Personal Data Protection Notice
SMALL MEDIUM ENTERPRISE DEVELOPMENT BANK MALAYSIA BERHAD
PERSONAL DATA PROTECTION NOTICE
This Personal Data Protection Notice (“Notice”) has been issued to you in accordance with the requirements of the Personal Data Protection Act 2010 (“PDPA”). This Notice informs you:
- What personal data we collect from you;
- How we collect your personal data;
- Why we collect your personal data;
- Who we disclose your personal data to;
- What are your rights and choices;
- Where we store and process your personal data;
- How long we keep your personal data; and
- How we keep your personal data secure;
This Notice applies generally to Small Medium Enterprise Development Bank Malaysia Berhad (which includes all its subsidiaries and related corporations (collectively referred to as “SME Bank”).There may however be instances where a different data protection notice will be applicable for a specific transaction. In such instances, we will inform you accordingly.
Please read the terms of this Notice carefully before furnishing any personal data to us. By furnishing your personal data or by using our products or services or continuing to do so, you are indicating to us that you agree and consent to the terms and conditions of this Notice and any revisions or amendments made from time to time.
If you submit any personal data of other persons, for example, your partners, guarantor, employer, spouse or dependents, you warrant that you have obtained the consent of all such individuals for the provision of their personal data to us and undertake to extend a copy of this Notice to all such individuals.
Our Notice may be revised or amended from time to time and if there is any revision, it will be posted on our website or by other means of communication deemed suitable by us.
The personal data we collect from you may include:
- Your identification details such as name, identification (NRIC) or passport number, gender, nationality, date of birth, age, race, marital status or education qualifications;
- Your contact details such as address (residential, office or billing), email, telephone number, other contact details provided to us from time to time;
- Your employment details such as your employer’s name, your designation, job description or income;
- Spouse’s or dependent’s details such as name, identification or passport number, address or education qualification;
- Personal data of other individuals such as details of directors, shareholders or employees; and
- Other personal data which may additionally be required when you transact with us or visit our premises.
The personal data that we request from you may be mandatory or voluntary (depending on the product or service). Fields requiring mandatory personal data will be indicated in the medium in which your personal data is being collected. If you choose not to furnish any required mandatory personal data or withdraw your consent for processing any mandatory personal data, you agree that we shall be entitled to cease the provision of any products or services without incurring any liability to you (notwithstanding any agreement between you and us)
[Please see the section entitled ‘What are your rights and choices?’].
Directly from you
We collect personal data that you provide to us when you use any of our products and services, website(s) or when you contact us. This includes personal data that you provide when you:
- Transact with us for any products or services or under any agreement;
- Submit any application forms together with any supporting documents;
- Communicate with us by telephone, email, correspondence, facsimile or in person;
- Take part in our customer surveys, competitions and promotions; and
- Use our facilities and services or visit our premises.
When you use our website
We may collect your personal data automatically when you access our website. This may include:
- Information relating to your use of our products and services, for example your browser type, operating system, platform, IP address, cookies, language and region.
- Search queries submitted through our website, pages and advertisements you viewed and links you clicked on while using our website(s).
- Some of the information will be gathered through the use of “cookies”. Cookies are small bits of information that are automatically stored on a person’s web browser in their computer that can be retrieved by the website. Such information, for example, may be a user’s password that is stored to avoid having to retype it during subsequent visits to a site. Should you wish to disable these cookies you may do so by changing the setting on your browser itself.
From third parties
We may collect your personal data from third parties. This may include:
- From sources in the ordinary course of banking business, for example, any bureaus or agencies under Bank Negara Malaysia or other authorities, the Association of Banks in Malaysia, any registered credit reporting agencies or other financial institutions.
- From third party service providers engaged by us, for example, private employment or debt collection agencies.
- When we obtain authorisation for payment you make using a credit or debit card or to complete a credit or fraud check.
- When we transact or contract with a corporate entity, that corporate entity may provide your personal data in connection with the transaction or contract. For example, you may be a director, shareholder or employee of that corporate entity.
Your personal data is used for the following purposes:
- To provide you with products and services that you have requested or to process any application, enquiry or otherwise any communication from you to us.
- To notify you of any products, services, offers or promotions that we or our business partners have selected and believe would be of interest to you
- To manage your accounts or facilities with us.
- To verify your financial standing through credit reference/reporting checks or for any audit, legal, compliance and risk assessment purposes.
- For prevention, investigation or reporting or any fraud, crime and other obligations imposed by law.
- To comply with any disclosure requirements imposed on us, our subsidiaries, affiliates, or our directors, shareholders, management or professional consultants.
- To prepare any statistics, analysis or internal reports for analytical purposes or data mining of your transactions with us, to improve our products/services and to develop new products/services.
