At Crea8, we understand that confidentiality and security of the personal data (“Personal Data”) that you share with us is important. The company is committed to protecting the privacy of Personal Data, including Personal Data related to individuals who may be customers, employees, agents, job applicants or others inside or outside of Crea8. That is why we have developed specific policies and practices designed to protect the privacy of your Personal Data.
This Policy is based on the privacy and data protection principles common to the countries in which we operate. This Policy is intended to summarise Crea8’s data protection practices generally and to advise our customers, prospective customers, job applicants, website visitors and other third parties about Crea8’s privacy policies that may be applicable to them.
This Policy is specifically addressed to those who provide Personal Data to Crea8 or who visit or use Crea8’s websites, software application and social media sites.
Crea8 is responsible for the Personal Data that we may collect in the manner discussed below. Crea8 includes: Crea8 Capital Sdn. Bhd., licensed by the Securities Commission Malaysia (eCMSL/A0369/2020), and Crea8 Capital Incorporated, licensed by the Labuan Financial Services Authority (SL/20/0013) and their respective affiliates and outsource IT partners (the “Crea8 Entities”). Specifically, your Personal Data might be controlled by the Crea8 Entity that is providing services or communication to you. In some instances your Personal Data will be controlled by more than one Crea8 Entity.
Crea8 collects and processes Personal Data from you. This may include, among other things, information:
In order for you to utilise our services, you will provide us with your Personal Data entirely voluntarily. In most circumstances Crea8 cannot take action without utilising certain of your Personal Data, for example, because this Personal Data is required to process your instructions or orders or provide you with access to our services or marketing materials. In most cases, it will be impossible for us to provide the services to you without the relevant Personal Data.
We may use your Personal Data for the following purposes (“Permitted Purposes”):
We may process your Personal Data for the following purposes after obtaining your express consent where legally required:
Where legally required, with regard to marketing-related communication, we will only provide you with such information after you have opted in and we will also provide you with the opportunity to opt out at any time if you do not wish to receive further marketing-related communication from us. We like to keep our customers, personnel and other interested parties informed of company developments, including news relating to Crea8 that we believe is of interest to them. If you do not wish to receive publications or details of events or seminars that we consider may be of interest to you, please let us know. Where legally required, we will not use your Personal Data for taking any automated decisions affecting you or creating profiles other than described above.
Depending on which of the above Permitted Purposes we use your Personal Data for, we may process your Personal Data on one or more of the following legal grounds:
In addition, the processing may be based on your consent where you have expressly given that to us.
We may share your Personal Data in the following circumstances:
Otherwise, we will only disclose your Personal Data when you direct us or give us permission to do so, when we are allowed or required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
To the extent required by law, we will take appropriate technical and organizational measures to keep your Personal Data confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to Personal Data. Personal Data may be kept on our Information Technology systems, those of our contractors or in paper files.
For Personal Data subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) we may transfer your Personal Data outside the EEA for the Permitted Purposes as described above. This may include countries that do not provide the same level of protection as the laws of your home country (for example, the laws within the EEA or the United States). We will ensure that any such international transfers are made subject to appropriate or suitable safeguards if required by the GDPR or other relevant laws. You may contact us at any time using the contact details below if you would like further information on such safeguards.
With respect to persons covered by GDPR, in case Personal Data is transferred to countries or territories outside of the European Economic Area (“EEA”) that are not recognised by the European Commission as offering an adequate level of data protection, we have put in place appropriate data transfer mechanisms to ensure Personal Data is protected.
If any of the Personal Data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request that you have made of us, please let us know by contacting Crea8 Customer Service through the Crea8 website. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that you provide to us.
We retain your Personal Data in an identifiable form in accordance with our internal policies which establish general standards and procedures regarding the retention, handling and disposition of your Personal Data. Personal Data is retained for as long as necessary to meet legal, regulatory and business requirements. Retention periods may be extended if we are required to preserve your Personal Data in connection with litigation, investigations and proceedings.
If you are a Covered Individual you have a number of legal rights under GDPR in relation to the Personal Data that we hold about you. These rights include:
We have designated our Operating Officer as the Data Protection Officer (“DPO”) to enhance and promote compliance with and understanding of privacy and data protection principles. If you wish to do any of the above, please send us an email.
We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data and for any additional copies of the Personal Data you request from us.
We will consider any requests or complaints that we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the relevant regulator. We will provide you with details of your relevant regulator upon request.
Currently, Crea8 is not established in the EEA.