Privacy Policy

Application: RTCC HR
Publisher: AMRC LM Sdn. Bhd. (Reg. No. 202401018124 / 1563973-U)
Effective Date: 22 May 2026
Last Updated: 22 May 2026

1. Introduction

AMRC LM Sdn. Bhd. ("we", "us", "our") operates the RTCC HR mobile application (the "App"). This Privacy Policy explains how we collect, use, store, and protect personal data when employees use the App. We are committed to complying with the Personal Data Protection Act 2010 (PDPA) of Malaysia and applicable international data protection standards.

2. Who This App Is For

RTCC HR is a private employee-management application intended exclusively for authorised employees of RTCC and its affiliated companies under AMRC Group. The App is not intended for use by the general public and access requires valid employee credentials issued by your employer.

3. Information We Collect

3.1 Employee Profile Information

Collected during employee onboarding and managed by your HR department:

• Full name and NRIC/passport number
• Contact details (phone number, email, address)
• Employment details (position, department, employment date)
• Banking information (for salary disbursement)
• Statutory information (EPF, SOCSO, EIS, income tax)
• Emergency contact and family/dependent information

3.2 Location Data

The App requests fine and coarse location permissions to:

• Record GPS coordinates during attendance clock-in and clock-out
• Verify employee presence at authorised work locations

Location is captured only when you initiate an attendance action. The App does not track your location in the background.

3.3 Camera and Photos

The App requests camera permission to:

• Capture selfie photos for attendance verification
• Allow document upload for claims, leave applications, and travel requests

3.4 Device and Usage Data

• Device identifier (for push notification delivery via Firebase Cloud Messaging)
• App version and operating system version (for support purposes)
• Login timestamps and session activity (for security audit)

4. How We Use Your Information

We use collected information solely for legitimate HR management purposes, including:

• Processing attendance, leave, overtime, and claims
• Calculating payroll and statutory contributions
• Managing performance reviews and training records
• Communicating company announcements and policy updates
• Responding to helpdesk requests and IT support
• Complying with employment, tax, and labour regulations

5. Data Storage and Security

5.1 Encryption

All personal data classified as Personally Identifiable Information (PII) is encrypted at rest using industry-standard AES-256 encryption before being stored in our database. Sensitive fields including NRIC, bank account numbers, statutory IDs, and family/dependent information are encrypted individually.

5.2 Access Control

Access to your data is restricted to authorised HR personnel and your direct line managers based on role-based permissions. All access is logged and auditable.

5.3 Data Transmission

All communication between the App and our servers occurs over HTTPS with TLS 1.2 or higher encryption.

5.4 Data Hosting

Employee data is hosted on secure servers located in Malaysia. We do not transfer your personal data outside Malaysia without explicit consent or legal basis.

6. Data Sharing

We do not sell, rent, or trade your personal data with third parties. Personal data may only be disclosed:

• To authorised HR and management within AMRC Group for legitimate employment purposes
• To statutory bodies (LHDN, EPF, SOCSO, EIS) as required by law
• To regulatory or law enforcement agencies pursuant to valid legal process
• To third-party service providers (e.g., Firebase Cloud Messaging) under strict confidentiality agreements

7. Data Retention

We retain employee personal data for the duration of your employment and for a period thereafter as required by Malaysian employment law, tax law, and statutory record-keeping obligations (typically 7 years). After this period, data is securely deleted or anonymised.

8. Your Rights

Under the PDPA 2010, you have the right to:

• Access: Request a copy of your personal data we hold
• Correction: Request correction of inaccurate or incomplete data
• Withdraw consent: Withdraw consent for non-essential data processing (note: certain data processing is required for employment and cannot be withdrawn)
• Lodge a complaint: File a complaint with the Personal Data Protection Commissioner of Malaysia

9. Children's Privacy

The App is intended for use by employees aged 18 years and above. We do not knowingly collect personal data from individuals under 18 years of age.

10. Push Notifications

The App uses Firebase Cloud Messaging (FCM) to deliver push notifications for approvals, leave updates, payroll notifications, and company announcements. You may disable notifications via your device settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be communicated through the App or via email at least 14 days before taking effect. The "Last Updated" date at the top of this policy will reflect the most recent revision.

12. Contact Us

© 2026 AMRC LM Sdn. Bhd. All rights reserved.