Campaign Period: 15 April 2020 - 14 July 2020

Terms & Conditions / Data Privacy Governance Policy
  1. The “TRY FOR FREE” Campaign (“Campaign”) is applicable only to Mydin stores participating in Peninsular Malaysia and for any products listed under the participating brands of Reckitt Benckiser listed below ("participating brands”):
    Reckitt Benckiser Participating Brand
    Air Wick Easy On Harpic Vanish

    **Only products of participating brands bought at the listed participating stores are eligible for claim.
  2. This Campaign runs from 15 April 2020 to 14 July 2020 ("Campaign Period"). This Campaign is organized by Reckitt Benckiser (Malaysia) Sdn Bhd through its appointed agent (jointly known as “Organizer”)The Organizer reserves the right to make changes to this Campaign, Terms and Conditions, and Campaign mechanics at any time without prior notice or announcement. Entries received outside this Campaign Period will not be eligible to participate in this Campaign.
  3. This Campaign is open to all Malaysians 18 years of age and above at the beginning of this Campaign except for employees of the Organizer and participating outlets.
  4. This Campaign only applies to the participating brands of Reckitt Benckiser listed in Clause 1. For the avoidance of doubt, purchases of other brands not listed in Clause 1 is not eligible for claim in this Campaign. Organizer reserves the right to question and / or request further information and evidence to support or reject claims in connection with this Campaign. An individual may participate only once as a Claimant. Multiple entries by the same Claimant will automatically result in the disqualification of all Claimant entries. Joint participation is not allowed, hence only one Claim for each Claimant. All rejection claims are final and no correspondence will be entertained by the Organizer.
  5. To participate in this Campaign, the Claimant must:
    1. Buy any two (2) or more participating brands of Reckitt Benckiser products as listed in a single receipt / proof of purchase. For example: Claimant who buys one product under the Easy On brand AND one product under the Air Wick brand is eligible to register.
    2. Visit and register your Name (as per NRIC), NRIC number, bank account number and bank name, phone number, receipt number, and upload a clear picture of your receipt / proof of purchase within 5 days, not including the day the purchase was made.
    3. Applicants who are eligible will get a maximum Cash Back of RM50.00. The amount will be deposited into the Claimant’s bank account within ten (10) working days via electronic funds transfer.
  6. Any claim submitted by and / or through an agent, third party or group of organizations will not be accepted. Incomplete or unreadable claims or non-compliance with any of these Terms & Conditions will be rejected. No correspondence, verbal or written, will be entertained.
  7. All information about bank and account number is for money transfer to Claimant’s account only through the designated website.
  8. The Claimant is advised not to disclose bank account information publicly except through the website provided.
  9. Reckitt Benckiser and the Organizer will NOT call customers for their bank account information. Claimants are advised to be on guard against fraud.
  10. This Campaign will end after all claims have been redeemed.
  11. For your claim to be confirmed, the receipt / proof of purchase of the Product must be from 15 April 2020 until 14 July 2020.
  12. The refund of each claim is subject to one name only after the claim and name of the Claimant are confirmed correct.
  13. If the Claimant makes a false claim for the return of money, and such claim is found to be untrue or false, the matter and Claimant will be handed to the relevant authority.
  14. Organizer reserves the right to terminate this Campaign in advance of its due date without notice or reason.
  15. These Terms & Conditions and any related dispute are subject to applicable Malaysian law.
  16. By participating in this Campaign, participants agree to provide their personal information and the Organizer reserves the right to publish, use the participant's name and / or picture (if any) for the purpose of publicity, advertising and / or trade without compensation or further notice and each participant have no right to make any claim for such use.
  17. The Organizer collects personally identifiable information in order to provide services or to contact you. This information is stored by the Organizer in a manner consistent with the nature of the data and used to fulfill your request. By submitting your personal information, we consider that you have given permission to Reckitt Benckiser and the Organizer to use this information for marketing and promotional purposes now and in the future, and to improve its products and services. If you inform the Organizer that the above information is not available for future contact, the Organizer will respect your request.
  18. These Terms and Conditions are in English and Malay versions (if applicable). In the event of any inconsistency or inconsistency between the two languages, the Terms & Conditions in English shall prevail and such interpretation shall prevail over the other interpretations in all circumstances.

