PDPA Notice

Effective date: 31 May 2022

In accordance with the Personal Data Protection Act (“PDPA”) 2010, in a ‘commercial transaction’, a ‘data user’ (in this case Todak Digitech, its, successors or assigns, collectively referred as “We”, “Us” or “Our”), is to brief a ‘data subject’ (here being the Customer, referred below as “You” or “Your”) on the, whys or how, Personal Information (defined below) is, collected, used, and to whom such information is shared with. Please read this Policy to establish how We handle such information.

Please note, by You providing Personal Information to Us or continuing to use Our Services or visiting our website, You are consenting to the practices outlined under this Policy. In the event You, act for another person or handle another person’s personal information, You warrant that You, have informed this person of the objectives of this Policy and thereafter got this person’s authority, to provide its Personal Information to Us or for Your handling of their personal information and You will indemnify us against any loss or damage that may arise from Your failure to get such authority.

If You are below the age of 18 years old, please note that: (1) You must submit Your, parent’s or legal guardian’s, consent prior to, registering for use of Services or submitting Your Personal Information, (2) Your, parent or legal guardian, may, request to view or amend, Your Personal Information, and (3) Your, parent or legal guardian, may withdraw its consent for Your use of Services at any time.

Please also note, that any information that You provide in conjunction with third party services shall be handled, as per the third party’s, personal data protection policy or privacy policy (“3rd. Party Policy”), and not as per this Policy. Arising thereof, please read such 3rd. Party Policy to ascertain the practices that the third party employs in relation to the information that You provide to the third party.

What is Personal Information?

In this Policy, “Personal Information” means the information, which You, give or gave, to Us in response to Our request or which You, generate or generated, as mentioned in this Clause by the use of Services and which information relates, directly or indirectly, to a natural person, who is identified or identifiable, from that information or from that and other information, in Our possession. Such information which We keep for as long as we believe it is necessary includes a person’s:

  1. name, home address, business address, date of birth, age, gender, nationality, citizenship, race, religion, identity records (including National Registration Identity Card or passport details), spoken language, telephone number, fax number, phone numbers, e-mail address, employer’s, name, address and contact details, and job title;
  2. credit card or debit card or banking details;
  3. details or usage or analytics of the usage (for example including but not limited to the sent or received, amount of data, IP addresses, transmission details, details of the hardware used, the time of use, duration of use, clickstream data of pages browsed, personal settings, interest and preferences), of the subscribed, Services or third party services
  4. details or usage or analytics of the usage of mobile devices (for example including but not limited to the mobile device’s unique identifier and the location) if used to access the subscribed, Services or third party services;
  5. CCTV recordings of Your visits at any of our branches;
  6. Recordings of Your phone calls to Us (at Our help desk or at any of Our other contacts).

Why We Collect Your Personal Information?

We do not collect Personal Information that we do not require. Depending on the Services You subscribe to, We require the aforementioned obligatory Personal Information for, communicating with You, tailoring Services for Your needs, improving our services and the proper functioning of Our business, when providing Your requested Service including but not limited to “Purposes”:

  1. of verifying Your identity and as to whether or not You are sanctioned for the Services and as to whether or not You are, related to or associated with, a prohibited person;
  2. if We believe it is relevant, to process Your application for or in providing You, the Services or in discontinuing Your Services;
  3. if We believe it is relevant to operate Our business including but not limited to:
  1. managing “Our System” which includes Our, network, servers or employed software;
  2. maintaining the security of Our system (including against security breach);
  3. detecting or investigating, rogue activities or fraudulent activities or criminal activities or activities that might reduce Our reputation, and for stopping such activities;
  4. detecting or investigating, rogue activities or fraudulent activities or criminal activities or activities that might reduce Our reputation, and for stopping such activities;
  5. detecting or investigating, rogue activities or fraudulent activities or criminal activities or activities that might reduce Our reputation, and for stopping such activities;
  6. detecting or investigating, rogue activities or fraudulent activities or criminal activities or activities that might reduce Our reputation, and for stopping such activities;
  7. addressing Your queries (billing, complaint or general enquiries);
  8. for optimizing Services – Our system (in planning its, expansion or upgrades or routine testing or maintenance scheduling) or Our staff (by training);
  9. complying to any, laws, regulatory requirements, guidelines, requests by authorities, judgement, court order, sanctions imposed, by any government or relevant self-regulatory or industry body, prevailing or formed in the future, within Malaysia or outside Malaysia (where applicable) (“Authority Requirements”);
  10. being ready for legal challenges (including investigating, defending or initiating, claims, charges or proceedings) or obtaining legal advice;
  11. producing data as may be required (by Our suppliers, data analysers, market researchers, research bodies or government authorities);
  12. to enable a prospective, purchaser or assignee, of a substantial part of Our business to conduct due diligence of the, purchase or assignment, of Our business;
  13. meeting Our obligations in any, present or future, contractual commitments or assurances, to Our Affiliates (defined below) or to meet Authority Requirements; or
  14. meeting Our obligation for sharing information within Our group of companies;
  15. to contact You through any of Your contacts including but not limited to providing customer care, furnishing Your requested information, providing location based services save for when You have turned it off, improving relationship, information of, products or Services, (developed, changed, modified or deprecated), marketing material (including but not limited to rewards or loyalty programmes), as part of branding exercise, by Us or with Our Affiliates, obtaining Your feedback on the Service or providing SMS alerts of the foregoing; or
  16. as permitted by any law, regulations, guidelines or the authorities.

