Privacy Policy

We are committed to protecting the confidentiality of your personal information.

1.  General Information

  1. FinDoc Sdn Bhd is a subsidiary of CY Academy fintech company which specializes in providing its users with embedded and seamless end-to-end access to financial products. FinDoctor is a website and platform operated by us, whereby FinDoctor is a personal finance-focused platform which promotes and offers financial products of banks such as credit cards, personal loans, ASB loans and home loans or home refinance. Moreover, FinDoctor is also a platform which enables banks, property developers and/or automotive distributors/dealers to verify the loan eligibility of their customers.

  2. FinDoctor (collectively referred to as "FinDoctor", "we", "us" or "our") respects and protects your personal information in accordance with the Personal Data Protection Act 2010 (as may be amended from time to time, hereinafter referred to as the "Act"). This policy details how we collect your personal information and ways it is used on our website(s) and mobile application(s), including its usage for the products and services that we provide therein ("Platform"). It also briefs you about the personal data protection measures we have put in place. For the purpose of the Privacy Policy, unless the context requires otherwise, the terms "personal data" and "processing" shall have the meaning prescribed in the Act.

  3. This Privacy Policy describes our gathering, storing, dissemination and processing practices in respect of personal data of individuals through your download of, use and/or access to our Platform and all content, products, services and functionality available at or through the Platform.

  4. Please read this Privacy Policy to understand how we use and process the personal data we have collected or may collect from you.

  5. By providing your personal data and/or using our services, you are consenting to the collection, transfer, manipulation, storage, disclosure, processing of your personal data and other uses of your information only as described in this Privacy Policy as may be modified from time to time by us.

  6. Any changes to this Privacy Policy will be updated to the Platform. Any such revised Privacy Policy will continue to apply to all personal data that has previously been collected as well as information that has been stored or processed on an ongoing basis by us. Therefore, you are encouraged to check the version of the Privacy Policy whenever you visit the Platform for any updates or changes.

  7. If you are under 18, you should ensure that you obtain the consent of your parents or legal guardian before using the Platform. If you are a firm, corporation or entity supplying personal data of your partners, directors, shareholders, employees, officers and/or other persons to us, please do ensure that you have obtained their consent and bring this Privacy Policy to their attention.

  8. If you are incapable of managing your own affairs, for example due to physical or mental incapacity, you should ensure that consent is given by a person who is appointed by a court to manage your affairs or there is a person authorised in writing by you to act on your behalf.

  9. This Privacy Policy is issued in the English and Malay languages. In the event of any inconsistency between these two versions, the English version shall prevail.

2.  Privacy Policy Explanation

  1. This Privacy Policy sets out what kind of personal data is being processed, including but not limited to:

    1. The purposes for which the personal data is being or is to be collected and further processed;

    2. The source of that personal data;

    3. Your right to request access and correction of your personal data and how to contact us with any inquiries or complaints in respect of the personal data;

    4. The persons to whom we disclose or may disclose your personal data;

    5. The choices and means that you may limit the processing of your personal data, including personal data relating to other persons who may be identified from that personal data;

    6. Whether it is obligatory or voluntary for you to supply the personal data; and

    7. Where it is obligatory for you to supply the personal data, the consequences to you if you fail to supply the personal data.

3.  Types and Collection of Personal Data

  1. Personal data refers to all information that relates directly or indirectly to you, including any sensitive personal data and expression of opinion about you. Sensitive personal data refers to any personal data as to your thumbprint or DNA profile, physical or mental health or condition, your political opinions, your religious beliefs or other beliefs of a similar nature, the commission or alleged commission by you of any offence, your expression of opinion, such other sensitive personal data required with your consent, or any other personal data as may be determined by law from time to time.

  2. The personal data collected by us may include but is not limited to the following:

    1. Information you provide to us through using the Platform

      1. Personal Information from you, such as your name, biodata/personal profile, profile picture, contact information, email address, telephone number, age, home/mailing address, location, marital status, education, type of residence, occupation, financial information, income, assets, vehicle registration numbers, and liabilities and passwords provided by you when you create an account for the Platform, and any other information you directly give us through the Platform (including, but not limited to messages that you send through the Platform).

