PET Group — Payroll Outsourcing Privacy Policy
At PET Group, we recognize that payroll data is some of the most sensitive personal information within an organization. This payroll outsourcing privacy policy explains how we process employee personal data when acting as a service provider for our clients in Malaysia, Singapore, and across our international footprint. This document is intended for educational purposes to help employers and employees understand the practical controls, data flows, and security measures involved in professional payroll processing; it does not constitute legal advice.
Last updated: January 2026.
Operational Controls & Transparency Standards
1) Scope: Who This Policy Covers
This policy defines the scope of data processing activities undertaken by PET Group when managing payroll services. It covers all individuals whose personal information is processed by us, primarily including the employees, contractors, and directors of our client organizations. Our service footprint includes primary markets in Malaysia and Singapore, with extended capabilities to support processing for entities in Australia, the UK, and Hong Kong. The scope encompasses the collection of data for salary calculations, the administration of statutory benefits, and the distribution of final payment information. We focus on protecting the information of active staff, new joiners during onboarding, and leavers requiring final settlement. By establishing this scope, we ensure that every stakeholder understands which data is handled and the operational context of our payroll outsourcing privacy policy. We do not cover the internal HR policies of our clients, but rather the specific processing lifecycle we manage as a dedicated payroll partner.
2) Definitions: Personal Data in Payroll
Employee personal data in the context of payroll refers to any information that can identify an individual employee and is required for financial administration. This primarily includes “Master Data” such as full names, Employee IDs, and government-issued identifiers like NRIC in Malaysia or FIN in Singapore. It extends to “Financial Data” like bank account numbers, base salary rates, and tax identifiers (LHDN or IRAS). Operational data also qualifies, including attendance logs, overtime (OT) hours, and claim receipts for reimbursement. By defining these terms clearly, PET Group ensures that both employers and employees understand the scope of information processed to generate a payslip. We also consider “Payroll Outputs”—such as payment instruction files and statutory registers—as sensitive data aggregations that require equal protection. Understanding these definitions is the first step in recognizing the breadth of information involved in payroll processing and the necessity of the practical controls we apply throughout the monthly cycle.
3) Our Role: Controller vs Processor (Simple Explanation)
In the payroll outsourcing relationship, roles are clearly divided between the employer and PET Group. Your employer (the Client) acts as the “Data Controller.” This means they decide why and how personal data is processed, collect the initial data from you, and instruct us on salary changes or bonuses. PET Group acts as the “Data Processor.” We only handle the data according to the client’s documented instructions to perform the monthly payroll run. We do not own the data, nor do we decide to share it for other purposes. Our role is strictly operational: we transform the inputs provided by your employer into outputs like payslips and bank files. This distinction is vital for accountability; while the controller manages the employee relationship and data accuracy, PET Group as the processor focuses on the secure execution of calculations and the maintenance of a robust audit trail. This separation ensures that your data is only used for the specific purpose of payroll administration as authorized by your employer.
4) What Data We Process: Employee Master Data
Employee Master Data forms the foundation of the payroll system. PET Group processes these static or semi-permanent fields to ensure each individual is uniquely identified and correctly categorized for statutory purposes. This data includes full legal names, home addresses, contact details, and dates of birth. Crucially, it includes national identifiers such as Malaysia’s NRIC/passport number or Singapore’s FIN/NRIC, which are essential for EPF, SOCSO, and income tax (PCB) filings. We also maintain employment-specific master data, such as Employee IDs, job titles, department codes, and cost centers. This information allows the system to allocate salary costs correctly within the client’s finance reports. During the onboarding phase, this data is verified to ensure payments are sent to the correct individual. Any changes to master data, such as a change in marital status or bank account details, must be updated through formal handover protocols to maintain the integrity of the payroll register. We prioritize accuracy in these fields to prevent payment errors and ensure statutory compliance.
