We use cookies to provide you the best experience on our website By accepting this message, you agree to our use of Cookie Policy.

PRIVACY POLICY

Axiata Group Berhad and members of its group of companies in Malaysia as listed in Annex A (together  and/or individually referred to as “Axiata”, “us” or “we” or “our”) are committed to protecting personal  data of our business customers, business partners and suppliers, visitors, applicants, candidates and  beneficiaries of Axiata Foundation or its programs and personal data of individuals who work for, or act  on behalf of, our business customers, business partners, suppliers, and/or such applicants, candidates  and beneficiaries (collectively, “data subject”) that have been provided to us. In Axiata, we take privacy seriously and all our activities are underpinned by our T.R.U.S.T. principles of being Transparent, respecting your Rights, in our Use of your personal data, through robust cyber security practices and we take due care when Transfer of data is required.

This privacy notice (“Privacy Notice”) explains what and how personal data is collected and further processed (as defined in the Personal Data Protection Act 2010 and/or other applicable laws), for what purposes it is collected and further processed by us, sources (if any) of personal data, to whom personal data is disclosed and how to access and update your personal data, and where to go for further information in respect of the personal data.

If you provide us with personal data of other individuals, you hereby represent that you have obtained consent from that individual prior to providing their personal data to us. References to ‘your personal data’ in this Privacy Notice would include such individual’s personal data that you provide to us.

In the event of any conflict between the English and Bahasa Melayu versions of this Privacy Notice, the English version shall prevail.

Information about children

If you are under the age of 18, you are required to obtain the consent of your parent, guardian or person who has parental responsibility over you before providing us with your personal data (for example, your name, address and email address).

What personal data do we collect?

The types of personal data we collect or obtain may vary according to our relationship with a data subject and may include the following:

A. For Business Customers

contact information (such as name, address, email address and telephone number)

banking information (such as direct debit, related bill payments and banking transactions)

B. For Business Partners and Suppliers

contact information (such as name, address, email address and telephone number)

identification information (such as national identification number, passport identification number, tax registration number, social security number, driver’s license, date of birth)

business information (such as name of organisation, job title, department, business address organization structure, shareholding, directorship)

any recordings captured through our communication platform(s) (such as telephone recordings, Microsoft Teams, Zoom, etc.)

details contained in business registration documents, third-party due diligence documents, trade references and credit checks

financial details including banking account details and bank account statements

 

C. For Visitors to Any of Our Premises or Events

contact information (such as name, address, email address and telephone number)

identification information (such as national identification number, passport identification   number, etc.)

business information (such as name of organisation, etc.)

reason for visit

date and time of visit

biometrics and facial recognition

security notes (special instructions and access restrictions) 

any photographic and/or video footage captured or recorded by our surveillance   camera (CCTV) system or any other recording system

It is obligatory for you to supply such personal data if you enter any of our premises or attend any of our events. 

D. For Applicants, Candidates and Beneficiaries 

contact information (such as name, address, email address and telephone number)

identification information (such as national identification number, passport identification number, tax registration number, date of birth and any other identification information)

demographic information (such as age range, marital status, gender, etc.)

financial information (such as parents’ incomes, beneficiaries’ incomes, bank account name and number, etc.) 

education information (such as field of studies, university, country of study, academic scores and achievements, professional certifications, etc.)

employment information (such as employer name, address, email address, telephone number, position employed, employment tenure, etc.)

any photograph(s) or video footage(s) submitted to Axiata Foundation (such as profile pictures, contest submissions, etc.)

Additional sensitive personal data that we may collect:

health information

Additional personal data that we collect

We may during times of crisis such as war, terrorism, riots, natural disaster or health crisis/disease outbreak collect: 

health and physical condition 

health condition of individuals in your household

result of your health test(s), if any

whether you are or were in self-isolation when you are or were unwell

body temperature 

It is obligatory for you to supply such additional personal data if you enter any of our premises or attend any of our events during such times of crisis. 

When do we collect your personal data? 

We may collect or obtain your personal data:

A. For Business Customers

when you use our network, products and/or services (including through our call centres, dealers, and sales channels)

when you contact us or register for information relating to our network, products and/or services or for any other purpose(s)

when you communicate with us (such as via SMS, text messages or other digital channels, emails, questionnaires or surveys) 

when you use or interact via any of our digital applications, visit any of our websites or social media pages (details on this is set out in our Cookie Notice)

when you participate in any of our promotional events, incentives or loyalty programs from external agencies (such as credit reference agencies, screening or investigation agencies)

from our internal database pursuant to your relationship with any subsidiary, affiliate or associated company of Axiata 

B. For Business Partners and Suppliers

when you use our network, products and/or services

when you communicate with us (such as via SMS, text messages or other digital channels, emails, questionnaires or surveys)

when you use or interact with any of our digital applications, visit any of our websites or social media pages

from external agencies (such as credit reference agencies, screening or investigation agencies)

from our internal database pursuant to your relationship with any subsidiary, affiliate or associated company of Axiata

