In this Compliance Requirements, unless the context otherwise requires, the following terms shall have the meanings assigned to them below:

1. “Personal Data” means any information in respect of commercial transactions, which— (a) is being processed wholly or partly by means of equipment operating automatically in response to instructions given for that purpose; (b) is recorded with the intention that it should wholly or partly be processed by means of such equipment; or (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, that relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about the data subject; but does not include any information that is processed for the purpose of a credit reporting business carried on by a credit reporting agency under the Credit Reporting Agencies Act 2010;
2. “Sensitive Personal Data” means any personal data consisting of information as to the physical or mental health or condition of a data subject, his political opinions, his religious beliefs or other beliefs of a similar nature, the commission or alleged commission by him of any offence or any other personal data as the Minister may determine by order published in the Gazette.
3. “CUCKOO” means CUCKOO International (MAL) Sdn Bhd (Registration No: 201401026804 (1102894-H) and its subsidiaries.
4. “Business Associates” (hereinafter referred to as “you”, “your”) means an individual and/or an organization who has or will have business dealings with CUCKOO, including without limitation vendors, suppliers, agents, representatives, consultants, intermediaries, advisers, contractors, sub-contractors, joint venture partners, outsourcing providers, service providers, and all parties who act on behalf of CUCKOO.
5. “CUCKOO’s Personal Data” means personal data that CUCKOO discloses to you, or which you process on behalf of CUCKOO for the purpose of the Agreement.
6. “Agreement” means the contract, sub-contract, arrangement, agreement and/or understanding reached between you and CUCKOO creating mutual obligations enforceable by law.
7. “Data User” means a person who either alone or jointly or in common with other persons processes any personal data or has control over or authorizes the processing of any personal data, but does not include a data processor.
8. “Data Processor” means any person, other than an employee of the data user, who processes the personal data solely on behalf of the data user, and does not process the personal data for any of his own purpose.
9. “Data Subject” means an individual who is the subject of the personal data.

You shall comply with the following: –

1. ensure and take steps to ensure that all persons associated with you or other persons who are performing the obligations under the Agreement for or on behalf of you comply with CUCKOO’S Compliance Requirements including but not limited to putting all necessary measures in place and incorporating the provisions herein into any and all agreements contracts and/or sub-contracts with all of them;
2. perform the Agreement in full compliance with applicable laws, rules and regulations of all relevant authorities and governing bodies in Malaysia and in all countries where you operate including any applicable anti-slavery and human trafficking laws, statutes, regulations and codes as well as anti-bribery and anti-corruption laws from time to time in force (“Anti-Slavery and Anti-Bribery Law”);
3. confirm that you are not and have not at any time been convicted of any offence or engaged in any activity, practice or conduct which would constitute an offence under any Anti-Slavery and Anti-Bribery Law, including (without limitation), that you have not bribed (within the meaning of such term or analogous term in any relevant anti-bribery and/or anti-corruption laws) another person intending to obtain or retain business or an advantage in the conduct of business for themselves or are or have been the subject of any investigation, inquiry or enforcement proceedings by any authority of offences under such laws;
4. not to under any circumstances, give or at any time offer to give or agree to give any person, including any personnel employed by CUCKOO or its related corporations or any public officers or regulators, or acting on any of their behalf give, offer to give or agree to give any such person, any gift, commission, consideration or other form of gratification of any kind as an inducement or reward for doing or forbearing to do or for having done or forborne to do any act in relation to the performance of obligations under the Agreement or forbearing to show favour or disfavour to any person in relation to the Agreement;
5. comply with CUCKOO’s ethics and anti-bribery and anti-corruption policy and guideline, safety and health procedures and any such policies as may be published, provided, supplemented or amended by CUCKOO from time to time including the policies available on CUCKOO’s website at https://www.cuckoo.com.my/corporate-governance;
6. comply with all laws for the time being in force including but not limited to Immigration Act 1959/63, Employment Act 1955, Employees’ Social Security Act 1969, Employees Provident Fund Act 1991, Workmen’s Compensation Act 1952, Occupational Safety and Health Act 1994, Factories and Machinery Act 1967, Environmental Quality Act 1974, Employees’ Minimum Standards of Housing and Accommodations and Amenities Act 1990, Malaysian Anti-Corruption Commission Act 2009, Personal Data Protection Act 2010 (“PDPA”), Direct Sales and Anti-Pyramid Scheme Act 1993, their regulations, guidelines, orders, directives thereunder and their amendments thereto;
7. comply with all laws, by-laws, rules and regulations on safety, health and environment including but not limited to the Environmental Quality Act 1974, the Occupational, Safety and Health Act 1994 and their regulations, guidelines, orders, directives thereunder and their amendments thereto;
8. be liable for all claims, damages or compensation payable:
   1. to any workmen, employees or other persons in the employment of you in respect of death, injury, loss or any other causes in the course of business, works and to any other performance by you of the Agreement; and
   2. to any agents, representatives, visitors or other invitees of you or other persons working or visiting or brought to CUCKOO’s premises and any activity site by you in respect of any death injury or loss sustained by such persons.
9. keep CUCKOO fully indemnified against such claims, damages or compensation as aforesaid and against all other losses and claims for death injury or damages to property (including the property of CUCKOO, you and/or third parties) which may arise in consequence of the performance by you of the Agreement;
10. be responsible to provide to any employees and agents, representatives, visitors or other invitees of you or other persons working or visiting or brought to CUCKOO’s premises and any activity site with the appropriate personal protection equipment (PPE) and all other safety and health protocol and/or procedures in line with the hazard mitigation pertaining to their job or activities and the safety and health protocol and/or procedures for the prevention of Covid-19 for activities relating to the works and activities under the Agreement;
11. be solely responsible to exercise due care and take all necessary precautions and safety measures for the safety of your agents, representatives, drivers, employees and workmen required by statutes or by common law which may be necessary to ensure the safety and also of the general public in the execution of the Agreement including but not limited to providing all necessary training to your employees and workmen and providing all necessary notices and/or signboard to the general public;
12. maintain records of such statutory compliance and these records shall be made available to CUCKOO for its inspection upon request;
13. conform strictly with all requirements and restrictions imposed by the laws for the time being in force and shall comply with instructions or directions given by CUCKOO from time to time pertaining to the performance of any obligations and duties the Agreement and you shall indemnify and keep CUCKOO fully indemnified against all liquidated damages, penalties, fines, claims and costs imposed by the appropriate authorities for failing to comply strictly with all requirements and restrictions; and
14. agree that any breach by you of this CUCKOO’S Compliance Requirements shall be deemed as a material breach of the Agreement and CUCKOO shall reserve the right to unilaterally determine the Agreement forthwith if you are in breach of this CUCKOO’S Compliance Requirements.

