Privacy Policy

This policy applies to Agensi Pekerjaan Odd Technologies (M) Sdn Bhd (company no. 891994-W) of Block B12b-3, Jalan Selaman 1, Dataran Palma, 68000 Ampang Selangor, Malaysia, trading under the Qwork brand (referred to as the “QWORK”). 

References in this policy to “we”, “us” or “our” are references to the QWORK.  

What We Do 

The QWORK provides:  

• recruitment consultancy services placing giggers (hereinafter known as gigger) on a permanent, contract and interim basis across a range of industries and geographies under the QWORK brands (“Recruitment Services”);  
• business process outsourcing services assisting companies with their recruitment and placements on permanent/full-time employment, independent contractor/ temporary/part-time/freelance and labour supply and screening (commonly known as “BPO”, “MSP” and “Recruitment Services” which for the purpose of this policy are collectively referred to as “QWORK Services”); 
• other consultancy, technology and advisory services (“Consultancy Services”).

 

Information you provide us by registering for an account

In addition to the information provided automatically by your browser when you register an account on our websites and/or apps, to become a subscriber to the our service you will need to create an account. You can create an account by registering with the Service and entering your email address, and creating a user name and a password. By registering, you are authorizing us to collect, store and use your email address in accordance with this Privacy Policy.

Children’s Privacy

Our services are not directed to anyone under the age of 13. We do not knowingly collect or solicit information from anyone under the age of 13, or allow anyone under the age of 13 to sign up for our service. In the event that we learn that we have gathered personal information from anyone under the age of 13 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at help@qwork.my. 

 

We operate through a global network of external partners (private individuals, groups, organisations, associations and entities) and utilise vendors where needed, to ensure we provide the best solutions to our clients (from hereinafter known as employers) across the countries where we perform services.

• Unless we notify you otherwise, we operate as a data controller when processing your personal data for our Recruitment Services and Consultancy Services. If we share your personal data with our employers as part of our Recruitment Services or Consultancy Services, it is likely that our employers will process your personal data as a data controller. Our employers may request additional personal data from you as part of their hiring processes.   
• Unless we notify you otherwise, we are the data processor and our employers are the data controllers of your personal data processed by us for our Outsourced Services. Where we act as a data processor, the privacy policy of our client will apply. Unless we notify you otherwise, if a company within the QWORK network and affiliates engages you on a temporary assignment, the affiliate/partner company who engages you will be the data controller of your personal data. 

 

If you are uncertain about who the data controller of your personal data is, please contact us using our contact information set out in section 13 of this policy. 

The purpose of this Global Privacy Policy (“policy”) is for us to inform you how we collect, use and disclose your personal data. It is important that you read this policy in conjunction with any notices or statements relating to data, data protection, fair processing and/or privacy that we may issue at the time of collecting your personal data where applicable in the jurisdiction. They are not intended to override the policy unless stated otherwise by us in such policy, notice or statement.  

We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Service, you acknowledge that you understand and agree to assume these risks.

Non-Personal Information

In general, we use Non-Personal Information to help us improve the Service and customise the user experience. We also aggregate Non-Personal Information in order to track trends and analyse use patterns on the Site. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our discretion.

In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy. If our information practices change at any time in the future, we will post the policy changes to the Site so that you may opt out of the new information practices. We suggest that you check the Site periodically if you are concerned about how your information is used.

1. What personal data do we collect? 

Personal data is any information relating to an identified or identifiable person and business entity registered within our websites and/or apps.  

We will only collect personal data that we are permitted to collect by law on a jurisdictional basis. We have set out below a non-exhaustive list of the types of personal data that we most commonly collect. If otherwise indicated, the type of personal data listed below are applicable to employers and giggers.

