PRIVACY POLICY AND PERSONAL DATA NOTICE
1. INTRODUCTION
1.1 This Privacy Notice applies to data, including your personal data, collected by XBace Sdn Bhd through our websites of which we make our services available (collectively, “Site”), our mobile, tablet and other smart device applications, and application program
interfaces (collectively, “Application“) and all associated services (collectively, “Xbace Services“). The Site, Application and Xbace Services together are hereinafter collectively referred to as the “Xbace Platform”, For the purpose of this Notice, any reference to ”Company”, “we”, “us”, “our” or “Xbace” and or any similar term shall be construed as reference to Xbace Sdn Bhd.
1.2 We value your privacy and strive to protect your personal data in compliance with the laws of Malaysia. This Privacy Notice is issued to inform you of our commitment to the policy of protecting at all times the confidentiality, integrity and security of the information provided by you to us as we recognise the importance of the personal data we hold about customers and the trust they place in us. “personal data” and “sensitive personal data” in this Notice, shall have the meaning assigned to them in the Personal Data
Protection Act 2010.
1.3 This Privacy Notice explains:
(a) How do we collect your personal data;
(b) Types of data we collect about you;
(b) How do we use your personal data;
(c) The parties that we disclose the personal data to;
(d) The choices we offer, including how to access and update your personal data.
2. HOW DO WE COLLECT YOUR PERSONAL DATA
2.1 We will collect data from a variety of sources including the sources mentioned below, which may constitute personal data and/or sensitive personal data which are relevant to our business relationship with you:
We may collect data directly from you when you:
(a) apply for products or services, create an account via our Xbace Platform;
(b) interact and communicate with us at any of our events or activities;
(c) communicate with us whether through email, phone, our Xbace Platform as well as other forms of communication;
(d) register or subscribe for a specific service provided by us;
(e) participate in any of our surveys or polls;
(f) enter or participate in any competitions, contests or loyalty programmes organized by us;
(g) register your interest and/or request for information through our Xbace Platform;
(h) respond to any marketing materials that we send out;
(i) visit or browse our website and any other Xbace owned platforms; and
(j) lodge a complaint with us and provide feedback to us.
Other than the personal data obtained from you directly as stated above, we may also obtain your personal data from third parties which we deal with or are connected with you, and from such other sources where you have given your consent for the disclosure of your personal data and/or where otherwise lawfully permitted.
3. TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU
3.1 The types of personal data collected varies depending upon the type of products and services you seek and collection may begin prior to your take-up or upon signing up or depending on how you access and use our products and services. Data collected will include:
(a) Data that identifies you:
(i) Your name, salutation/title, address and other contact information such as telephone number, mobile number, email address;
(ii) Your age, gender, date of birth, race, citizenship, marital status, medical history, particulars of identity documents such as identity card or passport, where applicable;
(iii) Your location data;
(iv) Your education, employment and/or business details;
(v) Your biometric information (Pictures, video from security cameras, video recordings);
(vi) Your relationship with other data subject/third parties;
(vii) Your personal interest and preferences.
(b) Data about your financial position:
(I) Your Bank account number; and
(II) Your Debit/Credit card details, issuing bank, card expiry date.
(c) Data about your intended use of our products and/or services.
(d) Data about your opinion about our products and services.
3.2 Under certain circumstances, we may also collect sensitive personal data if:
(a) We need it to provide you with a specific product and/or service; or
(b) We need it for safety and security purpose.
4. HOW DO WE USE YOUR PERSONAL DATA
4.1 Although, the primary purpose of collecting your data is for its use in the normal course of the general business between Xbace and you, the said information may also be applied for purposes incidental to and connected with the said primary purpose including but not limited to the following:
(a) To verify your identity;
(b) To offer, cross-sell and market products and services provided by us and our affiliates to you;
(c) To communicate with you and deliver information that is requested by you to you and/or, in some cases, is targeted to your interests, such as administrative notices, product offerings, and communications relevant to your use of products and services;
(d) To process any communication you send to us, including answering any queries, dealing with any complaints and/or feedback;
(e) To notify you about benefits, changes to the features, promotions, alerts, newsletter, updates, promotional materials and special privileges;
(f) To send you seasonal greetings messages as well as invitation to join our events and promotions from time to time;
(g) To establish and better manage any business relationship we may have with you;
(h) To conduct marketing activities including market research and surveys with you;
(i) To maintain records, including payments and subscription history, required for auditing, security, claims and/or other legal purposes;
(j) To investigate and resolve any queries or complaints that you may submit to or raise with us;
(k) To assist law enforcement agencies in their investigation activities and for compliance with and/or any purposes required by any relevant law, directives, guidelines, orders, rules, regulations and requirements of any governmental or statutory authority or administrative or regulatory or supervisory body;
(l) To process and facilitate any payment and transactions with us;
(m) Any other purposes relating or incidental to any of the above.
