KEMPEN CUBA SECARA PERCUMA 2020
Tempoh Kempen: 15 April 2020 – 14 Julai 2020


Terma & Syarat / Data Privacy Governance Policy
  1. Kempen “CUBA SECARA PERCUMA” (“Kempen ini”) hanya diterima pakai untuk kedai-kedai Mydin yang mengambil bahagian di seluruh Semenanjung Malaysia dan untuk produk-produk yang disenaraikan jenama Reckitt Benckiser di bawah sahaja (“Produk tersebut”):
    Jenama Reckitt Benckiser
    Air wick Easy On Harpic Vanish

    ** Hanya produk jenama yang menyertai yang dibeli di kedai yang disenaraikan sahaja layak untuk tuntutan.
  2. Kempen ini bermula dari 15 April 2020 hingga 14 Julai 2020 (“Tempoh Kempen”). Reckitt Benckiser (Malaysia) Sdn Bhd melalui ejen yang dilantik (“dikenali sebagai Penganjur”) berhak membuat perubahan ke atas Program Penebusan, Terma dan Syarat serta mekanik Kempen pada bila-bila masa tanpa notis atau pengumuman terdahulu. Penyertaan yang diterima di luar Tempoh Kempen tidak diakui dan tidak layak menyertai Kempen.
  3. Kempen ini terbuka kepada semua orang rakyat Malaysia yang berumur 18 tahun dan ke atas pada masa Tarikh Permulaan Kempen kecuali kakitangan Penganjur dan kedai-kedai yang mengambil bahagian.
  4. Kempen ini hanya diterima pakai untuk jenama Reckitt Benckiser tersenarai dalam klausa 1. Untuk mengelakkan keraguan, pembelian jenama lain yang tidak disenaraikan dalam Klausa 1 tidak layak untuk tuntutan dalam Kempen ini. Penganjur berhak untuk mempersoalkan dan/atau meminta penerangan dan bukti lanjut untuk menyokong dan/atau menolak tuntutan sempena Kempen ini. Seorang individu boleh menyertai hanya sekali sahaja sebagai Pihak Menuntut. Penyertaan berganda oleh Penuntut yang sama secara automatik akan menyebabkan hilang kelayakan semua entri Menuntut. Penyertaan bersama tidak dibenarkan, iaitu satu Tuntutan bagi setiap Pihak Menuntut. Semua penolakan tuntutan adalah muktamad dan sebarang surat-menyurat tidak akan dilayan oleh pihak Penganjur.
  5. Untuk menyertai Kempen ini, Penuntut mesti:
    1. Beli mana – mana 2 jenama Reckitt Benckiser produk yang tersenarai dalam satu resit/bukti pembelian. Contohnya: Penuntut yang membeli satu produk dari jenama Easy On dan satu jenama Air Wick layaki untuk daftar.
    2. Layari www.cubasecarapercuma.com untuk daftar Nama (ikut MyKad/Kad Pengenalan), nombor MyKad/Kad Pengenalan, nombor dan nama akaun bank, nombor telefon, nombor resit, dan muat naik gambar resit/bukti pembelian anda yang jelas dalam tempoh 5 hari, tidak termasuk hari pembelian dibuat.
    3. Pemohon yang layak akan mendapatkan “Cash Back” maksimum RM50.00. Jumlah tersebut akan didepositkan ke akaun bank Penuntut dalam tempoh sepuluh (10) hari bekerja melalui pemindahan wang elektronik.
  6. Sebarang tuntutan yang dihantar oleh dan/atau melalui agen, pihak ketiga atau kumpulan organisasi tidak akan diterima. Tuntutan yang tidak lengkap atau tidak dapat dibaca atau tidak mengikut mana-mana Terma & Syarat ini akan ditolak. Tiada surat-menyurat, lisan atau bertulis, akan dilayan.
  7. Semua informasi tentang bank dan nombor akaun hanya untuk tututan wang ke dalam Penuntut akaun melalui laman web sahaja.