5) What Data We Process: Payroll Inputs (OT/Leave/Claims)
Each month, PET Group receives variable “Inputs” required to calculate the final net pay. These inputs represent the active work performed during the pay cycle and vary between employees. Common examples include overtime (OT) hours, shift allowances, unpaid leave days, and commissions. We also process expense claims and reimbursement data, which often involve scanning receipts for items like travel, medical expenses, or mileage. These inputs are typically provided via an automated attendance system or a consolidated Excel template during the “handover” phase. Our role is to import these inputs, apply the correct formulas—such as 1.5x or 2.0x multipliers for OT—and ensure the results are reflected on the payslip. We also track leave types, such as sick leave or annual leave, which can impact salary calculations if the employee has exceeded their entitlement. Accurate processing of these inputs is vital for ensuring that employees are paid for their actual contributions and that statutory deductions are calculated on the correct taxable base.
6) What Data We Process: Payroll Outputs (Payslips/Registers)
Once processing is complete, PET Group generates “Outputs” that summarize the financial results for the month. The most critical output is the individual payslip, which provides a transparent breakdown of gross pay, itemized deductions (EPF, SOCSO, Tax), and net salary for each employee. We also produce “Payroll Registers”—comprehensive reports that list all payments and deductions across the entire company or specific departments. These registers are used by the client’s finance department for internal reconciliation and general ledger posting. Additionally, we generate statutory reports for agencies such as LHDN (CP39/PCB) and KWSP (EPF). These outputs contain sensitive aggregations of employee personal data and are handled with the same high level of security as master data. We ensure that payslip confidentiality is maintained during distribution, whether via a secure portal or password-protected PDF. These outputs serve as the official record of the payroll run and are essential for maintaining a clear audit trail of all transactions.
7) What Data We Process: Bank & Payment Instruction Files
A specific type of output created by PET Group is the “Bank File” or payment instruction file. This is a technical data format (often .txt or .csv) containing the list of all employees, their bank account numbers, and the net salary to be paid. These files are designed to be uploaded directly into the client’s corporate banking portal (e.g., Maybank2e or DBS Ideal) for bulk disbursement. Because these files contain both personal identity data and direct financial instructions, they represent a high level of sensitivity. PET Group ensures these files are encrypted or transferred via secure channels to the client’s authorized “approver.” We do not have the authority to initiate payments; we only provide the formatted instructions as requested by the employer. This process significantly reduces the risk of manual data entry errors and ensures that the “maker-checker” workflow is maintained, as the client must still verify and approve the file within their own banking environment. Protecting these files is a cornerstone of our operational security protocol.
8) Data We Try to Avoid (Sensitive Data) + Practical Exceptions
PET Group operates on a principle of “Data Minimization,” meaning we only request and process information strictly necessary for payroll administration. We generally try to avoid collecting highly sensitive personal data such as political affiliations, religious beliefs, or detailed medical histories. However, there are practical exceptions required for payroll operations. For example, we may need to know an employee’s religion to process certain religious holiday-related pay or statutory funds in specific jurisdictions. We may also process limited health information when calculating medical leave entitlements or processing medical expense reimbursements based on clinic receipts. In such cases, the information is treated as highly confidential and only accessed by authorized personnel. We discourage clients from sending unnecessary sensitive data, such as private family details or sensitive performance reviews, within payroll handover files. By focusing on only the minimum necessary data, we reduce the privacy risk for both the employer and the employee, ensuring our payroll outsourcing privacy policy remains targeted and effective.
9) Where Data Comes From (HR, Finance, Systems)
As a service provider, PET Group does not collect personal data directly from individual employees. All information we process is provided to us by the client organization (the employer). This data usually originates from the client’s internal HR or Finance departments. It may come from recruitment records for new hires, from manager-approved overtime sheets, or from digital attendance and leave management systems. In many cases, data is transferred to us via structured Excel files, secure email, or automated API integrations between the client’s HRIS and our payroll software. Because we receive data second-hand, we rely on the client to ensure they have obtained the necessary consents and that the data is accurate. If an employee discovers an error on their payslip, they should contact their internal HR department to initiate a correction, which will then be communicated to PET Group for processing in the next cycle. This clear data flow ensures that the employer remains the primary point of contact for employee data rights while we focus on technical processing.