5. HOW DO WE MANAGE THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL DATA
5.1 Obtaining Consent
We only collect personal data about you that is necessary to perform our functions and activities. If you do not provide this data or consent to certain use of your personal data, we may not be able to provide you with the product or services that you want or otherwise, deal with you. In most cases, before or at the time of subscribing to our products and/or services, you shall give your consent to us for the purposes for which it is intended to be used and to disclose your personal data. Your consent can be expressed verbally or in writing, or implied by your actions.If you wish to withdraw consent, you should give us reasonable advance notice.
5.2 Use of Cookies
We use “cookies” to collect information about your online activity on our website or mobile application. “cookies” are text files to store your preferences that are placed in the browser of your device. Our website and mobile application may use cookies to enhance your experience and understand the usage of our website and mobile application. You may choose not to accept cookies by turning off of this feature in your web browser.
5.3 Data Confidentiality and Sharing of Personal data
(a) Unless otherwise prohibited by laws, we shall keep your personal data (except data already in the public domain) confidential. However, we may need to share your personal data in the normal course of general business and connected with the primary purpose
for which your data was collected with, amongst others, the following parties:
(i) Xbace, our subsidiary companies, our related companies and our affiliates;
(ii) companies and persons that act as our agents, contractors, affiliates, service providers, merchant and strategic/ business partners, lawyers, auctioneer, valuers and/or professional advisers and the employees, directors and officers of all parties mentioned above;
(iii) companies and/or organisations that assist us in providing value added services that you have requested;
(iv) companies and organisations that provide services to us, including in relation to technical infrastructure, marketing and analytics, and web and app development;
(v) any other person who has expressly or impliedly undertaken to keep such information confidential or otherwise is under a duty of confidentiality to us;
(vi) any financial or other institution, credit charge or other credit card company with which you have or propose to have dealings;
(vii) any party jointly with whom we launch, organise or offer any product, function or service and any other party having business arrangements with us in connection with the services, products, customer feedback survey and functions offered or organised by
or through us;
(viii) credit reporting agencies, and, in the event of default, to debt collection agencies;
(ix) any person, which is required by law, rule, regulation, court order and under any guidelines issued by regulatory or other authorities;
(x) any other person (including but not limited to accountants, auditors, lawyers or other professional advisors, insurance providers, next-of-kin, beneficiaries, executors, administrators or trustees) notified by you as authorised to give instructions or to use
our products and/or services on your behalf.
5.4. Direct Marketing/Telemarketing
We may process your personal data to provide you with, or enable our subsidiary companies, related companies, affiliates to provide you with, information, promotions and updates including advertising and marketing materials (“marketing material”) about our and/or our subsidiary companies, related companies, affiliates’ products and/or services as well as products and/or services of our and/or our subsidiary companies, related companies, affiliates’ preferred merchants and strategic partners. Subject to your specific consent, we may also facilitate for our and/or our subsidiary companies, related companies, affiliates’ preferred merchants and strategic partners to provide you with marketing material about their products and/or services, which may be of interest to or benefit you. The aforementioned information, promotions and updates, including advertising and marketing materials may be sent to you
via any one or more of the following examples: phone calls, text messages, online banners, emails or via other internet, social or application based messaging system or any other means of communication. If at any time you choose not to receive such marketing material from us, you may instruct us not to send you any further such material at the address/ telephone number/ e-mail address given at the end of this Privacy Notice.
5.5. International Transfers
As we may operate regionally, we may transfer your personal data to places outside Malaysia in which we conduct business or if any of our service providers or strategic partners who are involved in providing part of our product and/or service or outsourced data storage or data processing services for and on behalf of us is located outside Malaysia. You have given consent for us to transfer your personal data to places outside Malaysia in these instances.
6. HOW DO WE ENSURE THE SECURITY OF YOUR PERSONAL DATA
6.1 We will implement adequate and stringent security controls, measures and protocols that are in line with existing industry practices and legal requirements to protect your personal data against any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction. To achieve this objective, we shall conduct regular reviews of the risks to personal data and promptly address and rectify any security flaws or weaknesses identified.