  8. Penuntut dinasihatikan supaya tidak mengemukakan maklumat akaun bank secara awam kecuali melalui laman web yang diberikan.
  9. Reckitt Benckiser TIDAK akan memanggil Penuntut untuk segala maklumat akaun bank mereka. Penuntut dinasihati untuk berjaga-jaga terhadap penipuan.
  10. Kempen ini akan berakhir selepas semua tuntutan telah ditebus.
  11. Untuk tuntutan anda disahkan, resit/bukti pembelian Produk tersebut mestilah bertarikh di antara 15 Apr 2020 sehingga 14 Julai 2020.
  12. Pemulangan wang bagi setiap tuntutan tertakluk kepada satu nama sahaja, selepas tuntutan dan nama penuntut disahkan.
  13. Jika Penuntut membuat tuntutan palsu bagi pemulangan wang, kemudian tuntutan tersebut didapati tidak benar atau palsu maka tindakan undang-undang yang serius akan diambil.
  14. Pihak Penganjur berhak untuk menamatkan Kempen ini lebih awal dari tarikh yang sepatutnya tanpa sebarang hebahan atau sebab.
  15. Terma & Syarat ini serta apa-apa pertikaian berkaitannya adalah tertakluk kepada undang-undang Malaysia yang terpakai.
  16. Dengan menyertai Kempen ini, peserta bersetuju untuk memberikan maklumat peribadi mereka dan pihak Penganjur mempunyai hak untuk menerbitkan, menggunakan nama peserta dan / atau gambar (jika ada) untuk tujuan publisiti, pengiklanan dan / atau perdagangan tanpa pampasan atau notis selanjutnya dan setiap peserta tidak berhak membuat sebarang tuntutan untuk kegunaan tersebut.
  17. Pihak Penganjur mengumpul maklumat peribadi yang boleh dikenal pasti untuk menyediakan perkhidmatan atau berhubung dengan anda. Maklumat ini disimpan oleh Penganjur dalam cara yang sesuai dengan sifat data dan digunakan untuk memenuhi permintaan anda. Dengan mengemukakan maklumat peribadi anda, kami menganggap kebenaran telah diberikan kepada Reckitt Benckiser dan Penganjur untuk menggunakan maklumat ini bagi tujuan pemasaran dan promosi masa kini dan hadapan, serta untuk menambahbaikkan produk dan perkhidmatannya. Jika anda memaklumkan kepada pihak Penganjur bahawa maklumat di atas tidak boleh digunakan untuk perhubungan di masa hadapan, Penganjur akan menghormati permintaan anda.
  18. Terma dan Syarat ini terdapat dalam versi Bahasa Inggeris dan Bahasa Melayu (jika berkenaan). Sekiranya terdapat sebarang percanggahan atau terma yang tidak konsisten di antara kedua-dua bahasa, maka Terma & Syarat dalam Bahasa Inggeris akan diguna pakai dan penafsiran tersebut mengatasi penafsiran yang lain dalam semua keadaan.


Terma & Syarat / Data Privacy Governance Policy
  1. Introduction
    1. Reckitt Benckiser ("RB") respects and protects the personal information (i.e. information relating to an identified or identifiable living individual) that we handle as part of our business activities. This includes information about our employees, contractors, consumers, shareholders, suppliers, research subjects, competitors and other individuals. This information may be held in email systems, HR systems and marketing databases, some of which may be owned and operated by third parties.
    2. This Policy applies to any processing of personal information for RB business purposes and sets out how RB directors, officers, employees and contractors (which include agents, consultants, outsourced personnel and other representatives) (“RB Personnel”) should handle that personal information.
    3. RB may also process a subset of personal information called sensitive personal information, such as information about racial or ethnic origin, religious or similar beliefs, sexual life and orientation, medical history, criminal convictions, political affiliations and beliefs, trade union membership, genetic information and biometric data as part of our business operations. This information needs to be handled with particular care and only to the extent permitted by applicable law.
