Privacy Policy

Privacy Notice

Our commitment to your privacy

Maintaining and securing our customers data is top priority for us at MBSB Group. We hope this Privacy Notice will enable you to understand how we collect, use, maintain, disclose and protect your data in respect of commercial transactions and how you as data subjects can control our disclosure of such data within the ambit of the Personal Data Protection Act 2010 ("the Act"), Secrecy Provisions of Islamic Financial Services Act 2013 (IFSA) / Financial Services Act 2013 (FSA) or any other applicable Acts.

"MBSB Group" or "We" in this Privacy Notice refers to MBSB Berhad, including MBSB Bank Berhad and Malaysian Industrial Development Finance Berhad, and all its related corporations and subsidiaries including their branches in Malaysia, our affiliates, our authorized agents, any 3rd parties authorized by MBSB Group or, as the context may require, any of them.

Your consent is important

When you request information or sign up for our products and services or when you enter into any commercial transactions with MBSB Group, you may be required to provide MBSB Group with your data. In doing so, you consent to its use by MBSB Group in accordance with this Privacy Notice. Your data may have also been provided to MBSB Group by a third party (for example your spouse, a company in which you are a director, an officer or a shareholder, or a partnership in which you are a partner or in situations where you act as a guarantor) for products or services that these third parties have sought from MBSB Group. In this context, the term "you" or "your" in this Privacy Notice extends to any persons, including our potential, existing and former employees, affiliates, authorized agents, any 3rd parties authorized by MBSB Group or, as the context may require, any of them, whose data will be or has been provided to or collected by MBSB Group as described in "How do we collect your data" below.

We may collect your sensitive data (including, data relating to your physical or mental health, the commission or alleged commission of offences) if you apply for certain products and services such as health and/or life insurance and/or takaful or home financing, which requires you to disclose such sensitive data to us. We will only use your sensitive data to provide the service(s) you signed up for. If we collect, use, maintain or disclose your sensitive data, we will ask for your explicit consent.

You have the choice, at any time, not to provide your data/sensitive data or to revoke your consent to MBSB Group processing of your data/sensitive data. However, failure to provide such data/sensitive data or revocation of your consent to process data/sensitive data provided will result in MBSB Group being unable to provide you with effective and continuous products and services.

What types of personal data do we collect?

The information we may collect from you for processing your products and services includes the following categories but not limited to:

  • Personal Identifier Data/Information
    For example, name, identity card number or passport number (for foreigners), and other relevant information for your application, images and biometrics, specimen signatures (digital or electronic or physical signatures), date of birth, gender, race, religion, citizenship/residency, marital status, spouse name, number of dependents.

  • Contact Data
    For example, residential or business address, e-mail address, mobile or landline number, emergency contact.

  • Professional Data
    For example, level of education, occupation and employer details or any data that is referring to an individual’s work or profession.

  • Financial Data
    For example, financial position such as assets and income, source of funds, investment objectives, annual income, tax details, account numbers, account balances, payment history, account activity and credit rating data to assess creditworthiness.

  • Communication Data
    For example, live chats, phone calls to contact center, messaging and email.

  • Behavioural Data
    For example, views or opinions made known to us via feedback or surveys, competitions, activities, habits, preferences and interests arising from your use of our products and services, our partners or vendors; browsing behaviour on our websites and transactional activities.

  • Geo-location Data
    For example, IP addresses, cookies, activity logs, online identifiers, and location data through your usage of our products and services.

  • Relationship Data
    For example, your immediate family members, directors, emergency contacts, individual shareholders, authorised signatories and guarantors that can determine your identity.

As part of your application and continued usage of our products and services, we may need to collect sensitive personal information only when necessary and with your consent. The type of sensitive personal information we may collect are as below:

  • Racial or ethnic origin Data:Information relating to your racial or ethnic origin

  • Religious Data:information relating to your religious beliefs and other beliefs of a similar nature.

  • Biometric Data:Information which physically identifies you. For example, facial recognition, fingerprint or voice recognition.

  • Health Data:Details regarding your health and fitness;

  • Criminal Record Data:Information concerning your criminal records, if applicable.

How do we collect your data?

