Privacy and Data Protection Notice Malaysia
Effective date: August 4, 2020
At BetterTradeOff Solutions Pte Ltd (“BTOS”), we are committed to maintaining the privacy and security of any Personal Data that you provide to us.
For BTOS products and services the definition of Personal Data refers to any data that can be used to uniquely identify an individual, including but not limited to items such as: name, mailing address, phone number, email address, service detail, payment detail, contract detail, account number, etc.
1. Purposes of Personal Data Collection, Use, and Disclosure
1.1. You authorize and give your consent to collect and use your Personal Data for purposes including allowing BTOS to:
(a) performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;
(b) verifying your identity;
(c) responding to, handling, and processing queries, requests, applications, complaints and feedback from you;
(d) managing your relationship with us;
(e) processing payment or credit transactions including credit collection;
(f) sending your marketing information about our or third-parties goods or services including notifying you of our or third-parties marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions;
(g) any other purposes for which you have provided the information;
(h) transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
(i) improve our services to you, enhance service information provided to you, and give guided and relevant updates;
(j) enable your access to privileged areas of our Website;
(k) customize relevant products, services, special offers, and rewards that we think will be of interest to you;
(l) diagnose possible problems with our servers;
(m) optimize our Website delivery;
(n) plan, provision, and bill third-parties for services;
(o) complete general market research;
(p) complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
(q) establish, exercise, or defend any legal or equitable claim; or
(r) conduct any other purpose related, necessary, ancillary, or consequential to or in connection with the above specified purposes.
1.2. When the need arises for your Personal Data to be collected, used, or disclosed for purposes other than the ones originally consented for, we will obtain your fresh consent in that regard, in accordance with the PDPA.
1.3. If you have provided us with your consent, your personal data may be used and disclosed for the purpose of marketing our products, events and services and those of partners and business associates (e.g. insurances, banks, advisory firms, financial institutions and property agencies), and other organisations and enterprises which are part of BetterTradeOff Pte Ltd. To market products, events and services which are of interest and relevance to you, we may analyse and rely on your personal data provided to us, or data collected from your interactions with us or external parties when consent was provided for such usage.
1.4. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
2. Collection and Use of Personal Data
2.1. We may collect your personal data when you:
(a) Subscribe to our services;
(b) Use our solution and other BTOS products or services or enter in a transaction with us (or express intention to do so);
(c) Register for a specific product or services;
(d) Respond to our promotions or sign up for alerts or newsletters;
(e) Contact us or request that we contact you through various communication channels, for example, through social media platforms, messenger platforms, face-to-face meetings, telephone calls, emails, fax and letters;
(f) Are within our premises or attend events organized by us and in particular when your image is captured or videos taken by us via photographs, surveillance cameras or authorized representative;
(g) Participate in a survey, event, program, competition, contest, lucky-draw, game or any personalized marketing operation;
(h) Seek information about our company and services, for example if you are a jobseeker, existing or prospective investor or shareholder;
(i) Visit any of our websites, download or use any of our applications (using cookies, mobile advertising IDs and other technologies);
2.2. Depending on your relationship with us, we may also collect your personal data from third parties, including but not limited to:
(a) From other organizations which are part of BetterTradeOff Pte Ltd;
(b) From your family members or friends who provide your personal data to us on your behalf;
(c) From third parties when we buy or rent information about you to help improve our products and services or our business;
(d) From business partners or third parties when referring you;
(e) From third parties in connection of the products and services you have applied and expressed interest to apply to including for reference checks or when you make payments;
(f) From public agencies and other public sources;
2.3. We securely partition Personal Data that can identify you as an individual separately from general information records (customer-identifying data vs. non-identifying data).
2.4. We use “cookies” (a small text file that your browser stores on your device) to develop, optimize, and improve our website; including but not limited to: details of your domain name, Internet Protocol address, operating system, browser version, how long you stayed on a page, the route you took to navigate through the pages, simulation data on our site, and possibly other session-based elements related to your usage of our website.