10) Why We Use Data (Payroll Operations Purposes)
PET Group processes employee personal data for specific, limited “Payroll Operations Purposes” as authorized by the client’s service agreement. These purposes are strictly administrative and financial. We use data to calculate monthly gross-to-net salary, process overtime and allowances, and administer statutory deductions for EPF, SOCSO, and Income Tax. We also use it to generate bank instruction files for salary disbursement and to produce essential financial reports for the client’s finance team. Furthermore, we use data to support statutory filing requirements, ensuring that information reaches the correct government authorities in a timely manner. Data is also utilized to generate employee payslips and year-end EA or IR8A forms. We do not use payroll data for marketing, profiling for non-employment purposes, or any secondary use not directly related to the administration of employee compensation and benefits. This purpose limitation ensures that data is only processed as needed to fulfill our operational commitment as a payroll outsourcing provider.
11) Processing Basis (High-Level, Non-Legal)
Our processing of personal data is grounded in the operational necessity of fulfilling an employment contract. When an employee signs a contract with their employer, payroll administration is an inherent part of that agreement. Therefore, we process data to enable the employer to pay salaries, provide benefits, and meet statutory obligations. This is generally referred to as processing for the “performance of a contract” or to meet “legal obligations” (such as tax and labor laws). From an operational standpoint, we do not require individual consent for every monthly calculation, as the processing is a mandatory requirement for continued employment and salary disbursement. However, we assume that the client (the employer) has met their transparency obligations by informing staff that an external provider like PET Group is utilized for these services. Our commitment is to ensure that this processing is done fairly, transparently, and only for the purposes agreed upon with the client, maintaining high-level alignment with general privacy principles such as PDPA in Malaysia and Singapore.
12) Mandatory vs Optional Fields (Operational Impact)
In our payroll systems, certain data fields are “Mandatory” because they are required for calculation logic or statutory filing. For instance, an employee’s NRIC/FIN, base salary, and bank account number are mandatory; without them, we cannot calculate taxes or issue a payment. If these fields are missing, the payroll run will fail or be significantly delayed. Other fields may be “Optional” from a strict calculation perspective but important for reporting, such as an employee’s emergency contact or personal email address (if payslips are delivered via a portal). The operational impact of missing mandatory data is significant—it can lead to fines for the employer due to late statutory submissions or delayed salary for the employee. We work closely with our clients during the implementation phase to identify these mandatory fields and ensure they are captured accurately. By distinguishing between these categories, we help clients prioritize data quality where it matters most for payroll continuity and compliance.
13) Data Accuracy: Client + Employee Responsibilities
Ensuring the accuracy of employee personal data is a shared responsibility. The employee is responsible for providing their employer with correct and up-to-date information, such as notifying them of a new bank account or a change in residential address. The employer (the Client) is responsible for verifying this data and communicating it to PET Group in a timely and structured manner. PET Group is responsible for ensuring that the data provided to us is accurately entered into the payroll system and that our calculations reflect the information received. We do not independently verify employee data with external sources; we rely on the client as the source of truth. If an error occurs because an old bank account number was provided, the responsibility lies with the source of that data. To support accuracy, we provide clients with regular “Master Data” reports for their review and encourage periodic data audits. This collaborative approach ensures that the payslips we generate for staff in KL, Selangor, or Singapore are based on a reliable and accurate foundation.