We obtain your data in various ways, such as:

  • When you sign up for or use one of the many services we provide or when you register an account at any MBSB Group branches.
  • When you contact MBSB Group through various methods such as application forms, emails and letters, telephone calls and conversations you have with our staff at a branch. If you contact us or we contact you using telephone, we may monitor the phone call for quality assurance, training and security purposes.
  • From our analysis of your transactions (e.g. payment history, financing/loan, or deposit balances, credit or debit card purchases).
  • We may also obtain your data when you participate in customer surveys or when you sign up for any of our competitions or promotions.
  • When we obtain any data and information from third parties (e.g. credit reporting agencies, regulatory and enforcement agencies, employers, joint account holders, guarantors, legal representatives, spouses, parents, guardians, dependents and/or companies/partnership that you are a director, a shareholder or a partner).
  • When you enter into any commercial transactions with MBSB Group, including but not limited to, you providing goods and/or services or your professional services.
  • From publicly available sources.

Data we collect from our websites

www.mbsbbank.com

www.midf.com.my

An IP address is a number that is automatically assigned to your computer when you sign up with an Internet Service Provider. When you visit our website, your IP address is automatically logged into our server. We use your IP address to help diagnose problems with our server, and to administer our website. From your IP address, we may identify the general geographic area from which you are accessing our website. Generally, we do not link your IP address to anything that can enable us to identify you unless it is required by law and regulations.

Information on Cookies

A cookie is an element of data that a website can send to your browser, which may then be stored on your system. We use cookies in some of our pages to store visitors' preferences and record session information. The information that we collect is then used to ensure a more personalized service level for our users. You can adjust settings on your browser so that you will be notified when you receive any cookies. Please refer to your browser documentation to check if the cookies have been enabled on your computer or to request not to receive the cookies.

What is the purpose of processing your data?

The intention we use your information is strictly for us to provide our products and services, to you as our customers and necessary according to the nature of the relationship you have with us. The purpose of processing your information may comprise part or all of the following:

  • Offering of our products and services, to You
    This includes but is not limited to:

    • Opening of account;
    • Conducting Enhanced Due Diligence/Know Your Customer and/or Enhanced Customer Due Diligence as required by law;
    • Assessing eligibility, merits and/or suitability of your applications;
    • Assessment and analysis including credit / lending/financing / insurance risks / behaviour scoring / product analysis/ Anti-Money Laundering (AML) Risk Profile and market research;
    • Assessing the suitability of being guarantor;
    • Conducting and maintaining credit checks and financial assessments as required by applicable laws and regulations;
    • Assessing and setting of credit limits;
    • Obtaining quotations, assisting with applications and interacting with strategic referral partners on behalf of clients for co-branding and other third-party products and services; and/or
    • Such as insurance and wealth management products.

  • Managing Your Banking Relationship and Administering Your Accounts
    This includes but is not limited to:

    • Facilitating the opening of your account both manually and digitally;
    • Providing appropriate access to our products and services. For example, branch services, online and mobile banking platforms;
    • Providing, operating, reviewing, and evaluating our products and services, offered to you to fulfil our contractual obligations you have with us for our products and services;
    • Managing the collection and recovery amounts outstanding from you or due from you;
    • Effecting and verifying transactions and acting on your instructions or requests. For example, transferring money between accounts, making payments to third parties, etc.;
    • Maintaining up-to-date records of contact details, authorised persons and signatory lists for accuracy purposes;
    • Administering credit facilities or financing products;
    • Monitoring, managing and responding to questions or complaints. This includes the various touch points such as our branches, customer contact centre and social media platforms;
    • Issuing notifications on changes of terms and conditions and features of our products and services, to you;
    • Issuing and maintaining statements of the products and services, you have with us;
    • Recording and maintaining our communications with you for record-keeping and evidence purposes which includes online messages, email and/or telephone and all other communication channels;
    • Contacting you relating to the products and services, we provide to you; and/or
    • Determining the amount of indebtedness owed by you / to you and designing improved financial solutions for you.

  • Improving our products and services, for You
    This includes but is not limited to:

    • Develop, analyse design and test our products and services, for your use;
    • Conducting market research and customer satisfaction surveys;
    • Monitoring and recording our communication with you for training and quality checking purposes; and/or
    • From your use of our products and services, we gather data such as behavioural data and conduct demographic analysis to provide a tailored product for you.

  • Operating our Business
    This includes but is not limited to:

    • Conducting the relevant credit management activities which includes maintaining your credit history for present and future references, updating credit bureaus, credit referencing agencies and ongoing creditworthiness and credit checks;
    • For prevention and detection of financial crime (including, without limitation, money laundering, sanctions and fraud prevention, detection and prosecution) such as conducting identity verification security checks against government and other official centralised database as required by law;
    • Creating and maintaining credit scoring models of our customers;
    • Managing authentication and user access of our customers such as Internet and mobile banking;
    • Performing an employment check with the personnel empowered to give such confirmation in your organisation;
    • Assisting banks and other third parties to recover funds that have been credited to customers’ accounts due to erroneous payments; and/or
    • Business operations, audits and operational management. For example, audit on financial and internal controls, system developments and testing, business planning and decision making, risk management activities including financial portfolio monitoring, reporting and administrative tasks of the products and services.

