1. Introduction to this Privacy Policy

1.1. The Grand Treasure Website Privacy Policy (“Grand Treasure Website Privacy Policy”) describes how Grand Treasure Sdn. Bhd. (“Grand Treasure”) and its affiliates (collectively or individually, “Grand Treasure”, “we” or “us”) collect, use, disclose, store and/or process the personal data we collect and receive during the course of providing the services at the Grand Treasure website (including the website and relevant mobile applications) (“Grand Treasure Sdn Bhd Website”) and/or access to the Grand Treasure Website to you.

1.2. This Grand Treasure Payments Privacy Policy (which supplements the Grand Treasure Website Privacy Policy) applies specifically to your access and use of credit facility products, features and services which may be offered by or through any third party licensed partners with whom Grand Treasure cooperates and the lenders registered with such partners (hereinafter collectively referred to as the “Partners”, and individually as a “Partner”), as specified on Grand Treasure Website from time to time depending on the relevant Credit Facility Services that you apply for and/or obtain through Grand Treasure Website. The Credit Facility Services are available on or accessible through Grand Treasure Website, which is a mobile application managed by Grand Treasure that provides Product buying and selling services for Users (“Grand Treasure Application”).

1.3. This Grand Treasure Payments Privacy Policy complements and should be read together with the applicable terms and conditions (“Service Terms and Conditions”), which may include the Grand Treasure Website Terms & Conditions, any agreement in connection with the Credit Facility Services that may be entered into by the User, Grand Treasure and the Partners (either by all three or several of them with or without other parties), as well as any documents or information notices referring to this Grand Treasure Payments Privacy Policy, and is not intended to override them unless we state expressly otherwise. Please refer to the applicable Service Terms and Conditions made available to you within the specific service to learn which entity is offering the Credit Facility Services to you. It remains your responsibility to carefully and regularly review the applicable terms and conditions of the relevant Credit Facility Services, as well as to conduct your own due diligence on the relevant Partners providing such Credit Facility Services to whom your data is disclosed by Grand Treasure in connection with such services.

1.4. Capitalized terms used in this Grand Treasure Payments Privacy Policy but not defined here shall have the meaning ascribed to them in Grand Treasure Website Terms and Conditions, including the applicable Service Terms and Conditions and the Grand Treasure Website Privacy Policy. “You” and “your” shall refer to the User who has accessed, applied / registered for and/or used the Credit Facility Services.

1.5. Your use of the Credit Facility Services is subject to the Grand Treasure Website Privacy Policy as supplemented by this Grand Treasure Payments Privacy Policy, which sets out how your Personal Data may be collected, used, retained, disclosed or otherwise processed for the purposes as described below.Unless the context requires otherwise, the rights and obligations set out in the Grand Treasure Website Privacy Policy for website services apply equally to the matters described in this Grand Treasure Payments Privacy Policy in relation to the Credit Facility Services.

1.6. Credit Facility Services Provided by our Partners: When you use or access any of the Credit Facility Services provided by one or more of our third-party Partners, our Partners may require your Personal Data in order for them to provide the Credit Facility Services to you. Through the Grand Treasure Website, we may assist by collecting such information on behalf of our Partners, or disclosing such information to our Partners, in each case in accordance with applicable laws and regulations and as consented by you. These Partners are independent third parties, and therefore the collection, use, retention, processing and disclosure of your Personal Data will be subject to the applicable privacy policies and terms and conditions of our Partners.

1.7. By accessing, applying / registering for and using the Credit Facility Services, you are deemed to have read, understood and given your consent to the collection, use, retention, processing and disclosure of your Personal Data as described below, including the transfer of your personal data outside the territory of Malaysia.

2. Collection of Personal Data

2.1. When you apply to access or use the Credit Facility Services, and/or in the course of your access or use of the Credit Facility Services, depending on the services that you apply to use and/or use, we may collect Personal Data directly or indirectly from you or other third parties (in addition to the information listed in the Grand Treasure Website Privacy Policy), as follows:

(a) Personal and Contact Information, which may include information on your residential or shipping addresses, marital status, gender, date and place of birth, nationality, email address, educational background, names of representatives or authorised persons/directors acting on your behalf, number of family members and children, spouse, emergency contacts, social media accounts.

(b) Identity Information, which may include your photograph, government-issued identification card documents and/or numbers (e.g. identity card number, passport or other travel documents); and where applicable, additional information for verification purposes (e.g. proof of your address).