      2. Information about your interactions on the Platform including, your engagement with particular service provider and/or the end users, and the products and services you have sold and/or purchased.

      3. Information necessary to complete a transaction through the Platform, including your name and NRIC/passport number where applicable.

      4. Information such as files, pictures, graphics, videos, audios and/or messages that you store using the Platform.

      5. Working/employment information such as your gross income and company of your employment.

      6. Information from written communications when you provide us feedback or contact us, e.g. your name and e-mail address, as well as any other content included in the e- mail, in order to send you a reply.

      7. Information on photograph or video image, investment and risk preferences in respect of loan, financial and/or investment type products, personal data of family members/next-of-kin, personal data of the beneficiaries or nominees relevant to the processing of loan, financial, insurance/takaful claims, the provision of the loan, financial, insurance/takaful and related products and services.

      8. Such other personal data required with your consent.

    2. Information collected by technology via the Platform

      1. Information from you, including your web browser type, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, user profiles, and/or a date/time stamp for your visit, and, with respect to your mobile phone, the unique device identifier.

      2. Information from third party service providers, with your consent, which may include your profile content or other types of personally identifiable information.

      3. Cookies and URL information to gather information regarding the date and time of your visit and the information for which you searched and viewed. "Cookies" are small pieces of information that a website sends to your computer's hard drive while you are viewing a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on the Platform. Persistent Cookies can be removed by following web browser's directions.

      4. Information from corresponding technologies used in connection with mobile phones, including your device identifier, to record date, time, search and viewing information related to your mobile phone.

      5. Information about how you use and interact with the Platform and the services via third party analytics services which may use Cookies to gather information such as the pages you visited, your IP address, a date/time stamp for your visit and the sites that redirected you to the Platform.

    3. Information from third parties or other sources which you have given your consent to disclose information relating to you and/or where not otherwise restricted.

  3. If need arises, we will obtain explicit consent from you to process sensitive personal data. We may however process personal data without your consent in limited circumstances as permitted by law. For the purposes of taking out a loan, we will inform you when the supply of certain personal data by you is optional or mandatory.

  4. We will start collecting your personal data, once you browse through the Platform and/or fill in any details or information for any application and/or submissions (completed or uncompleted), under the Platform.

  5. You may be requested to furnish your personal data upon application of any services or products available on our Platform.

4.  Uses of Personal Data

  1. By using our products and services, we may collect and use your personal data from you or from the third parties, either to respond to requests that you make, or to aid us in serving you better, for one or more of the following purposes:

    1. To send you information about products and services which we anticipate may be of interest to you.

    2. To enable you to access and use FinDoctor's services, including the conduct of loan and financial business.

    3. To perform our obligations under the written agreement, including customer service, complaints handling, conservation, including any value-added services that are connection but not directly connected to such agreement, where such agreement shall include but not be limited to loan agreement, agency contract, broking arrangements, and employment contracts.

    4. To prevent, investigate, report or otherwise in relation to actual or suspected money laundering, terrorist financing, bribery, corruption, actual or suspected fraud including but not limited to loan/financial/insurance/takaful fraud, tax evasion, evasion of economic or trade sanctions, and criminal activities generally or other unlawful activities.

    5. To conduct research, audit and risk assessment/survey, including statistical/actuarial research or data analytics/study. In the event such data was required for this purpose, your personal data are not to be published, and only figures, statistics and general information in the findings of the study/research are to be published.

    6. To cooperate or assist in investigations undertaken by another banker, lender, insurer, takaful operator, agents and/or any third parties.

    7. To send you administrative e-mail notifications, such as security or support and maintenance advisories.

    8. To administer and manage our services.

    9. To notify users about updates to our services.

    10. To personalize and enhance aspects of our overall service to you and our other users, as well as carrying out research such as analyzing market trends and customer demographics.

    11. To refer you to the loan and/ or financial product(s), and/ or financial institutions (or their authorized representatives) specified by you upon completion of application forms on our website.

    12. To improve and customize the quality of experience when you interact on the Platform.

    13. To communicate with you, in order to verify the personal information provided, or to request any additional information that is essential to fulfilling the service that you have applied for.

