CAAM Aviation Reporting System - CAReS

Privacy Policy

[last updated : FEB 2023]


CAAM are committed to protecting and respecting your privacy. The personal data collected by the CAAM Aviation Reporting System – CAReS is govern by MCAR 2016 and CAD 1900 protection of natural persons with regard to the processing of personal data by the institutions, bodies, offices and agencies and on the free movement of such dat

Why do we process your data

The collection and processing of personal data is done for the purpose:

  • of granting authorisation to users to access the restricted area of the CAReS website;
  • of generating contact information (name, e-mail address and organisation) necessary for dealing with the requests for data contained in the ECR submitted by interested parties to the Points of Contacts.

Data is collected directly from the users through registration forms using secure HTTPS connection. Once a profile is activated, access is done through the CARS and Access system (which is Multi-Factor Authenticated), which identifies authorised users.e

Which data do we collect and process?

We may collect and receive Personal Data directly from you (i.e. persons whom you have authorised, persons who have been validly identified as being you or your authorised representative pursuant to our security procedures), For authorisation (i.e. granting different access rights to different parts of the CAReS web portal, depending on the role of the user), it is necessary to register by filling in a form with the following compulsory information:

  • Email
  • First Name
  • Last Name
  • Phone

Personal information will be used only for specific purposes related to the service we provide and will not be disclosed to any third party in accordance with the Computer-Processed Personal Information Law and other related regulations.

When you use our website, we automatically collect the following information: date and time, the webpage you request, URL you are on, browser type, any action (such as downloads, etc) whether that action was successful or not. This information will help us improve the efficiency of our website.

We may monitor any action which produces excessive traffic to our website.

Who has access to your data and to whom is it disclosed?

By filing a report, you authorised the disclosure of the details you have entered in the user registration system to the Data Controller, the Data Processors and the participants CAReS website. 

How do we protect your data?

Authorised access to personal data has been ensured through the implementation, at the application level, of a strict authentication (i.e. identifying the user as registered in CAReS web portal) and authorisation policy (i.e. granting different access rights to different parts of the CAReS web portal, depending on the role of the user). The authentication process is done through the embedded CAReS  Multi-Factor Authentication process.

We will take all reasonable precautions necessary to protect your Personal Data from misuse, interference and loss; and unauthorised access, modification or disclosure. In addition, the CAAM will secure your data in following ways:

  • control and limit access based on necessity;
  • maintain proper record of access and transfer of Personal Data;
  • ensure all employees of the Company protect confidentiality;
  • conduct awareness programmes to all employees on responsibility to protect Personal Data;
  • establish physical security procedures;
  • bind third parties involved in processing of Personal Data; and
  • do not use removable device and cloud computing service to transfer or store Personal Data unless with written consent from top management of the Company.

We will secure the storage in compliance with the minimum security measures prescribed under the Personal Data Protection Act 2010 of Malaysia, its regulation and standards.

Information Security Procedure and Protection

We have operating procedures for information security issues, and will impose the necessary responsibility on employees concerned in order to tackle these matters promptly and efficiently.

We have an alert system for changes in the management of information facilities and systems to avoid security loopholes.

We process and protect personal information in accordance with related provisions of the Computer-Process Personal Information Law.

We carry system backup facilities, and periodically update/back-up necessary data and software in order to be able to promptly restore all data in case of damage or media failure.

Management of Internet Security

We have established firewalls to monitor data transmission and resource access between external and internal network links, and conduct identity-recognition operations.

Any confidential and sensitive information or documentation is neither stored in an open system nor delivered by e-mail.

We periodically examine and inspect internal networks for information security, the latest virus codes and other security issues.

System Access Control Management

We have set up password issuance and change procedures depending on operation systems and security management requirements, and record it accordingly.

The information center management staff should assign authorization accounts and passwords for employees to log in to each system according to their staff level, and update them regularly.

How long do we keep your data?

CAAM  will not retain your Personal Data longer than necessary for the purposes for which they are collected. However, relevant Personal Data may be retained subject to the conditions below:

  • as and when required under legislation; or
  • where legal actions have arisen and are pending.
  • any inappropriate use of CARS website is detected by the Data Controllers and/or Data Processors (System Administrators).


Most web browsers automatically accept cookies, but, if you prefer, you may set your browser to prevent it from accepting cookies. The “help” portion of the toolbar on most browsers will tell you how to disable cookies.

There are 4 types of cookies used on our Website:

  • Functionality: These cookies enable you to use our Website. These cookies are essential to enable you to browse our Website and use certain features. Disabling them may prevent you from using certain parts of the Website. Without these cookies, features like login, booking and paying activity cannot be provided. These cookies also help keep our Website safe and secure.
  • Preference: These cookies store information such as your preferred country, language selection and website preferences. Without these cookies, our Website may not be able to remember certain choices you’ve previously made or personalise your browsing experience by providing you with relevant information.
  • Analytics: These cookies collect information about how you use our Website such as which pages you visit regularly. These cookies are used to provide you high-quality experience by doing things such as tracking page load, site response times, and error messages.
  • Content/Advertising: These cookies gather information about your use of our Website so we may improve your experience and provide you with more relevant content and advertising. They remember that you’ve visited our Website and help us understand usage of our Website. Some of these cookies are from third parties that collect information about users of our Website in order to provide advertising (on our services and elsewhere) based on users’ online activities (so-called “interest-based advertising”) on our Website and elsewhere online. The third parties involved in interest-based advertising collect internet browsing information (e.g. websites visited, time of visit) across different websites and over time, and they may use the information they collect on our Website to provide you ads (from us and other companies) across the internet.

The cookies used by CAReS are solely associated to anonymous users and their computers and do not provide personal data on user. Some cookies are used by third parties to provide CAAM with data on the effectiveness of its engagements and promotions.

Personal Data Protection Act Malaysia - PDPA

In compliance with the Personal Data Protection ACT 2010 (“the Act”) and its regulations, this notice is issued to all our stakeholders. 


If you still have inquiries or complaints in relation to our handling of your Personal Data or our Privacy Policy or wish to exercise any of your rights as described above, please contact us via the details as described below:

Civil Aviation Authority of Malaysia
Pihak Berkuasa Penerbangan Awam Malaysia
No. 27, Persiaran Perdana,
Aras 1-4, Blok Podium, Presint 4,
62618 Wilayah Persekutuan Putrajaya,
Putrajaya, Malaysia.



Welcome to occ2m

Voluntary  Occurrence Report (VOR)

Voluntary Occurrence Reports (VORs) are classed as:

  • Occurrences not captured by the mandatory reporting system
  • Other safety related information which is perceived by the reporter as an actual or potential hazard to aviation safety