English  |  Bahasa Malaysia  

Bank Islam Group Privacy Notice

BACKGROUND

This Privacy Notice relates to the personal information that Bank Islam Malaysia Berhad, its subsidiaries, affiliate companies, representatives and branch offices (hereafter referred to as Bank Islam Group or “the Bank” / “we”) collects in relation to the products and services we offer (referred to as “Facilities”) to you.

This Privacy Notice explains the following:

 
  • Types of your personal information we collect
  • How we collect your personal information
  • Choice to supply your personal information
  • Purposes for collecting your personal information
  • Disclosure of your personal information
  • Transfer of your personal information outside Malaysia (if required)
  • Retention of your personal information
  • Direct marketing choice
  • Your rights to the personal information collected by the Bank
  • How to contact us
 

This Privacy Notice is intended to be addressed without limitation, to individual customers, individuals in body corporate / business enterprise (e.g directors, shareholders, managers, authorised signatories or any authorised representative and company secretary), beneficial owners (e.g. sole proprietor, partners and joint names), guarantors and obligors (hereafter referred to as “Identified Individuals” or ”you”).

Your application and continued usage of our Facilities will be deemed as your consent for the Bank to continue collecting, use, process and store your personal information. Please review our detailed Privacy Notice prior to providing us your personal information. If you are reading and signing this Privacy Notice on behalf of Identified Individuals, it is deemed that you have provided explanation to ensure the Identified Individuals understand and agree to the Privacy Notice.

Where you are required and have provided the personal information of another person, it is deemed that you have obtained their consent and explained to them on the purpose and how we will use it.



TYPES OF YOUR PERSONAL INFORMATION WE COLLECT

The personal information we may collect from you for processing your facilities includes the following categories but not limited to:

 
  • Personal Identifier Data/Information
    For example, name, identity card number or passport number (for foreigners), and other relevant information for your application, images and biometrics, specimen signatures (digital or electronic or physical signatures), date of birth, gender, race, religion, citizenship/residency, marital status, spouse name, number of dependents.
     
  • Contact Data
    For example, residential or business address, e-mail address, mobile or landline number, emergency contact.
     
  • Professional Data
    For example, level of education, occupation and employer details or any data that is referring to an individual’s work or profession.
     
  • Financial Data
    For example, financial position such as assets and income, source of funds, investment objectives, annual income, tax details, account balances, payment history, account activity and credit rating data to assess credit worthiness.
     
  • Communication Data
    For example, live chats, phone calls to contact center, messaging and email.
     
  • Behavioural Data
    For example, views or opinions made known to us via feedback or surveys, competitions, activities, habits, preferences and interests arising from your use of our Facilities, our partners or vendors; browsing behaviour on our websites and transactional activities.
     
  • Geo-location Data
    For example, IP addresses, cookies, activity logs, online identifiers, and location data through your usage of our Facilities.
     
  • Personal Relationship Data
    For example, your immediate family members, directors, emergency contacts, individual shareholders, authorised signatories and guarantors that can determine your identity.
 

As part of your application and continued usage of our Facilities, we may need to collect sensitive personal information only when necessary and with your consent. The type of sensitive personal information we may collect are as below:

 
  • Racial or ethnic origin data: Information relating to your racial or ethnic origin
  • Religious Data: Information relating to your religious beliefs and other beliefs of a similar nature
  • Biometric data: Information which physically identifies you. For example, facial recognition, fingerprint or voice recognitions
 


HOW WE COLLECT YOUR PERSONAL INFORMATION

We collect personal information and sensitive personal information directly from you and may also collect them from other sources, including but not limited to:
 

 
  • Your Application
    Your relationship with us digitally or manually such as application forms, when you operate your account and use our facilities, participating in customer surveys, competitions, and marketing promotions.
     