    14. For our day to day operations and administrative purposes including account management, billing and collection, audits, reporting and investigations.

    15. To assess and/or verify your eligibility, credibility and/or credit worthiness.

    16. To investigate, process and resolve any service issues, complaints, communications or other enquiries that you may submit to us regarding the Platform.

    17. To maintain records required for security, claims or other legal purposes.

    18. To comply with any guidelines, circulars or directives issued and to cooperate with the Personal Data Protection (PDP) Commission, Bank Negara Malaysia (BNM) or any other relevant authority to conduct an audit, examination or investigation which is authorised under any applicable Malaysian laws or international treaties/agreements affecting us.

    19. For compliance with the requirements of any law, any regulations or guidelines, any present or future contractual or other commitment with any legal, regulatory, judicial, administrative, public or law enforcement body, whether in or outside Malaysia, that are issued by regulatory or other authorities with which we or any other of our group members need or are expected to comply, including but not limited to making any enquiries, any investigation, disclosure or reporting requirements and/or meeting obligations pursuant to such law, regulations guidelines and/or the relevant authorities.

    20. To perform obligations under any lawful scheme of transfer of business.

    21. To process personal data for marketing and promotional purposes by our agents, bankers, financiers, and lenders upon completion of application for loan, whereas you shall have the rights to request us to cease or not begin processing your personal data for purposes of direct marketing.

    22. For handling applications to apply for loan and/or requests for advice and product recommendations.

    23. For regular assessment after application for loan

    24. To establish, exercise or defend a legal claim.

    25. To meet other specific legal or contractual obligation.

    26. For disclosure to third parties.

    27. For discharging regulatory or legislative obligations.

    28. For such other purposes as may be directed or consented by you.

    29. To match personal data held in relation to you for any purposes contained in this Clause.

    30. To conduct investigation on us and our third party service providers for any allegation of fraud, conspiracy, breach of any laws, rules and regulations, codes of practice including this Privacy Policy, misconduct or any unethical behaviours or practices.

    31. For all other purposes in relation to or incidental to the above.

    32. For all the other processing operations mentioned under this Clause.

  2. Any personal data requested, collected, obtained, stored, retained and/or otherwise processed from time to time by us that are directly related to the purposes described under Clause 4.1 above are deemed necessary, and consent (including explicit consent) would be deemed to have been given by you.

  3. All personal data requested by us from you are obligatory unless stated otherwise. The consequences for failing to supply the requested personal data to us may cause us to be unable to perform our obligations to you.

  4. Where you provide personal data of any third party to us (e.g. in respect of any loan related services), or where you name a third party as beneficiary, nominee, trustee, assignee, and personal data is not collected directly from the third party individual himself/herself, consent is deemed to have been given to you to process and disclose the third party individual's personal data to us. The said third party shall be deemed to have given his/her consent (including explicit consent) to the collection, use and disclosure of his/her personal data by you as required under section 6(1) and section 40 of the Act to any categories of persons set out in Clause 6.1 below.

5.  How We Collect Personal Data

  1. We may collect personal data from your visit to the Platform, request for information regarding our services, use of our services, participation in our survey, entry in promotions or programmes organised by us, request for information regarding the Platform, commencement of any business or commercial relationship with us and/or any communication made with us, including proposal forms, claim forms and other documentation completed or provided by you, as well as verbally, e.g. via face-to face, phone calls or electronically.

  2. FinDoctormay collect your personal data from:

    1. You choosing to register and use our online services such as our loan comparison tools or when you sign up for our weekly newsletters.

    2. You requesting for loan eligibility checks or loan pre-approval through our Platform, our mobile application(s) and/or any third parties who uses our technologies.

    3. You applying for products or services from our website.

    4. Third parties we deal with or are connected with you in order to provide you with the services that we offer you through the Platform; to facilitate creation of accounts; to provide technical support and/or to provide other services to us.

    5. Professional advisors including but not limited to legal advisors, tax advisors, financial advisors, auditors, insurance brokers.