Terms & Conditions / Data Privacy Governance Policy
  1. Introduction
    1. Reckitt Benckiser ("RB") respects and protects the personal information (i.e. information relating to an identified or identifiable living individual) that we handle as part of our business activities. This includes information about our employees, contractors, consumers, shareholders, suppliers, research subjects, competitors and other individuals. This information may be held in email systems, HR systems and marketing databases, some of which may be owned and operated by third parties.
    2. This Policy applies to any processing of personal information for RB business purposes and sets out how RB directors, officers, employees and contractors (which include agents, consultants, outsourced personnel and other representatives) (“RB Personnel”) should handle that personal information.
    3. RB may also process a subset of personal information called sensitive personal information, such as information about racial or ethnic origin, religious or similar beliefs, sexual life and orientation, medical history, criminal convictions, political affiliations and beliefs, trade union membership, genetic information and biometric data as part of our business operations. This information needs to be handled with particular care and only to the extent permitted by applicable law.
    4. In addition, this Policy outlines RB's approach to the governance of personal information. It explains the roles and responsibilities of certain individuals and groups in relation to common personal data governance tasks.
  2. Responsibilities
    1. All RB Personnel are responsible for ensuring that RB policies, standards and procedures, including this Policy, are followed in all cases.
    2. If you manage RB Personnel you are expected to ensure that the individuals who report to you receive the guidance, resources and training they need to enable them to do their jobs in compliance with this Policy.
  3. Why is this Policy important?
    1. RB is subject to a number of data privacy laws and regulations globally (including the EU’s Data Protection Regulation (the “GDPR”)). Penalties for breach of such laws and regulations can be severe in some countries and may result in the loss of rights to process personal information, significant fines or criminal charges for RB and RB Personnel. Safeguarding the personal information RB processes is also one of the commitments of RB’s Code of Conduct.
    2. If you have any questions regarding this Policy, please reach out to your line manager, your local Legal or Compliance Team or the Privacy Office.
  4. Key Principles
    1. RB is committed to handling personal information properly and regards the lawful use of personal information that we hold in accordance with the principles set out in this Policy as vital to our successful operations.
    2. In all countries where RB operates, we will comply as a minimum with local government laws and regulation governing the processing of personal information. In addition, for markets where no laws or regulation governing the processing of personal information is in force, adherence to this Policy will be a minimum requirement.
    3. When handling personal information, RB and RB Personnel must comply with the following key principles:
      1. Lawfulness. Personal data must be collected, stored and processed fairly, lawfully, and in a transparent manner;
      2. Limited purposes. Personal data must only be collected for specified, explicit and legitimate purposes and only processed in a manner compatible with those purposes;
      3. Data minimisation. Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
      4. Accuracy. Personal data must be accurate and kept up to date;
      5. Limited retention. RB must only retain personal data for as long as is necessary to achieve its specified purpose(s) and in accordance with applicable law (see our Document Retention Policy);
      6. Security. Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (see our Information Security Policy);
      7. Accountability. RB is responsible for, and must be able to demonstrate, compliance with this Policy and under applicable data protection law and regulations, as well as undertaking ongoing reviews to ensure that compliance is sustainable and improved where necessary;
      8. Conditions for sharing. Before a third party is allowed to process any personal data on behalf of RB:
        1. the third party must be vetted in accordance with our Supplier Data Privacy Policy; and
        2. the third party must enter into a written agreement with RB containing appropriate data protection obligations in accordance with RB approved contractual provisions;
      9. International transfers. RB must ensure that personal data originating in the European Economic Area (EEA) is not transferred outside of the EEA, unless the recipient country maintains an adequate level of protection, or where appropriate measures are taken to protect the data, including data transfer agreements, or certification schemes;
      10. Security breaches. Where relevant, RB may have a duty to notify personal data breaches to the relevant supervisory authority. In respect of serious breaches, there may also be a requirement to notify the affected data subjects. All personal data breaches should be investigated and dealt with strictly in accordance with our Data Breach Management Policy; and
      11. Data subject rights. Personal data must be processed in accordance with the applicable rights of the data subject (see our Data Subject Rights Policy), which under the GDPR (to the extent applicable) include but are not limited to:
        • the right to access personal data;
        • the right to object to processing (including where personal data is processed for direct marketing purposes);
        • right to the erasure/deletion of personal data concerning the data subject;
        • the right to restrict processing;
        • the right to data portability;
        • the right to object to decisions being taken by automated means, including profiling;
        • the right to have inaccurate or incomplete data rectified or completed; and
        • the right to claim compensation for damages caused by a breach of law.
