Privacy Policy

Privacy Policy

Fäth Asia is committed to protecting the privacy of our website visitors, service users, individual customers, and customer personnel as one of our main priorities. This policy explains how the personal data of such persons is collected, stored, used, and disclosed by Fäth Asia.

This Privacy Policy applies in this website where we are acting as a data controller and a data processor for the personal data of such persons; in other words, where we determine the purposes and means of the processing of that personal information.

We use cookies on our website to enhance the performance and functionality of our website. It is used to identify your browser, provide analytics, and remember information about you such as your cookie and language preference. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask for your consent to our use of cookies when you first visit our website as compliance with GDPR, CCPA, PDPA, and other similar legislations. You can find more information regarding Cookie or manage your cookie preference in our Cookie Policy.

For website visitors and Service users from Singapore, kindly refer to this Privacy Policy.
Faeth Singapore Pte. Ltd. External Privacy Policy

1. Definitions and Key Terms

To help explain things as clearly as possible in this Privacy Policy, each time any of these terms are referenced, they are strictly defined as:

1. Company

When this Privacy Policy mentions “the Company”, “we”, “us”, or “our”, it refers to Faeth Asia Pacific Sdn. Bhd. as the Data Controller and the Data Processor that determines the purpose and means of the processing of your personal data as defined in GDPR and PDPA.

 

Faeth Asia Pacific Sdn. Bhd.

2464, Tingkat Perusahaan 6
Free Industrial Zone
Perai
13600 Penang
Malaysia

 

2. Cookies

Cookies are small pieces of data designed to be a reliable mechanism for websites to remember stateful information or to record the user’s browsing activity that is generated by a website and stored on your device by the web browser.

 

3. Country

Where Faeth Asia Pacific Sdn. Bhd. is based, in this case, in Malaysia.

 

4. Device

Any internet-connected device such as a smartphone, tablet, computer, or any other device can be used to visit the website.

 

5. IP Address

Every device connected to the Internet is assigned a number known as an Internet Protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP Address can often be used to identify the location from which a device is connecting to the Internet.

 

6. Personnel

Refers to individuals who are employed by Fäth Asia or are under contract to perform a service on behalf of one of the parties.

 

7. Personal Data

Any information that directly, indirectly, or in connection with other information that allows for the identification of a natural person.

 

8. Service

Refers to the services provided by Fäth Asia as described in the relative terms (if available) in this website and the website itself.

 

9. Third-Party Service

Refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.

 

10. Website

Fäth Asia’s website, which can be accessed via this URL: https://www.faethasia.com

 

11. You

An individual or entity accessing and using the Service provided on the website.

2. Name and address of the Data Controller

The Data Controller and Data Processor for the purposes of the GDPR, CCPA, PDPA, and other data protection laws applicable is:

Faeth Asia Pacific Sdn. Bhd.

2464, Tingkat Perusahaan 6
Free Industrial Zone
Perai
13600 Penang
Malaysia
Tel.: +60 (4) 380 0777
E-mail: faethasia.dpo@faeth.com
Website: www.faethasia.com

Mailing Address and Contact Number for Website Visitors and Service Users from Singapore:

Faeth Singapore Pte. Ltd.

3 International Business Park
#04-25 Nordic European Centre
609927
Singapore
Tel.: +65 6355 0081
E-mail: faethasia.dpo@faeth.com

Website: www.faethasia.com

3. Name and address of Data Protection Officer

Faeth Asia Pacific Sdn. Bhd.

2464, Tingkat Perusahaan 6
Free Industrial Zone
Perai
13600 Penang
Malaysia
Tel.: +60 (4) 380 0777
E-mail: faethasia.dpo@faeth.com
Website: www.faethasia.com

Mailing Address and Contact Number for Website Visitors and Service Users from Singapore:

Faeth Singapore Pte. Ltd.

3 International Business Park
#04-25 Nordic European Centre
609927
Singapore
Tel.: +65 6355 0081
E-mail: faethasia.dpo@faeth.com
Website: www.faethasia.com

4. SSL or TLS encryption

Our website uses SSL or TLS encryption to protect transfers of confidential content you send us via this website, and for security reasons. That prevents third parties reading the data you send via this website. You can tell that the connection is encrypted by the ‘https:/’ in the address bar or the lock icon in your browser.

5. Server log files

The website provider automatically collects and saves information that your browser automatically sends to us in server log files. They are:

  • The date and time when you accessed the website
  • The website from which the accessing system accesses our website (‘referrer’)
  • The sub-pages an accessing system visits on our website
  • The access method/function called by the requesting computer
  • The input values sent by the requesting computer (e.g. file name)
  • Access status of the web server (file sent, file not found, command not executed etc.)
  • Browser types and versions used
  • An Internet Protocol (IP) address, anonymised where applicable
  • Other similar data and information to protect against hazards in the event of attacks on our IT systems.

