Data Privacy Statement

Mazars takes the security of and our legal responsibilities around your personal data seriously. This statement explains relevant information about our processing of personal data collected via this website.
The following information is for all visitors to this site and provides information required under the Personal Data Protection Act 2010 and the General Data Protection Regulation (EU) 2016/679.

Personal Data Protection Notice

For the purpose of this Notice, "Mazars", "we", "our" or "us" refers to: 

  • Mazars PLT; 
  • Mazars Taxation Services Sdn Bhd; and 
  • Mazars Risk Management Sdn Bhd, 

Mazars recognises the importance of protecting personal data and our responsibilities under the Personal Data Protection Act 2010 of Malaysia and any amendments enacted thereunder in Malaysia.

Activities which we undertake where we may use personal data may also be regulated under the European Union ("EU") General Data Protection Regulation (“GDPR”), which applies across the EU including as incorporated in the United Kingdom.

This Personal Data Notice ("Notice") describes how Mazars processes your personal data where we are the data user (or controller under GDPR) and the security measures we have established to ensure your personal data is well protected.

If we provide services to your employer and are contracted as a data processor, we only process your personal data in accordance with their instructions and any legal obligations to which we are subject.  Your employer is responsible for providing you with relevant information on their processing of your personal data, including any transfer to us.

Where appropriate, the terms of this Notice are to be read together with our standard General Terms of Business and other policies on our website, all of which apply to you should you engage us.

In the event of any inconsistency or conflict between the English version and the Bahasa Malaysia version of this Notice, the English version shall prevail. We shall have the right to modify or update the terms of this Notice at any time by placing the updated Notice on the website. We recommend you check here regularly to ensure you aware of our latest Notice in relation to personal data protection.

Collection of Personal Data

The personal data we process about you depends on the data you provide to us, any relationships we have with other parties and the legal and regulatory obligations to which we are subject. 

Website visitors:

If you access our website but do not interact further with us, we will only process the data contained in cookies (see ‘Cookies’ for more info).  Should you decide to interact with us by, for example, submitting a request form we will process the data you provide for the purposes stated on the form.  Some fields are mandatory as without them we will be unable to make further contact with you to answer your request.

We may use the personal data you provide via contact points from our website to respond to your enquiry, to take steps to enter into a contract with you, to improve our services, to communicate to you information we consider to be relevant to you and to maintain the security and quality of our services.

Job applicants:

We collect personal data necessary to enable us to identify you as an individual, provide you with information on opportunities with us, assess your suitability for any role(s) you apply for, provide you with information on the progress of your application, to enter into a contract with you and to maintain the security and quality of our services.

In general we collect your personal data directly from you as part of this process.  Your personal data may also be collected from your current or previous employer(s), educational institutions and other parties whose contact details you provide to us. We may obtain information from other third party providers as part of legal and regulatory obligations to ensure your suitability for employment with us.

Clients:

If you receive services from us directly, we collect and use your personal data to deliver our services to you. We may collect your personal data from you directly, third parties necessary to deliver our services and other Mazars Group firms globally.

In addition to delivering our services, we may use your personal data to provide you with information we consider to be relevant to you, comply with legal and regulatory obligations to which we are subject, to enhance our services and develop our business and to maintain the security and quality of our services.

In the event your employer receives services from us which in turn means we receive your personal data, we may receive those personal data from your employer or other party they instruct to provide the data to us.  We may also receive your personal data directly from you or from other organisations such as regulatory bodies.  We use the personal data we receive to deliver our services to our client.

We may also use your personal data to provide you with information we consider to be relevant to you, comply with legal and regulatory obligations to which we are subject, to enhance our services and develop our business and to maintain the security and quality of our services.

On occasion we may also collect your personal data from publicly available sources.

Prospective clients and other individuals not included above:

If you have contacted us to enquire about our services we will collect personal data necessary to understand your needs and to take steps to enter into a contract for the provision of our services. We may use your personal data as part of the contracting process, including to understand your needs and to fulfil legal and regulatory obligations to which we are subject.  Your personal data may also be used to provide you with information we consider to be relevant to you, to comply with legal and regulatory obligations to which we are subject, to enhance our services and develop our business and to maintain the security and quality of our services.

