NOTICE UNDER THE PERSONAL DATA PROTECTION ACT 2010

The Personal Data Protection Act 2010 (“the Act”), which regulates the processing of personal data in commercial transactions, applies to us.

We, Eastspring Investments Berhad, take the privacy and protection of your personal data seriously.We, Eastspring Investments Berhad, take the privacy and protection of your personal data seriously.

So, we’ve set out the below information about our processing of your personal data by us or on our behalf, what rights you have, and how you can get in touch if you want to know more.

When we say “personal data”, we mean information about you, such as your name, date of birth and contact details. We collect personal data from you that is necessary for us to either provide you with the product or service you’ve requested or to comply with statutory or contractual requirements. In order to enable us to deal with your inquiries, open and operate an account / investment for you and / or to generally provide you with our products and services, we may need to and / or may be required to collect, record, hold, use, disclose and store (i.e. “process”) personal information and financial information about you.

For the purpose of this written notice (“Notice”), the terms “personal data” and “processing” shall have the same meaning as prescribed in the Act.

We may change this Notice from time to time by updating our Notice on our website. We encourage you to check our Notice from time to time on our website, as the version of our Notice which is displayed on our website takes precedence over all previous versions of our Notice.

Part A – Personal data we process

  1. personal and contact details, such as title, full name, contact details and contact details history;

  2. travel document information;

  3. payment information including but not limited to bank account information;

  4. your date of birth, gender and/or age;

  5. your nationality, NRIC or other identity copies and details (if relevant to the product or service);

  6. family members’ information (if relevant to the product or service);

  7. records of your contact with us such as via the phone number of our customer service centre and, if you get in touch with us online using our online services or via our smartphone app, details such as your mobile phone location data, IP address and MAC address;

  8. products and services, you hold with us, as well as those you have been interested in and have held and the associated payment methods used;

  9. analysis of data relating to marketing made to you, including history of communications and whether you open them or click on links;

  10. information we obtained from third parties, including information about instances of suspected fraud and usage history;

  11. biometric data including but not limited to your voice pattern, fingerprint and facial images, and your location information based on your device;

  12. specimen signature as well as digital or electronic signatures as defined under applicable laws and regulations;

  13. personal data which we obtain from credit reference agencies and fraud prevention agencies, including public (for example, defaults) and shared credit history, financial situation and financial history;

  14. fraud, debt and theft information, including details of money you owe, suspected instances of fraud or theft, and details of any devices used for fraud;

  15. criminal records information, including alleged offences;

  16. financial details about you, such as your salary and details of other income, details of your savings, details of your expenditure, and payment method(s);

  17. information about your employment status (if relevant to the product or service);

  18. your residency and/or citizenship status;

  19. your marital status, family, lifestyle or social circumstances (if relevant to the product or service). For example, the number of dependents you have or if you are a widow or widower;

  20. information we buy or rent from third parties, including demographic information, details of outstanding finance, marketing lists, publicly available information, and information to help improve the relevance of our products and services;

  21. insights about you and our customers gained from analysis or profiling of customers;

  22. tax information (if relevant to the product or service). For example, for investment accounts.

Part B – Where we get your personal data

We’ll collect personal data from the following general sources:

  1. from you directly, through all application/registration forms, and any information from family members, associates or beneficiaries of products and services;

  2. information generated about you when you use our products and services;

  3. from a broker or other intermediary (for example, our authorized distributors/unit trust agents, business partners) who we work with to provide products or services or quote to you, subject to your prior consent;

  4. Prudential Group companies if you already have a product with them, have applied for one or have held a one previously;

  5. cookies, location services, IP addresses when you visit our website or mobile app or when you fill up contact us forms within our website or app;

  6. third parties connected with you, such as employers, joint account holders, security providers, guarantors and indemnitors, subject to your prior consent

  7. third parties such as insurance companies, agents, lawyers, vendors, financial institutions, courts, regulatory authorities or public records;

  8. questionnaire and contact details when you attend surveys, investor conferences, roadshows, competitions, promotions or when you update contact us form on our website;

  9. from other sources such as fraud prevention agencies, credit reference agencies, other lenders, publicly available directories and information (for example, telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist in prevention and detection of crime, police and law enforcement agencies; and

  10. we buy or rent information about you or customers generally from third parties including demographic information, vehicle details, claims history, fraud information, marketing lists, publicly available information and other information to help improve our products and services or our business; and

  11. from such other sources in respect of which you have given your consent to disclose information relating to you and/or where not otherwise restricted.

Part B.1 – Cookie Policy

Our Site (“Site”) uses cookies to distinguish you from other users of our Site. This helps us to provide you with a good experience when you use the Site and also allows us to improve our Site. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is stored on your computer’s hard drive. You have the ability to accept or decline cookies by modifying the setting in your browser. If you would like to do this, please see the help menu of your browser.