These data are not combined with other sources of information. Data are processed on the basis of Section 6 Subsection 1 b of GDPR, which permits processing of data to fulfil a contract or precontractual measures. This information is technically necessary to deliver the content of websites you requested correctly and are essential when using the Internet. We also use data to identify and track illegal access attempts and access to our web servers. The data are otherwise used only for anonymised access statistics to optimise the website. No access profiles are produced. This is only information that does not permit personal identification, as your IP address is not saved or is anonymised. The logged data are stored for 426 days and then deleted unless a detected web attack results in a civil or criminal prosecution of the attacker.

6. Legal basis for processing

Section 6 I a of GDPR provides data controllers with a legal basis to process data for which the data subject gave consent to use such data for a specific purpose. If personal data must be processed to perform a contract in which the data subject is a contracting party, for example as is the case for processing that is necessary to deliver goods or provide miscellaneous services or consideration, processing shall be based on Section 6 I b of GDPR. The same applies for processing necessary precontractual measures, for example in cases of inquiries about products or services. If the data controller is subject to a legal obligation that requires processing of personal data, for example to fulfil taxation obligations, processing shall be based on Section 6 I c of GDPR. In rare cases, it may be necessary to process personal data to protect vital interests of the data subject or another natural person. For example, this would be the case if a visitor were injured on our premises, in which case we would have to inform a doctor, hospital or other third party of their name, age, health insurance data and other vital information. Processing would then be based on Section 6 I d of GDPR. Processing could ultimately also be based on Section 6 I f of GDPR. Processing not covered by any of the above legal grounds shall be based on these legal grounds if the processing is required to uphold legitimate interests of the data controller or a third party, provided the interests, fundamental rights and freedoms of the data subjects do not outweigh such interests. Processing of this kind is permitted in particular because it was specifically mentioned by European Legislator. Accordingly it took the view that a legitimate interest could be assumed if the data subject is a customer of the data controller (Recital 47 Subsection 2 of GDPR).

7. Period for which personal data are stored

The criterion for duration of storage of personal data is the respective legal storage period. After expiry of the period, the corresponding personal data are deleted unless it is required to fulfil the contract or to prepare a contract.

8. Contact form

We save the data sent in the contact form along with your contact details to enable us to answer your inquiry or to respond to any further concerns you may have. Your data are not passed on to third parties without your consent.

Data are processed on the basis of Section 6 Subsection 1 a of GDPR, which permits processing of data based on consent. However, you can revoke your consent at any time without stating grounds. Informal notification by e-mail is sufficient to revoke consent. The legitimacy of data processing procedures prior to the revocation remains unaffected by the revocation.

Data sent via the contact form shall be stored until you ask us to delete it, revoke your storage consent or storage is no longer necessary. Mandatory legal provisions or archiving periods remain unaffected.

9. Contact

If you contact us (by e-mail or telephone), your user details are used to handle the contact request and process it in accordance with Section 6 Subsection 1 b of GDPR.

The user details may be stored in our Customer Relationship Management System (CRM system) or similar inquiry organisation method.

User details shall be stored until you ask us to delete them, revoke your storage consent or storage is no longer necessary. Mandatory legal provisions or archiving periods remain unaffected.

10. Data protection for applications and in application processes

When you send us your application documents, we process your personal data to handle the application process. If you send us your application documents electronically, for example by e-mail or in a web form, we also process them electronically.

The personal data you send shall only be used to handle your application for the position advertised. Only persons involved in the application process shall have access to your personal data. All employees entrusted with processing your data are obliged to treat your data as confidential. We do not pass your data on to third parties unless you consent to data forwarding or we are obliged to pass on data by law and/or official or court orders.

If you share personal data with us as part of the application process, we divide them into the following data types and categories for collection, processing and/or use:

  • Personal data (e.g. first name and surname, date of birth, address)
  • Communication data (e.g. telephone number, e-mail address)
  • Data on evaluation or assessment in the application process
  • Data on education and previous professional career (e.g. school, vocational training, university degrees, doctorate, certificates)
  • Information on other qualifications (e.g. language skills, PC skills, volunteer work)
  • Application photo
  • Information on salary expectations
  • Application history

If we conclude an employment contract with you, the data you sent will be stored for the purpose of the employment relationship in accordance with the legal regulations. If no employment contract is concluded with you, the data shall be deleted automatically 6 months after announcement of the rejection decision, unless the data controller has other legitimate interests that prevent deletion. Other legitimate interests in this sense include a burden of proof in a case pursuant to the German General Equal Treatment Act (AGG).