Type of Personal Data	Description of Personal Data
Identity data for giggers	Title, first name, last name, surname name/family name, date of birth, gender, photograph, national insurance number (or equivalent in your country), nationality and other information relating to residency and citizenship which may be required to establish a right to work in a given country, marital status and number of dependents
Identity data for employers	Title, first name, last name, surname name/family name, position/title of the account holder(s), company incorporation information, credit score*, director information* and any other relevant data that may be required to ensure the legitimate claim to the business entity.
Contact data for giggers	Mailing address, email address and telephone numbers, emergency contact details and contact details history.
Contact data for employers	Mailing address, business address, work address, email address(es) and telephone numbers, other relevant contact details.
Historical data for giggers	Your educational history and credentials, employment history, criminal background history, social media, skills and qualifications, and results from any other background and disclosure checks in countries where it is lawful to carry out such checks.
Employment-related data (giggers)	Your current remuneration, pension and benefits, what role you are looking for, what work-related areas interest you, third party references (if taken) and interview and assessment feedback created either ourselves or by our client following an interview or assessment.
Verification data for giggers	A copy of your driving license, passport, identity card or another form of identification and referee details.
Verification data for giggers	A copy of company incorporation certificate/business license/permit or another form of business identification.
Financial data	Your bank sort code and account number and tax-related information and credit checks.
Diversity data	We may collect diversity data for governmental reporting purposes, which may include racial or ethnic origin, religious or other similar beliefs and physical or mental health, including disability-related information.
Technical data	Your internet protocol (IP) address, MAC address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, mobile phone location data and other technology on the devices you use to access our website and our services.
Profile data	Your usernames applicable to accessing our services, interests in so far as these are applicable to the services we provide to you and other preferences and other insights or determinants that we have gained from our analysis and profiling of you.
Usage data	How you use and navigate around our websites and/or apps and what you browse within them.
Marketing data	Your preferences in receiving marketing from our third parties and us and your communication preferences.
Application data	Your contact and identity information, character disclosures (including offences, disclosures and information relevant to meeting character requirements), health disclosures, vaccinations and any information relevant to meeting health criteria.
Video	If video surveillance operates in or near our offices we may capture images of you where permitted by law.  We may also capture video of you if you attend an event organised by us where you have given your express consent for us to do so.

 

Sensitive or special category personal data - during the recruitment process or in the course of the services we operate, we may collect personal data that is considered sensitive or special category in certain countries. We may be required by local privacy laws to obtain your explicit consent to handle this type of personal data. You will be provided with a consent form if your express consent is required. Please contact us if you have not been provided with a consent form and you believe we hold your sensitive or special category personal data. 

In respect of giggers and users of QWORK websites/apps, we also handle the following types of data:

• Aggregated Data, such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy; and 
• Anonymised Data, which is data created from your personal data where your identity has been removed and you cannot be traced to it.

 

The age at which an individual is regarded as a child differs per country. We do not typically collect personal data relating to individuals under 18. 

2. How we collect personal data 

We generally collect your personal data directly from you. For example, we collect your personal data when you: 

• deal with us in person, by telephone, email or via our websites;
• register with us (e.g. at career fairs and/or events);
• submit any other information to us, such as a CV;
• complete psychometric assessments or other assessments;
• subscribe to job (from hereinafter known as gigs)  alert emails/app nudges/web messages/web push;
• subscribe to our publications;
• attend an event we have organised;
• enter a competition, promotion or survey; and/or 
• give us feedback. 

 

We may also use the following third party channels to collect your personal data:

• pre-employment screening and background checking organisations where permitted in the jurisdiction;
• our clients and their third party suppliers; 

• governmental and regulatory bodies, such as tax and social security authorities;
• third party suppliers, including other recruitment and employment agencies, job board providers and job aggregators and our managed service providers who are within our supply chain;
• other recruitment agencies;
• analytics providers, such as Google Analytics; and
• communication platforms, such as WhatsApp, Telegram and Netcore.

 

We may also collect your personal data from publicly available sources where permitted in the jurisdiction, including:

• your identity and historical data from social media sites, such as LinkedIn, Twitter and Facebook;
• your identity and contact data from company and commercial registers or electoral registers; and
• your identity, from qualification and membership lists of professional bodies. 

 

Cookies are small text data stored on your PC or mobile device and are created by the website’s servers. We collect your personal data automatically via cookies when you visit QWORK websites/apps, in line with the cookies settings in your browser. You can find out more about these cookies, including how we use them and what choices are available to you, by reading our Cookies Policy. You can find out more about the use of cookies on http://www.allaboutcookies.org/.

3. How we use personal data 

We will only use your personal data when the law permits us to, and the uses set out below will be subject to that requirement. 

Giggers

Your personal data will be collected and handled by us in order to:

• provide careers, recruitment and/or related intermediary services to or for you;
• match your details against gig vacancies (which we consider are appropriate for you in order to assess your suitability for them;
• allow you to submit your CV, apply for specific gigss or to subscribe to our gig alerts so that we can notify you when relevant gig vacancies arise;
• apply for gigs on your behalf by sending your personal data to employers;
• facilitate the recruitment process if an employer wishes to progress your application;
• fulfil our contractual obligations to our employers; 
• inform you about any relevant industry developments, events, promotions and competitions, and to communicate any other relevant information;
• answer your enquiries or questions;
• conduct statistical analysis;
• monitor diversity;
• comply with our regulatory commitments;
• pursue or defend a legal claim;
• conduct pre-employment screening;
• prevent or detect a crime, where the law requires us to carry out such monitoring; and
• provide you with further information which may be of interest to you in regard to the employment market and opportunities. 