14) Cut-Off Dates & Last-Minute Changes (Privacy + Control)
Maintaining strict “Cut-Off Dates” is essential for both operational efficiency and data control. The cut-off date is the deadline by which the client must provide all inputs—such as overtime, bonuses, or joiner details—to PET Group. Last-minute changes after this date are discouraged because they bypass standard verification protocols and increase the risk of errors. From a privacy perspective, rushed manual adjustments are more likely to lead to data leaks or incorrect disbursements. By enforcing a firm cut-off, we ensure that every piece of data goes through the full “Maker-Checker” verification cycle before salary payment. If a client submits a change after the deadline, it is typically processed as an “adjustment” in the following month. This control mechanism protects the integrity of the payroll audit trail and ensures that no unauthorized changes are made outside the formal approval window. It also allows our team to perform reconciliation checks, identifying any variances that might indicate a data entry error or unauthorized access before the bank file is finalized.
15) Approvals, Maker-Checker & Audit Notes (Who/When/Why)
To prevent unauthorized data manipulation and ensure accuracy, PET Group utilizes a “Maker-Checker” workflow. This means that the individual who enters or imports the payroll data (the Maker) is different from the supervisor who verifies and authorizes the final results (the Checker). Every action taken within our system—whether it is a salary adjustment or a change in bank details—is captured in a digital “Audit Trail.” This log documents exactly who made the change, when it was made, and why it was authorized (often via an “Audit Note” or client email reference). This level of control is a key part of our payroll outsourcing privacy policy, as it ensures that no single individual has unchecked power over sensitive financial data. The audit trail is reviewed regularly to identify any unusual patterns or unauthorized access attempts. This process provides transparency to the client and security to the employee, ensuring that every cent paid is justified by a documented and approved instruction. It also serves as a vital record for auditors during annual financial or compliance reviews.
16) Sharing: Banks / Payment Channels (Operational Need)
To fulfill salary payments, PET Group must share certain employee personal data with banking institutions and payment service providers. This is an operational necessity. As discussed in Section 7, we generate bank instruction files containing employee names, bank account numbers, and the net pay amounts. In some cases, depending on the client’s setup, we may transmit these files directly to the bank via secure host-to-host connections, or we may provide them to the client to upload. These payment channels are highly regulated and utilize their own robust security protocols to protect data during the disbursement process. We only share the minimum data required for the bank to execute the transaction; we do not share home addresses, job titles, or other non-financial fields with the bank. This “Minimum Necessary” sharing principle ensures that the employee’s privacy is respected even when external partners are involved. Our choice of payment channels is governed by their ability to maintain secure, encrypted data transfers, ensuring that salary funds and the associated data reach the correct individual safely.
17) Sharing: Statutory Bodies / Authorities (Where Applicable)
Payroll compliance requires the mandatory sharing of data with government statutory bodies. In Malaysia, this includes the Employees Provident Fund (KWSP), Social Security Organization (PERKESO), and Inland Revenue Board (LHDN). In Singapore, this includes the Central Provident Fund (CPF) and Inland Revenue Authority of Singapore (IRAS). These agencies receive reports containing employee names, government identifiers (NRIC/FIN), and specific contribution or tax amounts. PET Group prepares these files in the exact format required by each authority (such as the CP39 or CPF contribution file). Sharing this data is a legal obligation for the employer, and PET Group facilitates this as a processor. We ensure that only the required data is transmitted and that we use the official secure portals provided by these agencies for all submissions. This sharing is essential for ensuring that employees receive their legal entitlements, such as pension contributions and health insurance coverage. We maintain a log of all such submissions as part of the client’s compliance record, ensuring transparency and facilitating audits where applicable.
