FWD Takaful Berhad ("the Takaful Operator") is committed to the implementation and compliance with the provisions of the Personal Data Protection Act 2010 of Malaysia ("the Act"). This Notice is issued pursuant to the requirements of the Act. In this context, the Personal Data Protection Officer is responsible for coordinating and overseeing compliance with the Act and the upholding of the Personal Data Protection Principles set out in the Act.
This Notice applies to all products and services provided by the Takaful Operator and sets out how the Takaful Operator may collect, use, process, and disclose your personal information.
- From time to time, it is necessary for you to supply the Takaful Operator, its affiliates, agents and representatives acting on its behalf, or any selected third party (within or outside of Malaysia, including retakaful and claims investigation companies and industry associations and federations), with personal information and particulars in connection with its services and products as well as for compliance with any laws, guidelines or requests issued by regulators or any other governmental authority. Apart from data provided by you, the Takaful Operator may obtain and/or verify your data with any third party, including but not limited to, risk surveyors, medical practitioners, hospitals or medical institutions that have attended to you. Failure to supply such personal data or to agree to the Takaful Operator’s collection of such personal data may result in the Takaful Operator being unable to provide or continue to provide these services and products to you, including the termination of your Takaful Certificate, in order to comply with any laws or guidelines issued by regulators or any other governmental authorities.
- Personal information and particulars requested may include information concerning your personal details (such as name, age, identity card number, passport number, gender, date of birth, race, nationality, citizenship and marital status), contact details (such as address, email and phone numbers), family information (such as marital status, name of your spouse or child or immediate family members), occupation details (such as your employer’s name, annual income, job title, nature and description of job) and financial details (such as bank account number and credit card number).
- In addition, the Takaful Operator may from time to time request for:
- information relating to your medical records or health condition in general from you or any medical practitioner, hospital, medical institution or any person (whether incorporated or not) who has ever attended to you or has records regarding your health or medical condition; and/or
- such other personal information that may be relevant for the Takaful Operator to consider your application for Takaful cover or the continuous provision of the Takaful Certificate and/or Takaful services under a Takaful Certificate issued by the Takaful Operator. This includes but is not limited to tax information about you, your designated beneficiary(ies) or any person entitled to any benefits/payment under the Takaful Certificate.
- Personal information and data may also be collected from:
- other sources in the ordinary course of the continuation of the Takaful relationship, for example, when you write cheques or provide your credit card or bank account details to the Takaful Operator for contribution payment of the Takaful coverage or when you nominate a nominee to receive Takaful benefits payable under a Takaful Certificate; and/or
- a person acting on behalf of the individual whose personal data is provided and if you provide personal data on behalf of any person, you hereby confirm that you are either their parent or guardian or you have obtained that person’s consent to provide that personal data for use by the Takaful Operator; and/or
- from other sources (including from publicly available information).
- Data may also be generated, processed or combined with other information available to the Takaful Operator or any of the Takaful Operator’s subsidiaries, holding companies, associated or affiliated companies and companies controlled by or under common control with the Takaful Operator (collectively, the “Group”).
- The purposes for which your personal data may be used and/or processed are as follows:
- providing our services and products to you, including administering, maintaining, managing and operating such services and products;
- processing, assessing and determining any applications or requests made by you in connection with the Takaful Operator’s services or products and maintaining your account and/or Takaful Certificate with the Takaful Operator;
- developing Takaful financial services and products;
- developing and maintaining credit and risk related models;
- processing payment instructions;
- determining any indebtedness owing to or from you, and collecting and recovering any amount owing from you or any person who has provided any security or other undertakings for your liabilities;
- exercising any rights that the Takaful Operator may have in connection with our services and/or products;
- carrying out and/or verifying any eligibility, credit, physical, medical, security, underwriting and/or identity checks in connection with our services and products;
- any purposes in connection with any claims made by or against or otherwise involving you in respect of any of our services or products, including, making, defending, analysing, investigating, processing, assessing, determining, responding to, resolving or settling such claims;
- performing policy reviews and needs analysis (whether or not on a regular basis);
- meeting disclosure obligations and other requirements imposed by or for the purposes of any laws, rules, regulations, codes of practice or guidelines (whether applicable in or outside Malaysia) binding on the Takaful Operator or any other member of the Group, including making disclosure to any legal, regulatory, governmental, tax, law enforcement or other authorities (including for compliance with sanctions laws, the prevention or detection of money laundering, terrorist financing or other unlawful activities) or to any self-regulatory or industry bodies such as federations or associations of insurers/ Takaful operators;
- for any corporate exercise or transactions relating to the Takaful Operator e.g. sale and purchase of assets, reorganisations or amalgamation or collaboration;
- for statistical or actuarial research undertaken by the Takaful Operator or any member of the Group; and
- fulfilling any other purposes directly related to the above.
- Personal data will be kept confidential, but to facilitate the purposes set out in paragraph 6 above, the Takaful Operator may transfer, disclose, grant access to or share personal data with the following:
- other members of the Group;
- any person or company carrying on Takaful-related and/or retakaful-related business which is engaged by the Takaful Operator in connection with the Takaful Operator's business;
- any physicians, hospitals, clinics, medical practitioners, laboratories, technicians, loss adjustors, risk intelligence providers, claims investigators, legal advisors and/or other professional advisors engaged in connection with the Takaful Operator's business;
- any agent, contractor or service provider providing administrative, distribution, credit reference, debt collection, telecommunications, computer, call centre, data processing, payment processing, printing, redemption or other services in connection with the Takaful Operator's business;
- any official, regulator, ministry, law enforcement agent or other person (whether within or outside Malaysia) to whom the Takaful Operator or another member of the Group is under an obligation or otherwise required or expected to make disclosures under the requirements of any law, rules, regulations, codes of practice or guidelines (whether applicable in or outside Malaysia); and/or
- third parties involved in any corporate exercise or transactions relating to the Takaful Operator e.g. sale and purchase of assets, reorganisations or amalgamation or collaboration.