(c) Past and Present Employment information, which may include information such as your occupation, employer’s name, employer organisation type, industry sector, job function and responsibilities, designation, salary.

(d) Financial details, which may include bank account details, proof of income, information on your loans including any credit limits, loan repayment history, information regarding your risk profile, credit rating and solvency, information in accordance with any declaration of suitability, suitability of transaction and any other financial details.

(e) Technical Data, which may include information obtained from your computer, mobile device or other item of hardware through which you access and use the Credit Facility Services (such as your IP address, geographical location, device identification codes and other features/data that can be used to identify a device, browser/website type and version, internet service provider, operating system, referral source/exit pages, length of visit/usage, page views and other device information derived from your devices).

(f) Sensitive Data, which may include biometric data (such as facial image data), information contained in the national ID card (such as race or religious beliefs). We will only collect your Sensitive Data on the basis of your explicit consent, or when it is our legal obligation to achieve the substantial public interest and/or where permitted under applicable laws.

(g) Information that Grand Treasure deems necessary to facilitate the provision of the Credit Facility Services to you, which includes information necessary to operate your account, and/or to fulfil Grand Treasure’s obligations under applicable laws.

(h) Other information necessary for our Partners to provide and operate Credit Facility Services and make decisions in relation to Credit Facility Services (such as to assess your credit rating, solvency or eligibility to receive Credit Facility Services or with respect to the extension or adjustments of installments, credit or loans) or to fulfil our Partners’ obligations under applicable laws.

(i) Information about you from your use of the Grand Treasure Website, the Grand Treasure Application and/or Credit Facility Services, which may include information about your purchasing behaviour and information that we and/or our Partners receive when making service decisions for you.

(j) Business information, which may include information contained in a business registration certificate, tax registration form, shareholder list, information about head office / branch number.

2.2. We have taken steps to ensure that we do not collect more Personal Data from you than is necessary for us to take pre-contractual steps as required or initiated by you, or to comply with our contractual obligations owed to you and/or our Partners, to serve the purposes set out in Section 3 of this Grand Treasure Payments Privacy Policy, to protect your account, to minimise and prevent fraud, to prevent or suppress a danger to any person’s life, body or health, to comply with our legal obligations, to perform a task carried out in the public interest or that is necessary for the exercising of official authority, to protect your and our legal rights, to proceed with establishment, compliance, exercise or defense of legal claims, to achieve our legitimate interest or that of other persons, and to operate our business.

2.3. Your provision of your Personal Data is voluntary. However, if you choose not to provide information as requested, we may not be able to provide you with products or services as applicable.

3. Use of Personal Data

3.1. In addition to the uses listed in the Grand Treasure Website Privacy Policy, we may use your Personal Data to facilitate the provision of Credit Facility Services to you and also for other business activities of Grand Treasure, which may include, without limitation, the following purposes:

(a) Processing, managing or verifying your application to be a user of the Credit Facility Services, which may include:

(i) Verifying your identity.

(ii) Verifying the information provided by you.

(iii) Performing reference searches in information that you provide to us or information about you from third parties.

(iv) Making or assisting in making decisions regarding your application to be a user of the Credit Facility Services (including, but not limited to, decisions related to customer due diligence) or to legally use any of the features and functions of the Credit Facility Services.

(v) Maintaining and managing your registration as a user of the Credit Facility Services.

(b) Providing you with customer support related to your use of the Credit Facility Services, which may include:

(i) Administering and facilitating your use of the Credit Facility Services.

(ii) Validating, processing, managing and/or completing your transactions and/or your loan application, withdrawal, disbursements and/or repayment (as approved by the relevant Partner).

(iii) Sending you notifications about your transactions and/or your loan application, withdrawal, disbursements and/or repayment (as approved by the relevant Partner).

(iv) Responding to your requests, queries, feedback, claims or disputes.

(c) For risk assessment and operational administration purposes, which may include:

(i) Managing risk, performing creditworthiness and solvency checks, or assessing, detecting, investigating, preventing and/or remediating fraud or other potentially prohibited or illegal activities and otherwise protecting the integrity of the Credit Facility Services.

(ii) Obtaining your geolocation to verify service availability.

(iii) Notifying you of any service issues and/or unusual account actions or transactions.

(iv) Maintaining and providing any software updates and/or other updates and support that may be required from time to time to ensure the smooth running of the Credit Facility Services.