    6. Government or other regulatory authorities who have the power and/or authority to disclose such information.

    7. Such other sources where you have given your consent for the disclosure of information relating to you where otherwise lawfully permitted.

  3. The personal data collected including but not limited to information communicated to us when you voluntarily complete an application form on our Platform providing your personal identification. Upon your voluntary provision of such personal information, you agree that you have provided accurate information that will not prejudice the interest of us or of any third parties.

  4. The collection of personal data is necessary to:

    1. Enable us to manage and process your requests for loan eligibility checks, loan pre- approval and/or loan application submission.

  5. You will be deemed to have given your consent (including explicit consent) to the collection, use, disclosure and processing of your personal data by us if you voluntarily provide your personal data to us for any of the purposes above, and it is reasonable that you would do so.

6.  Disclosure of Personal Data

  1. We will process personal data for the purposes stated in Clause 4.1 above and may disclose to the following third parties:

    1. Our subsidiaries and affiliates.

    2. Companies and/or organisations that assist us in processing and/or otherwise fulfilling transactions and providing you with services through the Platform that you have requested or subscribed for.

    3. Companies, corporations and/or entities that act as our service providers, gateway providers, agents, contractors and/or professional advisers.

    4. Law enforcement agencies, government authorities/agencies, courts, tribunals, regulatory bodies and/or statutory agencies or bodies or any other person we are under an obligation or required or expected to make disclosures to detect, prevent, or otherwise address fraud, security or technical issues.

    5. Industry associations and federations.

    6. Doctors, medical specialists, hospitals, clinics or healthcare institutions.

    7. Our business partners and other parties for purposes that are related to the purpose of collecting and using your personal data set out in this Privacy Policy, on a strictly confidential basis.

    8. Banks, credit card companies or other financial institutions for purposes of collection or refund of any monies due or payable.

    9. Banks, lenders, financiers, financial institutions or any related corporations and/or institutions for purposes of promoting their financial products, and to manage, process, compile, collect and/or submit your loan application to them.

    10. Any person permitted by you or, as the case may be, your executor, administrator or legal personal representative.

    11. Information-sharing systems, for purposes of enabling exchange of information between insurers takaful operators in order to facilitate fraud prevention and detection.

    12. Any person to whom disclosure is necessary for the purpose of investigation into any allegation of our and our third party service providers' breach of any laws, rules and regulations, codes of practice, misconduct or unethical behaviours or practices.

    13. Any person to whom the disclosure is necessary for the purposes of investigations under any written law, criminal proceedings or civil proceedings, or any person to whom the disclosure is required to be made under court order.

    14. Any other parties, companies, organizations or individuals outside us when we obtain your consent to do so subject at all times to any laws (including regulations, guidelines and/or obligations) applicable to us.

    15. Individuals or organizations within our parent/holding companies, as well as our subsidiaries and subsidiaries for both our parent/holding companies strictly on a need to know basis.

    16. Bancassurance partners, third party outsourcing service providers, third party call centres, independent insurance/takaful broker, lenders, loan adviser or financial adviser.

    17. Claims investigation companies or loss adjusters/surveyors or other parties necessary to process the personal data for claims purposes.

    18. Our auditors, consultants, lawyers, accountants, fund managers or other professional advisers appointed in connection with our business on a strictly confidential basis, appointed to provide services to us.

    19. Other third party service providers appointed to provide administrative, telecommunications, payment, data processing, data storage or other services to us in connection with the purposes described in Clause 4.1 above.

  2. We shall maintain an internal record of the categories of third parties to which your personal data has been disclosed by us and for what purposes.

  3. We shall be entitled to retain all data and information supplied by you in compliance with this Privacy Policy and/or the terms and conditions of your agreements for the use of the Platform for the duration of your relationship with us, for such period as may be necessary to protect our interests as may be deemed necessary, where otherwise required by the law or relevant regulation.

  4. We are committed to safeguarding your privacy. However, no data transmission over the internet can be guaranteed to be 100% secure. Accordingly, despite our efforts to protect your personal data, we cannot ensure or warrant the security of any information you transmit to us, or to or from our online products or services. All such transmission of information is carried out at your own risk. However, once we receive your transmission, we will make reasonable efforts to ensure its security in our systems.

