privacy-policy

ATOMIC Co., Ltd. (hereinafter referred to as “Atomic Malaysia”, “we”, “us”, or “our”) is committed to protecting the personal data of users and subscribers (“you”) in accordance with Malaysia’s Personal Data Protection Act 2010 (PDPA Malaysia) and related regulations. This Policy explains how we collect, use, disclose, and otherwise process your personal data. By using our services and website https://www.atomic.my and providing personal information, you are deemed to have read and accepted this Policy.

This Policy applies to personal data in our possession or under our control, including data processed by third-party organisations engaged for recruitment, employment, or business purposes.

Last Revised: [12 March 2026]

Scope of this Policy

This Policy applies to the following categories of individuals (“Users”):

● Candidates for permanent, temporary, or contract positions, as well as employed individuals (“Candidates/Jobseekers”)

● Current or potential clients and employers (“Clients/Employers”)

● Website visitors and enquirers submitting queries or feedback (“Enquirers”)

Candidate data is used to assess job suitability, manage recruitment, communicate application status, present profiles to potential employers, maintain a talent pool, comply with legal obligations, and handle queries or disputes.

Client/Employer data is used to understand hiring needs, recommend suitable candidates, manage business relationships, and carry out administrative functions (e.g., billing, reporting, compliance).

Enquirer data (name, contact, query content, IP address, cookies, etc.) is used to respond to enquiries, provide service information, maintain website performance and security, and conduct aggregated analysis. Consent is obtained where required for cookies, analytics, or marketing communications.

Definition of Personal Data

Personal data refers to any information that can identify you directly or indirectly, including information that we have or are likely to have access to.

Sensitive personal data (e.g., health information, race, religion, criminal records) will only be collected when required by law or with your explicit written consent.

Types of Personal Data We Collect

We may collect:

● Basic information: full name, date of birth, mobile number, email address

● Professional and educational information: CV, qualifications, references

● Application or interview data

● Website technical data: IP address, browser type, operating system, access time

● Where necessary, sensitive personal data such as health information, biometric data, or criminal records, with explicit consent and appropriate safeguards

Collection, Use, and Disclosure of Personal Data

Data may be collected:

● Directly from you or via an authorised third party (e.g., recruitment agent)

● Without consent where permitted or required by law (e.g., PDPA Malaysia) for:

• Contract performance
• Legal obligations
• Vital interests (emergencies)
• Public interest or national security
• Legitimate interests (subject to balancing tests)

Purposes include but are not limited to:

● Assessing suitability for current or future employment

● Verifying identity and accuracy of information provided

● Compliance with laws, regulations, or governmental investigations

● Sharing with third-party service providers or authorities (domestic or overseas)

● Other incidental business purposes related to the above

If you provide personal data of another individual (e.g., a referee), you must obtain their consent.

Cross-Border Data Transfer and Third-Party Disclosure

● Personal data may be shared with contracted third-party service providers, including those located outside Malaysia.

● Transfers may occur to countries including Singapore, Mainland China, Hong Kong SAR, and other jurisdictions where we operate.

● Data transfers are governed by Data Protection Agreements to ensure PDPA Malaysia-level protection, encryption, and, where appropriate, data desensitization.

● Users may object to cross-border transfers, and we will suspend transfers and provide alternatives.

Withdrawing Consent

● Consent for data collection, use, and disclosure remains valid until withdrawn in writing via email to our Data Protection Officer (DPO).

● Requests will generally be processed within 10 business days, with updates provided on potential impacts.

● Withdrawal does not affect previously lawful processing.

● Users may cancel a withdrawal by providing written notice.

Access and Correction of Personal Data

● Users may request access to or correction of their personal data by contacting the DPO.

● Access requests: responded to within 21 calendar days

● Correction requests: responded to within 10 business days (unless shorter statutory timelines apply)

● A reasonable fee may apply, notified in advance.

● Cross-border or extraterritorial requests will follow local legal requirements.

Protection and Retention of Personal Data

Protection measures:

● Technical: AES-256 encryption, firewall, antivirus, data backup, internal account authentication

● Administrative: “Need-to-know” principle, annual employee data protection training, dedicated data protection team

● Physical: Locked storage for paper data, equipment security, restricted access

Retention:

● Retained only as long as necessary for original purposes or legal requirements

● Employment data retained as part of employee records

● Data no longer needed is deleted or anonymized

Data destruction:

● Electronic data: professionally erased

● Paper data: shredded or incinerated

● Data for statistical purposes: anonymized by removing identifiable information

Use of AI in Recruitment

● AI tools may assist in analyzing application data (name, contact, education, employment history).

● AI is only used to support internal recruitment; no automated hiring decisions are made.

● Evaluations remain under human oversight.

● AI processing complies with local data protection laws, legal bases may include legitimate interests, deemed consent, contractual necessity, or explicit consent where required.

Users’ Rights

Depending on your jurisdiction, you may have:

● Right of access

● Right to correction

● Right to erasure (“right to be forgotten”)

● Right to data portability

● Right to object or restrict processing

● Right to lodge a complaint with a supervisory authority

Policy Changes

● Policy may be updated without prior notice

● Check the “Last Revised” date for updates

● Continued participation in recruitment or use of services constitutes acceptance

Minors

Minors must have parental or guardian consent before providing personal data.

Proof of consent may be requested; data may be deleted if consent cannot be verified.

Sensitive Data

Sensitive personal data is collected only when necessary and with explicit consent or legal basis.

Data submitted without consent or on a legal basis may be deleted.

User Consent Clause

By submitting forms or applications, you acknowledge:

● Reading, understanding, and agreeing to this Policy

● Third-party submissions were authorized by you

● Personal data may be processed with AI tools and transferred across borders

● Data provided is accurate and complete

Contact Information

You may contact our Data Protection Officer if you have any inquiries or feedback on our personal data protection policies and procedures; or if you wish to make any request, in the following manner.

● Contact: +60 3-2615 7855

● Email: enquiries@atomicgroup.my

● WeWork Mercu 2, Level 40, No.3 Jalan Bangsar, KL Eco City, 59200, Wilayah Persekutuan Kuala Lumpur