(v) Dealing with or facilitating customer service, carry out your instructions, deal with or respond to any questions raised by (or purportedly asked by) you or on your behalf.

(vi) Contacting you or communicating with you and any contacts you share with us by mobile and internet telephone calls, text messages, emails and/or postal mail or other means for the purpose of maintaining and/or managing your relationship with us or your use of the Credit Facility Services.

(vii) Detecting, investigating, preventing, remediating and/or enforcing our rights in relation to any actual or suspected violations of the service terms and conditions, any applicable internal policies, relevant industry standards, guidelines, laws or regulations.

(viii) Assessing and verifying your compliance with the terms and conditions of the Credit Facility Services.

(ix) Performing audits, research, statistical analysis or surveys, whether orally or in writing, in order to manage and protect our business, including our information technology infrastructure, to measure the performance of the Credit Facility Services and to enhance your satisfaction with the Credit Facility Services.

(x) Implementing, supervising, managing, and analysing Credit Facility Services, including for the improvement of such services or development of new products and services.

(xi) Analyzing trends, usages and other behaviour (whether on an individualized or aggregated basis), which helps us better understand how you and our collective user base access and use the Credit Facility Services and the underlying commercial activities, including for purposes of improving the Credit Facility Services and responding to User queries and preferences.

(xii) Enabling any due diligence and other appraisals or evaluations in connection with any proposed purchase, financing transactions or joint ventures, merger or acquisition of any part or the whole of our business, or in the event of any restructuring, reorganisation, dissolution or other sale or transfer of some or all of Grand Treasure’s assets (whether as a going concern or as part of bankruptcy, litigation or similar proceedings), including in situations where your personal data is among the assets transferred provided that we satisfy the requirements of applicable data protection law.

(d) For purposes of facilitating debt collection by our Partners, which may include information of an ‘urgent contact person’ or ‘emergency contact person’ who may be contacted should you be unreachable. Such information would include their name, contact details, and relationship to you.

(e) For purposes of detection, prevention and prosecution of crime such as fraud, money laundering, and terrorism financing, including in relation to Grand Treasure’s and the Partner’s obligations under any applicable laws, regulations, guidelines or notices issued by any government or regulatory authority as follows:

(i) Making such disclosures and/or reporting as may be required by any law or regulation of any country applicable to us, the Partners or each of our and their respective affiliates, government official or other third parties, including any card association or other payment network. Disclosures may also be made pursuant to any subpoena, court order, regulatory requests or reporting obligations or other legal process or requirement in any country applicable to us, the Partners and each of our and their respective affiliates.

(ii) Making any such disclosure as may be authorized by applicable laws to prevent any harm or financial loss, to report any suspected illegal activity or to deal with any claim or potential claim brought against Grand Treasure.

(f) For purposes of running promotional campaigns, loyalty or rewards program relating to Grand Treasure Credit Facility Services.

(g) Any other legitimate business purposes, such as to store, host, or back up your personal data for operational, legal or business purposes (whether within and/or outside of your jurisdiction to the extent permissible under the applicable laws and regulations), to protect you and other users of the Credit Facility Services from losses, to protect lives, to maintain the security of our systems and products, and to protect any of our other rights and/or properties.

(h) We may also use your Personal Data in other ways for which we provided specific notice at the time of collection or for which you have subsequently consented. We may also conduct automated-decision making processes in accordance with any of the purposes herein mentioned in this Section 3.

3.2. Partner Services: As described in Section 1.6 above, where you have requested to use or in the course of using the services provided by the Partners (including any Credit Facility Services provided by such Partners on or through Grand Treasure Application) (“Partner Services”), your Personal Data will be shared with Grand Treasure, the Partners and any other third party vendors that may cooperate with Grand Treasure and/or the Partners in connection with the Credit Facility Services (such as third party vendor providing KYC or credit check services). The Partner’s use of your Personal Data is not governed by this Grand Treasure Payments Privacy Policy. You agree that any data protection related concerns relating to the Partner’s Services shall be directed to the party named in the applicable Partner’s privacy policy.

