PERSONAL DATA PROTECTION ACT 2010
Any reference to “GKASH”, “we”, “us” or “our” shall be a reference to GKASH Sdn Bhd and/or our data processor. If you are a corporate entity/partnership/organisation, references to “you” and “your” shall also include your shareholders, directors, employees, managers, officers, representatives, agents and partners, respectively.
HOW DOES GKASH COLLECT YOUR DATA
Your Data will be collected vide our “Platforms”, which refers to (i) our website, www.gkash.my and the mobile version of the same operated and maintained by GKASH; and (ii) any of our smartphone and mobile application(s) (whether for businesses or users) developed, owned and made available by GKASH. By collecting, recording, storing, disclosing, transferring, transmitting or otherwise using the Data constitute an act of us “processing” your Data.
We would require the Data collected from you for the creation of your account with GKASH for our provision of the Services to you. Please note that, in addition to the Data obtained at the point of your registration with us, we may request and obtain additional Data about you during the course of your use of the Services.
We may also collect Data from you in any manner during your course of dealing with us as well as from your engagement with our customer support team or during events, seminars, conferences, talks, road shows, surveys organised by us and other publicly available resources.
We may also collect your Data from our business partners (e.g. banking and financial institutions) and service providers (e.g. software support and maintenance service provider), during the course of processing your application for an account with GKASH or through cookies and web server logs. In doing so, we will exercise reasonable diligence and require the third party to confirm with us that your Data was obtained and provided to them legally.
Please take note that if you visit our Platforms as a guest without subscribing to the use of the Services, we may obtain your Data in a limited manner based on the technology associated to / available on our Platforms.
WHAT IS THE PURPOSE AND HOW DOES GKASH PROCESS YOUR DATA
The registration process in respect of the setting up of an account for the use of the Services requires the processing of the following information, as applicable:
(a) full name (as per NRIC for individual and as per company certificate for companies);
(b) NRIC number or company registration number;
(c) correspondence address;
(d) business address;
(e) nature of business;
(f) occupation and place of work;
(g) contact number and email address;
(h) credit card details or details of other payment method(s);
(i) bank account details (including name of bank and bank account number);
(j) password and user name created for your account in respect of the use of the Services;
(k) your IP address, browser type, other forms of online activity identifiable by your use of the Services; and
(l) any such information as our due diligence process would require.
The purpose for which GKASH may use your Data include amongst others the following and such purposes may be carried out by any means or methods as GKASH may deem fit, subject to the laws of the relevant jurisdictions:
(a) for the registration and opening of an account with GKASH for purposes of the Services;
(b) facilitating, dealing with, administering, managing and/or maintaining the provision of the Services to you;
(c) processing your payment request;
(d) receiving payment made into your account with GKASH, if applicable;
(e) as applicable, with your authority, to hold onto the amount credited into your business account with GKASH until you instruct us to release such amount into your nominated bank account;
(f) release of your money from your business account with GKASH into your nominated bank account;
(g) effecting the transmission of electronic funds from your eWallet with GKASH to the respective recipients of the electronic funds;
(h) receiving of payment of electronic funds made in your favour;
(i) responding, addressing or attending to your queries and/or requests and to take actions related to such queries and/or requests;
(j) topping up of your eWallet with GKASH;
(k) verifying the authenticity of your identity with a third party data holder or authorised verification body;
(l) in the case of any refunds, chargeback or investigation into the veracity of a payment made into your GKASH business account;
(m) carrying out rectification works on your GKASH eWallet and/or business account (when required);
(n) completing any transactions requested by you or carried out in your favour on any of the Platforms using your GKASH eWallet and/or business account;
(o) meeting any billing requirements and service charges;
(p) complying to any requirements or obligations of the laws of the relevant jurisdictions;
(q) adhering to any rulings, guidelines and orders imposed by Bank Negara Malaysia or any other regulatory body;
(r) subject to your consent given at the time of registration or at any time thereafter, provide any updates, promotions, or any activities or information in relation to the Services and/or GKASH, or through any of our appointed third party agencies, by way of text messages, phone calls, electronic mails, social media and/or any other appropriate channels of communication;
(s) carrying out any due diligence, background checks, or any other monitoring or scrutinising activities in accordance with relevant legal requirements or for purposes of risk management as may be required by the relevant laws;
(t) analysing customers feedback to identify user behaviours and customers’ profiling to improve and enhance our level and standard of services to you;
(u) sharing of your Data for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action (including for purposes of preparing such legal documentation);
(v) sharing of any of your Data with a third party business partner or service provider for purposes of a potential joint development of services or products;
(w) to detect and subsequently report to the relevant authority, a suspicious activity (such as activities which are fraudulent, illegal or prohibited) or to undertake any of our other reporting obligations imposed on GKASH as an electronic money issuer;
(x) to evaluate the functionality of our Services or any of its Platforms and to carry out upgrading works;
(y) for our storage, hosting back-up (whether for disaster recovery or otherwise) of your Data, whether within or outside of Malaysia; and/or
(z) other purposes required to maintain, administer and better manage provision of the Services to you.
