Privacy Statement

Gentari Green Mobility India Private Limited is a wholly owned subsidiary of Gentari Sdn. Bhd. (“Gentari”, “we”, “our” “us”) are committed to protecting and respecting your privacy.

This Gentari Privacy Statement (“Privacy Statement”) explains what personal data we have collected about you, when and why we collect it, how we use it, the conditions under which we may disclose it to others, your rights to your personal data and how we keep it secure.

This Privacy Statement covers both our online and offline collection activities, including personal data that we collect through online platforms such as websites, applications, third party social networks or our online and physical events, or through other third parties that we work with.

Please read this Privacy Statement carefully to understand our views and practices regarding your personal data.

WHO WE ARE

Gentari is focused on delivering the solutions required to put clean energy into action today, to transform how we live tomorrow.

INFORMATION GATHERING AND USAGE

Your personal data may be collected directly from you or from other sources such as our customers, clients, their counterparties and representatives, third parties such as regulatory authorities, government agencies, credit reporting agencies, recruitment agencies, providers of pre-engagement screening services, your employer or other referees, social network information, publicly available records, or other third parties that we work with. We may aggregate personal data from different sources such as online and offline collection points, though in relation to personal data that you have provided, we will only do so for purposes which are consistent with the purposes for which you have provided that personal data.

Aggregated data which may be derived from your personal data but is anonymized is not considered personal data in law, as this data will not directly or indirectly reveal your identity. For example, we may aggregate data related to usage of our website to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data in a way which does directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Statement. If you are an existing customer or vendor of ours, or a representative of an existing customer of ours, further details about how we use your personal data are set out in your/ your employer’s customer contract with us. We may provide further notices to you at the point we collect your personal data, which will highlight any further information relating to our use of that personal data, and, where applicable, provide you with the ability to opt in or out of selected uses.

1. Types of Personal Data Collected and How we collect it.

We will collect and process all or some of the personal data as follows. We describe certain kind of data (defined below) as Special Category Data.

Personal data that you provide to us, such as when using the contact form on our website, providing feedback, your correspondence with us or when you interact with any of our social media channels (which may include when you like or comment on a post);

We may collect current and historical personal data including your name (including any prefix or title), contact information (such as your address, email address, telephone number, nationality, identification number such as passport number, birth date, gender, organization, business interest, employment, position held), social media identifiers, Special Category Data (as defined below), billing and financial information (such as billing address, bank account and payment information) and enquiry or complaint details and such other information depending on the nature of business relationship or dealings you have with Gentari. “Special Category Data” means sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, health, sexuality or sexual orientation, or relating to criminal convictions or offences. Special Category Data receives a higher level of protection in some jurisdictions such as EEA and UK. Collection and processing of Special Category Data will entail different requirements from jurisdiction to jurisdiction in accordance with applicable local laws.

Information you provide when applying for a role, work placement which include internship or during open day or recruitment event or as a beneficiary.

In any of the above circumstances, we collect your CV or résumé which may include your contact details (such as name, address, email address and telephone number), education information (such as field of study, university and country of study, academic scores and achievements, personal certifications), employment history, racial or ethnic origin, nationality, financial information (such as parents or beneficiaries income, bank account name and number), photographs or profile picture and any other supporting documents or information as submitted by you or on your behalf during the application process. We carry out pre-screening of applicants to whom we intend to make an offer of employment, scholarship, or internship or to receive grants as beneficiaries (as appropriate). We may also undertake criminal records or financial probity checks or other independent searches to assess your suitability for the position were permitted by, and in accordance with, applicable law. Special Category Data may be processed strictly in accordance with applicable local laws.

You (or someone you act for) have a relationship with us:

If you are or act for or are related to our customers and clients, where you are our counterparty or provide services to our counterparty and where you or the organization you work for is a regulator, government agency, judiciary, legislative or other law enforcement agency, we may collect and process your personal data based on your relationship with us. The types of personal data include contact information (such as name, address, email address and telephone number); identification information (such a national identification number, passport number, date of birth); business information (such as name of organization, job title, department, business address, organization structure, shareholding or directorship); any recordings captured through our communication platform (such as Microsoft Teams or Zooms, etc.), details in business registration documents, third party due diligence, documents, credit checks, financial details including bank account details and bank account statement; demographic information and interests which will include any information that describe your demographic and behavioural characteristics (such as date of birth, age or age range, geographic location, personal preferences (e.g. food), medical condition (e.g. allergies), hobbies or interests and household or lifestyle information).