    4. In addition, this Policy outlines RB's approach to the governance of personal information. It explains the roles and responsibilities of certain individuals and groups in relation to common personal data governance tasks.
  2. Responsibilities
    1. All RB Personnel are responsible for ensuring that RB policies, standards and procedures, including this Policy, are followed in all cases.
    2. If you manage RB Personnel you are expected to ensure that the individuals who report to you receive the guidance, resources and training they need to enable them to do their jobs in compliance with this Policy.
  3. Why is this Policy important?
    1. RB is subject to a number of data privacy laws and regulations globally (including the EU’s Data Protection Regulation (the “GDPR”)). Penalties for breach of such laws and regulations can be severe in some countries and may result in the loss of rights to process personal information, significant fines or criminal charges for RB and RB Personnel. Safeguarding the personal information RB processes is also one of the commitments of RB’s Code of Conduct.
    2. If you have any questions regarding this Policy, please reach out to your line manager, your local Legal or Compliance Team or the Privacy Office.
  4. Key Principles
    1. RB is committed to handling personal information properly and regards the lawful use of personal information that we hold in accordance with the principles set out in this Policy as vital to our successful operations.
    2. In all countries where RB operates, we will comply as a minimum with local government laws and regulation governing the processing of personal information. In addition, for markets where no laws or regulation governing the processing of personal information is in force, adherence to this Policy will be a minimum requirement.
    3. When handling personal information, RB and RB Personnel must comply with the following key principles:
      1. Lawfulness. Personal data must be collected, stored and processed fairly, lawfully, and in a transparent manner;
      2. Limited purposes. Personal data must only be collected for specified, explicit and legitimate purposes and only processed in a manner compatible with those purposes;
      3. Data minimisation. Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
      4. Accuracy. Personal data must be accurate and kept up to date;
      5. Limited retention. RB must only retain personal data for as long as is necessary to achieve its specified purpose(s) and in accordance with applicable law (see our Document Retention Policy);
      6. Security. Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (see our Information Security Policy);
      7. Accountability. RB is responsible for, and must be able to demonstrate, compliance with this Policy and under applicable data protection law and regulations, as well as undertaking ongoing reviews to ensure that compliance is sustainable and improved where necessary;
      8. Conditions for sharing. Before a third party is allowed to process any personal data on behalf of RB:
        1. the third party must be vetted in accordance with our Supplier Data Privacy Policy; and
        2. the third party must enter into a written agreement with RB containing appropriate data protection obligations in accordance with RB approved contractual provisions;
      9. International transfers. RB must ensure that personal data originating in the European Economic Area (EEA) is not transferred outside of the EEA, unless the recipient country maintains an adequate level of protection, or where appropriate measures are taken to protect the data, including data transfer agreements, or certification schemes;
      10. Security breaches. Where relevant, RB may have a duty to notify personal data breaches to the relevant supervisory authority. In respect of serious breaches, there may also be a requirement to notify the affected data subjects. All personal data breaches should be investigated and dealt with strictly in accordance with our Data Breach Management Policy; and
      11. Data subject rights. Personal data must be processed in accordance with the applicable rights of the data subject (see our Data Subject Rights Policy), which under the GDPR (to the extent applicable) include but are not limited to:
        • the right to access personal data;
        • the right to object to processing (including where personal data is processed for direct marketing purposes);
        • right to the erasure/deletion of personal data concerning the data subject;
        • the right to restrict processing;
        • the right to data portability;
        • the right to object to decisions being taken by automated means, including profiling;
        • the right to have inaccurate or incomplete data rectified or completed; and
        • the right to claim compensation for damages caused by a breach of law.
        Where processing may present a high risk to data subjects and so as to promote the principle of privacy by design, RB will need to conduct a privacy impact assessment in order to determine the nature of those risks and mitigate such risks to the extent possible (see our Data Protection Impact Assessment Policy).