  • People You Know
    • Employers
    • Joint account holders
    • Security providers
    • Guarantors and indemnitors
    • Parents or guardians of minors. If you are a minor (interpreted here as under 18 years old), we will obtain your parent or guardian’s consent before collecting, using or sharing your personal data
       
  • Communication with Us
    Verbal and written communications with us and/or our authorised agents via SMS, phone or mobile device, email, fax, mail, websites or browsers, social media and/or any other appropriate communication channels.
     
  • Facility Activity with Us
    • Analysing your transactions with us, our service providers, business partners or third parties. For example, when you use and manage your account(s)/facility(ies) with us including the transactions you make and from the payments which are made to/from your account(s)/facility(ies).
    • Recordings of Closed-Circuit Television (CCTV) installed at our premises and self-service terminals.
       
  • Business and Other Organizations
    • Credit reporting/referencing agencies, including but not limited to CCRIS, FIS and/or any other bureaus or agencies established or to be established by Bank Negara Malaysia or any of its subsidiaries, or by any other authorities and/or from any financial institution.
    • Information received from insurance/takaful claims or other documents.
       
  • Local Government Authorities
    Governmental agencies, regulatory and statutory authorities such as Malaysia Department of Insolvency.
     
  • Our Corporate and Business Clients
    From benefitting from our services in relation to our contract with the company, business, or organisation you interact with. For example, resolving payment disputes with our merchant clients.
     
  • Publicly Available Resources
    Online registers or directories or online publications, social media posts and other information that is publicly available.
     
  • Cookies
    Any information that is supplied and/or collected when you visit our websites which may include user location and user behaviour on the website such as time spent. We use cookies only for the purpose of tracking website traffic. No personal information is collected.
 


CHOICE TO SUPPLY YOUR PERSONAL INFORMATION

The supply of your personal information to the Bank is voluntary and necessary in connection to the provision of the Facilities we offer and the nature of the relationship you have with us. We may not be able to offer you our Facilities if you decline to provide or allow us to process the personal information which we consider necessary and/or is required to meet our legal and regulatory obligations.  



PURPOSES FOR COLLECTING YOUR PERSONAL INFORMATION

The intention we use your personal information is strictly for us to provide our facilities to you as our customers and necessary according to the nature of the relationship you have with us. The purpose of processing your personal information may comprise part or all of the followings but not limited to:

 
  • Offering of our Facilities to You
    This includes but not limited to:
    • Opening of account
    • Conducting Enhance Due Diligence/Know Your Customer and/or Enhanced Customer Due Diligence as required by law
    • Assessing eligibility, merits and/or suitability of Facility applications
    • Assessment and analysis including credit / lending/financing / insurance risks / behaviour scoring / product analysis/ AML Risk Profile and market research
    • Assessing the suitability of being an individual guarantor
    • Conducting and maintaining credit checks and financial assessments as required by applicable law and regulations
    • Assessing and setting of credit limits
    • Obtaining quotations, assisting with applications and interacting with strategic referral partners on behalf of clients for co-branding and other third-party products and services, such as insurance and wealth management products
       
  • Managing Your Banking Relationship and Administering Your Accounts
    This includes but not limited to:
    • Facilitating the opening of your account both manually and digitally
    • Providing appropriate access to our Facilities. For example, branch services, online and mobile banking platforms
    • Providing, operating, reviewing, and evaluating our Facilities offered to you to fulfil our contractual obligations you have with us for our Facilities
    • Managing the collection and recovery amounts outstanding from you or obligated upon you
    • Effecting and verifying transactions and acting on your instructions or requests. For example, transferring money between accounts, making payments to third parties, etc
    • Maintaining up-to-date records of contact details, authorised persons and signatory lists for accuracy purpose
    • Administering credit facilities or financing
    • Monitoring, managing and responding to questions or complaints. This includes the various touch points such as our branches, customer contact centre and social media
    • Issuing notifications on changes of terms and conditions and features of our Facilities to you
    • Issuing and maintaining statements of the Facilities you have with us
    • Recording and maintaining our communications with you for record-keeping and evidence purposes which includes online messages, email and/or telephone
    • Contacting you relating to the Facilities we provide to you
    • Determining the amount of indebtedness owed by you / to you and designing improved financial solutions for you
       