Website and Online communication usage

Details of your visits to our website and information collected through cookies and other tracking technologies including, but not limited to, your log-in information, IP address and domain name, your browser version and operating system, information about your device, traffic data, location data, web logs and other communication data, and the resources that you access. We use the following cookies:

  1. Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie Title & Cookie Name

Expiration

Purpose

_ga

2 years

This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. We use this cookie to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site’s analytics reports.

_gid

1 day

This cookie is set by Google Analytics. It stores and updates a unique value for each page visited. We use this to count and track pageviews.

_gat_UA-82765211-1

1 minute

This is a pattern type cookie set by Google Analytics, where the pattern element on the party name contains the unique identity number of the account or website it relates to. It is a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.

_gat_UA-123749877-1

1 minute

This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It is a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

If any part of our website links you to external websites, those websites do not operate under this Privacy Statement, and we do not accept any responsibility or liability arising from those websites. We recommend that you read the privacy/personal data protection statement/policy posted on those external websites in order to understand their procedures for collecting, processing, using and disclosing personal data and before submitting your personal data to those websites.

We may also collect information you provide in completing online subscriptions or registration and any online application forms or when you report a problem, raise a query, or provide feedback on our online services.

Visitors to any of our offices, premises, or events

When you visit our offices or premises, we may collect and process your personal data in connection with your visit. Such personal data will include your contact information (such as name, address, email address and telephone number), identification information (such as national identification number, passport identification number or driver’s license information); business information such as name of organization, reason for visit, date and time of visit, biometric and facial recognition, and access limitations.

Where we have installed CCTV in our offices, your image may be captured and recorded when you visit our premises that are protected by CCTV. Additionally, your image may be captured via photographs or videos taken by us or our representatives when you attend our events.

Our CCTV use is not intended to target or monitor any individuals but to provide a safe and secure workplace environment in the relevant premises.

During a health crisis or disease outbreak we may collect Special Category Data on your health and physical condition, health condition of individuals in your household, results of your health assessment, quarantine, and hospitalization information and any other information required or recommended to be held in connection with control or management of such health crisis or disease outbreak.

2. The Purposes for Collection of Personal Data

We may use personal data that we obtain for any of the following purposes:

To communicate effectively with you and conduct our business.

To conduct our business, including to respond to your queries or resolve any disputes, which may arise in connection with any dealings with us, to otherwise communicate with you, or to carry out our legal obligations arising from any agreements entered into between you and us, or to maintain and update internal contact lists to effectively communicate with you.

To update you on contests, marketing information and promotions

To provide you with updates and offers including facilitating your participation in any technology challenges, contests, roadshows, promotions, campaigns, and events. We may also use your information for marketing our own or our partner’s products and services to you by post, email, and phone calls. Where required by applicable data protection laws, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in the “Contacting Us” section below.

Personalization (offline and online)

With your consent (where required), we use your personal data to (i) analyse your preferences and habits; (ii) to anticipate your needs based on our analysis of your profile; (iii) to improve and personalize our online and offline interaction with you; (iv) to ensure that the contents from our websites or applications are optimized for your computer and device; (v) to provide you with targeted marketing content; (vi) to better understand our business and pattern and trends relating to our products; (vii) to develop or further improve our product and services; and (vii) allow you to participate in interactive features when you chose to do so.

To assess your application for a role in the organization or as beneficiary

To assess your application and pursuant to laws to which Gentari is subject (e.g., in relation to equal opportunities). This processing is a necessary pre-condition of entering into any future contract with you and for Gentari to fulfil its employment duties with respect to other employees and you yourself (should you be employed by Gentari). This could also include using your personal data to: carry out background and reference checks, communicate about the application process, keep records and comply with legal and regulatory requirements, and may also include use of Special Category Data in accordance with applicable laws. If you are unable to provide us with the information we request for this purpose, we may be unable to assess your appropriateness for the relevant application or to communicate with you. If your application is unsuccessful, we will keep your personal data in accordance with our internal policies and procedures and for administration and statistical analysis purposes.

To carry out due diligence or Know Your Customer screening activities

To carry out due diligence assessment prior to entering into legal relationship with us, in accordance with legal and regulatory obligations or risk management procedures that may be required by law or may have been put in place by us.

To monitor certain activities

To monitor queries and transactions to ensure service quality, compliance with procedures and to combat fraud, and to process any payments related to your commercial transaction with us.

To ensure the physical security and safety of visitors to our offices or premises

To prevent loss, fraud, theft, injuries, terrorism, and other such events which may have an impact on health, safety and security from taking place at any of our premises.

To notify you of changes

To notify you about changes to our services and products.

To ensure that our website content is relevant.

To ensure that content from our websites and any other microsites are presented in the most effective manner for you and for your device (which may include passing your data to business partners, suppliers and/or service providers).