C. For Visitors to Any of Our Premises or Events

when you register in our visitor logbook or submit the visitor entry form

when you provide us with your identification document(s)

when you provide your host with information 

from our surveillance camera (CCTV) system or any other recording system D. For Applicants, Candidates and Beneficiaries

when you submit your online application to participate in any of our programs or events

when you contact us or register for information relating to our events and/or services or for any other purpose(s)

when you communicate with us (such as via SMS, text messages or other digital channels, emails, questionnaires or surveys)

when you use or interact via any of our digital applications, visit any of our websites or social media pages (details on this is set out in our Cookie Notice)

from external agencies (such as event organizers, business partners, transporters, accommodation and any other event related suppliers)

from our internal database pursuant to your relationship with any subsidiary, affiliate or associated company of Axiata

from the surveillance camera (CCTV) system when you are physically present at any of our premises or events

from any event photos and/or video shoots

How do we use your personal data?

Your personal data may be used or processed for the purposes of:

A. For Business Customers

providing you with products, services and/or offers which may be of interest to you

notifying you about benefits and changes to the features of products and services

providing you with the latest offers, campaigns and promotions (when you subscribe to such updates)

sending you service messages about your subscription or account registration

using your data for participation in customer surveys or meetings

compliance with laws and/or contractual and/or regulatory obligations 

protecting or exercising our legal, contractual and/or regulatory rights and remedies

sending you information via telephone calls, text messages or other digital channels, emails, etc. or social media about products and services offered by selected third parties that may interest you

other legitimate purposes

B. For Business Partners and Suppliers

business execution

organisation and management of the business

health, safety and security

compliance with laws and/or contractual and/or regulatory obligations

protecting or exercising our legal, contractual and/or regulatory rights and remedies

protecting our assets and interests

other legitimate purposes

C. For Visitors to Any of Our Premises or Events

health, safety and security

compliance with laws and/or contractual and/or regulatory obligations 

protecting or exercising our legal, contractual and/or regulatory rights and remedies

other legitimate purposes

D. For Applicants, Candidates and Beneficiaries 

for online application selection and recruitment processes

understand participants’ demographics

for program logistics planning and implementation

as part of advertisements and/or general updates on any media platform(s)

for security clearance at third-party premises

compliance with laws and/or contractual and/or regulatory obligations 

protecting or exercising our legal, contractual and/or regulatory rights and remedies

for internship placement

registration for extended programs (internal and external)

other legitimate purposes

Who do we disclose your personal data to? 

We may disclose your personal data:

A. For Business Customers

to any subsidiary, affiliate or associated company of Axiata

to other carriers and/or operators when routing international calls

to third parties when disclosure is necessary or reasonable to protect rights of Axiata and/or any subsidiary, affiliate or associated company of Axiata, protect your security, investigate fraud or respond to a law enforcement request

to service providers, field engineers, contractors, subcontractors, Sub-Processors (defined below) or any other third-party performing work on behalf or at the instruction of Axiata and/or any subsidiary, affiliate or associated company of Axiata

to business partners for marketing activities

to third parties for credit checks and fraud management 

to third parties for carrying out analytics to understand how you use our services

to third parties for research and development purposes

to dealers or agents of Axiata and/or any subsidiary, affiliate or associated company of Axiata

to third parties for the purposes set out under “How do we use your personal data?”

B. For Business Partners and Suppliers

to any subsidiary, affiliate or associated company of Axiata

to third-party agents, service providers, consultants, advisors, contractors and/or subcontractors of Axiata and/or any subsidiary, affiliate or associated company of Axiata

to any party appointed by you or on your behalf, to process personal data (“Sub Processor”)

to any public authority, governmental, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which Axiata and/or any subsidiary, affiliate or associated company of Axiata is subjected to or as permitted by applicable local law

to third parties for the purposes set out under “How do we use your personal data?”

C. For Visitors to Any of Our Premises or Events

We do not routinely share/transfer your personal data with any external organizations or third parties. However, where and whenever we share/transfer your personal data, it may be:

to any person(s) by whom we are required by law, contractual, governmental or regulatory requirements to make disclosure

to authorised personnel, third party agents or service providers as necessary to process your personal data

to any provider of security and emergency services

to third parties for the purposes set out under “How do we use your personal data?”

D. For Applicants, Candidates and Beneficiaries 

to logistic partners for program planning and implementation

to business partners for business simulations and challenges 

to transportation agencies for travelling purposes

to insurance agencies for travel personal accident coverage

to digital platform service providers for online learning and self-development

to creative and social media vendors for production of program montages, promotional materials, television series, podcasts, social media postings, etc.

to any subsidiary, affiliate or associated company of Axiata

to third parties when disclosure is necessary or reasonable to protect our rights, protect your security, investigate fraud or respond to a law enforcement request

to third parties for measuring the effectiveness of our programs

to third parties for the purposes set out under “How do we use your personal data?”