18) Sharing: Auditors / Professional Advisors (When Authorised)
During financial or compliance audits, PET Group may be required to share payroll data with the client’s appointed auditors or professional advisors. This sharing only occurs when we receive a formal, documented instruction from the client authorizing the release of specific reports. These advisors use the data to verify that salary expenses are correctly accounted for and that all statutory liabilities have been met. We prioritize sharing “Aggregated Data” where possible; however, auditors often require “Sample Checks” that involve viewing specific individual payslips or master data fields to confirm calculation accuracy. In these instances, the data is shared via secure means and subject to strict confidentiality agreements. We maintain a log of who requested the data, the specific files provided, and the date of handover. This ensures that the sharing is transparent and limited to the scope of the audit. PET Group does not share employee personal data with third-party advisors for any marketing or non-audit purposes, maintaining a high level of operational integrity throughout the engagement.
19) Sharing: Hosting & IT Service Providers (Minimum Necessary)
To maintain our digital payroll infrastructure, PET Group utilizes professional hosting and IT service providers. These sub-processors provide the cloud infrastructure where our payroll databases are stored and the security tools used to protect them. While these providers technically “host” the data, they do not have the right or the technical ability to view the individual employee personal data within our encrypted databases. We select IT partners who adhere to international security standards and provide robust data residency guarantees. We follow the “Minimum Necessary” principle by only utilizing the IT services required for system availability, backup, and performance. Our agreements with these providers include strict confidentiality and data protection clauses, ensuring they operate only as infrastructure support. We do not sell data to these providers or allow them to use it for their own analytics. This back-end support is a fundamental part of providing a modern, available, and secure payroll service, and we ensure it is managed with the same high-level privacy standards as our customer-facing operations.
20) Cross-Border Transfers: When They Happen
Cross-border payroll data transfer typically occurs in two specific scenarios. First, it happens when PET Group provides regional payroll support for a client with entities in multiple countries, such as a company with offices in both Malaysia and Singapore. Data may need to be transferred to a central regional hub for consolidation and reporting. Second, it occurs when our IT infrastructure or cloud hosting utilizes servers located in a different jurisdiction from the employee. For example, data for an employee in Kuala Lumpur may be hosted in a high-security data center in Singapore. These transfers are a natural part of a professional regional payroll operation. We only initiate such transfers when it is necessary for the performance of our services or to maintain system availability. We do not transfer data to countries with inadequate privacy standards without first ensuring that appropriate safeguards are in place. Transparency regarding these transfers is a key part of our payroll outsourcing privacy policy, as it allows employees and employers to understand the geographic journey of their data during the monthly processing cycle.
21) Cross-Border Transfers: Safeguards (Practical)
When employee personal data is transferred across borders, PET Group implements practical safeguards to maintain a consistent high level of protection. We use Standard Contractual Clauses (SCCs) or Inter-Company Data Transfer Agreements to ensure that the receiving entity—whether a branch office or a service provider—is legally bound to follow the same strict data handling rules as the origin country. Technically, we ensure that data is encrypted during transit (using TLS) and at rest. We also utilize regional data residency settings to keep data as close to the source as operationally possible. For example, data for our Singaporean clients is primarily processed and stored within Singapore-based infrastructure unless consolidation is specifically requested. We perform periodic risk assessments of our cross-border flows to ensure they remain secure. These safeguards ensure that an employee’s data rights remain protected, even when the information physically moves across geographic boundaries. Our goal is to provide a regional service that feels local in its security and respect for privacy principles.
22) Access Control: Role-Based Access (Least Privilege)
PET Group enforces strict “Role-Based Access Control” (RBAC) across all our payroll systems. This means that access to employee personal data is granted only to those staff members who strictly need it to perform their jobs. We follow the principle of “Least Privilege”—an individual responsible for processing a client’s payroll in Malaysia will only have access to that specific client’s database and not the data of other clients. Within the system, permissions are further granularized; for example, a “data entry clerk” might be able to import OT hours but cannot view executive salary registers. Access to highly sensitive outputs, such as bank files, is restricted to a small number of senior “approvers.” We utilize multi-factor authentication (MFA) to secure these accounts, preventing unauthorized entry. RBAC is a practical control that prevents internal data leaks and ensures that sensitive salary information remains confidential. By limiting the circle of access, we minimize the potential for accidental or intentional data misuse, a core commitment in our payroll outsourcing privacy policy.