4. Disclosure/Sharing of Personal Data

4.1. In order to carry out the purposes set out in Section 3 above, we may need to provide your Personal Data to various parties. These parties may include, but are not limited to:

(a) those as referred to in the Grand Treasure Website Privacy Policy and this Grand Treasure Payments Privacy Policy for the purposes described in this policy, including the Partners providing the Credit Facility Services;

(b) the Grand Treasure Group and its subsidiaries and companies affiliated with the Grand Treasure Group;

(c) our agents, contractors, professional advisers or third-party service providers which we engage to support our business and services made available on Grand Treasure Website and who are under a duty of confidentiality to us (such as providers of SFAI Audit or fraud checks services);

(d) certain Insurance Service providers and/or Credit Bureau Operators in collaboration with our Partners;

(e) merchants and other organizations, such as card associations, payment networks, payment gateways, payment agents or financial institutions, to whom or through, from, to and for which payments are made using the Credit Facility Services, or such other entities to enable your use of the Credit Facility Services;

(f) third party financial institutions, banks, non-banks, collection agents and credit agencies (including credit bureaus, alternative credit scoring agencies and any other credit reporting organisations);

(g) professional advisers, law enforcement agencies, insurers, government and regulatory authorities or any other organizations to which we and/or the Partners are under an obligation to make disclosures under the requirements of any applicable law, regulation or commercial arrangement, including arrangements with any card association or payment network;

(h) entities involved in any merger, acquisition, financing transaction, business collaboration, or joint venture with us; and

(i) parties who have a kinship relationship with you, including parents, spouses, relatives or parties authorised by you in the event that you are unable to handle your own affairs due to certain reasons.

4.2. The User understands and agrees that Grand Treasure may transfer or permit the transfer of User’s Personal Data outside the territory of Malaysia for any purpose specified in this Grand Treasure Payments Privacy Policy.

4.3. In some situations, you may provide Personal Data of other individuals (such as your spouse, family members or friends) to us. For example, you may add them as your “urgent contact” or “emergency contact”. If you provide us with their Personal Data, you represent and warrant that you have obtained their consent for their Personal Data to be collected, used and disclosed as set out in this Grand Treasure Payments Privacy Policy, including the transfer of your personal data outside the territory of Malaysia.

5. Security Measures and Retention

5.1. We take all reasonable steps and precautions, including technical, administrative and physical safeguards, to help protect your Personal Data against loss, misuse and unauthorized access, disclosure, alteration and destruction.

5.2. We recommend that you do not divulge your password to anyone. Our personnel will never ask you for your password through any means. If you share a computer or a mobile device with others, you should not save your log-in information (e.g., user ID and password) on that shared device.

5.3. We keep your Personal Data as long as reasonably necessary to fulfil the purposes for which your Personal Data is collected and processed unless a longer retain period is required or allowed by law and to comply with legal obligations under the applicable laws. Once your Personal Data is no longer necessary for the Credit Facility Services or purposes set out in Section 3, or we no longer have a legal or business purpose for retaining your Personal Data, we will take steps to erase, destroy, anonymise or prevent access or use of such Personal Data for any purpose other than compliance with this Grand Treasure Payments Privacy Policy, or for purposes of safety, security, fraud prevention and detection, in accordance with the requirements of applicable laws.

6. Changes to this Policy

6.1. We may update this Grand Treasure Payments Privacy Policy from time to time. Any changes we make to this Grand Treasure Payments Privacy Policy in the future will be reflected on this page and material changes will be notified to you. Where permissible under local laws, your continued use of the Credit Facility Services, or express consent thereto, following the modifications, updates or amendments to this Grand Treasure Payments Privacy Policy (whether or not you have reviewed such document) shall constitute your acknowledgment and acceptance of the changes we make to this Grand Treasure Payments Privacy Policy. You agree that it is your responsibility to review and check the Grand Treasure Payments Privacy Policy frequently to see if any updates or changes have been made to this Grand Treasure Payments Privacy Policy.

7. Other Matters

7.1. Other matters, such as your data subject rights, choices and means to limit the processing of your Personal Data (including Personal Data of other individuals who may be identified from your Personal Data), retention period, security of your Personal Data and contact details for questions, feedback, concerns, suggestions or complaints, that are set out in the Grand Treasure Website Privacy Policy apply equally to the processing of the Personal Data in connection with the Credit Facility Services, unless otherwise stated.

8. Language

8.1. This Grand Treasure Payments Privacy Policy is made in English Language only. If others texts available in future, which are equally original. In case of any inconsistency or different interpretation between both texts, the English language shall be deemed to be automatically amended to conform with and to make it consistent with the relevant others text.