DISCLOSURE AND TRANSFER OF DATA
Subject to the laws of the relevant jurisdictions, GKASH may disclose your Data to the following persons under any of the circumstances set out below:
(a) our shareholders, directors, employees, staff, subsidiaries (local or foreign), related entities (local or foreign), independent contractors, service providers, business associates, agents and any other agent who assists GKASH in processing the Data and manages the operation and
maintenance of the Services;
(b) the merchants or vendors that partner with GKASH in order to provide the Services to you;
(c) payment channels or entities such as banking, financial institutions, payment network or service providers or any other party involved in the process of assessing, verifying, effecting, facilitating and completing your payment transactions using the Services. This may include but is not limited to service providers providing credit services, processing services, logistics, data protection or management services;
(d) if required to do by operation of law or by regulatory or compliance bodies in order to identify risks or threats relating to fraud, money laundering, terrorism financing and/or any other illegal or criminal activities;
(e) auditors, accountants and/or solicitors in the preparation of documents of GKASH for statutory filing purposes or any other document required to be submitted to adhere to the statutory or regulatory compliance owed by GKASH to governmental authorities or compliance bodies;
(f) to the extent permitted by any relevant laws, any third parties (including financial advisers / legal advisers / professional advisers) carrying out due diligence review in connection with any proposed merger, acquisition, sale, reorganisation, joint venture or any other corporate activity related to GKASH or any of its subsidiaries, related or associated companies;
(g) any third party data processor or authorised verification body;
(h) data centres and/or servers, storage facilities and/or records managements companies located within or outside of Malaysia for purpose of storing your Data;
(i) government agencies, law enforcement agents, courts, tribunals, regulatory / professional bodies, if required to do so in satisfaction of any applicable law, regulation, order or judgement; and/or
(j) any other person which requires your Data in order to operate and maintain the Services.
If required to provide the Services, GKASH may process your data to or with:
(a) our subsidiaries, related and/or associated companies abroad in order to process your payment or to effect, operate, maintain any part of the Services; or
(b) third party service providers who provides information technology storage facilities and services where your Data may be stored and managed.
RETENTION AND DESTRUCTION OF YOUR DATA
SECURITY OF DATA
In order to ensure adequate protection and measures are in place to protect your Data, we utilise various software, hardware, programming systems and/or servers and other information technology equipment which we deem reasonably suitable and fit for the purpose of storing and securing your Data.
Against compliance with the PDPA, we endeavour to take reasonable and practical measures to mitigate and reduce the risks of unauthorised exposure, destruction, accidental loss, damage and alteration, to your Data by restricting the access of any unidentified or unauthorised third parties to your Data. We may from time to time implementing appropriate and improve our technical, electronic and procedural security measures to safeguard your Data.
YOUR RIGHTS TO ACCESS YOUR DATA
To the extent permitted under the PDPA and applicable laws, you have the right to request for access to or request for a copy of, your Data for purposes of checking, correcting or updating such Data.
Subject to the payment of a minimal fee as permitted under the PDPA, access to your data or correction of such data can be effected and processed (i) vide interactive services available on our Platforms; (ii) electronic mail to firstname.lastname@example.org; (iii) by contacting our customer support team at 03-9054 4257; or (iv) by visiting our headquarters at B-2-10, Endah Promenade, No 5, Jalan 3/149E, Sri Petaling, 57100 Kuala Lumpur during office hours.
Upon receipt of a request for correction of Data from you, we reserve the right to reject and demand that you resubmit your request if such correction cannot be effected due to insufficient information or such correction cannot be verified against the documents requested (as the case may be).
Please be informed that, subject to any legal restrictions and/or contractual conditions, you have the right to withdraw your consent to our processing of your Data with reasonable notice by sending an email to us at email@example.com, indicating your intention to withdraw your consent. Upon such withdrawal of consent, GKASH reserves the right to cease provision of the Services and close your account with GKASH.
IF YOU REFUSE TO PROVIDE GKASH WITH YOUR DATA
HOW TO REACH US
Address : B-2-10, Endah Promenade, No 5, Jalan 3/149E, Sri Petaling, 57100 Kuala Lumpur.
Contact No : 03-9054 4257
Email Address : firstname.lastname@example.org
Last Updated: [5 November 2020]