Should you have been informed by us that we are processing your personal data for our own purposes, we have collected personal data necessary to meet the specific purpose. Such personal data may be collected from you directly, companies with which we have a working relationship, third parties and other Mazars group firms.

On occasion we may collect your personal data from publicly available sources.

For all data subjects:

The categories and types of personal data we collect depend on our reason for processing your personal data.  In general, we collect demographic data (such as name, contact details) to enable us to communicate with you.  We may also collect financial, employment, social, education or other personal data necessary to enable us to deliver our services or meet our objectives. When you contact us or otherwise engage with us (including as part of our services) we make certain fields of data mandatory to enable us to process your request.

In some circumstances you may choose to provide us with additional personal data you consider necessary to our purpose, including sensitive personal data (or equivalent under data protection laws applicable to you).  Where you choose to provide us with any personal data which we have not requested, you do so at your discretion. If we receive personal data we do not consider we require, it may be deleted.

Reason for Personal Data Collection 

Your personal data may be processed for various purposes depending on the circumstances, including but not limited to:

a)  verify your identity and to communicate or correspond with you;

b)  related to or in connection with our professional duties in performance of services to you;

c)  administrative purposes of client accounts including billing, collection, and internal/external reporting;

d)   promote, market or offer our professional services to you, including giving professional service proposal to prospect. In all cases we will give you the opportunity to opt-out of our direct-marketing activities. Opt-out can be achieved by responding using the unsubscribe options contained within the information you have received or by us contacting us;

e)   recruitment and personnel administration purposes for job application through our website;

f)   sending seasonal greeting messages, newsletters, articles, write-ups, updates on professional matters from time to time;

g)   facilitate our compliance with legal and regulatory requirements, including legal process or court order;

h)   process and give effect to commercial transaction (vendors, suppliers);

i)    any other lawful purposes that is incidental or in furtherance to the above.

Personal data submitted through our website may be used by us in an anonymised form to assess and improve the services delivered herein and for our wider business development activities. 

Source of Personal Data Collection

Depending on how we engage with you, we may collect personal data directly from you, or through other means including but not limited to the following:

a)   general enquiry and job application forms available on our website;

b)   your employer, previous employers and others you authorise to provide us with your personal data;

c)    new client information form during client onboarding process;

d)    through third party advisers, merchant bankers or service providers;

e)    at any events, conferences or seminars organised by us;

f)    at any events, conferences or seminars organised by third parties;

g)    sharing business card or by visiting our/your offices;

h)    through searches conducted at public registries and other publicly available sources of information;

i)     our social media channels with links available in our website;

j)     from cookies through the use of our website.

Processing of Personal Data

Legal basis for processing:

Depending on the circumstances in which we receive your personal data and the applicable law, we rely on the following legal bases for processing those personal data:

  • Consent: Where appropriate we will ask for your permission to process your personal data.
  • Contract entry and performance: Should you indicate an interest in becoming a client of Mazars we will use your personal data in order to take steps to enter into a contract for services with you.  We may continue to use the data provided through our website in order to perform our duties under a contract with you. 
  • Legitimate interests: In some cases we may process your personal  data in the exercise of our legitimate interests or those of other parties.  Interests include delivering and development of our services, meeting our administrative, accounting and corporate rights and obligations, maintaining and using our IT systems, security management and developing our business and services.
  • Compliance with legal obligations: We may be subject to legal obligations to process personal data, such as for the purpose of law enforcement or the obligations placed upon employers.  We process personal data to comply with those obligations. 

Locations:

We may process your personal data in jurisdictions other than Malaysia.  Primarily this occurs where we use information technology storage, resources and support from suppliers located in other geographic areas.  We may also use the services of our international group member firms.  Where necessary we will obtain your consent to such transfers. 

If you are an EU or UK citizen and we transfer your personal data outside Malaysia, we will only transfer such personal data (i) to a country which the European Commission considers to have adequate data protection laws; or (ii) where we have put in place an appropriate data transfer mechanism, such as EU Standard Contractual Clauses or UK IDTA, to ensure that your personal data is adequately protected.   

Disclosure of Personal Data

We may from time to time transfer or disclose your personal data to other entities of Mazars or to third parties for any of the purposes listed above, including to governmental and professional agencies and third parties who perform services on our behalf, such as web hosting providers, IT-providers, payment providers, customer relationship management providers etc.