- Your personal data may be transferred or disclosed to any assignee, transferee, participant or sub-participant of all or any substantial part of the Takaful Operator's business.
- The Takaful Operator is only allowed to: (i) use your personal data in direct marketing; or (ii) provide your personal data to another person or company for its use in direct marketing, if you provide your consent or do not object in writing.
- In connection with direct marketing, the Takaful Operator intends:
- to use your name, contact details, services and products portfolio information, financial background and demographic data held by the Takaful Operator from time to time in direct marketing to market the following classes of services and products offered by the Takaful Operator, other members of the Group and/or our business partners (being providers of the product and services described below):
- Takaful services and products;
- wealth management services and products;
- pensions, investments, brokering, financial advisory, financial services and products;
- health-check and wellness services and products;
- media, entertainment and telecommunications services;
- reward, loyalty or privileges programmes and related services and products; and
- donations and contributions for charitable and/or non-profit making purposes; and
- to provide your name and contact details to any members of the Group and/or our business partners for their use in direct marketing the classes of services and products described in paragraph 9(i) above (including, in the case of our business partners, for money or other commercial benefit).
If you do NOT wish the Takaful Operator to use your personal data in direct marketing or provide your personal data to other members of the Group and/or our business partners for their use in direct marketing, (in paragraph 9 above) you may write to the Personal Data Protection Officer of the Takaful Operator at the address below to opt out from direct marketing at any time.
- To facilitate the purposes set out in paragraphs 6 and 9 above, the Takaful Operator may transfer, disclose, grant access to or share your personal data with the parties set out in paragraphs 5, 8, and 10 and you acknowledge that those parties may be based outside Malaysia and that your personal data may be transferred to places where they may not be in place data protection laws which are substantially similar to, or serve the same purposes as, the Act.
- Under the Act:
- you have the right to request access to your personal data held by the Takaful Operator and request correction of any of your personal data which is incorrect or to limit the processing of your personal data; and
- the Takaful Operator has the right to charge you a reasonable fee for processing and complying with your data access or correction request.
- Requests for access to or correction of your personal data should be made in writing to the Personal Data Protection Officer of the Takaful Operator at the address below.
- The Takaful Operator may review and update this Notice from time to time to reflect changes in the law, changes in the business practices, procedures and structure of our Takaful Operator, and changes in the community’s privacy expectations. It is not generally feasible to notify you of changes to this Notice and as such, you can log on to our website at www.fwd.com.my/personal-data-protection-notice to obtain the latest version of the Notice at any time.
- Accuracy of Personal Information
- The Takaful Operator will ensure the accuracy of all personal data collected and processed by the Takaful Operator. Appropriate procedures are implemented so that all personal data is regularly checked and updated to ensure that it is reasonably accurate having regard to the purposes for which that data is used. In so far as personal data held by the Takaful Operator consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.
The Takaful Operator will at all times endeavour to ensure the accuracy of personal data held by the Takaful Operator, and if such personal data is transferred to third parties, it will notify that third party of any correction to be made.
Retention of Personal Information
- No personal data is kept for longer than is necessary and that the Takaful Operator will comply with all statutory and regulatory requirements in Malaysia concerning the retention of personally identifiable information. Your personal data may be collected via, and stored in, an electronic or mobile application (FWD Smart) (the “App”).
- Data Security
- The Takaful Operator will ensure an appropriate level of protection for personal data in order to prevent unauthorized access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorized access to that data. It is the practice of the Takaful Operator to achieve appropriate levels of security by restricting physical access to data, providing secure storage facilities and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence and competence of persons having access to personal data and personal data is only transmitted by secure means.
In addition, the Takaful Operator takes prudent security measures to ensure personal data collected via the App are stored and transmitted under protection.
- For mobile app development, the App is developed by secure coding and annual penetration testing is conducted by third party security professionals.
- The personal data collected via the App is stored in an encrypted database.
- Data transfers between the Takaful Operator and the App are made in SSL secured connection and valid session key management is in place to ensure unauthorized access is restricted and prevented.
- A multi-layered defense system is used in the Takaful Operator’s data centre to secure transmission and ensure effective data protection is in place.
- The Takaful Operator’s website may include hyperlinks to third party websites. The Takaful Operator has no control over the content, accuracy, opinion expressed, and other links provided at these third party websites or how these third party websites deal with your personal data. You should visit these third party websites for details of their privacy policies in relation to their handling of your personal data.
In case of discrepancies between the English and Bahasa Melayu versions, the English version shall apply and prevail.
Further enquiries regarding the Takaful Operator's Personal Data Protection Policy and Practices may be directed to:
The Personal Data Protection Officer
FWD Takaful Berhad
Level 29 Menara Shell
211 Jalan Tun Sambanthan Brickfields
50470 Kuala Lumpur
Tel: 03 2771 7888