Brunei Gas Carriers Sdn Bhd and all its subsidiaries (hereinafter collectively referred to as “the Company”, “we” or “us”) are committed to protecting your personal data. This Data Protection and Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the Applicable Data Protection Laws.

The Policy supplements but does not supersede or replace any other consent which you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which we may have at law to collect, use or disclose your Personal Data.

1. Definitions

Personal Data refers to any information – whether physical or digital – that relates to an identified or identifiable individual. If data can directly or indirectly reveal the identity of an individual, it qualifies as Personal Data. Examples include full name, contact details, passport number, biometric data, health data etc).

2. Information we process and our legal basis for processing

We collect only the Personal Data necessary to provide or receive products and services, to respond to your enquiry or feedback, to manage our business operations, or to comply with legal obligations. The Company you engage with will act as the Data Controller of your Personal Data.

By interacting with us, including through our websites, applications, social media pages, or in person, you consent to the collection, use, and disclosure of your Personal Data in accordance with this Policy and the Applicable Data Protection Laws. You are responsible for ensuring that the Personal Data you provide is accurate, complete, and up to date. Please note that failure to provide the requested Personal Data may affect our ability to provide you with the requested services or to fulfil our obligations.

As part of our business operations, we may collect the following categories of Personal Data about you, whether provided directly by you, obtained from third parties, or collected automatically:

  • Identification details: name, address, contact details, nationality, date of birth, marital status.
  • Government-issued identifiers: identity card numbers, passport number, visa/work permit details, or equivalent identification numbers (collected only where required by law or necessary for verification).
  • Business and transactional information: payment information (e.g. card/account number, billing address), and related records.
  • Professional information: company name, job title, business contact details, and information relating to your dealings with us.
  • Survey and event information: responses to surveys, event registrations, preferences (e.g. dietary requirements), and participation details.
  • Health and safety information: only where required by law or internal policy (e.g. visitor logs, health certifications for site or vessel access).
  • Compliance information: data collected for KYC/AML checks, regulatory reporting, or dispute resolution.
  • Automatically collected information: data collected via our websites, apps, or online platforms (e.g. cookies, login details, browser type, IP address, device information, usage data, clickstream, page interactions).
  • Visitor information: signatures, vehicle registration details, CCTV recordings, and other information collected when you visit our premises or vessels.
  • Photo and video data: images, video recordings, or other visual media captured through CCTV, event photography, or submitted by you through our platforms or communications.

We will collect, use, and disclose your Personal Data only where permitted, including where:

  • you have provided consent for the collection, use, or disclosure of your Personal Data. You may withdraw your consent at any time by contacting our Data Protection Officer (see Section 7).
  • it is necessary to take steps at your request prior to entering into, or to perform, a contract (e.g. processing transactions, providing services, or receiving goods/services).
  • it is required to comply with legal or regulatory obligations;
  • it is necessary for our legitimate business purposes (e.g. communications, audits, research and development, IT and site security, fraud prevention, business continuity), provided these interests are not inconsistent with your rights under applicable law.
3. How we collect information

We generally obtain your express consent before or at the time of collecting your Personal Data, unless an exception under the Applicable Data Protection Laws applies. Consent may be provided in writing, electronically, or deemed to have been given when you voluntarily provide your Personal Data for a purpose that would be reasonably apparent to you at the time or you continue to use our services after being notified of an update to this Policy.

In addition to the Personal Data you provide directly, we may obtain Personal Data about you from third-party sources, including public databases, business partners, or service providers, where permitted by law. We may combine such data with information you have provided and data collected through your interactions with us. This aggregated information will be used solely for the purposes described in this Policy, in accordance with Applicable Data Protection Laws.

If you provide us with Personal Data relating to another individual (such as your dependents, spouse, children and/or parents), you represent and warrant that you have informed them of the contents of this Policy, obtained their consent, where required, and are duly authorized  to share their Personal Data with us for the purposes outlined herein. Upon request, you may be required to confirm or provide evidence of such consents.

4. How we use information

Your Personal Data will be collected, used, and disclosed for the following purposes:

  • Service provision: delivering, managing, and improving the products or services that you request or engage with.
  • Business operations: supporting administrative, financial, and operational functions, including record management, auditing, and reporting.
  • Communication: responding to your enquiries, providing updates, and sharing information relevant to our services, activities, or relationship with you.
  • Compliance and legal obligations: fulfilling requirements under applicable laws, regulations, codes of practice, or internal governance policies.
  • Security and access control: protecting Company systems, facilities, data, and personnel through appropriate verification and monitoring measures.
  • Risk management: identifying, preventing, and addressing potential misconduct, security incidents, or breaches of contract.
  • Improvement and analytics: evaluating and enhancing our operations, processes, and service delivery through research, feedback, and performance monitoring.
  • Related purposes: any purposes reasonably connected with or incidental to the above.
5. How we share information