23) Access Reviews: Joiner/Leaver Access Removal
Ensuring that system access remains current is a vital security practice at PET Group. We conduct regular “Access Reviews” to verify that only active, authorized personnel have access to payroll databases. When a PET Group team member changes roles or leaves the organization, their system access is revoked immediately. We also provide this same discipline for our clients who use our self-service portals. When an HR or Finance manager at a client company resigns, the client must notify us to disable their access account. This prevents former employees from “lingering” in the system and accessing sensitive data they are no longer authorized to see. We also perform “Joiner Checks” to ensure new team members are only granted the minimum access required for their training level. These reviews are a practical safeguard against unauthorized access and are captured in our system audit trail. By maintaining a strict “Joiner/Leaver” protocol for access, we ensure that the circle of confidentiality remains tightly controlled and limited to only those with a valid, current operational need.
24) Payslip Confidentiality: Secure Distribution Options
Payslip confidentiality is the most visible aspect of our privacy commitment to individual employees. PET Group offers several “Secure Distribution Options” to ensure that sensitive earnings information reaches only the correct recipient. Our primary method is the use of a “Secure Employee Portal,” where employees log in using MFA to view and download their payslips. Alternatively, we provide password-protected PDF payslips delivered via email, where the password is typically a combination of the employee’s ID and NRIC. We strongly discourage the distribution of physical paper payslips due to the high risk of loss or unauthorized viewing in the workplace. If a client insists on physical payslips, they must be delivered in sealed security envelopes. For employees in Subang Jaya, Cyberjaya, or Johor Bahru, these digital options provide instant, secure access to their financial records while maintaining the highest level of confidentiality. By automating the distribution process, we eliminate the human error associated with manual sorting and handing over, ensuring that no employee inadvertently views another person’s salary details. This focus on secure delivery is a cornerstone of our payroll outsourcing privacy policy.
25) File Handover Rules: What We Discourage (Personal Chat, Forwarding)
To maintain data integrity, PET Group enforces strict “File Handover Rules” regarding how clients provide us with monthly data. We specifically discourage the use of personal chat apps (like WhatsApp or Telegram) or unencrypted email forwarding for transferring employee personal data. These channels lack an official audit trail and are more susceptible to hacking or accidental forwarding to the wrong person. Instead, we require clients to use our secure, encrypted file-sharing portals or dedicated SFTP connections. We also discourage the practice of “CC-ing” unauthorized staff on payroll handover emails. If a client sends data via an insecure channel, we will flag it as a security concern and request a transition to a secure method. These rules are designed to prevent “Data Drift,” where sensitive information is scattered across multiple insecure devices. By centralizing all handovers through secure, authenticated channels, we ensure that the “Chain of Custody” for employee data is never broken. These practical rules are a vital part of our operational security and a mandatory requirement for all our client engagements to protect the confidentiality of the payroll run.
26) Data Retention: What We Keep & Why (Payroll + Audit)
PET Group retains payroll data for as long as it is operationally necessary or legally required. In Malaysia and Singapore, general tax and labor laws typically require employers to maintain salary and contribution records for at least seven years. We follow this standard to ensure that our clients remain audit-ready. This retention includes the monthly payroll registers, statutory contribution filings, and historical payslips. Why do we keep this data? Primarily to support year-end EA/IR8A form generation, to enable historical reporting for finance audits, and to resolve any retroactive pay claims. We do not keep data indefinitely; once the legal retention period has passed or our service agreement with the client ends, we initiate a data handover and subsequent deletion process. While the data is with us, it is stored in encrypted, backed-up environments. This retention policy balances the employee’s right to be forgotten with the employer’s legal obligation to maintain an audit trail, ensuring that PET Group remains a reliable partner for long-term compliance and financial integrity.
