The Personal Data Protection Act 2010 (as may be amended from time to time, hereinafter referred to as the “Act”), which regulates the processing of personal data in commercial transactions, applies to CardBiz Group of Companies and our related companies: CardBiz Solutions, CardBiz Payment Services, CardBiz Technologies, and CardBiz eServices (hereinafter collectively referred to as “CardBiz Group”, “our”, “us” or “we”). For the purpose of this personal data policy, the terms “personal data” and “processing” shall have the meaning prescribed in the Act.
- what kind of personal data is being processed
- the purposes for which the personal data is being or is to be collected and further processed;
- the source of that personal data;
- the persons to whom we disclose or may disclose your personal data;
- where it is obligatory for you to supply the personal data, what happens in absence of this data;
- the choices and means that you may limit the processing of your personal data, including personal data relating to other persons who may be identified from that personal data and
- your right to request access to and to request correction of your personal data and how to contact us with any inquiries or complaints in respect of the personal data.
Type of Personal Data
Personal data refers to all information that relates directly or indirectly to you, including any sensitive personal data and expression of opinion about you. Sensitive personal data refers to any personal data as to your physical or mental health or condition, your political opinions, your religious beliefs or other beliefs of a similar nature, the commission or alleged commission by you of any offense or any other personal data as may be determined by law from time to time.
The personal data collected by us may include (but is not limited to) the following:
- contact information – e.g. your name, date of birth, identification number (such as NRIC or passport number), gender, nationality, race, address, contact number, fax number, email address
- billing information – your credit card information and bank account details
- the status of the services you have acquired from us or subscribed to – e.g. account number, account balance, account activities, payment history
- transaction information – e.g. information requested by you from our services, such as status of traffic summons, driving licences, bankruptcy
- your personal interests and preferences to help us tailor offerings of our services and products which would suit you best
If need arises, we will obtain explicit consent from you to process sensitive personal data. We may however process personal data without your consent in limited circumstances as permitted by law.
Purpose of Processing Personal Data
We may collect and process personal data from you or from third parties, for one or more of the following purposes:
- to verify your identity
- to assess and process your application(s)/request(s) for our services
- to provide you with the information and/or services you have requested from CardBiz Group and/or its designated representatives and/or business partners and ancillary matters thereto
- to administer and manage our services
- to investigate, process and resolve any service issues, complaints, communications or other enquiries that you may submit to us regarding our services
- to assess and/or verify credit worthiness
- to keep in contact with you and provide you with any information you have requested, services and/or products offered by us and/or changes thereto, or by our service providers and/or business partners
- to maintain and develop our services, products, business systems and infrastructure
- to manage staff training and quality assurance
- to produce data, reports and statistics which shall be anonymized or aggregated in a manner that does not identify you as an individual
- to investigate, respond to, or defend claims made against, or involving CardBiz Group
- to conduct marketing activities
- to maintain records required for security, claims or other legal purposes
- to detect and prevent fraudulent activity
- to comply with legal and regulatory requirements
- for any other purposes that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities
Source of Personal Data
We may collect personal data from customer application form, registration at or visit to websites owned and/or operated by CardBiz Group, registration for a specific service provided by us, use of our services, documents provided by you to us, participation in our survey, entry in competitions, contests, promotions, programmes organised by us, request for information regarding our product, commencement of any business or commercial relationship with us and/or any communication made with us.
We may also obtain your personal data from:
- third parties we deal with or are connected with you (e.g. credit reference agencies or financial institutions)
- government or other regulatory authorities who have the power and/or authority to disclose such information (e.g. PDRM, Insolvency Department, JPJ)
- public domain and such other sources where you have given your consent for the disclosure of information relating to you
- where otherwise lawfully permitted.
Request for Access and Correction of Personal Data
Under the Act, you have the right to access and the right for correction to your Personal Data which might have been out-of date, inaccurate or incomplete. You may also withdraw your consent or restrict the purpose for the processing of your Personal Data as set out in this Notice.
You shall provide and maintain accurate, complete and current data required to register with CardBiz Group. You represent and warrant that all information furnished to CardBiz Group from time to time through its website or otherwise is correct, validly issued and legally binding on you.
You will be liable for any loss that results from any failure to notify CardBiz Group of such a change as a result of undue delay, your gross negligence or fraud. Where you fail to inform of any change in its address, CardBiz Group shall be discharged from all liabilities upon sending of any notice or document to the last known address.
CardBiz Group reserves the right at any time to satisfy itself as to your identity and personal details provided including for the purposes of preventing fraud and/or money laundering and pending verification, we may subject to the Act withhold your access to your personal data. In addition, at the time of your application or at any time in the future, you authorise CardBiz Group to perform identity verification checks directly or using relevant third parties.
