SustainBuild Mark

Login
PRIVACY POLICY FOR SUSTAINBUILD MARK CERTIFICATION PROGRAM
1. Introduction

The Construction Research Institute of Malaysia (CREAM) is dedicated to protecting the privacy and personal data of all individuals associated with the SustainBuild Mark Certification program. This Privacy Policy describes our commitment to safeguarding the information you provide and outlines how we collect, process, use, store, and protect your data. This policy complies with both the General Data Protection Regulation (GDPR) and the Malaysian Personal Data Protection Act (PDPA), ensuring that your rights as a data subject are respected and upheld. By engaging with the SustainBuild Mark Certification program, you agree to the terms outlined in this policy. Our goal is to create a transparent environment where you feel secure in sharing your information, knowing that we prioritize data security and ethical practices. This policy applies to all program-related activities, including application processing, training registration, and certification management.

2. Organization and Scope

This Privacy Policy governs the SustainBuild Mark Certification program, operated by CREAM. It applies to all personal data collected from applicants, participants, certificate holders, and other stakeholders involved in the program. The scope includes data collected through various channels such as application forms, online platforms, emails, and training sessions. It covers data handling practices during the certification lifecycle, from application submission to certificate issuance, renewal, or termination. Additionally, the policy applies to any information shared during program-related communications or inquiries. This comprehensive coverage ensures that all personal data processed for the SustainBuild Mark Certification program adheres to the highest standards of privacy and security. Whether you are a local manufacturer, importer, or other eligible party seeking certification, this policy is designed to address the unique privacy requirements of the construction industry while maintaining compliance with regulatory standards.

3. Information Collected

To facilitate the SustainBuild Mark Certification program, we collect the following categories of personal data:

  • Identification Data: This includes names, job titles, company names,

contact information, and government-issued identification numbers.

  • Professional Data: Information on certifications, qualifications, and  

training records of applicants and management representatives.

  • Application Data: Product details, environmental claims, and  

supporting documentation submitted as part of the certification process.

  • Usage Data: Information such as IP addresses, browser types, and

activity logs collected through our online platforms and communications.

  • Other Data: Any additional information provided during inquiries,

appeals, or complaint submissions. We ensure that all data collected is relevant and necessary for the purposes outlined in this policy. Sensitive data is handled with heightened security measures to protect against unauthorized access. By providing your personal data, you acknowledge that it is collected and processed in accordance with this Privacy Policy.

  1. Purpose of Collection

The personal data we collect serves the following purposes:

  • Application Processing: To evaluate and manage SustainBuild Mark

Certification applications, ensuring compliance with ESG and

environmental claim requirements.

  • Certification Services: To facilitate training, issue certificates, and

     manage the certification lifecycle.

  • Communication: To provide updates, respond to inquiries, and deliver

essential information regarding certification and related services.

  • Legal Compliance: To fulfill obligations under applicable laws,

     regulations, and industry standards.

  • Program Improvement: To analyze data for internal research and

development, enabling enhancements to the certification program and

related services.

4.6      Complaint Management: To address and resolve complaints

regarding certified products or program participants. Each data collection purpose is aligned with regulatory requirements and CREAM’s commitment to ethical data practices. By collecting only what is necessary, we aim to ensure your privacy is respected at every stage of the certification process.

  1. Legal Basis for Processing

Our processing of personal data is grounded on the following legal bases:

  • Consent: Obtained explicitly when you submit applications, register for

training, or agree to this Privacy Policy.

  • Contractual Necessity: Processing is required to fulfill our obligations

under the SustainBuild Mark Certification program.

  • Legal Obligations: Compliance with statutory and regulatory  

requirements, including environmental and product certification laws.

  • Legitimate Interests: Ensuring the effectiveness and integrity of the

certification program, including fraud prevention, program evaluation, and stakeholder engagement. We prioritize transparency and accountability in our data processing activities. If processing is based on legitimate interests, we ensure it does not override your rights and freedoms as a data subject. Where applicable, additional safeguards are implemented to enhance data protection.

  1. Consent

Your consent is a cornerstone of our data collection and processing activities. Consent is explicitly obtained when you:

  • Submit an application for SustainBuild Mark Certification.
  • Register for management representative training.
  • Provide personal data through inquiries or communications. You have

the right to withdraw consent at any time by contacting us. However, withdrawal of consent may affect our ability to provide certain services or process your certification. We ensure that consent is obtained transparently, and you are informed of the purposes and implications of data collection. Any changes in consent will be documented, and appropriate measures will be taken to reflect your preferences.

  1. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Retention periods include:

  • Certification Data: Retained for six (6) years post-certification to ensure

traceability and compliance.

  • Unsuccessful Applications: Retained for three (3) years for audit and

reference purposes.

  • Training Records: Retained for the validity period of training certificates  

Three (3) years. After these periods, personal data is securely deleted or anonymized. Data required for ongoing legal or regulatory obligations may be retained longer. Our retention practices align with GDPR and PDPA principles, ensuring data is not kept longer than necessary.

  1. Data Security

We employ robust security measures to safeguard your personal data. These include:

  • Encryption: All sensitive data is encrypted during transmission and  

storage.

  • Access Control: Only authorized personnel have access to your data,

based on a need-to-know basis.

  • System Monitoring: Regular audits and monitoring of our IT  

infrastructure to detect and prevent unauthorized access.

  • Physical Security: Secure storage facilities for physical documents and  

     server equipment.

  • Incident Management: Procedures in place to respond swiftly to data

breaches or security incidents. We continuously review and update our security protocols to address emerging threats and vulnerabilities, ensuring the highest level of data protection.

  1. Individual Rights

Under GDPR and PDPA, you have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of data, subject to legal obligations.
  • Restriction: Limit the processing of your data under specific conditions.
  • Data Portability: Request transfer of your data to another entity.
  • Objection: Object to processing based on legitimate interests.
  • Complaint: Lodge a complaint with a relevant authority if you believe

your data rights are violated. To exercise these rights, contact us using the details provided below. We are committed to addressing your requests promptly and transparently.

  1. Third-Party Links and Services

Our website and communications may include links to third-party websites and services. While we strive to partner only with reputable organizations, we are not responsible for the privacy practices of these external entities. We encourage you to review their privacy policies before providing any personal data. Additionally, we do not share your personal data with third parties without your consent, except as required for certification purposes or by law.

  1. Updates to the Privacy Policy

This Privacy Policy is subject to periodic updates to reflect changes in our practices or regulatory requirements. Updates will be posted on our website, and significant changes will be communicated to stakeholders. The “Last Updated” date at the top of the policy indicates the most recent revision. By continuing to engage with the SustainBuild Mark Certification program, you agree to the terms of the updated policy.

  1. Contact Information

For questions, concerns, or requests regarding this Privacy Policy, please contact us at:

  • Email:

sbmark@cream.my

  • Phone:

03-2779 1479

  • Address:

Construction Research Institute of Malaysia (CREAM),

Level 14, CIDB 520, The MET Corporate Towers,

N0 20, Jalan Dutamas 2, 50480, Kuala Lumpur.

We are committed to addressing your inquiries and ensuring compliance with privacy laws. Your trust is important to us, and we are here to support you in any matters related to your personal data.