2.5. If Personal Data relating to a third party is provided by you, by submitting such information to us, you represent to us that the consent of that third party has been obtained for the collection, use, and disclosure of the Personal Data for any of the purposes listed in the sections above.
2.6. If you are a child, minor or not of legal age, please inform and seek consent from your parent or guardian before providing your personal data. If as a parent or guardian, you have reasons to believe that your child or ward has provided us with personal data without your consent, please contact us to request for the deletion of such information.
2.7. As BTOS relies on your Personal Data to provide accurate services to you, you (or your authorised representative) shall ensure that at all times the Personal Data submitted to us is true, accurate, and complete.
3. Access to and Correction of Personal Data
3.1. If you wish to access to the personal data which we hold about you or make a correction to correct or update any of your personal data which we hold about you, you may do so by accessing our website and use the profile section.
3.2. Alternatively, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
3.3. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
3.4. We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
4. Disclosure of Personal Data
4.1. BTOS will not disclose your personal data to third parties without first obtaining your consent permitting us to do so.
4.2. However, BTOS may disclose Personal Data without first obtaining your consent in certain situations, including, without limitation:
(a) to carefully-selected third-party service providers who provide operational and administrative support under strict PDPA and non-disclosure agreements;
(b) to any relevant authorities;
(c) to a public agency when such disclosure is necessary in the public interest;
(d) to the extent necessary to comply with any applicable legal and regulatory requirement;
(e) to third parties when the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
(f) to respond to an emergency that threatens the life, health or safety of yourself or another individual;
(g) to provide necessary assistance for any investigation or legal proceedings;
(h) in relation to professional indemnity policies;
(i) where such disclosure without your consent is permitted by the PDPA or by law; and
(j) to any other party where authorized by you.
The instances listed above at paragraph 4.2. are not intended to be exhaustive. For more information about exceptions, we encourage you to refer to the relevant schedules of the PDPA which can be found at http://www.agc.gov.my/
4.3. We will employ our best efforts to require third parties to protect your personal data when disclosing your personal data to such third parties with your consent.
5. Retention of Personal Data
5.1. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
5.2. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
6. Transfer of Personal Data Outside of Malaysia
6.1. In terms of our set-up and management of your data we will require your consent for your personal data to be transferred to Singapore, to be hosted on our Microsoft Azure Datacentre, outside of Malaysia. In this regard we will require your specific consent in terms of the PDPA Act 2010, section 129 (3) (a), failing which we will not be able to process your data. We will take all necessary steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
7. Data Protection Officer
7.1. You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:
Email to “firstname.lastname@example.org”
8. Opt-out and External Parties
8.1. You may prevent BTOS from collecting new Personal Data by discontinuing your access to our Website. You may opt-out and withdraw your consent for BTOS to retain your Personal Data by requesting your data to be expunged from our cryptographically-secure storage.
8.2. To request Personal Data removal, please provide written email notice and allow reasonable completion time to our Data Protection Officer at “email@example.com” to purge your information from our online live-system (data backups are required to be retained, but your Personal Data will be flagged as “Do Not Restore”).
8.3. If you no longer wish to receive information about special offers, promotions, or rewards, you may do so by accessing our website and use the setting section. For any further queries, please us know by emailing us at “firstname.lastname@example.org”.
8.4. BTOS makes a best-effort attempt to screen and approve of any external website link that we include into our Website; however, BTOS is not responsible for any external company’s privacy practices or the content of any external web site
8.5. BTOS uses external parties to provide secure website access to data, which is also stored on external-party cloud-based servers within the Microsoft Azure security platform (see their website for details). BTOS follows best-practices guidelines for provisioning of world-class, high-security services that you would typically access when you use an online banking service. All data records are encrypted in storage as well as being encrypted during transmission according to industry-standards.
8.6. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
8.7. You may, if you wish, communicate with BTOS on certain general information topics anonymously (where practical), and BTOS will make best efforts to be of assistance if you prefer to transact with anonymity.
9. Effect of Notice and Changes to the Notice
9.1. This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
9.2. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.