  5. We will take necessary steps to prevent unauthorised access to, or alteration, disclosure or destruction of the personal data and prevent their accidental loss, destruction, access or other similar risks.

7.  Processing Personal Data for Direct Marketing

  1. We may only process your email address or telephone number for direct marketing purposes, if:

    1. Your consent has been obtained to such use of your personal data at the point of collection of your personal data.

    2. You are informed that the message communicated is a marketing message and the message is limited to products and services offered by us or any third parties, including any loans or credit products of banks and alternate lenders and/or insurance products of insurance companies.

    3. You are informed of the identity of the direct marketing organisation, purpose of collecting your personal data and the persons to whom such personal data will or may be disclosed to.

    4. You are given a clear and simple method of refusing to consent to the use of your personal data for direct marketing purposes at the time your data are collected.

    5. All marketing communications sent to you by way of email will contain an "unsubscribe"/"opt out" option at the end of the email, which allows you the opportunity to choose not to receive such communications or subsequent marketing messages.

  2. Where you register on our Platform to receive marketing messages or news of special offers from us, and provide your personal data in doing so, the online registration form will give you information about the purpose of, and obtain your consent to allow, the use of your data for such marketing purposes.

  3. If our business involves the sending of unsolicited marketing messages to you, whether via voice calls, text messages (including SMS/MMS) or fax, or sharing of your personal data with third parties outside of your group of companies for marketing and promotional purposes, we must check whether the intended recipient has expressly consented to receiving such unsolicited marketing messages from us. If you have indeed provided such express consent (and has not subsequently withdrawn such consent), then the unsolicited marketing message can be sent. Note that the unsolicited marketing message must inform you that the message communicated is a marketing message and contain an option to unsubscribe from such further marketing messages.

8.  Request For Access and Correction of Personal Data

  1. You shall provide and maintain accurate, complete and current data required to register with us. You represent and warrant that all information furnished to us from time to time through the Platform or otherwise is correct, validly issued and legally binding on you.

  2. You have the right to correct your personal data such as name, e-mail address and contact numbers by submitting a request to our data processing officer via one of the following methods, to correct such personal data if it is inaccurate, incomplete, misleading or not up-to-date, except where compliance with a request to such correction is permitted to be refused under the relevant laws and regulations:

    Contact No.:
    +603-7660 0669
    +6016-622 0163

    Email address:
    (Attention it to the 'Data Processing Manager')

    Office address:
    F-3-8 Neo Damansara,
    Jalan PJU 8/1,
    Bandar Damansara Perdana,
    47820 Petaling Jaya,
    (Attention it to the 'Data Processing Manager')

  3. However, we may need to request additional information from you to confirm your identity before making the correction.

  4. You have the right to request details of your personal data that is being processed by or on behalf of us and to have a copy of such personal data communicated to us. We may charge fees prescribed or regulated under the Act for such access request from you.

  5. Upon receipt of your request for correction of your personal data, we will take reasonable steps to rectify the personal data which is inaccurate, incomplete and not up-to-date unless we consider there are justifications for refusing to comply with your request.

  6. Where your personal data has been disclosed to a third party during the twelve (12) months immediately preceding the day on which the your request is made, we will take all practicable steps to supply the corrected personal data that we deem necessary to the third party so that the provision of the loan, financial and related products and services to you is not affected, accompanied by a notice in writing stating the reasons for the correction, unless we have reason to believe that the third party has ceased using the personal data for the purpose, including any directly related purpose, for which the personal data was disclosed to the said third party, or if the disclosure to the said third party was by reason of the third party's own inspection of a register containing the personal data and which is available for inspection by the public.