  • Improving our Facilities for You
    This includes but not limited to:
    • Develop, analyse design and test our Facilities for your use
    • Conducting market research and customer satisfaction surveys
    • Monitoring and recording our communication with you for training and quality checking purpose
    • From your use of our Facilities, we gather data such as behavioural data and conduct demographic analysis to provide a more tailored Facilities for you
       
  • Operating our Business
    This includes but not limited to:
    • Conducting the relevant credit management activities which includes maintaining your credit history for present and future references, updating credit bureaus, credit referencing agencies and ongoing credit worthiness and credit checks
    • For prevention and detection of financial crime (including, without limitation, money laundering, sanctions and fraud prevention, detection and prosecution) such as conducting identity verification security checks against government and other official centralised database as required by law
    • Creating and maintaining credit scoring models of our customers
    • Managing authentication and user access of our customers such as Internet and mobile banking
    • Performing an employment check with the personnel empowered to give such confirmation in your organisation
    • Assisting banks and other third parties to recover funds that have entered customers’ accounts due to erroneous payments
    • Business operations audits and operational management. For example, audits on financial and internal controls, system developments and testing, business planning and decision making, risk management activities including financial portfolio monitoring, reporting and administrative tasks of the facilities
       
  • Keeping You Safe
    This includes but not limited to:
    • Using CCTV surveillance recordings at our premises and self-service terminals for the purpose of preventing, detecting investigating and reporting of incidents, emergencies and crimes such as theft and fraud
    • Security of our system and networks to keep your data safe and confidential
    • Conducting identity verification prior to allowing access to the Facilities
    • Issuing personal notifications for awareness purposes such as fraud and scam
       
  • Complying to Applicable Laws, Regulations and Other Requirements
    This includes but not limited to:
    • Existing and/or future relevant local laws, regulations, rules, directives, judgments or court orders, requests, guidelines, local or foreign sanctions, embargo, reporting requirements, restrictions within or outside of Malaysia
    • Meeting or complying with Bank Islam Group policies or procedures
       
  • Exercising Bank Islam’s Legal Rights and Conducting Legal Proceedings
    To protect Bank Islam Group’s interest and other ancillary and / or related purposes to enforce our legal rights and/or obtaining legal advice and/or any legal process.
 


DISCLOSURE OF YOUR PERSONAL INFORMATION

We will only disclose your personal information to the parties listed below which will be done under strict confidentiality. The disclosure is for the purposes of processing as set out in this Privacy Notice. The Bank may under a legal obligation share your personal information as permitted or required by law as follows:

 
  • Members of Bank Islam Group
    Any officer, employee, agent, or director of the Bank.
     
  • Authorised Third Parties
    • Legal guardians, joint account holders, actual or intended guarantors/sureties, trustees, beneficiaries, executors, legal representatives, or authorised persons of our clients, any actual or potential participants or sub-participants in relation to any of our obligations in respect of any banking agreement, assignees, novates or transferees (or any officers, employees, agents or advisers of any of them)
    • Any security party, guarantor, or collateral provider for your facilities
    • Any other person you have authorised us by your consent to share your personal data with
       
  • Third Parties that Verifies Personal Information
    • Credit bureaus or credit reference agencies (including the operator of any centralised database used by credit reference agencies), credit protection providers, rating agencies, debt collection agencies, fraud prevention agencies and organisations
    • Any financial crime references agencies, other financial institution and any of their respective agents that conduct financial crime prevention databases checks to prevent money laundering, terrorism, fraud, and other financial crimes
    • Any rating agency or direct / indirect provider of credit protection to the Bank
       