11. Cookies

Our website uses cookies. You can learn more about the cookies we use in our Cookie Policy.

12. Analytics with Google Analytics

This website uses various web analytics tools (such as Google Analytics) and other measurement tools (like MonsterInsights) to help analyze how users use the site. These tools use cookies,  to collect standard internet log information and visitor behavior information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google and sometimes other vendors. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for faethasia.com.

We will never (and will not allow any third party) use the statistical analytics tool to track or collect any personally identifiable information of visitors to our site. The Web Analytics vendors do not associate your IP address with any other data held by them. Neither we nor the web analytics Vendors will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any personally identifying information from any source unless you explicitly submit that information via a fill-in form on our website.

13. Your rights

Right to confirmation

You have the right to request confirmation from the data controller whether the corresponding personal data has been processed.

Right to restrict processing

You have the right to demand that the data controller restricts processing if one of the following conditions is met:

The accuracy of the personal data is disputed by the data subject, for a period that allows the data controller to assess the accuracy of the personal data.

Processing is not legitimate, the data subject rejects erasure of the personal data and instead requests restriction of the use of the personal data.

The data controller no longer requires the personal data for processing, but the data subject requires it to assert, exercise or reject legal claims.

The data subject has objected to processing per Section 21 Subsection 1 of GDPR and it has not yet been stipulated whether the data controller’s legitimate grounds supersede those of the data subject.

Right to object

You have the right to object to processing of your personal data in accordance with Section 6 Subsection 1 e or f of GDPR at any time. This shall also apply to profiling based on these provisions.

The data controller will then no longer process your personal data unless it can prove compelling legitimate reasons for processing, which supersede the data subject’s interests, rights and freedoms or the processing serves to assert, exercise or reject legal claims.

If the data controller processes personal data for direct advertising purposes, the data subject is entitled to object to the processing personal data for the purposes of such advertising. The same also applies for profiling, where it is linked to such direct advertising. If the data subject objects to the data controller processing for direct advertising purposes, the data controller shall no longer process the personal data for these purposes.

The data subject is also entitled to object to processing of their personal data by the data controller for scientific or historical research purposes, or statistical purposes in accordance with Section 89 Subsection 1 of GDPR for reasons arising from their particular situation, unless such processing is essential to fulfil an obligation in the public interest.

The data subject is also entitled to object using automatic procedures in which technical specifications are used in conjunction with the use of information society services, irrespective of Directive 2002/58/EC.

Right to complain to the responsible supervisory authority

As a data subject you have the right to complain to the responsible supervisory authority in the event of violations of data privacy law. The responsible supervisory authority in data privacy matters is the state data protection officer of the Federal State in which our company has its registered office. The following link provides a list of the data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You are entitled to have data we process automatically based on your consent or to fulfil a contract forwarded to you or third parties. Your data are provided in a machine-legible format. If you demand direct transfer of the data to another data controller, this shall only be done if it is technically feasible.

Right to information, correction, erasure, blocking

You shall be entitled, within the scope of the applicable statutory provisions, to receive information free of charge on any data stored relating to you personally as well as on their origin, their recipient and the purpose of data processing. You may also be entitled to claim the correction, erasure or blocking of such data.

Revoking your consent to process your data

Some data processing procedures are only possible with your express consent. You can revoke your consent at any time after granting it. Informal notification by e-mail is sufficient to do so. The legitimacy of the data processing prior to the revocation remains unaffected by the revocation.

Automated decisions including profiling

You are entitled not to be subjected to a decision made exclusively based on automated processing – including profiling – with legal effect on you, or that significantly impacts you in a similar way, provided the decision:

(1) is not required to conclude or fulfil a contract between the data subject and the data controller or

(2) is permitted in accordance with the laws of the Union or Member States to which the data controller is subject, and these laws contain appropriate measures to uphold the rights and freedoms and legitimate interests of the data subjects or

(3) is made with the express consent of the data subject.

If the decision is necessary to conclude or fulfil a contract between the data subject and the data controller, or if it is made with the express consent of the data subject, the data controller shall take appropriate measures to uphold the rights and freedoms and legitimate interests of the data subject, which shall include at least the right to procure the intervention of a person on the part of the data controller, representation of a personal point of view and to object to the decision.

Questions on data protection

If you have questions on data protection, please send us an e-mail or contact us directly (see above for contact details).

Last amended: 25/05/2021