top of page

Privacy Policy

PRIVACY NOTICE

​

A.        BTC Asset Sdn. Bhd. (‘the Company’) and its affiliates are committed to complying with the Personal Data Protection Act 2010 of Malaysia (‘PDPA’). This Privacy Notice explains:

​

  1. Type of Personal Data to be collected and the manner of collecting.

  2. How is the collected Personal Data being used;

  3. The parties that the collected Personal Data to be disclosed to;

  4. The choices the Company offer, including how to access and update your personal data; and

  5. Your rights as data subject.

​

B.          The requirements of the Company under the recent PDPA are as follows:-​

​

  1. Develop and implement policies and protocols for the Company to comply and fulfill the requirements set forth under the PDPA;

  2. Develop a set of protocols and procedures for receiving and responding to complaints that may arise with respect to the application of the PDPA;

  3. Communicates with its employees about this Privacy Notice; and

  4. Make information available on request about this Privacy Notice and the complaint process referred to in paragraph (b) above; and

  5. Mandatory to inform or notify the Commissioner of any occurrence of data breach.

 

C.     The purpose of implementing this Privacy Notice and certain personal data protection internal practices is to ensure that the requirements under the PDPA are fulfilled. By using the Company's services and/or registering an account in the Company's Platform or website, you hereby agree, acknowledge and accept the practices, policy and protocols outlined in this Privacy Notice and you hereby consent to the Company collecting, using, disclosing and/or processing your personal data subject to the terms herein.​

​​

​

1      PERSONAL DATA TO BE COLLECTED

​

1.1          The Company will/may collect the following Personal Data from you:-

​

  1. Personal data information to establish your identity and background including your full name, gender, passport or identity card number, nationality, religion and marital status;

  2. Contact information such as billing address, residential address, mobile phone number and email address;

  3. Payment information such as debit or card information, including the name of cardholder, cardholder, or bank account details;

  4. Sensitive information such as racial, ethnic origin, beliefs, health and criminal background;

  5. Marketing and communications data, such as your preferences in receiving marketing from us and third parties, your communication preferences and history of communications with us, our service providers, and other third parties; and

  6. Any other information about you when you signed up to use the Company's Services or Platform, and when you use the Services or Platform, as well as information related to how you use the Company's Services or Platform.

​

1.2      You hereby undertake that all information submitted to us shall not be incorrect, inaccurate or misleading and you shall inform the Company of any unintended inaccuracies or updates to such information. The Company may require, and you shall cooperate to provide further documentation to the Company for the purpose of verifying the information provided by you.

​

1.3      By signing up an account with the Company's platform or website, you hereby consent to the Company to have access to information about you which you have voluntarily provided therein, and the Company will use and manage such information in accordance with this Privacy Notice. Should you no longer consent for the Company to use and manage such information, you may notify the Company of your intention of withdrawal of consent by serving a written notice by way of electronic means to the Company's Data Protection Officer (“DPO”) at Samuel.low@bintangcollectionz.com.

​

​

2      SOURCE OF PERSONAL DATA COLLECTION

​

​2.1           The Company will/may collect personal data about you:

​

  1. when you register and/or use the Company's Services or Platform, or open an account with the Company;

  2. when you submit any form, including, but not limited to, application forms or other forms relating to any of the Company products and services, whether online or by way of a physical form;

  3. when you enter into any agreement or provide other documentation or information in respect of your interactions with the Company, or when you use the Company's products and services;

  4. when you interact with the Company, such as via telephone calls (which may be recorded and you will be notify of the same before the calls started), letters, fax, face-to-face meetings, social media platforms and emails, including when you interact with customer service agents;

  5. when you use the Company's electronic services or interact with the Company via the Company's application or use Services on Platform/Website. This includes, without limitation, through cookies which the Company may deploy when you interact with the said application or website;

  6. when you grant permissions on your device to share information with the Company's application or Platform;

  7. when you link your account registered on the Company's Platform/Website with your social media or other external account or use other social media features, in accordance with the provider's policies;

  8. when you carry out transactions through the Company's Services;

  9. when you provide with feedback or complaints;

  10. when you register for a contest; and/or

  11. when you submit your personal data to the Company for any other reasons.