We may share your Personal Data with the following parties, strictly for the purposes outlined in this Policy:

  • Subsidiaries, Parent Company and Affiliates: On a need-to-know basis for operational, administrative, legal, or compliance-related purposes.
  • Authorised third-party service providers engaged to support our business operations, including IT services, data hosting, and other outsourced functions.
  • Other offices within the Company, where necessary to facilitate internal coordination, service delivery, or administrative functions.
  • Regulatory and legal authorities, where disclosure is required by applicable law, regulation, or in response to lawful requests from law enforcement or regulatory bodies.
  • External legal advisors, where necessary to obtain legal advice or in connection with actual or potential legal proceedings.
  • Any party to whom you authorise us to disclose your Personal Data.
  • In urgent circumstances, to protect your vital interests or personal safety.

Your Personal Data may, from time to time, be transferred to and stored in jurisdictions outside of your country of residence. These jurisdictions may have data protection laws that differ from, and may be less stringent than, those in your home jurisdiction. Where such cross-border transfers occur, the Company will ensure that:

  • Appropriate contractual and technical safeguards are in place to protect your Personal Data.
  • Transfers are made strictly on a need-to-know basis and only for the purposes described in this Policy.
  • The receiving party provides a comparable standard of protection to that required under the Applicable Data Protection Laws.
6. How we protect information

We take the protection of your Personal Data seriously and implement reasonable security arrangements to protect against unauthorised access, collection, use, disclosure, copying, modification, disposal, or other similar risks.

All Personal Data is stored on secure servers, whether operated by the Company or by authorized subcontractors. Access to Personal Data is restricted to authorised personnel who require it strictly on a need-to-know basis. We maintain physical, electronic, and procedural safeguards that are commercially appropriate and consistent with the requirements of the Applicable Data Protection Laws.

While no method of transmission over the Internet, mobile applications, email, or other communication channels can be guaranteed to be fully secure, we adopt measures designed to minimise the risk of intrusion or unauthorised access. We comply with our internal security policies and standards when accessing or using Personal Data, and we require our service providers to do the same.

Where you have been provided with, or have created, a password to access certain parts of our website or services, you are responsible for maintaining the confidentiality of that password. Please do not share your password with anyone.

7. How long we retain information

We will retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with our internal retention policies and procedures, or as otherwise permitted or required by applicable law.

If we require consent to collect certain information about you, and such consent is withdrawn, we will delete such information unless we are legally required to retain it.

Once the retention period has expired, or once the data is no longer required for the purposes for which it was collected, we will securely delete or anonymise your Personal Data, unless retention is required for legal, regulatory, or business purposes.

8. How you control your information

You have the following rights in relation to your Personal Data (subject to applicable exceptions and legal or contractual restrictions):

  • Access: request access to the Personal Data we hold about you.
  • Correction: request correction of any inaccurate or incomplete Personal Data.
  • Withdrawal of consent: withdraw your consent to our collection, use, or disclosure of your Personal Data. Please note that withdrawal of consent may affect our ability to continue providing certain products or services.
  • Usage and disclosure information: request information on how your Personal Data has been used or disclosed in the past year.
  • Deletion: request deletion of your Personal Data, where permitted under applicable law.

Requests to exercise these rights should be directed to our Data Protection Officer (DPO) at dpo@bgc.com.bn by filling in the BGC Personal Data Handling Request Form.

We will assess and respond to each request in accordance with the Applicable Data Protection Laws. A reasonable fee may be charged for processing access requests, as permitted by law.

You also have the right to lodge a complaint with the relevant Data Protection Authority in your jurisdiction if you believe that your Personal Data has not been handled in accordance with the Applicable Data Protection Laws.

9. Social Media

You may visit our micro-sites on various social media platforms, and as such, may choose to provide us with personal data through these social media platforms, such as through forms, account portals, interfaces, and interactions with other support portals/channels. By doing so, you consent to the use of this personal data in accordance with this Policy. BGC may receive information related or connected to an account with a third-party service that you use to sign up or log in, or when you associate that account. For instance, when you associate your account, we may receive your public profile, your friends list, your contacts, and your email address. If you delete your profile from a third-party service, such as Google or Facebook, information that has been shared with BGC from that service may still be retained by BGC. If you do not wish for us to retain such information, please contact our Data Protection Officer (DPO) at dpo@bgc.com.bn.

10. Updates to our privacy policy

We may update or amend this BGC Data Protection and Privacy Policy from time to time to reflect changes in our practices, legal or regulatory requirements, or other circumstances. Any updates will be published on our website. We encourage you to review this Policy periodically to stay informed about how we manage your Personal Data. Your continued use of this Site and acceptance of our services after any changes to this Privacy Policy constitutes your consent to any such changes, to the extent such consent is not otherwise provided.

This Data Protection and Privacy Policy was last updated on 11 December 2025.