6.2 We employ security measures regardless of the media on which information is stored, the systems which process it, or the methods by which it is moved. Such protection includes restricting access to information on a need-to-know basis. We devote sufficient time and resources to ensure that information is properly protected.
6.3 As a source of reference for our data security needs, data security policies, standards and procedures are fully documented and maintained. All employees, including new recruits, are educated as to their obligations with regard to your personal data. Consultants or other external parties contracted to carry out work for us must also conform to these requirements and where appropriate, are also bound by non-disclosure agreements to ensure the confidentiality of the our information assets.
6.4 We also require you to help us by complying with the security measures designed to protect your personal identification numbers and passwords by keeping it secret and confidential. These are set out in the terms and conditions of your account. You may be
able to limit your liability for unauthorised use of your account if you observe these requirements.
6.5 If we no longer require your personal data, after the expiry of the relevant retention period, we will take reasonable steps to destroy it in a secure manner or remove identifying features from it.
7. HOW DO WE ENSURE THE ACCURACY OF YOUR PERSONAL DATA
7.1 We will take all practicable and reasonable steps to ensure that your personal data is accurate, complete and up to-date.
7.2 You can help us to keep accurate and up-to-date records by informing us in writing of any changes so that records on you could be updated promptly.
7.3 You shall take notice that, the accuracy of your personal data depends to a large extent on the information you provided to us. As such, it is a condition of us providing the products, services and/or facilities to you that you:
(a) warrant and declare that all your personal data submitted or to be submitted to us are accurate, not misleading, updated and complete in all respects for purposes acquiring or using the relevant products, services and/or facilities, and you have not withheld any personal data which may be material in any respect and that we are authorised to assume the accuracy of the personal data given by you when processing such personal data; and
(b) promptly update us as and when such personal data provided earlier to us becomes inaccurate, incomplete, misleading, outdated, obsolete or changes in any way whatsoever by contacting us.
8. HOW LONG DO WE RETAIN YOUR PERSONAL DATA
Any personal data we collect will be retained by us and/or any of the parties to whom any personal data has been disclosed to, for as long as necessary to fulfil the many different purposes outlined in this Notice in line with our internal retention policies or as required to satisfy legal, regulatory, taxation and/or accounting requirements or to protect our interests.
9.HOW DO WE HANDLE PERSONAL DATA OF THIRD PARTIES
9.1 With regards to personal data that you had provided about other persons on their behalf, you shall confirm that you have explained to them that their personal data will be provided to, and processed by us and you represent and warrant that you have obtained
their consent to the processing (including disclosure and transfer) of their personal data in accordance with this Privacy Notice.
9.2 In respect of minors or individuals not legally competent to give consent, you confirm that they have appointed you to act for them, to consent on their behalf to the processing of their personal data, including sharing and disclosure in accordance with this Privacy Notice.
10. HOW DO YOU ACCESS AND MAKE CORRECTION TO YOUR PERSONAL DATA
10.1 You are entitled to exercise the following rights relating to your personal data:
(a) check whether we hold your personal data and have access to such data;
(b) require us to correct any data relating to you which is inaccurate; and
(c) ascertain our policies and practices in relation to your data and to be informed of the kind of personal data held by us.
10.2 Your request should be made personally at the address/ telephone number/ e-mail address given at the end of this Privacy Notice. We reserve the right to charge a fee for the processing of your request.
11. WEBSITE LINKS
Please note that our website may contain links to other sites that are not affiliated with us. Such links to other sites is provided for your convenience and information. These sites may have their own privacy statement in place, which we recommend you to scrutinise the said statement if you visit any linked websites. We are not responsible for the content on the linked sites or any use of the site.
12. CHANGES TO THIS PRIVACY NOTICE
We may amend this Privacy Notice from time to time and the updated version shall apply and supersede any and all previous versions. You are encouraged to check our website and revisit this notice periodically for our most up-to-date Privacy Notice. When we post changes to this Privacy Notice we will revise the “Last updated on” date on the last page of this notice.
13. HOW DO YOU CONTACT US IN RELATOIN TO YOUR PERSONAL DATA
You may have any query in relation to this Privacy Notice or may request for access and/or request for correction of your personal data or make any inquiries or complaints in relation to the processing of your personal data by contacting the following personnel for further assistance:-
Address:
The Manager | Careline Unit
180, Jalan 5, Kompleks Perabot Olak Lempit,
42700 Banting, Selangor
Telephone No +6012-534 6671
Email Address support@xbace.com.my
Last Updated on 07-03-2023