When we disclose your personal data to third parties who perform services on our behalf, we ensure that such service providers use your data only in accordance with our instructions. 

We may also disclose your personal data to third parties where we are required to do so by law, regulators or for the purposes of, or in connection with any legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights.  In the event we enter into a merger or sale of part or all of our business and it is necessary for us to do so, your personal data may be shared with prospective third parties. 

We may share personal data with other Mazars member firms where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving Mazars member firms in different countries). 

Should you make an enquiry through our website which concerns one of the Mazars member firms we will forward the request to them on your behalf.  

We do not sell or rent your personal data for any purpose.   

Security Measures

We ensure appropriate technical and organisational controls are in place to protect personal data from loss, misuse, alteration and unintentional destruction, such as the use of anti-virus, firewalls, secure servers, hard disk encryption software, password protection, physical access controls, two-factor authentication, intrusion and anomaly detection.

Our personnel who have access to your personal data have been trained to maintain the confidentiality of such data.  They will only be granted access to your personal data to the extent that they need this information to perform their duties properly. The persons who can consult your data are also bound by strict professional discretion.   

Conditions to protect data to at least the same standard as we do are cascaded to all our contractors, (sub) processors and suppliers.   

Regular monitoring and testing of our security defences is carried out to ensure they continue to be effective against the latest threats.  

Data transferred over the internet by us and through this website are protected using encryption technologies. Nevertheless, transaction carried out over the internet can never be guaranteed to be secure and you are required to ensure the security of your network and password to reduce the risk of data breaches and cyber-attacks.

Children and use of our website 

We understand the importance of protecting children's privacy, especially in an online environment. Our sites are not intentionally designed for or directed at children. We do not knowingly collect or maintain information about anyone under the age of 16 through our website. If you are under 16 years of age you must obtain the consent of a parent or guardian to submit information via our website. Please ask them to review this Notice before you communicate with us.   

Personal Data Retention Period

We will hold your personal data on our systems for the longest of the following periods: (i) as long as is necessary for the purpose of which it was collected; (ii) any retention period that is required by law; or (iii) the end of the liability period in which litigation or investigations might arise in respect of our services.  

After the applicable retention period(s) have expired, personal data will be deleted or anonymised. 

Your Rights

You may exercise a number of rights over your data such as: 

a)   accessing the personal data we hold about you;

b)   asking us to correct any of your personal data we hold which are inaccurate;

c)    request to have your personal data deleted;

d)    put in place restrictions on our processing of your personal data;

e)    objecting to our processing of your personal data;

f)    asking us to transfer your data to another controller;

g)    withdraw consent to our processing of your personal data.

We will review and handle all exercise of your data subject rights in accordance with the requirements of applicable privacy laws. 

Use the forms attached in below to make a request to access or request for correction relating to personal data held about you by Mazars.

All requests should be made in writing to us at the address below:

Mazars 
Wisma Golden Eagle Realty
11th Floor, South Block, 142-A, Jalan Ampang
50450 Kuala Lumpur, Malaysia

Attention: Data Protection Officer
Tel No.: +603-27025222 | Email: contact@mazars.my

If you are unable to submit your request in writing, please contact us and we will assist you.

If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the issue for you and you are an EU citizen you may take the matter to your local supervisory authority responsible for data protection matters. The European Commission maintains a list of data protection supervisory authorities which can be found here.  In all other circumstances you may take the matter to the Information and Data Protection Commissioner. 

This current privacy notice is version January 2023 and has been updated on 13 February 2023.

Here is the Personal Data Protection Notice that applied between May 2019 to January 2023.

Disclaimer

The accuracy and completeness of your personal data depends on the information you provide to us. We assume the information provided by you to be correct and up to date unless you inform us otherwise. Where you provide personal data of any third party, employees, and directors of your organisation to us including but not limited to their family information, it is our assumption that you have obtained the necessary consent from each individual that the information is to be disclosed to us.

For the Bahasa Malaysia version of the Personal Data Protection Notice (Notis Perlindungan Data Peribadi_Feb 2023), please refer to the attachment below

Documents

Data Privacy Statement May 2019
Notis Perlindungan Data Peribadi_​Feb 2023
Personal Data Access Request Form
Personal Data Correction Request Form