To re-organise or make changes to our business

In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your personal data to the relevant third party (and its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your personal data to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this Privacy Statement.

In connection with legal or regulatory obligations

We may process your personal data to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your personal data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings, or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will generally direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.

Other circumstances

In other circumstances, such purposes that are necessary or directly related to your relationship with us or where it is permitted under the applicable laws.

Where we collect personal data from you, we will only do so for fulfilment of the purposes set out above. Failure to provide your personal data may mean that we are not able to effectively provide you with our products and/or services or to carry out any of the abovementioned purposes, if at all.

PROCESSING YOUR PERSONAL DATA, AND OBTAINING YOUR CONSENT

Where we rely on your consent for processing your personal data, you may withdraw your consent to this processing at any time, by contacting us by using the contact details below. Please note, however, that withdrawing your consent will not affect the lawfulness of processing based on your previously given consent (prior to withdrawal).

Where we process your personal data for direct marketing purposes, we will log any objection you make, and stop processing your data for direct marketing purposes.

There may be instances where we process your personal data for our legitimate interests or on the basis of other lawful grounds (i.e., because we have established a relationship with you and need to process your personal data in order to provide you with the information and/or services you have requested), without having obtained your consent – this applies where our processing activities are governed by the applicable laws of certain jurisdictions in which we operate that do not require consent to have been obtained where there are legitimate and/or other lawful grounds to process the relevant personal data.

We do not seek your consent in such cases largely so that we can provide you with services in an efficient way (or where in some cases it might not be possible for us to seek your consent because we must process personal data, for example, for the detection of fraud). Before processing your personal data, we will consider your rights and freedoms and will only commence such processing where we do not think your rights will be infringed.

The collection of your personal data by us may be mandatory or voluntary in nature depending on the purposes for which your personal data is collected. Where it is mandatory for you to provide us with your personal data, and you fail or choose not to provide us with such data, or do not consent to the above or this Privacy Statement, we will not be able to provide our products and/or services or otherwise deal with you and/or to assess and process your application.

PERSONAL DATA FROM MINORS AND OTHER INDIVIDUALS

To the extent that you have provided (or will provide) personal data about your family members, spouse, other dependents and/or other individuals, you confirm that you have explained to them that their personal data will be provided to, and processed by, us and where required by law, you represent and warrant that you have obtained their consent to the processing (including disclosure and transfer) of their personal data in accordance with this Privacy Statement.

In respect of minors or individuals not legally competent to give consent, you confirm that they have appointed you to act for them, to consent on their behalf to the processing (including disclosure and transfer) of their personal data in accordance with this Privacy Statement.

INFORMATION SHARING

We may share the personal data that you provide to us to other entities in the Gentari and/or Petroliam Nasional Berhad (“Petronas”) group of companies for the purposes described above. Such affiliates may be located in a jurisdiction that may not provide a level of protection equivalent to that provided by the laws of your home country. Where such transfers occur, PETRONAS will reasonably protect personal data and address data privacy and other privacy requirements in accordance with applicable laws.

Information may also be shared with our service providers or third parties, in each case to the extent necessary for the purposes described above. Such third-party who we reasonably believe need to have access to your information to provide you with the information or services you request from us may include:

  1. our approved sub-contractors, business partners, suppliers, or other third-party organizations providing administrative, IT or other services to Gentari or any member of the PETRONAS group of companies;
  2. analytics and search engine providers that assist us in the improvement and optimization of our website;
  3. advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
  4. third parties in connection with the transfer of all or any part of our business or assets;
  5. our auditors, consultants, lawyers, accountants or other financial or professional advisers appointed in connection with our business on a strictly confidential basis, appointed by us to provide services to us;
  6. any party in relation to legal proceedings or prospective legal proceedings; or
  7. government agencies, law enforcement agencies, courts, tribunals, regulatory/professional bodies, industry regulators, ministries, and/or statutory agencies or bodies, offices, or municipality in any jurisdiction, if required or authorized to do so, to satisfy any applicable law, regulation, order or judgment of a court or tribunal or queries from the relevant authorities.

We will not otherwise use, share, disseminate, publish, or disclose your personal data except as may be required in response to litigation, investigations, or other legally required disclosures or to protect our rights, property, or safety or of our customers, or others.

If we transfer your personal data, we will always do so under strict conditions of confidentiality and similar levels of security safeguards.

WHERE WE STORE YOUR PERSONAL DATA

All information you provide to us is stored on secure servers or on the servers of third-party IT service providers. We maintain appropriate administrative, technical, and physical safeguards to protect against loss, misuse or unauthorized access, disclosure, alteration, or destruction of the personal data you provide to us in accordance with applicable laws.

