Privacy notice
Notice Under the Personal Data Protection Act 2010
This written notice (“Notice”) is issued by AEON Bank (M) Berhad (Formerly known as ACS Digital Berhad) and on behalf of its subsidiaries and related corporations (collectively “our”, “us” or “we”) to you. For the purpose of this Notice, the terms “personal data”, “sensitive personal data” and “processing” shall have the same meaning as prescribed in the Personal Data Protection Act 2010 (“Act”).
Consent
Description of Personal Data
Purpose
Your personal data is being or is to be collected and further processed by us for the following purposes (where relevant):
- performing pre-contractual activities and our contractual obligations with you (such as assessing your application(s)/request(s) for our products and services, to establish your financial standing, employment details, creditworthiness and/or suitability for any of our products/services applied for (if required) and to administer your account with us);
- ensuring the performance by you of your pre-contractual activities and contractual obligations to us;
- for purposes relating to your use of our services and products;
- internal administration and management purposes, including without limitation for purposes related to data storage and management;
- to access any online platforms or sites owned, operated or managed by us or on our behalf (“Platform”) and/or, where relevant, allowing you to connect to the wifi facilities provided by us or our service provider;
- communicating with you, dealing with your inquiries or complaints, resolving any issues/disputes and enforcing our rights, including but not limited to obtaining professional advice;
- the operation, management and/or maintenance of our system and our premises;
- business development purposes, market surveys/research and trend analysis such as evaluating the effectiveness of our marketing or advertising content, statistics compilation, reporting, audit, compliance, risk management and assessment, data analytics to improve our services/products and for the purpose of assisting us in any future dealings with you, for example, by identifying your requirements and preferences;
- organising, participating in, managing and/or carrying out duties in connection with our events, contests, tournaments, competitions, programmes and other activities organised or sponsored by us or on our behalf (“Events”) and advertising and providing you with information (such as Events, offers or promotions) relating to our and our related corporations’ and business partners’ products and/or services, including without limitation sending you e-newsletters, promotional marketing materials, seasonal/birthday greetings and messages, gifts and/or vouchers;
- publishing photographs or video footages of you, which are captured during your participation in any of the Events (with or without your name), on our Platform or social media or at our premises;
- complying with applicable laws, contractual, and/or regulatory obligations and related purposes including but not limited to financial or regulatory reporting, audit, and record keeping purposes;
- preventing or investigating any illegal or criminal activities, breaches and complying with any legal or regulatory requirements and/or directions and instructions from any law enforcement officer or governmental and regulatory bodies;
- ascertaining your status or to facilitate us in making any decisions, for example, checking details in applications for credit-related services or other facilities, managing credit-related accounts or facilities (which include conducting reviews of your portfolios), recovering debts;
- contemplated or actual corporate restructuring or corporate transaction involving us including without limitation any merger, acquisition, restructuring and/or reorganization and/or acquisition, disposition, sale, assignment and/or transfer of any or all portion of our business, rights, obligations, assets or stock (“Corporate Transaction”); and/or
- such other purposes authorised by you or directly related or ancillary to the foregoing purposes,
(collectively, the “Purposes”).
Source of Personal Data
Your personal data is being or is to be collected from a variety of sources, including without limitation:
- from the forms submitted or filled in by you or on your behalf to us through the AEON Bank Application, AEON Bank Website, and/or any other method;
- when you visit our premises in person or use our products and/or services;
- via any Platforms and/or cookies;
- when you participate in our Events
- from any information or document submitted or provided by you to us for any of the Purposes (such as your Identity Card or passport);
- when you contact us through various methods such as telephone calls, emails and/or the Platform;
- from any third parties (including without limitation credit reference agencies, regulatory and law enforcement authorities and other third party sources); and/or
- from all other communications between you and us and all other information that you may provide to us from time to time.
Access to, Correction of and Limiting the Processing of Personal Data
Disclosure of Personal Data
We may disclose/transfer your personal data to the following third parties (who may be located within or outside Malaysia) in connection with or for the fulfilment of any of the Purposes:
- our related corporations, subsidiaries, affiliates and/or our group companies (“Related Companies”);
- our business partners, contractors and service providers, including without limitation our data centre service providers, storage facility and records management service providers, cloud service providers, Information Technology service providers and/or data analytics and marketing agencies;
- credit reporting/reference agencies and background check agencies which include Central Credit Reference Information System (CCRIS), CTOS Data Systems Sdn Bhd, Credit Bureau Malaysia Sdn Bhd, Experian Information Services (Malaysia) Sdn Bhd or any other agencies that are not mentioned or specified herein;
- our financial and other professional advisors;
- banks, takaful/insurance companies, credit card verification providers and payment processors;
- governmental (including without limitation semi and quasi governmental) departments and/or agencies, regulatory and/or statutory bodies and law enforcement officer;
- such third party as requested for or authorised by you or as required by law;
- your nominee, immediate family members and/or contact person (in case of emergency) as may be notified to us in writing from time to time;
- safety and security personnel;
- our actual or potential assignee, assignor, transferee, transferor, acquirer or acquiree in respect of our rights, interests and properties;
- third parties due to any Corporate Transaction; and/or
- other third parties for any of the Purposes.
Intra-Group Data Sharing
Your personal data may be shared with our Related Companies through an intra-group data sharing arrangement, for the following purposes:
- to onboard you and any other relevant actions related to the services and/or businesses of our Related Companies (where applicable); and
- allowing us and our Related Companies to provide you any related services, businesses, and/or customer service, improve such services and/or businesses, and promote such related services and businesses through special promotions, offers or rewards (where applicable).
Security Measures
We take personal data security seriously when processing your personal data. We will put in place practical steps to protect your personal data from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction as required by law, including but limited to:
- control and limit our employees’ access to personal data system;
- terminating user ID and password immediately when our authorised employees are no longer handling the personal data;
- keeping all physical files containing personal data in a locked place; and
- ensuring that all our employees involved in processing personal data always protect the confidentiality of your personal data.
Personal Data Retention Period
Personal Data of Minors and Others
Third Party Personal Data
Obligatory Personal Data
Transfer of Personal Data to Places Outside Malaysia
Accuracy of Your Personal Data
Conflict
Amendments