​

​2.2      The Company may collect personal data about you via affiliates, third parties, and from other sources, including without limitation business partners (such as logistics or payment service providers), credit bureaus or scoring agencies, marketing services providers or partners, referral or loyalty programs, other users of the Company's Services or publicly available or governmental sources of data. In some situations, you may provide personal data of other individuals to the Company (such as your family members or friends or persons in your contact list). If you provide their personal data, you represent and warrant that you have obtained their consent for their personal data to be processed in accordance with this Privacy Notice.

​

​

3      REASON / PURPOSE OF PERSONAL DATA COLLECTION

​

3.1        The Personal Data collected or received from you, whether with your consent or not, will be used by the Company in accordance with the applicable laws and regulations for the following purposes:-

​

  1. To verify your financial standing;

  2. To manage and maintain your accounts with us;

  3. To better manage our business and your relationship with us;

  4. To market and to provide you with information on selected third parties products, services, offers and/or contest which may be of interests to you;

  5. To improve our products and services and to test, research, analyses how customers use the products and services;

  6. Deliver any documents to your personal address;

  7. Resolve complaints or any potential issues arising.

​

​

4      DISCLOSURE OF PERSONAL DATA

​

4.1        As a part of providing services to you and the management or operation of the same, the Company may be required or need to disclose information to the following parties:-

​

  1. Relevant governmental or quasi-government and regulatory authorities in Malaysia have a presence or require approvals or are required to submit such information;

  2. Third parties whenever required by law or for legal purposes

  3. Auditors, lawyers, consultants, insurers, advisers, third party service providers or legal referral guides who are under a duty of confidentiality to us

  4. All other person or bodies who provide us with services necessary and/or incidental to our business

​

4.2       The Company may process your Personal Data including contacting you for the purpose(s) stated herein via telephone calls, text messaging, emails, post or by whatsoever form of available modes of communication.

​

​

5      PROCESSING PERSONAL DATA OUTSIDE MALAYSIA

​

5.1     The Company primarily process your personal data and sensitive personal data within the jurisdiction of Malaysia. However, in certain cases, your personal data may be transferred, disclosed and/or disseminated to any company including an affiliate or partner of the Company which may involve sending your data to a location outside Malaysia. The Company will ensure that such any other country processing your personal data has the equivalent and enforceable data protection laws and regulations which is substantially same as the PDPA or at the very least providing the equivalent level of protection as PDPA encompasses.

​

​

6      RETENTION OF PERSONAL DATA

​

6.1      The Company retains Personal Data for as long as necessary to fulfill the purposes as listed in paragraph 3 or required and permitted to by Malaysia's laws and regulations. However, the Company will cease to retain such Personal Data or any document containing such Personal Data or remove the means by which the Personal Data can be associated with you through anonymization as soon as it is reasonable for the Company to assume that the purpose for which the Personal Data was collected is no longer being served by the retention of such Personal Data and/or the retention is no longer necessary for legal or business purposes.

​

​

7      SECURITY MEASURE

​

7.1       The Company endeavor to take all reasonable steps and hereby undertakes to secure and protect your personal data by implementing appropriate administrative and security safeguards and procedures in accordance with applicable laws and regulations to prevent unauthorized or unlawful processing of personal data and accidental loss or damage to personal data.

​

7.2       In order to ensure that your personal data is safeguarded from any unauthorized use, collection, disclosure or unlawful use, the Company will be adopting and/or implementing the following appropriate measures:-

​

  1. Keeping the Company's software and operating systems up-to-date with latest security patches to address vulnerabilities;

  2. Installing firewalls in every office computers;

  3. Maintaining or securing backups of personal data offsite;

  4. Implementing clear desk policy;

  5. Restricting access of personal data to any other third-party individuals without authorization or without your consent; and

  6. From time to time implementing any other latest security measures as required or permitted by the Malaysia laws and regulations.