  7. You are only entitled to have access to your own personal data and personal data relating to your beneficiaries, assignees or trustees, and not to personal data relating to any other person (unless you are authorized by that person). For the avoidance of doubt:

    1. You are not entitled to have access to the information relating to evaluation of your loan and financial claims as that information is considered as confidential commercial information;

    2. Subject to Clause 8.8(c) below, you, other than the policyholders/certificate holders, are only entitled (during the lifetime of such policyholders/certificate holders) to have access to your own personal data and you must first obtain the consent of the policyholders/certificate holders before you make any personal data access request. We have the right to request you to provide evidence to show that such consent has been duly obtained; and

    3. You, other than the policyholders/certificate holders (and where such policyholders or certificate holders are deceased persons), are only entitled to have access to your own personal data and/or the deceased persons' personal data in accordance with the requirements under the applicable laws.

  8. You will be liable for any loss that results from any failure to notify us of such a change as a result of undue delay, your gross negligence or fraud. Where you fail to inform of any change in its address, we shall be discharged from all liabilities upon sending of any notice or document to the last known address.

  9. In the event you may need to provide us with personal data relating to third parties (e.g. spouse or children or where you are the designated person in charge (from an organisation or company) for dealing with us, if you are acquiring and are responsible for a service and/or product that they will use), you confirm that you have obtained their consent or otherwise entitled to provide their personal data to us and for us to use accordingly, and have informed them to read this Privacy Policy.

  10. We reserve the right at any time to satisfy itself as to your identity and personal details provided including for the purposes of preventing fraud and/or money laundering and pending verification, we may withhold your access to your personal data. In addition, at the time of your application or at any time in the future, you authorise us to perform identity verification checks directly or using relevant third parties.

  11. We aim to maintain the Platform in a manner that protects information from accidental or malicious destruction. Because of this, after your information has been corrected, changed or updated on the Platform, we may not immediately delete residual copies from our active servers and may not remove information from our systems.

  12. Your access to most services and content are password protected. Therefore, you are solely responsible for your username and password to access the services and content. You must remember to log off from your account and close the browser window after use so that no unauthorized party can have access. You must not, at any time, divulge your password to any third party.

9.  Limiting, Retaining and Passing On Information About You

  1. FinDoctorkeeps your personal and financial information for only as long as it requires to provide you with our services. If it is deemed appropriate, FinDoctormay share your personal information with third party providers whose products are listed on FinDoctor's Platform. At no point will FinDoctorsell, distribute, or lease your personal information to third parties without your permission, unless required to do so under the law. FinDoctorwill not send you promotional information without your consent.

  2. In the event that we send you any of our information, we will include instructions on how to unsubscribe and a link to do so. If you do not wish to receive further information of a similar nature and/or any information of any kind from us at all, you may directly unsubscribe from this feature by clicking on the "unsubscribe"/"opt out" button which is located at the end of our emails.

  3. Where indicated (e.g. on the Platform, registration/application forms), it is obligatory to provide your personal data to us to enable us to process your application for our services. Should you decline to provide such obligatory personal data or refuse to consent to this Privacy Policy, we may not be able to process your application or provide you with the access and/or services on the Platform.

  4. We will not retain personal data for longer than is necessary for the fulfilment of the purpose for which it was collected unless such retention is necessary for our operational, audit, legal, regulatory, tax or accounting requirements.

  5. We will take all reasonable steps to ensure that all personal data is destroyed or permanently deleted if it is no longer required for the purpose for which it was collected unless such retention is necessary for our operational, audit, legal, regulatory, tax or accounting requirements.

  6. We will obtain your fresh consent if personal data needs to be retained but not used after the period of time needed to fulfil the purposes for which it was collected including for any operational, audit, legal, regulatory, tax or accounting requirements, or after the period of time where there is no longer a need for the personal data to be kept.

  7. Personal data can be retained for a longer period of time if such retention is necessary for the following purposes:

    1. Legal proceedings or a regulatory or similar investigation or obligation to produce the said information;

    2. A crime or misconduct is suspected or detected;

    3. Information is relevant to a company in liquidation or receivership, where a debt is due to us; or

    4. Information is considered to be of potential historical importance including but not limited to the purposes described in Clause 4.1 above.

  8. We will use commercially reasonable endeavours to destroy or anonymise documents containing personal data as soon as the purpose for which the data was collected, or our purpose for keeping the personal data is no longer being served by its retention.