We use the following types of cookies:

  1. Strictly necessary cookies. These are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to log into our secure Site;

  2. Analytical / performance cookies. These allow us to recognise and count the number of visitors to our Site and to see how visitors move around our Site when they are using it. This helps us to improve the way our Site works, for example, by ensuring that users are finding what they are looking for easily; and

  3. Functionality cookies. These are used to recognise you when you return to our Site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

  4. Third Party Cookies. These are cookies that are set by a domain other than that of the website being visited by the user and we don’t have any control on these cookies. If a user visits a website and another entity sets a cookie through that website, this would be a third-party cookie. These cookies may be set by third party providers whose services we have added to our pages. You may change your browser settings to restrict personal data collection by these third-party cookies.

By continuing to use the Site, you accept to the use of cookies as outlined above.

Part C – How we use your personal data and why

We, Eastspring Investments Berhad, the Prudential Group and our Business Partners, will use the personal data you provide to us, together with other information, where relevant, for the following purposes (“Purposes”):

Purpose

Legal basis for processing

The administration of our products and services, including to enable us to perform our obligations to you and to provide any relevant services as discussed with you prior to any purchase of a product or service.

Necessary for the performance of our contract with you or in order to take steps prior to entering into a contract with you.

Carrying out checks using agencies such as credit reference agencies, tracing companies, or publicly available information (see Part D for more).

To assess your application(s) / request(s) for our products and services

To communicate with you, including the but not limited to notify you about benefits and changes to the features of our products and services and to administer offers and competitions

Necessary for the performance of our contract with you. After our contract is complete, our legitimate interests in maintaining and developing our relationship with you.

Provision of customer services – like to reply to a question, complain, tell you that something’s changing or to generally resolve disputes.

To better manage our business and your relationship with us, including to understand your current and future investment needs and your financial situation

Automated decision-making or profiling (see Part E for more).

Keeping your information on record and carrying out other internal business administration

To conduct market surveys and trend analysis;

To update, consolidate and improve the accuracy of our records

Transfer or assign our rights, interests and obligations under any of your agreements with us

To conduct internal activities including audit, compliance and risk management purposes

Complying with any regulatory or other legal requirements.

Compliance with our legal obligations.

For meeting the requirements to make disclosure under the requirements of any laws binding on and for the purposes of any guidelines issued by regulatory or other authorities with which Eastspring Investments Berhad or any of its branches and any of Eastspring Investments Berhad’s holding companies, subsidiaries, affiliates, representatives are expected to comply;

To conduct anti-money laundering checks; for crime detection, prevention and prosecution; to comply with any sanction requirements

For the purpose of enforcing our legal rights and / or obtaining legal advice

Design and provide you with information on our and third party products, services and offers which may be of interest to you.

Our legitimate interests in designing and improving our products, provide value added services, developing our business and gaining insight into how our products are used.

Conduct research and statistical analysis (including use of new technologies).

For other legitimate business activities

For such other purposes directly related to the foregoing

In addition, we, Eastspring Investments Berhad, the Prudential Group and our Marketing Partners, will use the personal data you provide to us, together with other information, to send you direct marketing offers and promotions by electronic and non-electronic means including by post, as well as sending you introductions to products and services from carefully selected third parties also by post. Please see part I for further details. Our legal basis for this processing is based on your consent.

Who we share your personal data with and why

We’ll share your personal data to the following parties:

  1. Companies and / or organisations that act as our agents, affiliates, business partners, subsidiary(ies), shareholders and its related companies, and / or professional advisers;

  2. Companies and / or organisations (including but not limited to custodians, trustees, distributors, brokers) that assist us in processing and / or otherwise fulfilling transactions that you have requested;

  3. Companies and / or organisations that assist us in providing value added services that you have requested;

  4. your advisers and / or agents (including but not limited to brokers, auditors, lawyers, accountants, financial institutions, financial advisers, or other professional advisers), where authorised by you;

  5. any other person notified by you as authorised to give instructions or to use the account(s), investment(s) or products and services on your behalf;

  6. any other agents and / or counterparties that we are required to provide such information to by any laws (including any regulations, guidelines and / or organisations) and / or court orders;

  7. and other third party service providers who provide administrative, telecommunications, computer, payment, printing, redemption or other services to us to enable us to operate our business), industry associations and federations, your joint policy or investment holder, professional advisors, researchers, credit reference agencies, debt collection agencies, financial and partnerships for any of the purposes set out in this Part C; and / or

  8. any other person connected to the enforcement or preservation of any of our rights under your agreement(s) with us.

