepted security standards which are implemented and updated in accordance with the manufacturer’s or licensor’s recommendations.  This includes physical security at our premises and storage electronically on a server which is situated in protected and controlled facilities. Certain information you provide such as financial information, bank account or credit card information, is encrypted in a secure manner and remains securely encrypted while in Brightstar’s possession, until the moment when it is used to make

payment and is then re-encrypted and held securely until it is no longer required for internal or regulatory purposes when it will be destroyed. 

4.3     You should note that, except in the case of certain encrypted information, information you transmit across public internet or other facilities may not be secure and Brightstar will not be responsible for or liable for any loss you suffer during transmission. Once the Personal Information you have transmitted to us has passed through our firewall or otherwise into our control, it is then that our responsibility to ensure that it is treated in the manner required under this Privacy Policy. If we transfer your Personal Information to another entity, we will only do so in accordance with this Privacy Policy and in a manner that is secure as between Brightstar and that other entity. 

4.4     Brightstar will, to the extent technically practicable, destroy or de-identify Personal Information once it is no longer required by us for Use, within as short a time as is reasonably possible (taking into account any specific requirements of its clients), unless the law requires otherwise.

4.5     Brightstar will only allow our employees and contractors access to your Personal Information in order to perform their duties and obligations and we will take all reasonable steps to ensure that those employees and contractors handle your Personal Information in a manner that is consistent with this Privacy Policy and Brightstar’s legal responsibilities in relation to privacy.

4.6     You should note that whilst our website may link to other websites, those other websites are not under our control and we are not responsible for the conduct of the operator of those websites including how they handle and protect your Personal Information. Before accessing those websites, we recommend you review the terms and conditions of or access to such websites including the relevant privacy policy or provisions.

5.          Complaints or questions

5.1     Individuals wishing to make an inquiry or complaint regarding privacy should do so by contacting the Brightstar Privacy Officer, whose contact details appear at the beginning of this document. If you make a complaint or if we become aware of any concern or problems concerning our privacy practices, we will contact you about the issue, investigate the issue, and take all reasonable steps to work with you to resolve that issue.

5.2     Brightstar websites will contain a prominently displayed privacy statement and will include a copy of this Brightstar Privacy Policy.

6.          Access and correction

6.1     Brightstar will allow you to have access to its records containing your Personal Information in accordance with the Personal Data Protection Act. This will usually take the form of Brightstar providing you with a

copy of the information held. Any request for such information should be through the Brightstar Privacy Officer whose contact details are set out at the beginning of this Privacy Policy.

6.2     A fee may be charged for providing access however we will advise you of the likely cost in advance and will aim to supply the information within 14 days. 

6.3     If your Personal Information is inaccurate, out of date, incomplete, irrelevant or misleading, you may contact us by e-mail and we will correct our records containing your Personal Information as soon as practicable unless there is a reason why we cannot amend it . If you would like your Personal Information deleted, please let us know by using the Brightstar Privacy Officer’s e-mail address and we will take all reasonable steps to delete unless we need it for legal, auditing or internal record keeping.

7.          Client Information

7.1     Brightstar may from time to time have access to Personal Information belonging to customers of one of its clients.

7.2     Notwithstanding anything else in this policy, Brightstar shall deal with such Personal Information in accordance with the privacy of the policy of the relevant client (“Client Privacy Policy”) and to the extent that there is any inconsistency between the Client Privacy Policy and this policy the Client Privacy Policy shall prevail.

7.3     Brightstar acknowledges that to the extent that Brightstar is aware that any Client Privacy Policy is inconsistent with the Personal Data Protection Act that it will seek to address such inconsistency with the client immediately and if such inconsistency is not addressed in a timely manner Brightstar shall cease to have access to the relevant Personal Information for that particular client.

8.          Transferring information overseas

8.1     Brightstar will take reasonable steps to limit the amount of Personal Information it sends to unrelated parties overseas but may need to disclose your Personal information outside of Malaysia to our Related Body Corporates and to service providers as noted in 3.3 above. Currently, the countries to which we transfer information include Singapore, Hong Kong, Australia and the United States.

8.2     If Personal Information must be sent by Brightstar outside of Malaysia, Brightstar will require the overseas organisation receiving the information to provide a binding obligation that it will handle that information in accordance with the Personal Data Protection Act and this Privacy Policy, including as part of a services contract.

9.          Updates to Privacy Policy

9.1 Brightstar may amend this Privacy Policy from time to time and the updated version shall apply and supercede any and all previous versions, including but not limited to, leaflets or hard copy versions.

Please check our website for information on our most up-to-date practices.

10.        Glossary

Brightstar means Brightstar Distribution Sdn Bhd (Company No. 687093-H).

Direct Marketing means the marketing of products or services through means of communication including written, verbal, physical or electronic means. The services which are marketed may be those of Brightstar or a Related Body Corporate or those of an independent third party organisation.

Disclosure generally means the release of information outside Brightstar, including under a contract to carry out an “outsourced function”.

Health Information means:

  • information or an opinion about:
    • the health or a disability (at any time) of an individual; or
    • an individual’s expressed wishes about the future provision of health services to him or her; or
    • a health service provided or to be provided to an individual; 

that is also Personal Information; or

  • other Personal Information collected to provide or in providing a health service; or
  • other Personal Information about an individual collected in connection with the donation; or intended donation by the individual of his or her body parts or body substances. 

Opt Out means a means by which an individual can request not to receive further Direct Marketing.

Personal Information is defined in the Personal Data Protection Act but generally, means information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion, including but not limited to, credit information in relation to an individual.

Primary Purpose is the dominant or fundamental reason for information being collected in a particular transaction.

Reasonable Expectation means a reasonable individual’s expectation that their Personal Information might be Used or Disclosed for a particular purpose.

Related Body Corporate means that where a body corporate is:

  • a holding company of another body corporate;
  • a subsidiary of another body corporate; or
  • a subsidiary of a holding company of another body corporate, the first mentioned body corporate and the other body corporate are deemed to be related to each other.

Sensitive Information means:

         (a)      information or an opinion about an individual’s:

  • racial or ethnic origin; or
  • political opinions; or
  • membership of a political association; or
  • religious beliefs or affiliations; or
  • philosophical beliefs; or
  • membership of a professional or trade association; or
  • membership of a trade union; or
  • sexual preferences or practices; or
  • criminal record; that is also Personal Information or (b)    Health Information about an individual.

Use means the handling of Personal Information within Brightstar.