  9. Unless it prevents us from performing out obligations to you or goes against the very purpose that the personal data was given as provided in this Privacy Policy, you may withdraw consent by letting us know in writing in the manner and format as may be prescribed by us. In such instances, we will inform you the consequences of such withdrawal of consent, including termination of any loan, financial, agreement or policy, or that we would be unable to continue providing services to you. You will have to bear all legal consequences arising from such withdrawal of consent and subsequent termination of the loan, financial, agreement, policy and/or certificate.

  10. Upon withdrawal of consent, we are required to, within a reasonable time frame, cease collecting, using or disclosing your personal data.

  11. Notwithstanding withdrawal of consent, we and any information-sharing systems for fraud prevention and detection, including but not limited to the Fraud Intelligence System (FIS), may still retain your personal data that is required for operational, audit, investigation, legal, regulatory, tax or accounting requirements, for example, keeping records of the your product purchases/participation which are reasonably necessary for audit purposes, complying with the various legal or regulatory requirements for keeping books of accounts or customers' records or the handling of potential litigation and future possible cases of underwriting and claims assessment. Such right shall not be prejudiced nor affected by the withdrawal of consent by you.

10.  Security Principle

  1. FinDoctorwill exercise reasonable effort to prevent unauthorised access to, or alteration, disclosure or destruction of the personal data and prevent their accidental loss, destruction, access or other similar risks.

  2. We will put in place key physical measures to protect personal data, such as limiting access to premises, ensuring minimum standards and quality of doors and locks, installing alarms, and closed-circuit television (CCTV) on the premises.

  3. We will ensure that physical files are kept secure all the time and electronic files are backed-up regularly.

11.  Cookies

  1. FinDoctormay use "cookies" to collect information about how our Platform is used, where a small data file is sent to your browser to store and track information about you when you enter the Platform. The cookie is used to track information such as the server your computer is logged onto, your browser type (for example, Internet Explorer or Google Chrome), and whether you have responded to advertisement on our Platform or email. While this cookie can tell us when you enter the Platform and which pages you visit, it cannot read data off your hard disk.

  2. We may process and/or otherwise use information collected from cookies and other technologies, to improve the user experience and the overall quality of the Platform. You may set your browser to block all cookies, including cookies associated with the services on the Platform, or to indicate when a cookie is being set by us. However, it's important to remember that many of the services on the Platform may not function properly if your cookies are disabled.

  3. Like many web site operators, we also use the independent companies to measure and analyse the internet usage across the Platform. This aggregate, non-personal data is collected by such independent companies provided to us to assist in analysing the usage of the Platform.

  4. We also collect Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. We collect and manage IP addresses as part of the service of providing internet session management and for security purposes.

12.  Links to other sites

  1. A link from the Platform to another site(s) does not imply endorsement of that site. We do not control the sites to which our links and assumes no responsibility for their content or privacy policies and/or statements. Therefore, you should carefully review the privacy policy and/or statements and the terms and conditions that apply to any site you access from the Platform. This includes any bank or insurer.

13.  Transfer of your personal data outside Malaysia

  1. It may be necessary for us to transfer your personal data outside Malaysia if any of our service providers or strategic partners ("Overseas Entities") who are involved in providing part of our services are located in countries outside Malaysia or if you use the services from a country other than Malaysia. You consent to us transferring your personal data outside Malaysia in these instances. We shall take reasonable steps to ensure that any such Overseas Entities are contractually bound not to use your personal data for any reason other than to provide the services they are contracted by us to provide and to adequately safeguard your personal data.

14.  FinDoctor's rights to make changes

  1. We reserve the right at any time and at its sole discretion to revise, change, alter or vary the contents of the Platform and/or terms and conditions of use and/or the Privacy Policy as herein contained. The continued use of the Platform following any such revision, change, alteration of variation shall constitute the acceptance of, and agreement to be bound by such revision, changes, alteration and/or variation. At the same time, we will notify you of such revision, modification or change by emails or related push notifications.

15.  Contact Us

  1. If you have any questions or comments regarding our Privacy Policy or how we handle your personal information, kindly contact our data processing officer via one of the methods provided in Clause 8.2. above.

Last Modified Date: 21st October 2022