We at Michael Tie & Co recognise and respect your privacy, and strive to properly manage, protect and process the personal data you have entrusted to us.
Our policy explains how we collect, use, disclose and/or process your personal data. This policy is provided in accordance with the Personal Data Protection Act 2010 (the “PDPA”) and may be updated from time to time.
The collection, processing and disclosure of your data by us may be mandatory or voluntary in nature depending on the purposes for which your personal data is collected. Where it is mandatory for you to provide us with your personal data, and you fail or choose not to provide us with such data, or do not consent to this privacy policy, we will not be able to provide our services or otherwise deal with you, if at all.

1. Collection of Personal Data
"Personal data" refers to all data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time. Such data includes but is not limited to contact information (e.g. name, address, telephone number and email address) and billing information (e.g. bank account details, NRIC, passport or other equivalent identification number).
1.1. How we collect your personal data
We collect your personal data in several ways, including but not limited to the following:
• From the information provided to us when you meet us;
• Through forms of electronic communication such as telephone, fax or email. In this respect, we may monitor, record and store any such communication;
• When you complete (or we complete on your behalf) client on-boarding or application or other forms;
• From publicly available sources, search engines, databases, or from third parties. This occurs most frequently when we are required to conduct background checks on you.
1.2. The categories of personal data that we collect
We collect the following categories of personal data about you:
• Contact information such as your name, your home or business address, email address and phone number;
• Information relating to your identity such as your birth date, nationality, and/or your passport number or identity card details;
• Financial information such as your bank account details, income, expenditure, assets and liabilities and/or your sources of wealth;
• Your goals and objectives in procuring our services;
• Background information about your education, employment, interests, family or personal circumstances, where relevant; and
• Information necessary to determine whether you represent a politically exposed person or money laundering risk.

2. Purposes for Processing Your Personal Data (Other Than With Your Consent) and Disclosure of Your Personal Data
2.1 Performance of a contract with you
We may process your personal data to perform our side of a contract with you or in order to take steps prior to entering into a contract with you.
Several instances of such processing include, but are not limited to, the following:
• To prepare a letter of engagement for you setting out the services that we offer;
• To provide you with the services as set out in our letter of engagement with you or as may be otherwise agreed with you;
• To prepare legal documents relating to our contract with you;
• To address any feedback or complaints that you may have;
• For other necessary purposes such as procuring payment or negotiating the scope of work required of us.
We may disclose or share your personal data with certain parties, including but not limited to the following:
• Third parties that may assist us in providing our services to you, including our associate firm and other affiliates, service providers and agents, or professional advisers such as auditors, accountants, data storage providers or IT personnel;
• Your agents, advisers, intermediaries, and custodians of your assets who you tell/inform us about.
2.2 For our legitimate business interests
We may also process your personal data where necessary for our legitimate business interests.
Several instances of such processing include, but are not limited to, the following:
• The internal administration of our business, including but not limited to training and monitoring the performance of our staff and consolidating information and/or data;
• Accounting, audit, compliance, documentation, IT security and risk management purposes;
• Enforcing obligations owed to us;
• The prevention of fraud, and in particular anti-money laundering and Know-Your-Customer checks;
• Obtaining external advice on our obligations and rights;
• Sending out electronic publications such as alerts, announcements, legal updates, invitations and newsletters to you where you have previously indicated an interest;
• Organising seminars, events or other marketing activities; or
• Responding to your requests or enquiries.
We may disclose or share your personal data with third-party service providers, including but not limited to the following:
• Providers of hosting and maintenance services, commercial investigative work, analysis services, e-mail messaging services, delivery and courier services, payment processors, and data processors who assist to conduct due diligence checks etc;
• Our consultants and professional advisors such as accountants and auditors.
Where we provide your personal data to the persons mentioned above, we will do so only to the extent necessary for the performance of such services. Where your personal data is to be transferred to any parties whether within or outside of Malaysia, we will do so in accordance with the requirements prescribed under the PDPA.
2.3 To comply with legal obligations
We may also process your personal data to ensure our compliance with legal obligations that we are subject to.
Several instances of the above include:
• Our regulatory, statutory and compliance obligations (such as compliance with anti-money laundering laws and the conduct of conflict searches / checks);
• Our obligations owed to the tax authorities;
• Our obligations to the courts and to any other legal authorities.
We may disclose or share your personal data with the following:
• The select advisers whom we are obtaining assistance from;
• Our auditors in the discharge of their auditing function;
• The select third parties who we engage to conduct / perform background checks;
• Any relevant regulators or law enforcement agencies as the need arises.
2.4 For other purposes not specifically stated
There may be certain purposes for collecting your data that are not specified above. If necessary, we will notify you of such other purpose at the time of obtaining your consent, unless the processing of your personal data without your consent is permitted under the PDPA or any other written law.