PERIOD FOR WHICH WE STORE YOUR PERSONAL DATA

We will store your personal data for no longer than is necessary for the purposes for which it was collected or provided to us (unless a legal or insurance obligation requires us to keep it for longer period such as operational, legal, regulatory, tax or accounting requirements).

YOUR RIGHTS TO YOUR PERSONAL DATA

Please note that you have the following rights:

Access. You may contact us at any time in order to request access to the personal data we hold about you. We will confirm whether we are processing your personal data, provide details of the categories of personal data concerned and the reasons for our processing. We can also provide you with a copy of your personal data on request though we will have to be mindful of the rights of others within any relevant records when doing so.

Rectification. You can ask us to correct or complete your personal data by contacting us at any time. To the extent reasonably possible, we will inform anyone who has received your personal data of any corrections we make to it.

Restriction. In certain circumstances, it may be possible to require us to limit the way in which we process your personal data (i.e. require us to continue to store your personal data, but not otherwise process it without your consent).

Erasure. You may ask to have the information on your account deleted or removed, in certain circumstances. We will try to do so promptly, and, to the extent reasonably possible, we will inform anyone who has received your personal data of your request. However, we must keep track of certain transaction information, such as past purchases and similar information, for legal or tax compliance purposes, to satisfy insurance obligations or in the event of legal claims, so we may not be able to fully delete your information in certain circumstances.

Receiving/transferring your personal data. In certain circumstances (where we process your data based on consent or pursuant to a contract with you, and the processing is carried out by automated means), you may ask us to send you the personal data, we hold on to, in an electronic, structured and user-friendly format, or you may ask us to send this data to another entity.

Object. Where we are processing your personal data without your consent to pursue our legitimate interests, you may object to us processing your personal data. Where we are using your personal data to contact you for marketing purposes, you may object to such processing at any time.

Automated decision-making. You have the right to be informed of any automated decision-making, including profiling, used in connection with your personal data, and we will provide information about the logic we apply, as well as the significance and consequences of such processing.

Complaints. You have the right to lodge a complaint with the relevant data protection supervisory authority in the country where you are based or any place where you believe an infringement of your personal data has occurred. We encourage you to contact us before making such complaint to the relevant authorities, so that we can try to resolve any concerns you have.

SECURITY

We have security measures in place to help protect against the loss, misuse, and alteration of the information under our control. While we cannot guarantee that loss, misuse, or alteration to data will not occur, we ensure that our systems adhere to market security standard so as to help safeguard against such occurrences.

CHANGES TO OUR PRIVACY STATEMENT

Any changes we make to our Privacy Statement in the future will be posted on this page. Please check back frequently to see any updates or changes to our Privacy Statement.

CONTACT DETAILS

If you have any questions, comments or request regarding this Privacy Statement, you may reach out to us at india@gentari.com

STAKEHOLDER RELATIONS

INFORMATION GATHERING AND USAGE FOR STAKEHOLDER RELATIONS PURPOSE

We may use personal data that we obtain for any of the following purposes (including but not limited to):

Managing relationship and engagements with you as our stakeholder in general, and in particular to store basic stakeholder data, identify, assess and monitor stakeholders’ expectations and the issues that you may raise with us in one centralized stakeholder management system which records and monitors stakeholder and organisation profiles, engagements, issues, grievances and social investment activities.

Assessing our engagements with you in order to improve our interactions.

Personalising relevant communications with you in respect of personal details and contact information which you have provided to us for example sending out festive greetings and event invitation, ensuring appropriate protocol arrangement, distributing Gentari collaterals (e.g. annual report), providing business updates (e.g. updates on CSR activities).

Providing corporate hospitality as part of enhancing stakeholder experience.

Carrying out surveys, research, and feedback to help us better understand your requirements, interests, and concerns to help improve our business delivery to you and gauge brand/reputation perception and sentiments.

In other circumstances, such purposes that are necessary or directly related to your relationship with us or where it is permitted under the applicable laws.

Where we collect personal data from you for stakeholder relation purpose, we will only do so strictly needed for fulfilment of one of the purposes set out above. In the event we do not receive your personal data, this may mean that we are not able to effectively address your requirements, interests, and concerns or to carry out any of the abovementioned purposes, if at all.

CONTACT DETAILS FOR STAKEHOLDER RELATIONS PURPOSE

Any questions and requests regarding this Privacy Statement or your personal data should be addressed to:

Address: Level 6, The Palm Square, Golf Course Ext Road, Sector 66, Gurugram, Haryana 122102

Email Address: india@gentari.com