  5. Data Governance
    1. Group Data Protection Officer
      1. The Group Data Protection Officer ("DPO") is a statutory role required by the GPDR.
      2. The DPO is appointed on an RB group-wide basis and will have his/her principal office at CHQ in Slough, UK. The DPO leads data protection compliance within RB, and is responsible for, amongst other, the following tasks:
        1. to inform and advise RB and its employees about their obligations to comply with the GDPR and other data protection laws;
        2. to monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities and the oversight and sign-off of key compliance tasks such as RB’s record of processing activities, and data protection impact assessments; and
        3. to be the first point of contact for supervisory authorities and for individuals whose data is processed.
      3. The DPO is employed on terms that guarantee his/her independence and impartiality. The DPO’s role is not commercial, and the DPO must not be put in a situation (e.g., through the assignment of additional responsibilities) that might create a conflict of interest.
      4. RB is committed to providing the DPO with sufficient resources to enable the DPO to carry out his/her tasks under the GDPR and other applicable data protection laws and, in particular, to be in a position to efficiently communicate with data subjects and cooperate with relevant supervisory authorities.
      5. RB shall publish the contact details of the DPO and shall communicate such contact details to relevant supervisory authorities in order to allow data subjects and relevant supervisory authorities to reach the DPO in an easy way.
      6. In addition, a local data protection officer may need to be appointed in certain jurisdictions to comply with relevant national law requirements.
    2. Group Board
      1. The Group Board recognises the importance of strong data privacy and data protection governance practices, both in relation to RB's responsibilities under the law, as well as in relation to our standing in the marketplace.
      2. The DPO is expressly permitted to raise with the Corporate Responsibility, Sustainability, Ethics and Compliance Committee (CRSECC) of the Group Board on an ad-hoc basis potentially high-risk projects or possible instances of material non-compliance. The Group Board will also be informed about personal data breaches, and executives may be asked to play a role in leading the public response to serious breaches.
      3. In addition, the DPO reports to the CRSECC on a quarterly basis in relation to day-to-day compliance activity and RB’s progress against its data protection compliance goals.
    3. Privacy Office
      1. To support the DPO in his/her activities, a Privacy Office has been established with its principal office at CHQ in Slough, UK. The Privacy Office is staffed by personnel with expert knowledge of data protection laws and practices and otherwise having the ability to fulfil the tasks required under the GDPR and other applicable data protection laws.
      2. The DPO and the Privacy Office shall have access to necessary services (e.g. HR, legal, IT, cyber security etc.) and access to appropriate training and personal development to enable them to carry out their tasks and to maintain their expert knowledge.
    4. Privacy Champions
      1. Group functions, the Business Unit (“BU”) hubs and each BU’s local operations in each EU Member State will be assigned a Privacy Champion who is responsible for acting as a point of contact between the DPO and the Privacy Champion’s function, hub or local market (as applicable), and for spotting on-the-ground compliance issues and escalating these to the DPO.
    5. Legal Team
      1. RB's Legal team has an important role to play in supporting data privacy governance in relation to the interpretation of data protection law, and instructing and liaising with outside counsel where there is a need for expert privacy advice, or in response to personal data breaches. The Legal team will also be required to negotiate and draft third party contracts which contain compliant data protection terms, applying guidance issued by the DPO and the Privacy Office.
  6. Updates, Review and Ownership
    1. This Policy may be updated from time, and the updated version of the Policy will be immediately made available on the RB intranet.
    2. This Policy is owned by the DPO and reviewed on an annual basis.
  7. Related Policies

    The following RB Policies and guidelines address data privacy and data protection governance issues relevant to the roles and responsibilities under the governance framework described in this Policy:
    1. Employee Data Protection Guidelines
    2. Document Retention Policy
    3. Data Subject Rights Policy
    4. Data Breach Management Policy
    5. Supplier Data Privacy Policy
    6. Data Protection Impact Assessment Policy
    7. Information Security Policy