 

Websites/Apps users 

Your personal data will be collected and handled by us in order to:

• improve our customer service and make the way we operate more useful to you (which includes tailoring our websites to suit your requirements);
• let you know about our recruitment services across all areas of our business;
• send you communications where you have indicated you are happy to receive such information or have purchased products or services from us, which may include the following:
• E-newsletters;
• Emails about the services we offer and new product launches;
• Reminders when your products or services may be due for renewal; and
• Opportunities to participate in market research. 

 

Depending on the contact preferences you select, we will communicate with you by WhatsApp/Telegram messages, telephone, SMS, email or other electronic means such as via social and digital media. We may use your usage data to help ensure that this messaging is personalised and relevant to you. 

Referees:

We will use your personal data purely for the purpose of conducting a reference check on a gigger. 

4. Who your personal data is shared with 

Subject to local regulations in the jurisdiction, we may disclose your personal data to:

• any company/affiliate partners in the QWORK ecosystem;
• prospective employers or engagers;
• other recruitment companies or intermediaries involved in managing the supply of personnel;
• data processors of the QWORK;
• pre-employment screening and background checking organisations;
• your referees;
• your past employers and relevant education institutions;
• your professional bodies;
• government and regulatory bodies, such as tax and social security authorities;
• third party suppliers, including other recruitment and employment agencies, job board providers and job aggregators and our managed service providers who are within our supply chain; and
• third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business structure, any new owners may use your personal data in the same way as set out in this policy. 

 

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, which includes compliance with this policy. 

5. Legal grounds 

In certain countries our companies that act as a data controller are required to establish legal grounds as set forth by applicable law to process your personal data. Depending on our relationship with you, if required to do so, we will rely on one or more of the following legal grounds:

Legal Ground	Permitted Purpose
Where you have given us consent to use your personal data for one or more permitted purposes.	For example:  when you create a website account/app account with us;  when we are required by law to collect your explicit consent to process your personal data; and   where you otherwise provide us with your consent.
Where we need to process your personal data to comply with a legal or regulatory obligation.	For example:   to perform background checks in accordance with our legal obligations; to comply with our legal and regulatory requirements in relation to taxation and financial compliance;  for equal opportunities monitoring and reporting purposes; to co-operate with our regulators and other public authorities;   to comply with any other obligation to which we are subject under applicable rules and law.
Where we need to process your personal data to perform the contract, we are able to enter or have entered into with you.	For example: to employ/engage you if you are applying for a vacancy with us; and  to enter into or perform our agreement with you if you are a supplier or external adviser.
Where the processing of your personal data is necessary for the pursuit of our legitimate business interests and your interests and fundamental rights do not override those interests.	For example:  to offer and provide our recruitment services to you and to assess your skills against our vacancies with our clients;  to provide you with marketing material to aid your gig search;  to manage complaints and legal claims;   to conduct appropriate background checks if you are to be employed/engaged by us;  sharing your personal data with the companies or affiliatesand/or partners of QWORK;   sharing your personal data with our third party services providers; and sharing your personal data with potential employers.

 

If you would like to know what legal grounds we rely upon to process your personal data, please contact us using our contact details in section 13 of this policy. 

6. Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We view our relationship with you as being one which is to support your career through numerous roles and assignments. Accordingly, we may retain your data for a period of time which is materially greater than simply one placement if we reasonably believe that we will continue to have an ongoing relationship with you.   

We will appropriately and securely dispose of your personal data when it is no longer required.  To determine the appropriate retention period for personal data, we will consider the following factors: 

• amount and nature of the personal data; 
• its sensitivity; 
• the potential risk of harm from unauthorised use or disclosure of the personal data; 
• the purposes for which we handle your personal data; 
• whether we can achieve those purposes through other means; and 
• applicable legal requirements. 

 

When we act as a data processor to our employers, the data controllers, we will retain your personal data in accordance with the retention periods prescribed by our employers. 

