1. The Bank views your personal data and privacy seriously. This Notice is issued pursuant to the requirements of the Personal Data Protection Act 2010.

2. Individuals may have supplied and may continue from time to time, supply the Bank with their personal data and information (“data”) in connection with the opening or continuation of accounts and the establishment or continuation of banking facilities or provision of banking services or compliance with any laws, guidelines or requests issued by regulatory or other authorities. The Bank may also verify or source personal information about you from third party sources (both public and private) such as credit reporting agencies, Companies Commission and Insolvency Department. Your visit to our public website may be recorded for analysis on the number of visitors to the site and general usage patterns. Some of this information will be gathered through the use of “cookies”.

3. Such data may include information concerning your personal details (such as name, age, gender, identity card number, passport number, date of birth, education, race, ethnic origin, nationality, citizenship), contact details (such as address, email, phone numbers), family information (such as marital status, name of spouse or child or immediate family), occupation details (such as employer name, income range, job title, job responsibilities, employer’s contact information and address) and other information such as financial reference (in respect of other bank facilities used by you). In addition, the Bank may from time to time request for certain other personal information that may be relevant for the Bank to consider your request for any other products or banking facility of the Bank.

4. Failure to supply such data may result in the Bank being unable to open, establish, continue or provide the banking accounts, services or facilities or comply with any laws or guidelines issued by regulatory or other authorities.

5. It is also the case that data are collected from (i) customers and other sources in the ordinary course of the continuation of the banking relationship, for example, when customers, deposit money or apply for credit, (ii) a person acting on behalf of the individual whose data are provided, and (iii) other sources (for example, information obtained from any bureaus or agencies established or to be established by Labuan Financial Services Authority or any of its subsidiaries, or by any other authorities, the Association of Labuan Banks (ALB), any registered credit reporting agencies or any debt collection agencies that may be appointed by the Bank, and with any authority, central depository or depository agent in relation to the securities industry. Data may also be generated or combined with other information available to the Bank (“GHD”, “L1”, and “L1 Bank”)

6. The purposes for which data may be used and/or processed are as follows:

a) Considering applications and the processing of applications for banking accounts, services and/or facilities provided to customers;

b) the daily operation of the banking accounts, services and/or facilities provided to customers;

c) conducting credit checks (including but not limited to upon an application for credit and upon periodic review of the credit which normally will take place one or more times each year);

d) creating and maintaining the Bank’s credit and risk related models and/or any purpose relating to risk management functions;

e) assisting other financial institutions to conduct credit checks and collect debts;

f) updating customers’ records;

g) ensuring ongoing credit worthiness of customers;

h) designing financial services or related products for customers’ use;

i) marketing services or products of the Bank and/or selected companies (in respect of which the Bank may or may not be remunerated) including but not limited to:

i. financial, insurance, credit card, banking, wealth management and related services and products;

ii. reward, loyalty or privileges programmes and related services and products;

iii. services and products offered by the Bank’s co-branding partners (the names of such co-branding partners will be provided during the application of the relevant services and products, as the case may be);

j) determining the amount of indebtedness owed to or by customers;

k) collection of amounts outstanding from customers and those providing security for customers’ obligations;

l) for fraud or crime prevention, audit and debt collection and in order that services may be processed by the Bank;

m) for investigating, reporting, preventing or otherwise in relation to breach of banking secrecy/confidential information, fraud, money laundering, terrorist financing and criminal activities generally;

n) meeting obligations, requirements or arrangements, whether compulsory or voluntary, of the Bank to comply with, or in connection with;

i. any law, regulation, judgment, court order, voluntary code, sanctions regime, within or outside Malaysia existing currently and in the future (“Laws”);

ii. any guidelines, guidance or requests given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Malaysia existing currently and in the future and any international guidance, internal policies or procedures;

iii. any present or future contractual or other commitment with local or foreign legal, regulatory, judicial, administrative, public or law enforcement body, or governmental, tax, revenue, monetary, securities or futures exchange, court, central bank or other authorities, or self-regulatory or industry bodies or associations of financial service providers or any of their agents with jurisdiction over all or any part of the Bank (together the “Authorities” and each an “Authority”) that is assumed by, imposed on or applicable to the Bank; or

iv. any agreement or treaty between Authorities;

o) complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Bank and/or any other use of data and information in accordance with any programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;

p) conducting any action to meet obligations of the Bank to comply with Laws or international guidance or regulatory requests relating to or in connection with the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or any acts or attempts to circumvent or violate any Laws relating to these matters;

q) meeting any obligations of the Bank to comply with any demand or request from the Authorities;

r) enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank’s rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;

s) market research and statistical analysis and surveys with the aim of improving our products and services;

t) for any purpose required by law or regulation;

u) for the purpose of enforcing its legal rights and/or obtaining legal advice;

v) to support the Group’s business, financial and risk monitoring, planning and decision making;

w) for making enquiries or investigations as to whether or not the customer or person whose data is collected, 

used and/or processed by the Bank is actually a sanctioned person, or is otherwise howsoever related to, or associated with, a sanctioned person or entity; and also for the reporting or the taking of any remedial or preventive action in relation thereto; 

x) for all ancillary purposes relating to the provision of facilities including the provision of computer, telecommunications and technology services; 

y) for internal operational requirements of the Bank (including, without limitation, credit and risk management, system or product development and planning, insurance/takaful, audit and administrative purposes); and/or z) purposes relating thereto. 