27) Secure Disposal: Deletion / Anonymisation / Destruction
When employee personal data is no longer needed—either because the retention period has ended or the client relationship has terminated—PET Group follows a strict “Secure Disposal” protocol. For digital data, this involves permanent “Deletion” from our active databases and backup servers. In certain scenarios where data is required for long-term statistical analysis, we may perform “Anonymisation,” removing all identifiers (like names and NRICs) so the information can no longer be linked to a specific person. If physical documents were provided (which we discourage), they are destroyed using professional cross-cut shredding services to prevent reconstruction. We do not simply “throw away” payroll records. The disposal process is documented, and where requested, we can provide a certificate of destruction to the client. This final step in the data lifecycle ensures that no sensitive payroll information remains on our systems longer than necessary, effectively reducing the risk of a retrospective data breach. Secure disposal is a practical operational commitment that completes our data protection journey under our payroll outsourcing privacy policy.
28) Security Practices (Practical Safeguards, No Guarantees)
PET Group implements a range of “Practical Safeguards” to protect employee personal data. These include technical measures such as end-to-end encryption for data in transit and at rest, the use of industrial-grade firewalls, and regular system vulnerability scanning. Operationally, we enforce “Clean Desk” policies in our processing centers and conduct regular security awareness training for all payroll staff. We utilize multi-factor authentication (MFA) for all administrative logins and maintain a robust business continuity plan to protect against data loss. While we maintain a high level of security discipline, we recognize that no system is entirely immune to risk. Therefore, we focus on continuous monitoring and rapid response protocols to mitigate potential issues. These practices are designed to provide a high level of assurance to our clients that their payroll data is handled with professionalism and care. Our security framework is reviewed annually to ensure it remains aligned with the evolving landscape of payroll outsourcing and digital privacy requirements in Malaysia and Singapore.
29) Website Data: Cookies, Logs, Analytics (Generic)
When you visit the PET Group website or use our online payroll portal, we collect certain non-payroll information to improve your user experience and maintain system security. This includes the use of “Cookies”—small text files stored on your device that remember your login preferences or help us understand website traffic via analytics tools. We also maintain “System Logs” that record IP addresses, browser types, and access timestamps. This data is used to monitor system performance, troubleshoot technical issues, and detect unauthorized login attempts. For employees using our self-service portal, these logs are essential for the “Audit Trail” mentioned in Section 15. We do not use this website data to build marketing profiles or track your activity on third-party sites. Most browsers allow you to manage or disable cookies, although this may limit some functionality of our portal. This general data collection is separate from the sensitive employee personal data we process for payroll but is managed with the same high-level commitment to transparency and security under our payroll outsourcing privacy policy.
30) Requests & Complaints: Access/Correction/Contact + Identity Checks
If you have questions regarding your employee personal data or wish to exercise your rights of access or correction, please contact your employer’s HR department first, as they are the “Data Controller” and the source of our instructions. If you need to contact PET Group directly regarding a privacy concern, you may reach our Data Protection Officer at [privacy@yourdomain.com] or via mail at [Your registered address]. Please note that for any data request, we must perform a strict “Identity Check” to verify you are who you say you are. This prevents unauthorized individuals from accessing your sensitive salary information. We may require you to provide specific identifiers or verify your request through your employer. We aim to respond to all valid requests within a reasonable timeframe, typically 30 days. However, we may be legally limited in the information we can release directly to an employee if it would reveal the confidential data of others or the proprietary processes of the employer. Our goal is to ensure that your data is handled with the highest level of transparency and respect, providing a clear path for resolving any privacy-related queries.
Require more clarity on payroll data handling?
If you have specific questions about our payroll outsourcing privacy policy, monthly processing timelines, or how we manage employee personal data for your business in KL, Selangor, or Singapore, we are here to provide general guidance and educational support. Our team can help clarify our practical controls to help you maintain secure administrative operations. Phone: [Your phone].
Inquire About Privacy Controls