​

7.3      The Company recognized your rights to access your own personal data that were given. The Company shall comply with your demand for the purpose of accessing to your own personal data being collected, stored and process by the Comply.

​

​

8      RIGHTS AS DATA SUBJECT

​

8.1      The Company recognized your rights to access your own personal data that were given. The Company shall comply with your demand for the purpose of accessing to your own personal data being collected, stored and process by the Comply.

​

8.2          In any case if you consider that certain information about you is inaccurate or outdated, you may request rectification of such data from the Company. You also have the right to request the blocking or erasure of data which has been processed unlawfully.

​

8.3      The Company also recognized your rights to data portability, and you may request for the transmission of your personal data to any other third-party data controller of your choice provided always that a written notice by way of electronic means has been served to the Company. Your written notice shall specify accurately the details of the third-party data controller including the purpose and particulars of your personal date to be transmitted. Upon successful transmission of your personal data to a third-party data controller, the Company shall not be responsible or liable for any breach of your personal data by such third-party data controller.

​

​

9      APPOINTMENT OF DATA PROTECTION OFFICER

​

9.1       The Company will appoint a senior staff as its's DPO for the primary purpose of ensuring that the Company is at all times complying with the PDPA and any recent changes and amendments thereto. The responsibilities of the appointed DPO are as follows:-

​

  1. From time to time providing advice and monitoring the Company and its employees of the related data protection laws and regulations;

  2. Developing and implementing data protection policies and protocols within the Company and providing standard training to its employees in handling personal data or any sensitive data;

  3. To keep the Company and its employees updated in relation to any amendments made to the PDPA and further improvising data protection policies and protocols within the Company;

  4. To handle and investigate any complaints from data subject with relation to personal data breaches;

  5. To act as point of contact facilitating communications between the Company and its data subject;

  6. Assisting with the preparation, processing and submission of reports and any other documents required by the Personal Data Protection Commissioner (“Commissioner”) with relation to personal data breaches;

  7. To act as a point of contact facilitating communications between the Company and the Commissioner.

​

9.2       The Company will ensure that the appointed DPO is well experienced and knowledgeable in PDPA and has a great understanding of the business nature of the Company. The appointed DPO shall always maintain integrity and act professionally in ensuring the compliance of PDPA by the Company.

​

​

10      MANDATORY NOTIFICATION OF DATA BREACH

​

10.1       The Company undertakes that in the event there is a personal data breach or your personal data was published and leaked unintentionally and such mistake was caused by the Company, the Company shall make an assessment of the risk of such data breach before notifying the Commissioner. If the Company has reasonable ground to believe such data breach causes or is likely to cause any significant harm to its data subject, the Company shall by all necessary means notify the data breach to the Commissioner without delay and within three (3) days from the date of occurrence of such data breach.

​

10.2       In addition to the duty to notify the Commissioner, the Company shall within seven (7) days from the date of notifying the Commissioner of data breach, inform you and/or any data subjects of such breach via telephone calls, text messaging, emails, post or by whatsoever form of available modes of communication based on the personal data provided to the Company.

​

10.3       Should you discover or suspect any breach of personal data which is not aware by the Company, you shall promptly notify the Company by contacting the Company's appointed DPO at samuel.low@bintangcollectionz.com for any onwards investigation and upon verification of such breach, the Company shall notify the Commissioner of the same without unnecessary delay.

​

​

11      UPDATES TO THIS PRIVACY NOTICE

​

11.1       The Company reserves the right to amend, modify, vary or update this Privacy Notice at its sole discretion from time to time, as and when the need arises. The most recently published Privacy Notice shall prevail over any of its previous versions. You are encouraged to check this Privacy Notice from time to time to stay informed of any changes. You agree to adhere to the terms of the Privacy Notice including any variations therein.

​

​

By submitting your Personal Data to us, you hereby acknowledge that:-

​

  1. You have read and understood this Privacy Notice and agree and consent to the use, processing and transfer of personal data as set out herein; and

  2. All information and representation provided are true and correct to the best of your knowledge, and you have not knowingly omitted any relevant information which may have an adverse effect.

bottom of page