3. Personal Data of Other Individuals and Minors
If you are acting as an intermediary or otherwise on behalf of a third party or supply us with information regarding a third party (such as a friend, a colleague, an employee etc.), you undertake that you are an authorised representative or agent of such third party and that you have obtained all necessary consents from such third party to the collection, use, disclosure and processing by us of their personal data. As we are collecting the third party’s data from you, you undertake to make the third party aware of all matters listed in this policy.
In respect of minors (i.e. individuals under 18 years of age) or individuals not legally competent to give consent, you confirm that you are the parent or guardian or person who has parental responsibility over them or the person appointed by court to manage their affairs or that they have appointed you to act for them, to consent on their behalf to the processing (including disclosure and transfer)of their personal data in accordance with this privacy policy.

4. Management and Handling of Personal Data
We will take it that all personal data provided by you is accurate and complete and that none of it is misleading or out of date. You should promptly update us when there are any changes to the personal data which you have initially provided, so as to ensure that we have the most current, accurate and complete information. We will not be responsible for relying on inaccurate or incomplete personal data arising from your failure to update us of any changes to the personal data which you have initially provided.
We will protect your personal data that is in our possession or under our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or any other similar risks.
We will cease to retain documents containing your personal data or remove the means by which your personal data can be associated with you, as soon as it is reasonable to assume that the purpose for which your personal data was collected is no longer being served by the retention of your personal data and retention is no longer necessary for legal or business purposes.
Our information technology storage facilities and servers may be located in other jurisdictions outside of Malaysia. This may include, but is not limited to, instances where your personal data may be stored on servers located outside Malaysia. In addition, your personal data may be disclosed or transferred to entities located outside Malaysia. Please note that these foreign entities may be established in countries that might not offer a level of data protection that is equivalent to that required under the laws of Malaysia. By engaging us, you hereby expressly consent to us transferring your personal data outside of Malaysia for such purposes. We shall endeavour to ensure that reasonable steps are taken to procure that all such third parties outside of Malaysia shall not use your personal data other than for that part of the purposes mentioned in this policy and to adequately protect the confidentiality and privacy of your personal data.

5. Changes to our Privacy Policy
We may amend this Policy from time to time and the amended Policy will be published on www.oonpartners.com/#/privacy-policy. Your continued interaction with us and our site / services indicates your acceptance of our amended Policy, which will apply to all personal data previously collected by us.

6. Contact Us
If you do not wish to accept the amended Policy, or wish to withdraw any consent that you have previously extended to us or to access, correct or update your personal data, or have any enquiries or suggestions about our collection and use of your personal data or this Policy, please write in to our Data Protection Officer at:
• Email: michael.tie@michaeltieco.com.; or
• Address: Michael Tie & Co at D-09-06, Suezcap Tower 1, Kerinchi, 59200 Kuala Lumpur
Please note that we may be prevented by law from complying with any request that you may make. We may also decline any request that you may make if the law permits us to do so. Where we need to use your personal data to provide our services and/or fulfil our scope of work to you, and you opt not to accept the amended Policy or opt to withdraw your consent to our collection and processing of your personal data for these purposes, we may not be able to fulfil our scope of work to you and may have to terminate the engagement accordingly.