 

Handling and Protection of Personal Data

15. comply with the PDPA and all other applicable personal data laws, regulations, guidelines, orders, directives thereunder and their amendments thereto at your own cost.
16. agree to only process, use or disclose CUCKOO’s Personal Data:-
    1. strictly for the purpose of fulfilling the obligations under the respective Agreement and not to use, sell, rent, transfer, distribute or otherwise disclose or make available CUCKOO’s Personal Data for your own purposes or for the benefit of anyone other than the data subject, in each case, without the data subject’s prior written consent;
    2. with CUCKOO’s prior written consent; or
    3. when required by law or by an order of court, but shall notify CUCKOO as soon as practicable before complying with such law or order of court at your own cost.
17. not transfer CUCKOO’s Personal Data to a place outside Malaysia without CUCKOO’s written consent. If CUCKOO provides consent, you agree to provide a written undertaking to CUCKOO that CUCKOO’s Personal Data transferred outside Malaysia will be protected at a standard that is comparable to that under the PDPA. If you transfer CUCKOO’s Personal Data to any third party overseas, you agree to procure the same written undertaking from such third party.
18. agree to protect CUCKOO’s Personal Data under your control or possession by making reasonable security arrangements (including, where appropriate, physical, administrative, procedural and information & communications technology measures) to prevent unauthorized or accidental access, collection, use, disclosure, copying, modification, disposal or destruction of CUCKOO’s Personal Data, or other similar risks.
19. agree to only permit authorized personnel to access CUCKOO’s Personal Data on a need-to-know basis. You further agree to ensure that the personnel authorized to process personal data have committed themselves to confidentiality or are under appropriate statutory obligations of confidentiality.
20. provide CUCKOO with access to CUCKOO’s Personal Data that CUCKOO has in your possession or control, as soon as practicable upon CUCKOO’s written request.
21. put in place adequate measures to ensure that CUCKOO’s Personal Data in your possession or control remains or is otherwise accurate and complete. Where CUCKOO provides CUCKOO’s Personal Data to you, CUCKOO will make reasonable effort to ensure that CUCKOO’s Personal Data is accurate and complete before providing the same to you. You shall take steps to correct any errors in CUCKOO’s Personal Data as soon as practicable upon CUCKOO’s written request.
22. not retain CUCKOO’s Personal Data (or any documents or records containing CUCKOO’s Personal Data, electronic or otherwise) for any period of time longer than it is necessary to serve the purposes of the Agreement.
23. agree that at any time during the term of the Agreement at CUCKOO’s request or upon the termination or expiration of the Agreement for any reason,
    1. to return to CUCKOO, all CUCKOO’s Personal Data, whether in written, electronic, or other form or media; and/or
    2. to delete all CUCKOO’s Personal Data in your possession;
    3. and, after returning or deleting all CUKOO’s Personal Data, provide CUCKOO with written confirmation that you no longer possess any CUCKOO’s Personal Data. Where applicable, you agree to also instruct all third parties to whom you have disclosed CUCKOO’s Personal Data for the purposes of the Agreement to return to CUCKOO or delete such personal data.
24. notify CUCKOO without undue delay and at the latest within 48 hours when you become aware of breach of any of your obligations mentioned in paragraphs 15 to 23 mentioned above. In such cases, you shall provide CUCKOO with at least the following information:-
    1. nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate numbers of personal data records concerned;
    2. likely consequences of the breach; and
    3. measures taken or proposed to be taken to address the breach, including where appropriate, measures to mitigate its possible adverse effects.
25. agree to indemnify CUCKOO and its officers, employees and agents, against all actions, claims, demands, losses, damages, statutory penalties, expenses and costs (including legal costs on an indemnity basis), in respect of:-
    1. your breach of paragraphs 15 to 24 mentioned above; and/or
    2. any act, omission or negligence of your part or your subcontractor that causes or results in CUCKOO being in breach of the PDPA.