  • Our Third-Party Service Providers
    • Professional advisers such as auditors, legal counsel, conveyancers, and asset valuation specialists
    • Insurers / Takaful operator or insurance / Takaful brokers
    • Outsourced agents, merchants, vendors, business partners and business agents who supports the operational, administrative, data processing
    • Technology service providers, including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in the Bank’s operations or provision of products and services
    • Providers of professional services, such as market researchers, forensic investigators, and management consultants
    • Advertising companies and social media platform providers
    • Third-party product providers, for example, securities and investments providers, fund managers and insurance/takaful companies
    • Third-party service providers, such as telemarketing and direct sales agents and call centres
       
  • Strategic Business Partners
    • Business alliance, co-branding partners or other companies or organisations the Bank cooperates with based our on contractual arrangements or other joint ventures to provide relevant third-party products and services
    • Charitable and non-profit organisations
       
  • Government Authorities and Law Enforcement
    • Any government, quasi-government, regulator, administrative, regulatory, or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, as required by law or as requested by any authority
    • Self-regulatory or industry bodies or associations of financial services providers in any relevant authorities
       
  • Other Financial Services Organisation
    • Other financial institutions such as Central Bank
    • Payment service providers, including mobile wallet and digital payment service providers, merchants, merchant acquiring companies, credit card companies, payment processors and card association members, payment-initiation and card-based payment instrument service providers such as VISA and Mastercard
    • Any financial institution and merchant acquiring company with which you have or propose to have dealings.
    • Market infrastructure providers and securities clearing providers
       
  • Other Third Parties
    • The individual, company, business, or organisation, as applicable, that you represent or authorized by you
    • Any parties whom the bank seeks employee reference from
 


TRANSFER OF YOUR PERSONAL INFORMATION OUTSIDE MALAYSIA
 
  • Although not the norm, we may transfer your personal information outside of Malaysia for the purpose of processing, storing, sharing, transferring, or disclosing. This may allow us to operate effectively and securely, improve and support our process and business operations when we provide you with our Facilities and for legal proceedings or legal advice.
  • In line with The Association of Banks in Malaysia (ABM) Code of Practice with the participation and assistance of the Association of Islamic Banking Institutions Malaysia (AIBIM), the transfer of personal information outside of Malaysia is permitted with your consent via the Privacy Notice. By providing your personal data to us, you agree for us to transfer your personal information outside Malaysia.
  • We shall take all the necessary precautions to keep your personal information safe and place an appropriate level of protection and safeguards to comply with the applicable law for jurisdiction outside of Malaysia and where their local laws may not have similar data protection laws as Malaysia.
 


RETENTION OF YOUR PERSONAL INFORMATION
 
  • We will retain the information provided by you as long as the purpose set out in this Privacy Notice continues to exist.
  • We will keep your personal information for business operations or legal reasons while you still have a relationship with us. We may retain your personal information for a period of time upon the termination of the relationship you have with us.
  • We will destruct and/or permanently delete the personal information once the purpose of the personal information collected has ceased permanently. It will only be retained to meet any legal and / or regulatory requirements or for us to protect the Bank’s legitimate interest.
 


DIRECT MARKETING CHOICE

We may and with your consent use your contact details to send you relevant marketing communications via email, SMS, telephone, mobile app, social media, or by post for direct marketing purposes. Direct marketing is referred to as our latest products and services, other products and services offered, marketing campaigns, advertisements and promotions including those jointly run with our current and future partners and affiliates offered to our selected customers and not the mass.

You may withdraw your consent or opt-out from receiving such direct marketing communications at any time in accordance with your rights by contacting us via telephone, post or email under “How To Contact Us” section.