- To comply with any requirement of law, order of any court or tribunal or any direction from the Government or any statutory authority
- To protect or enforce our legal rights, including to recover any debt owing by you to us or to assign our rights, interests and obligations under any agreement with you.
Your personal data will generally not be disclosed for any purpose other than for the purpose it was collected. However, there may be instances where your personal data may be disclosed to third parties (which may be within or outside Malaysia), including to our subsidiaries or affiliates.
Some of our products and services are provided in collaboration with certain third parties. We will need to disclose your personal data to them to provide you with the products and services. This may include other financial institutions, merchants or electronic fund transfer facilitators.
We may share your personal data with other third parties in the ordinary course of banking business, for example, the drawee bank providing a copy of a paid cheque to the drawer, any person making any payment into the customer’s account, third party financial institutions, insurers/takaful operators, credit card companies or securities and investment services providers.
We may share your personal data with carefully selected third parties so that they can provide you with information about products and services that may be of interest to you [Please see the section entitled ‘Important information about “opting-in”].
We may share your personal data with any third party to whom we are obligated to make disclosure under the requirements of any law or as required by any regulatory or statutory authority.
We may also share your personal data with certain third parties who have been engaged by us to perform our business functions or any other services, for example, any agent, contractor, advocate and solicitors, auctioneers, valuers, accountants or auditors.
We may disclose your personal data to any third party arising from the restructuring of any facility granted to you, sale of debts, acquisition or sale of any company by us.
You may request details of all personal data we hold about you or correct or update such personal data by completing our Personal Data Access Request Form or our Personal Data Correction Request Form and submitting it to our Customer Service Officer [Please see the section entitled “Enquiries”]. The Personal Data Access Request Form and Personal Data Correction Request Form may be downloaded from our website at www.smebank.com.my or may be obtained from any of our Enterprise Centres.
We may charge you the prescribed fee as stipulated under the PDPA for any data access request. The processing fee for a data access request includes the following:
- Data Access Request with a copy: RM10; and
- Data Access Request without a copy: RM2
The prescribed fee may be revised from time to time.
We will endeavor to comply with your data access request or data correction request within 21 days from the date we receive your request complete with all necessary particulars and the prescribed processing fee above (only for Personal Data Access Request) or such other prescribed time period under the PDPA. Please note that the right to access your personal data is not absolute but subject to the PDPA.
When you request for access or correction of any personal data held by us, we may request for information such as your name, identification card number, address and such other related information in order to verify your identity. We reserve the right to withhold access to your personal data or refuse to correct your personal data where we are unable to verify your identity, where the information requested is confidential in nature or if we receive repeated requests for the same information. In any event, we will inform you of the reasons for not being able to accede to your request.
When there is a change to your personal data, it is your obligation to inform us of such change.
You may limit or withdraw your consent for us to process your personal data by sending a notice in writing to our Customer Service Officer [Please see the section entitled “Enquiries”].
We will only share your personal data with any third party in relation to any products or services if you have:
- Given us your consent by contacting us at the contact details provided in the section entitled “Enquiries”;
- By ticking the ‘opt-in’ box in any medium used to collect your personal data; and
- Where you have indicated your consent through our website(s)
We generally store and process your personal data within Malaysia. However, the personal data that we collect about you may be processed in, transferred to, or stored at a destination outside Malaysia.
You can be assured that we will take reasonable steps to protect your personal data and in accordance with this Notice even when your personal data is processed in, transferred to, or stored at a destination outside Malaysia.
How long we keep your personal data?
We will keep your personal data:
- For as long as it is reasonably necessary for us to provide you with our products and services you have purchased or requested or the performance of a contract with you;
- For marketing purposes to provide you with information about products and services that we or our third party business partners have selected and believe would be of interest to you[Please see the sections entitled “What are your rights and choices?” and “Important information about opting-in”];
- We may keep records of any transactions you enter with us for up to six (6) years so that we can respond to any complaints or disputes which may arise. Where the records are the subject of legal investigations or proceedings or it is reasonably anticipated to be the subject of any legal investigations or proceedings, we will keep the personal data for longer periods.
- We will keep your personal data for as long as it is required to comply with any requirements of law or in accordance with any directions issued by any regulatory or public authorities.
We will take reasonable steps to ensure that your personal data held by us is protected from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.
- For any enquiries or complaints regarding your personal data.
- To submit any completed Personal Data Access Request Form or Personal Data Correction Form; and
- To exercise any other options provided to you under this Notice.
Customer Service Officer
Address – Level 10, Menara SME Bank, Jalan Sultan Ismail, 50250 Kuala Lumpur
Fax number: 03-2691 0727
Email address: firstname.lastname@example.org
This Privacy Notice was last updated on: 5th May 2014