Retention and Disposal Principle
CardBiz Group shall take all reasonable steps to ensure that:
- Personal Data, whether stored electronically or in paper form , is secured against risks of loss, destruction, duplication, use, modification or disclosure by having in place regular Personal Data housekeeping in terms of retention periods for and classification of Personal Data for legal and business requirements.
- Disposal of documents containing Personal Data, or remove the means by which the Personal Data can be associated with particular individuals as soon as it is reasonable to assume that the purpose for which the Personal Data was collected is no longer being served by such retention, and to maintain such record of the disposal. In this connection, CardBiz Group will periodically review the length of time and the purpose for which the Personal Data is held.
Disclosure of Personal Data
We will process personal data for the following reasons and may disclose to the following third parties:
- to provide, maintain, protect and improve all or any of our services and to develop new ones
- for internal and marketing purposes of CardBiz Group
- companies and/or organisations that assist us in processing and/or otherwise fulfilling transactions and providing you with services that you have requested or subscribed for
- to companies, corporations and/or entities that act as CardBiz Group’s service providers, gateway providers, agents, contractors and/or professional advisers
- law enforcement agencies, government agencies and/or to detect, prevent, or otherwise address fraud, security or technical issues
- CardBiz Group will share personal data with other parties, companies, organizations or individuals outside of CardBiz Group when we have your consent to do so subject at all times to any laws (including regulations, guidelines and/or obligations) applicable to the CardBiz Group.
CardBiz Group shall be entitled to retain all data and information supplied by you for the use of CardBiz Group, notwithstanding the termination or suspension of our services to you.
We are committed to safeguarding your privacy. However, no data transmission over the internet can be guaranteed to be 100% secure. Accordingly, despite CardBiz’s efforts to protect your personal data, We cannot ensure or warrant the security of any information you transmit to us, or to or from our online products or services. All such transmission of information is carried out at your own risk. However, once we receive your transmission, we will make reasonable efforts to ensure its security in our systems.
Whenever we send you any information online, we will include instructions on how to unsubscribe and a link to do so. If you do not wish to receive further information of a similar nature, you may e-mail us. If you do not wish to receive any information of any kind from us at all, you may e-mail us.
Whether Obligatory to Provide Personal Data and Consequences of Not Providing
Where indicated (e.g. on our website, registration/application forms), it is obligatory to provide your personal data to us to enable us to process your application for our services. Should you decline to provide or limit processing such obligatory personal data, we may not be able to process your application or provide you with our services.
CardBiz uses “cookies”, where a small data file is sent to your browser to store and track information about you when you enter our websites. The cookie is used to track information such as the number of users and their frequency of use, profiles of users and their preferred sites. While this cookie can tell us when you enter our sites and which pages you visit, it cannot read data off your hard disk.
CardBiz Group may process and/or otherwise use information collected from cookies and other technologies, to improve the user experience and the overall quality of our services. You may set your browser to block all cookies, including cookies associated with CardBiz Group’s services, or to indicate when a cookie is being set by us. However, it’s important to remember that many of CardBiz Group’s services may not function properly if your cookies are disabled.
Like many website operators, CardBiz Group also uses independent companies to measure and analyze internet usage across CardBiz Group websites. This aggregate, non-personal data is collated by such independent companies and provided to CardBiz Group to assist in analyzing the usage of our websites.
CardBiz Group also collects Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. CardBiz Group collects and manages IP addresses as part of managing its services and for security purposes.
Links to Other Sites
Transfer of Your Personal Data Outside Malaysia
It may be necessary for us to transfer your personal data outside Malaysia subject always to the Act if any of our service providers or strategic partners (“overseas entities”) who are involved in providing part of our services are located in countries outside Malaysia or if you use the services from a country other than Malaysia.
You consent to us transferring your personal data outside Malaysia in these instances. We shall take reasonable steps to ensure that any such overseas entities are contractually bound not to use your personal data for any reason other than to provide the services they are contracted by us to provide and to adequately safeguard your personal data.
If you wish to access and request for correction or limit the processing of your personal data or have any queries or complaints regarding your personal data, please contact us during our office hours as set out below and the following contact points:
|Office Hours||:||9am to 5.30pm|
|Telephone Number||:||+603- 7890 3000|
|Facsimile Number||:||+603- 7890 3001|
|Address||:||Level 30, MYEG Tower, No.8 Jalan Damansara,
Empire City, PJU 8, 47820 Petaling Jaya,
Selangor Darul Ehsan, Malaysia.
In accordance with the Act, we may:
- charge a fee for processing your request for access; and
- refuse to comply with your request for access or correction in accordance with the Act.