  • Keeping You Safe
    This includes but is not limited to:

    • Using CCTV surveillance recordings at our premises and self-service terminals for the purpose of preventing, detecting, investigating and reporting of incidents, emergencies and crimes such as theft and fraud;
    • Security of our system and networks to keep your data safe and confidential;
    • Conducting identity verification prior to allowing access to the products and services; and/or
    • Issuing notifications for awareness purposes such as fraud and scam.

  • Complying to Applicable Laws, Regulations and Other Requirements
    This includes but is not limited to:

    • Existing and/or future relevant local laws, regulations, rules, directives, judgments or court orders, requests, guidelines, local or foreign sanctions, embargo, reporting requirements, restrictions within or outside of Malaysia; and/or
    • Meeting or complying with MBSB Group policies or procedures.

  • Exercising MBSB Group’s Legal Rights and Conducting Legal Proceedings

    • To protect MBSB Group’s interest and other ancillary and / or related purposes to enforce our legal rights and/or obtaining legal advice and/or any legal process.

  • Application for Employment with MBSB Group

    • In connection with your application for employment with MBSB Group, we may disclose your personal data to third parties for the purpose of verifying or obtaining additional information about you, including but not limited to education institutions, present and former employers, and credit reference agencies where applicable.

Provided your consent has not been withdrawn, we may from time to time, share your data with other entities connected to MBSB Group being, our agents or strategic partners and other third parties ("other entities") as MBSB Group deems fit and you may receive marketing communication from us or from these other entities about products and services that may be of interest to you. If you no longer wish to receive the marketing communications, please notify us to withdraw your consent and we will stop processing and sharing your data with these other entities for the purpose of sending you marketing communications.

You have a choice to withdraw your consent for receiving marketing or promotional materials and/or communication by contacting MBSB Group using the contact details as described in “How may you contact us” below. Please be aware that once we receive confirmation of your wish to withdraw consent, it may take up to seven (7) calendar days for this change to be reflected in our systems. Therefore, you may still receive marketing or promotional materials during this period.

Additionally, you can request MBSB Group to stop using your data or to change how we use it by writing to us. However, we may need necessary information to engage with you or provide our products and services to you and to comply with legal or contractual requirements.

  • When the information is required for the performance of the contract between you and the MBSB Group;
  • Where you have provided the information to MBSB Group to fulfil the pre-contractual request (i.e. application form stage); and/or
  • Where MBSB Group is required to comply with any non-contractual legal obligation.

To whom do we disclose your data

While your data shall be kept confidential and safeguarded by necessary control measures by us, we may need to disclose your data on a need-to-do and need-to-know basis. This is necessary to provide you with effective and continuous products and services and to comply with any legal and regulatory requirements as well as contractual legal obligation. In view of this, your data may be disclosed to the following parties:

  • Members of MBSB Group

    • Any officer, employee, agent, or director of the MBSB Group.

  • Authorised Third Parties

    • Legal guardians, joint account holders, actual or intended guarantors/sureties, trustees, beneficiaries, executors, legal representatives, or authorised persons of our clients, any actual or potential participants or sub-participants in relation to any of our obligations in respect of any banking agreement, assignees, novates or transferees (or any officers, employees, agents or advisers of any of them);
    • Any security party, guarantor, or collateral provider for your products and services ;and/or
    • Any other person you have authorised us to share your data with.

  • Third Parties that Verifies Information

    • Credit bureaus or credit reference agencies (including the operator of any centralised database used by credit reference agencies), credit protection providers, rating agencies, debt collection agencies, fraud prevention agencies and organisations;
    • Any financial crime references agencies, other financial institution and any of their respective agents that conduct financial crime prevention databases checks to prevent money laundering, terrorism, fraud, and other financial crimes; and/or.
    • Any rating agency or direct / indirect provider of credit protection to the MBSB Group.