        Where processing may present a high risk to data subjects and so as to promote the principle of privacy by design, RB will need to conduct a privacy impact assessment in order to determine the nature of those risks and mitigate such risks to the extent possible (see our Data Protection Impact Assessment Policy).
  5. Data Governance
    1. Group Data Protection Officer
      1. The Group Data Protection Officer ("DPO") is a statutory role required by the GPDR.
      2. The DPO is appointed on an RB group-wide basis and will have his/her principal office at CHQ in Slough, UK. The DPO leads data protection compliance within RB, and is responsible for, amongst other, the following tasks:
        1. to inform and advise RB and its employees about their obligations to comply with the GDPR and other data protection laws;
        2. to monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities and the oversight and sign-off of key compliance tasks such as RB’s record of processing activities, and data protection impact assessments; and
        3. to be the first point of contact for supervisory authorities and for individuals whose data is processed.
      3. The DPO is employed on terms that guarantee his/her independence and impartiality. The DPO’s role is not commercial, and the DPO must not be put in a situation (e.g., through the assignment of additional responsibilities) that might create a conflict of interest.
      4. RB is committed to providing the DPO with sufficient resources to enable the DPO to carry out his/her tasks under the GDPR and other applicable data protection laws and, in particular, to be in a position to efficiently communicate with data subjects and cooperate with relevant supervisory authorities.
      5. RB shall publish the contact details of the DPO and shall communicate such contact details to relevant supervisory authorities in order to allow data subjects and relevant supervisory authorities to reach the DPO in an easy way.
      6. In addition, a local data protection officer may need to be appointed in certain jurisdictions to comply with relevant national law requirements.
    2. Group Board
      1. The Group Board recognises the importance of strong data privacy and data protection governance practices, both in relation to RB's responsibilities under the law, as well as in relation to our standing in the marketplace.
      2. The DPO is expressly permitted to raise with the Corporate Responsibility, Sustainability, Ethics and Compliance Committee (CRSECC) of the Group Board on an ad-hoc basis potentially high-risk projects or possible instances of material non-compliance. The Group Board will also be informed about personal data breaches, and executives may be asked to play a role in leading the public response to serious breaches.
      3. In addition, the DPO reports to the CRSECC on a quarterly basis in relation to day-to-day compliance activity and RB’s progress against its data protection compliance goals.
    3. Privacy Office
      1. To support the DPO in his/her activities, a Privacy Office has been established with its principal office at CHQ in Slough, UK. The Privacy Office is staffed by personnel with expert knowledge of data protection laws and practices and otherwise having the ability to fulfil the tasks required under the GDPR and other applicable data protection laws.
      2. The DPO and the Privacy Office shall have access to necessary services (e.g. HR, legal, IT, cyber security etc.) and access to appropriate training and personal development to enable them to carry out their tasks and to maintain their expert knowledge.
    4. Privacy Champions
      1. Group functions, the Business Unit (“BU”) hubs and each BU’s local operations in each EU Member State will be assigned a Privacy Champion who is responsible for acting as a point of contact between the DPO and the Privacy Champion’s function, hub or local market (as applicable), and for spotting on-the-ground compliance issues and escalating these to the DPO.
    5. Legal Team
      1. RB's Legal team has an important role to play in supporting data privacy governance in relation to the interpretation of data protection law, and instructing and liaising with outside counsel where there is a need for expert privacy advice, or in response to personal data breaches. The Legal team will also be required to negotiate and draft third party contracts which contain compliant data protection terms, applying guidance issued by the DPO and the Privacy Office.
  6. Updates, Review and Ownership
    1. This Policy may be updated from time, and the updated version of the Policy will be immediately made available on the RB intranet.
    2. This Policy is owned by the DPO and reviewed on an annual basis.
  7. Related Policies

    The following RB Policies and guidelines address data privacy and data protection governance issues relevant to the roles and responsibilities under the governance framework described in this Policy:
    1. Employee Data Protection Guidelines
    2. Document Retention Policy
    3. Data Subject Rights Policy
    4. Data Breach Management Policy
    5. Supplier Data Privacy Policy
    6. Data Protection Impact Assessment Policy
    7. Information Security Policy