7. Data held by the Bank relating to an individual will be kept confidential but the may provide or disclose such information to the following parties (whether within or outside Malaysia) for the purposes set out in paragraph 6 (who may also subsequently process, transfer and disclose such data for the purposes set out in paragraph 6): 

a) any Bank Member; 

b) any agent, contractor, sub-contractors, service providers, lawyers, auctioneers, valuers or associates of the Bank (including their employees, directors, officers, agents, contractors, service providers and professional advisers);

c) any third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Bank in connection with the operation of its business (including their employees, directors and officers); 

d) any Authorities; 

e) any other person under a duty of confidentiality to the Bank which has undertaken to keep such information confidential; 

f) the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer; 

g) any person acting on behalf of an individual whose data are provided, payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which the customer has an interest in securities (where such securities are held by the Bank) or a person making any payment into the customer’s account; 

h) any person to whom the Bank is under an obligation or required or expected to make disclosure for the purposes of any guidelines set out, or in connection with paragraphs 6 (n), (o), (p) & (q); i) any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank’s rights in respect of the customer; 

i) third party financial institutions, insurers/ takaful operators, credit card companies, securities and investment services providers; 

j) third party reward, loyalty, co-branding and privileges programme providers; 

k) co-branding partners of the Bank (the name of such co-branding partners will be provided during the application of the relevant services and products, as the case may be); 

l) external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph 6 (i); 

m) any bureaus or agencies established or to be established by Labuan Financial Services Authority or any of its subsidiaries, or by any other regulatory authorities; the Association of Labuan Banks (ALB); any registered credit reporting agency; any authority, central depository or depository agent in relation to the securities industry; the police and/or any other governmental or regulatory authority or body, and in the event of default, to debt collection agencies; and/or 

n) any guarantor or security provider for the facilities. 

8. In connection with 7 (n) above, in the event of any default in payment where the amount in default is not fully repaid on or before the due date, the individual is liable to have his/her/its account data shared with, disclosed to and/or retained by the registered credit reporting agency. 

9. Under and in accordance with the provisions of the PDPA and the Code of Practice approved and issued under the PDPA, any individual may:- 

a) check whether the Bank holds data about him/her and of access to such data; 

b) request the Bank to correct any data relating to him/her which is inaccurate;

c) request clarification on the Bank’s policies and practices in relation to data and to be informed of the kind of personal data held by the Bank; 

d) in relation to facilities, to request to be informed which items of data are routinely disclosed to registered credit reporting agencies or debt collection agencies. 

10. In accordance with the terms of the PDPA, the Bank has the right to charge a fee for the processing of any data access request. 

11. The individual can request for access to data or correction of data or for information regarding policies and practices and kinds of data held by mail to the address below or by visiting the Bank to complete the data access form. 

12. If you have any queries or complaints relating to this Notice or otherwise relating to misuse or suspected misuse of their personal information, customer may contact the Bank.

13. If you do not want us to further disclose your name, contact particulars and/or non-financial information to any company within GHD or the said third parties for the purposes of cross-selling and/or if you do not want to be contacted by the Bank or the said third parties for the sale or promotion of any products or services via the posting of any promotional and/or marketing materials, please write to: Email : [email protected] 

14. The Bank reserves the right to amend this Notice at any time and will place notice of such amendments on the Bank’s website or via any other mode the Bank views suitable. 

15. Nothing in this Notice shall limit the rights of customers or the Bank under the Personal Data Protection Act 2010. 

16. Where the customer is a partnership or other unincorporated body of persons, the giving of this Notice addressed to the partnership or the unincorporated body of persons shall be deemed as notice given to all the partners or office-bearers (as the case may be) of such customer whose data are collected and/or processed by the Bank for the purposes as stated herein. In this regard, the customer warrants that the customer has obtained the consent of all such individuals to the provision of their data to the Bank for the foregoing purposes and for disclosure to such parties as stipulated above and the customer undertakes to extend a copy of this Notice to all such individuals, which expression shall include all such existing and new partners or office-bearers (as the case may be) of the customer from time to time. 

17. Aside from customers, this Notice shall also apply (as the context shall require) in relation to the usage, processing and disclosure of the data of any other individual who is not a customer but whose data is required to be collected by the Bank by reason of, or incidental to, the provision of any banking accounts, services and/or facilities by the Bank to its customers, whether the customer concerned is another individual(s) or is a company, business entity or organisation. In this regard, the customer confirms and warrants that the customer has obtained the consent of such individuals to the provision of such data to the Bank for the foregoing purposes and for disclosure to such parties as stipulated above. Your continued usage of the banking accounts, services and/or facilities is deemed consent for the Bank to collect, process and store the data in accordance with the above. Failure to consent to the above may result in the Bank being unable to open, establish, continue or provide the banking accounts, services or facilities to you.