7. Your rights 

The country you are located in and the applicable privacy laws determine your rights in respect of your personal data. These may include: 

Right	Description of Right
Right to be informed	about your personal data and details of the handling and processing of that personal data and information, including, as applicable the safeguards used to protect your personal data in the event that we transfer it outside the territory it was collected in;
Right of access	to your personal data and to obtain information about how we handle and process it;
Right to have inaccuracies corrected	if your personal data is inaccurate, including to have incomplete personal data completed;
Right of erasure	of your personal data, which is also known as the “right to be forgotten”. We do not delete personal data from our back-up files that are created for disaster recovery purposes and are not easily accessible;
Right to restrict handling and processing	of your personal data, which includes requesting us to suppress your personal data file;
Right to move, copy or transfer	your personal data to another organisation, also known as “data portability”;
Right to object	to the handling and processing of your personal data for certain purposes, in particular to personal data processed for direct marketing purposes and to personal data that is handled and processed for certain reasons based on our legitimate interests;
Right to withdraw consent	or permission that you have previously provided to us in relation to our handling and processing of your personal data, such as for the purposes of marketing by electronic means;
Rights in relation to automated decision making	where such automated decision making has a legal effect on you or otherwise significantly affects you; and
Right to complain	to us in relation to the handling of your personal data; or the regulatory body which enforces data protection law in your locality.

 

Please contact us using our contact details set out in section 13 of this policy if you wish to exercise any of your legal rights.  

Where permitted by law, you may be charged a fee to access your personal/organizational data or to exercise any other right that may apply. We will let you know if a fee applies to your request before we complete it. 

We may also request certain information to help us confirm your identity, ensure your right to exercise any of the rights in the table above and to prevent your personal data being disclosed to any person who has no right to receive it.  

We will respond to all legitimate requests within any legal timeframes. 

8. Technology

We will always use your personal data fairly. We use our proprietary algorithm to sort through the gig applications we receive and to match giggers to specific gig vacancies. Please let us know when we contact you if you feel there are other factors that we should consider as part of your gig application.

9. Data security

We hold your personal data in a combination of secure computer storage facilities and may also hold them in the form of paper-based files.

We have in place an appropriate level of security around your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage to it.

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of harm that might result from unauthorised or unlawful processing, accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to your personal data including:

• locks and security systems;
• encryption
• usernames and passwords;
• virus checking;
• auditing procedures and regular data integrity checks; and
• recording of file movements.

 

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They must only process your personal data on our instructions and subject to the access controls listed above. They are also subject to a duty of confidentiality.

We have agreed on security-related measures with the third parties we share your personal data with to ensure that it is treated by those third parties in a way that is consistent with how we safeguard your personal data.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority where we are legally required to do so.

If you suspect any misuse, loss of or unauthorised access to your personal data, please contact us immediately using our contact details in section 13 of this policy.

10. Personal data storage and transfer

• Due to the global nature of our business we may need to transfer Personal Data outside of the Malaysia. For example, we may transfer personal data to QWORK companies, service providers and government or public authorities in order to perform our recruitment services and comply with our legal obligations. 
• If we do transfer Personal Data outside of Malaysia, we will make sure that appropriate safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply, or we are authorised to do so. If requested, we will provide you with details of the safeguards that we have implemented. 
• We collect personal data relating to all users in the following countries (Malaysia, Indonesia, Singapore and all other countries within SEA.
• Due to the global nature of our business we may need to transfer Personal Data outside the original territory in which the data was collected (“Original Territory”). For example, we may transfer personal data to QWORK affliliates/partners or potential employers internationally in any of the countries listed above, and to service providers and government or public authorities in order to perform our services and comply with our legal obligations. 
• If we do transfer Personal Data outside the Original Territory, we will make sure that such transfers are performed in compliance with applicable law. 

 

11. Privacy policies of third parties

This policy explains how the QWORK handles your personal data. Please also read the privacy policies of the social media platforms and third party websites through which you arrive at a QWORK websites/apps. We encourage you to read the privacy policies provided by these sites before giving them your personal data.

12. Changes to this policy

We reserve the right to change this policy from time to time. Changes will be notified on our website seven days before taking effect. We may make emergency changes to this policy when we believe it is reasonable to do so e.g. to comply with legal or regulatory requirements. 

13. How to contact us

If you have questions or comments about our privacy practices, or if you would like to submit a request exercising your privacy rights, please contact us. You can:

• Email us at help@qwork.my

 

14. Links to Other Websites

 

As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Site and the Service. Therefore, this Privacy Policy does not apply to your use of a third party website accessed by selecting a link on our Site or via our Service. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.