  • Our Third-Party Service Providers

    • Professional advisers such as auditors, lawyers, and asset valuation specialists;
    • Insurers / Takaful operator or insurance / Takaful brokers;
    • Outsourced agents, merchants, vendors, business partners and business agents who supports the operational, administrative, data processing
    • Technology service providers that analyse and facilitate improvements or enhancements in the MBSB Group’s operations or provision of products and services;
    • Providers of professional services, such as market researchers, forensic investigators, and management consultants;
    • Advertising companies and social media platform providers;
    • Third-party product providers, for example, securities and investments providers, fund managers and insurance/takaful companies; and/or
    • Third-party service providers, such as telemarketing and direct sales agents and call centres.

  • Strategic Business Partners

    • Business alliance, co-branding partners or other companies or organisations the MBSB Group cooperates with; based our on contractual arrangements or other joint ventures to provide relevant third-party products and services; and/or
    • Charitable and non-profit organisations.

  • Government Authorities and Law Enforcement

    • Any government, quasi-government, regulator, administrative, regulatory, or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, as required by law or as requested by any authority; and/or
    • Self-regulatory or industry bodies or associations of financial services providers in any relevant authorities.

  • Other Financial Services Organisation

    • Other financial institutions such as Bank Negara Malaysia.
    • Payment service providers, including mobile wallet and digital payment service providers, merchants, merchant acquiring companies, credit card companies, payment processors and card association members, payment-initiation and card-based payment instrument service providers such as VISA and Mastercard;
    • Any financial institution and merchant acquiring company with which you have or propose to have dealings; and/or
    • Market infrastructure providers and securities clearing providers.

  • Other Third Parties

    • The individual, company, business, or organisation, as applicable, that you represent or authorized by you; and/or
    • Any parties from whom the MBSB Group seeks employee reference.

How do we protect your data?

The security of your data is our priority. MBSB Group takes all physical, technical and organizational measures needed to ensure the security and confidentiality of data. If we disclose any of your data to our authorized agents or service providers, we will require them to appropriately safeguard the data provided to them.

How long may we retain your data?

Your data processed for any purpose shall not be kept longer than is necessary for the fulfilment of that purposes or as required by the prevailing laws, regulations and internal requirements. Thereafter, we will destroy or permanently delete your data.

Changes to this Privacy Notice

We may review and update this Privacy Notice from time to time to reflect the changes in law and regulations, changes in our business practices, procedures and structure, and the community's changing privacy expectations. If there are material changes to this Privacy Notice, we will notify you by posting a notice of such changes on our website or by sending you a notification directly.

How can you access / correct / update your data?

We are committed to ensure that the data we hold about you is accurate, complete, not misleading and up to date. If there are any changes to your data or if you believe that the data, we have about you is inaccurate, incomplete, misleading or not up-to- date, please contact us so that we may take steps to update your data.

You have the right to access your data. If you would like to request access to your data, you may contact MBSB Group using the contact details as described in “How may you contact us” below. We may take steps to verify your identity before fulfilling your request for access to your data.

Further consent pursuant to Credit Reporting Agencies Act 2010

In accordance with the Credit Reporting Agencies Act 2010 ("CRA"), we hereby inform you that we will obtain and/or disclose any Credit Information (as defined in the CRA) relating to you and/or your company from and/or to RAM Credit Information Sdn Bhd, CTOS Data System Sdn Bhd, CCRIS, Credit Bureau Malaysia Sdn Bhd, or any other relevant sources deemed appropriate. This will be done to verify your credit history as required under any applicable law, regulation, guidelines, regulatory requirements, or directives.

This process is necessary for purposes including, but not limited to, opening an account, conducting credit evaluations, reviewing and monitoring credit/accounts, managing payment and debt recovery, providing scoring solutions, and for the preparation and execution of any legal documentation or actions related to the contract or products and services, granted to you.

This consent will remain in effect for as long as you and/or your company maintain any account, financing, loan, credit, or other transactions with MBSB Group.

How may you contact us?

MBSB Bank Berhad

You may call our Customer Service Centre Hotline at 03-2096 3000, or you may visit any of our branches, or visit our website at www.mbsbbank.com. For corporate customers, you may contact our Relationship Manager directly.

Malaysian Industrial Development Finance Berhad

You may call our general line at 03-2173 8888, or you may visit any of our branches, or email us at GroupCompliance@midf.com.my.

We provide the Privacy Notice in English and Bahasa Malaysia. In case of any inconsistencies between the two versions, the English version shall prevail. In case there are inconsistencies on how we collect or use your data between this Privacy Notice and the terms and conditions of your specific product or service or other contractual documents, the terms and conditions of your specific product or service or other contractual documents shall prevail.

If you have provided us with data of any third party, please ensure that you have obtained the third party's consent in relation to the processing and disclosure of their data and that this Privacy Notice has been brought to the attention of any such third part.