If you have a joint policy or, the other person may receive your personal data too. If appropriate, we may also pass on your personal data to financial crime prevention agencies, any legal, regulatory or government bodies.

We may process your personal data in a country other than the one in which you reside. To the extent we transfer your personal data, we will use appropriate safeguards and comply with the laws of the country to which your personal data is transferred. Details of the safeguards we use are available on request.

We keep your personal data for a set amount of time

Your personal data will be stored either for as long as you (or your joint policyholder) are our customer and for a period of seven years after the end of the customer relationship, or longer if required by law. There may be specific circumstances where it is necessary for us to retain your personal data for longer (such as when a dispute arises).

Part D – Reference checks

For certain products, we may use approved credit reference agencies, tracing companies, financial crime prevention agencies, or publicly available information, to help us to check your identity, as well as to prevent fraud and money laundering; this may include checks on your current or previous addresses. Results of these may be recorded for future reference.

These checks may also be carried out for a fund investor, joint account holder or person(s) that you provide personal data on. Should we ever lose contact with you, we may use these agencies to verify your address to help us get back in touch.

Any transfer of your personal data will always be done securely.

Part E – We may use your personal data to make automated decisions or profile you

We, Eastspring Investments Berhad, our Business Partners, and our Marketing Partners may use your personal data to make automated decisions affecting you or to conduct other profiling (for example, marketing profiling).


Part F – Use of your sensitive personal data

For certain products or services, we’ll need to process your sensitive personal data, such as information relating to ethnicity and sexual orientation. To the extent that we need your explicit consent to process this kind of personal data in the manner described in Parts C, D, and E, we will provide details of this at the point of collection and seek your consent.

Part G – You’re in control

When it comes to how we use your personal data, you have the right to:

  1. request a copy of your personal data (we have the right to charge a reasonable fee to complete this request) (“ data access”);

  2. request that we correct anything that’s wrong, or complete any incomplete personal data (“ data correction”);

  3. complain to a data protection authority or another independent regulator about how we’re using it;

  4. object to us using your personal data for direct marketing (including related profiling) or other processing based on legitimate interests;

  5. request that provide a copy of your personal data in a structured and commonly used format in certain circumstances1; and

  6. limit how we use your personal data or withdraw your consents (including automated decision making) you have given for the processing of your personal data.

If you currently reside in a EU jurisdiction, additional rights under General Data Protection Regulation (GDPR) may apply. As such, you may:

  1. ask us to delete your personal data if it is no longer needed for the purposes set out in Part A or if there is no other legal basis for the processing.

You are responsible for ensuring that the information you provide us is accurate, complete, not misleading and is kept up to date.

If you want to exercise your rights, or would like an explanation about these rights, we’ve explained how you can get in touch in the Contact Us section. The above rights are subject to the provisions of the Act. We may refuse to comply with a data access request or a data correction request and shall, by notice in writing, inform you of our refusal and the reasons of our refusal.

If you do need to speak to us, it’ll be useful to have to hand that the data controller2 of your personal data is Eastspring Investments Berhad. We may monitor or record calls or any other communication we have with you. This might be for training, for security, or to help us check for quality.

Part H – Acting on someone else’s behalf?

When you give us personal data about another person (or persons), you should have been appointed and authorised by such person to act on their behalf. This includes providing consent to:

  1. our processing of their personal data and sensitive personal data (as we’ve explained in Parts A - G above); and

  2. you are getting any information protection notices on their behalf.

If for any reason you are concerned as to whether you are permitted to provide us with the other person’s information, please contact us at the email address below before sending us anything.

Part I – Direct marketing

We, Eastspring Investments Berhad, our Business Partners, and our Marketing Partners will still send you information by post about our and the Prudential Group’s products and services and carefully selected third parties.

Additionally, from time to time, we, Eastspring Investments Berhad and the Prudential Group would like to contact you by electronic means with details about products, services and any special offers. We will only do this if you have consented to us contacting you by electronic means.

And if you change your mind, and / or you would like to opt-out of receiving non-electronic direct marketing, it’s easy to let us know. Just use one of the options in the Contact us section.

Part J – Language

In the event of any inconsistency between the English version and the Bahasa Malaysia version of this Notice, the English version shall prevail over the Bahasa Malaysia version.

Contact us

If want to exercise your rights in Part G or if you require any other information about any other part of this notice, you can contact us in several different ways.

Write to our Data Protection Officer at:

Eastspring Investments Berhad
Level 22, Menara Prudential
Persiaran TRX Barat
55188, Tun Razak Exchange
Kuala Lumpur, Malaysia

Email our Data Protection Officer at:

eastspring.my.data.privacy@eastspring.com

Or visit:

www.eastspring.com