We use reasonable efforts in accordance with industry best practices to ensure that the above mentioned maintain the confidentiality of your personal data and are restricted from using your personal data for any unauthorised purpose. 

Transfers of Personal Data 

We may transfer your personal data across geographical borders to other entities. Where your personal data has been transferred to any subsidiary, affiliate or associated company of Axiata and/or to third parties located outside of Malaysia, the transfer of your personal data is carried out under organizational, contractual and legal measures and with adequate levels of protection implemented as

well as in compliance with any additional local legal requirements for the parties receiving this information in order to safeguard your personal data.

How do we store and protect your personal data?

We may collect and store your personal data in electronic and/or physical form, depending on the requirement. Information may be stored at our and third- party premises within IT Systems (e.g.external cloud storages, internal or third-party management systems, e-mails, databases, hard drives), document warehouses, etc.

We endeavour, where practicable, to process your personal data in a safe environment by preventing any unauthorized or unlawful processing of personal data or accidental loss or destruction of, or damage to, such information. We have implemented various physical, technical and administrative security measures to protect your personal data and our network from unauthorized access. Some of these measures include:

encryption of data in transit or at rest

strict adherence to privacy and security practices

periodic security assessment and reviews to upgrade our practices

restriction of access to personnel who have a need to know such data

How long do we retain your personal data? 

We will retain your personal data only for as long as such information is necessary for the purposes it was collected for. The retention period for personal data may also be affected by the requirements of applicable laws. In all cases information may be held for a longer period where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for the legal or regulatory purpose) or subject to law, a shorter period where the individual objects to the processing of their personal data.

What are your rights?

We respect your rights and privacy by taking steps to ensure that your personal data is accurate, complete, not misleading and up to date. In compliance with the Personal Data Protection Act 2010, we assure you that:

you have the right to know what personal data we have about you

you have the right to request a copy of your personal data

you have the right to correct your personal data to ensure it is accurate, complete, not misleading and up to date

you have the right to withdraw your consent from our processing of your personal data

you can also ask us to restrict how we use your personal data where it is likely to cause damage or distress

you have a right to prevent processing of your personal data for purposes of direct marketing

For exercising your rights, you can reach out to us through the details under ‘Who can I contact for more information?” section given below. 

You may request us to stop communicating with you by contacting us on the below mentioned contact details. These choices do not apply to the receipt of mandatory product or service communications that are considered as part of certain Axiata’s and/or any subsidiary, affiliate or associated company of Axiata’s products or services, which you may receive periodically, unless you cancel the subscription of our products or services. 

Voluntary and obligatory supply of personal data

Unless otherwise specified in this Privacy Notice, your supply of personal data is voluntary. If you fail to supply personal data, this may result in the consequences described in the following section.

 

Consequences of not providing personal data

We may require collection of certain personal data about you and failure to provide such information may: 

result in us preventing your entry to our premises or participating in our events

result in us being unable to process your application and/or provide you with our services

result in us being unable to respond to your requests on our products/services

limit or prevent access to certain features on our website/weblinks

result in us being unable to inform you on latest updates regarding any promotions, our services/products or launches

result in your inability to receive invitation to promotional activities organized by us

negatively affect our ability to communicate with you

result in our inability to enter into a contract with you or a counterparty or continuing to contract with you or a counterparty

negatively impact your chances of being selected for any potential employment, engagement or internship

By submitting personal data to us, you acknowledge that:

i. You have read and understood this Privacy Notice and agree and consent to the use, processing and transfer of personal data as set out herein; and

ii. All information and representation provided are true and correct to the best of your knowledge, and you have not knowingly omitted any relevant information which may have an adverse effect. 

Who can I contact for more information? 

If you have any questions or enquiries about this notice, our privacy and information handling practices, or would like to exercise your rights as data subjects, kindly reach out to:

Data Privacy Officer


 03 – 2263 8888/8930

 [email protected]

Updates to the Privacy Notice

We reserve the right to amend, modify, vary or update this Privacy Notice and our Cookie Notice, at our sole discretion from time to time, as and when the need arises. The most recently published Privacy Notice and Cookie Notice shall prevail over any of its previous versions. You are encouraged to check this Privacy Notice and Cookie Notice from time to time to stay informed of any changes. You agree to adhere to the terms of the Privacy Notice and Cookie Notice including any variations.

This Privacy Notice was last updated on 4 December 2020.

ANNEX A

1. Axiata Management Services Sdn Bhd 

2. Axiata Business Services Sdn Bhd 

3. Axiata Foundation 

4. Axiata SPV2 Berhad

5. Axiata SPV4 Sdn Bhd

6. Axiata Investments (Indonesia) Sdn Bhd

7. Xpand Investments (Labuan) Limited

8. Axiata Investments (Singapore) Limited

9. Axiata Investments (Cambodia) Limited

10. Axiata (Cambodia) Holdings Limited

11. Axiata Investments (Labuan) Limited

12. Axiata SPV1 (Labuan) Limited

13. Axiata SPV5 (Labuan) Limited