The example of direct marketing communications we may share with you are:

 
  • News, offers and promotions about our Facilities
  • Information about products and services from or relating to third parties, such as financial institutions, insurers, credit card companies, securities and investment, mobile wallets and digital payment services providers
  • Details of our or relevant third-party reward, loyalty or privileges programmes and related services and products
  • Market research and customer satisfaction surveys
  • Information about our or relevant third-party competitions and lucky draws
  • Appeals by us or relevant third parties for charitable and/or non-profit making donations, sponsorships and contributions; and
  • Information and communication relating to our or relevant third-party seminars, webinars and other relevant events or opportunities
 

Please be informed that we will process your request within 3 months from the date of your request in line with The Association of Banks in Malaysia (ABM) Code of Practice with the participation and assistance of the Association of Islamic Banking Institutions Malaysia (AIBIM).



YOUR RIGHTS TO THE PERSONAL INFORMATION COLLECTED BY THE BANK
 
  • YOUR RIGHT TO ACCESS TO YOUR PERSONAL INFORMATION
    You have the right to request access to your personal information held by the Bank. The Bank may charge you a nominal fee for such request.
     
  • YOUR RIGHT TO CORRECT OR UPDATE YOUR PERSONAL INFORMATION
    You can correct and/or update your personal information held by the Bank. For such request, you may visit any of our branches or you may speak to our Contact Centre & Customer Care agents at the given address. You will be required to fill in the ‘Data Access Request’ form or ‘Data Correction Request’ form available at our branches.
     
  • YOUR RIGHT TO RESTRICT OR OBJECT THE PROCESSING OF YOUR PERSONAL INFORMATION
    You can ask the Bank to stop using your data or change how we use it by writing to us. However, we may need necessary personal information to engage with you or provide our Facilities to you and to comply with legal or contractual requirements.
     
  • YOUR RIGHT NOT TO PROVIDE OR CHANGE OR WITHDRAW CONSENT
    The Bank may from time to time ask for your consent to process your personal information. You can choose not to provide such consent or let us know at any time by writing to us if you change your mind about the consent already provided. Upon obtaining your request for withdrawal, we will cease the disclosure of your personal information in 7 calendar days.

    In line with The Association of Banks in Malaysia (ABM) Code of Practice with the participation and assistance of the Association of Islamic Banking Institutions Malaysia (AIBIM), you cannot withdraw your consent of the Bank processing your personal data:
    • When the personal information is required for the performance of the contract between you and the Bank
    • Where you have provided the personal information to the Bank to fulfil the pre-contractual request (i.e application form stage)
    • Where the Bank is required to comply with any non-contractual legal obligation
       
  • YOUR RIGHT TO WITHDRAW FROM DIRECT MARKETING
    You can withdraw your consent from direct marketing and tell the Bank to stop sending you marketing emails or invitations to surveys at any time.
 


HOW TO CONTACT US

If you have any questions concerning this Privacy Notice, you may

 
  • Visit any of our branches which location you can obtain from our website, or
  • You may call our Contact Centre & Customer Care, or
  • Write to the Bank, at the address below:
     
    Bank Islam Contact Center & Customer Care
    Level 17, Menara Bank Islam
    No. 22, Jalan Perak
    50450 Kuala Lumpur
    Telephone: +603 26 900 900
    E-mail: contactcenter@bankislam.com.my
     
    You may also contact us to for any complaints relating to any misuse or suspected misuse of your personal information as per the above contact details.
 


CHANGES TO THIS PRIVACY NOTICE

The Bank reserves the rights to amend this Privacy Notice at any time and will place notice of such amendments on the Bank’s website and / or the Bank’s branches and / or via such other suitable methods. This Privacy Notice is not intended to, nor does it, create any contractual rights / nor any contractual obligations on the Bank or any other party or on behalf of any party. Any references made to ‘privacy statement’ in any of the Bank’s documentation, refers to this ‘Privacy Notice’.
 

I hereby acknowledge and agree that I have read and understood this Privacy Notice and give my Consent voluntarily to Bank Islam Malaysia Berhad and to be bounded by this Privacy Notice.

  Signature
Name
I.C. No.
Date
Position
:  ________________________________________________________
:  ________________________________________________________
:  ________________________________________________________
:  ________________________________________________________
:  ________________________________________________________