FAQ

TH Privacy Notice

Can I request to access my personal data?

Yes, TH will allow you to access your existing personal data in TH storage system.

Can someone else make a request to access my personal data?

There are several conditions that allow others to access your personal data, namely:

  • If you are below the age of 18 years, only legitimate account custodian is allowed
  • Other entities within TH such as its subsidiaries, and its associates
  • Agents and our service provider with whom we have contractual agreements for some of our functions, services and activities.
  • Our strategic partner and advisor / consultant.
  • Enforcement agencies, regulatory and government, as permitted or required by law, allowed by any court or to fulfil obligations to regulatory authorities.
  • Party authorized by you.
Can TH deny my request to access my personal data?

TH can only deny your request to access your personal data when there is insufficient information to confirm your identity.

Does PDPA protect my Personal Data that is transferred to a party outside Malaysia?

Yes, if your personal data is processed in Malaysia, and it is transferred to a party outside Malaysia, it will be covered under PDPA. However, PDPA will not protect personal data processed outside Malaysia.

How long TH can keep my personal data?

TH will only retain your personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal requirements and regulations as well as TH internal requirements.

How TH protects my personal data?

TH is taking comprehensive measures to ensure your personal data security and confidentiality is protected via physical security, technical and IT process requirement.

What are my rights as a depositor / Individual / Data Subject under the PDPA?

Your rights are as follows:

  1. The right to be informed whether your personal data is processed by TH;
  2. The right to access personal data;
  3. The right to rectify personal data;
  4. The right to withdraw consent for processing personal data;
  5. The right to prevent the processing of personal data that is likely to cause damage or distress; and
  6. The right to prevent from processing personal data for direct marketing purposes.
What happens if I do not give my consent?

Failure to provide your personal data or withdraw your consent to allow TH to process your personal data, it may cause TH unable to provide the products and services which are related to you in an effectively and continuously manner. If you do not give consent to TH for marketing purposes, TH will stop sending you the marketing material for your products and services. However, TH may still use your personal data for purpose of providing the products or services that you have signed up for or fulfilling any other contractual obligations, and for legal or regulatory purposes.

What is Personal Data Protection Act (“PDPA”)?

PDPA is an act enacted by the Malaysia Government and was established on 15 November 2013 to protect individual personal data and sensitive personal data in commercial transaction. PDPA has seven principles of information management practices that must be adhered, namely: -

  1. General Principle;
  2. Notice and Choice;
  3. Principle of Disclosure;
  4. Principle of Security;
  5. Principle of Storage;
  6. Principle of Data Integrity; and
  7. Principle of Access
What is Personal Data “processing”?

PDPA defines “processing” as the collection, recording, handling, storing, organizing, modifying, disclosing and destroying of personal data information. By only reading or accessing information is already considered as “processing”. Example of activities that is considered as “processing” include:

  1. Collection of data using forms, via phone or the website;
  2. Data publication;
  3. Selling of data;
  4. Using data for administrative purposes;
  5. Using data for marketing purposes;
  6. Recording of data;
  7. Disclosing of data to other organizations; or
  8. Destroying of data.

FAQ

TH Privacy Notice

Can I request to access my personal data?

Yes, TH will allow you to access your existing personal data in TH storage system.

Can someone else make a request to access my personal data?

There are several conditions that allow others to access your personal data, namely:

  • If you are below the age of 18 years, only legitimate account custodian is allowed
  • Other entities within TH such as its subsidiaries, and its associates
  • Agents and our service provider with whom we have contractual agreements for some of our functions, services and activities.
  • Our strategic partner and advisor / consultant.
  • Enforcement agencies, regulatory and government, as permitted or required by law, allowed by any court or to fulfil obligations to regulatory authorities.
  • Party authorized by you.
Can TH deny my request to access my personal data?

TH can only deny your request to access your personal data when there is insufficient information to confirm your identity.

Does PDPA protect my Personal Data that is transferred to a party outside Malaysia?

Yes, if your personal data is processed in Malaysia, and it is transferred to a party outside Malaysia, it will be covered under PDPA. However, PDPA will not protect personal data processed outside Malaysia.

How long TH can keep my personal data?

TH will only retain your personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal requirements and regulations as well as TH internal requirements.

How TH protects my personal data?

TH is taking comprehensive measures to ensure your personal data security and confidentiality is protected via physical security, technical and IT process requirement.

What are my rights as a depositor / Individual / Data Subject under the PDPA?

Your rights are as follows:

  1. The right to be informed whether your personal data is processed by TH;
  2. The right to access personal data;
  3. The right to rectify personal data;
  4. The right to withdraw consent for processing personal data;
  5. The right to prevent the processing of personal data that is likely to cause damage or distress; and
  6. The right to prevent from processing personal data for direct marketing purposes.
What happens if I do not give my consent?

Failure to provide your personal data or withdraw your consent to allow TH to process your personal data, it may cause TH unable to provide the products and services which are related to you in an effectively and continuously manner. If you do not give consent to TH for marketing purposes, TH will stop sending you the marketing material for your products and services. However, TH may still use your personal data for purpose of providing the products or services that you have signed up for or fulfilling any other contractual obligations, and for legal or regulatory purposes.

What is Personal Data Protection Act (“PDPA”)?

PDPA is an act enacted by the Malaysia Government and was established on 15 November 2013 to protect individual personal data and sensitive personal data in commercial transaction. PDPA has seven principles of information management practices that must be adhered, namely: -

  1. General Principle;
  2. Notice and Choice;
  3. Principle of Disclosure;
  4. Principle of Security;
  5. Principle of Storage;
  6. Principle of Data Integrity; and
  7. Principle of Access
What is Personal Data “processing”?

PDPA defines “processing” as the collection, recording, handling, storing, organizing, modifying, disclosing and destroying of personal data information. By only reading or accessing information is already considered as “processing”. Example of activities that is considered as “processing” include:

  1. Collection of data using forms, via phone or the website;
  2. Data publication;
  3. Selling of data;
  4. Using data for administrative purposes;
  5. Using data for marketing purposes;
  6. Recording of data;
  7. Disclosing of data to other organizations; or
  8. Destroying of data.