What is Your Obligation in Providing Personal Information?

Please note that as a condition, You shall ensure that the Personal Information at all times is, complete and accurate, failing which We reserve the right to prohibit Your use of Services without notice.

What are Your Options in Providing Personal Information?

You, however, have the right to decline providing certain information. But then, We might not be able to open Your account or comply with Authority Requirements, or provide You, the Service or the full range of the Service, thus preventing You from taking advantage of all features of Our Service, depending on the information that You choose not to provide. In the case of ancillary optional services, We provide You the option to opt out from receiving such services.

What About Other Information You Provide?

For the avoidance of doubt, “Other Information” is any information which You provide NOT in response to Our request and which information relates, directly or indirectly, to a natural person, who is identified or identifiable, from that information or from that and other information. We do not require Other Information for Our operation and We will not be responsible for the Other Information’s security. You are reminded that under the PDPA, You are responsible as a data user for any personal information that You, process or control, under any of Your commercial transaction with others. Accordingly You shall use Your best endeavours to secure Other Information including but not limited to any other information, by use of adequate encryption technologies.

How do We Collect Your Personal Information?

Such Personal Information may be collected:

  1. when You, visit our offices, communicate with Us, subscribe to Services, use such Services (which includes but is not limited to any analytics from the, background, infrastructure or network), participate in Our programmes, take part in Our marketing promotions, register Your interest in requesting for information, enter a business relationship with Us, visit Our website or give Us by any other means or when you update Personal Information;
  2. from Our, employees, directors or officers, or, companies or organizations or businesses, affiliated with Us (such as Our, representatives, group of companies {including parent or subsidiary or associated, companies}, agents, contractors, data processors {who assist in, collecting or handling, transactions}, suppliers or third party service providers {including but not limited to providers of products used in subscribed Services, marketing agents, sales agents, call centers}, or professional advisors (such as lawyers or auditors), or carriers that We employ to communicate with You (including but not limited to by, post, courier, telecommunication or shipping agencies), and their, employees, directors or officers (“Our Affiliates”);
  3. from other sources, which You consent Us to collect from (for example including but not limited to credit reporting agencies, debt collection agencies, Companies Commission, Registrar of Businesses, Registrar of Societies, Insolvency Department or agencies which businesses in Our industry are required to communicate with) or where legally permitted; or
  4. through cookies when you use Our website or access Our content through another website.

Who Gets to Access Your Personal Information?

If We believe it is necessary, to fulfil any of the Purposes mentioned above for collecting Personal Information, we may at any time, without notice to You, pass such Personal Information to:

  1. Our Affiliates;
  2. the appropriate, credit card company or finance institution, processing payment transactions;
  3. Government agencies, judicial bodies, regulators or law enforcement agencies;
  4. a purchaser or assignee, of a substantial part Our business;
  5. credit reporting agencies, debt collection agencies, Insolvency Department or agencies which businesses in Our industry are required to communicate with; or
  6. such parties as per Your, express or implied, consent;if permitted under proper authority by, law, regulations or guidelines or:
  7. any, company or body, that is attempting to stop, rogue activities or fraudulent activities, provided it shows proof of such activities.

Also in the event, that Our business is substantially acquired by another party, it is likely that the customer information (including but not limited to Personal Information), which is an asset of the business, would also be transferred to the party acquiring the business.

We will only pass Personal Information to the aforementioned parties if all such parties observe, this Policy or a policy which is equally protective of Personal Information as this Policy or a policy which complies to PDPA. Where possible, We will transmit non-identifying data.

Moreover, We may release such Personal Information as We might believe is necessary in:

  1. legal challenges (including in investigating, defending or initiating, claims, charges or proceedings);
  2. enforcing any of our Agreements or protecting Our rights; or
  3. protecting, any property or safety of anyone.

In such instances, depending on the circumstances, the Personal Information might be exposed in public documents. We, however, will seek redaction of such Personal Information to the extent permitted by, law, regulations or guidelines.

Other than the aforementioned, We will not otherwise disclose, Your identifiable Personal Information to others without Your consent and We wish to assure You that We will not sell Your identifiable Personal Data for commercial gain. In the event, there is a need for Us to disclose in circumstances not taken into account in this Policy, We shall seek Your consent before the release of such Personal Information.

What About Up-Dating of Personal Information?

We make every effort to up-date Personal Information and You are responsible for such up-dating. Subject to verification, You may assess Personal Information which you had provided in response to Our request and update the same. We shall endeavor to provide access to the remaining Personal Information, if requested, save for information which is commercially confidential or we are unable to divulge by law or impact security (of Our System or any other party’s system). In making such requests, please contact Us at the contact indicated below and kindly quote Your, name and account number. Please note that We charge a nominal fee for processing such requests. We shall endeavor to fulfill Your request within 21 days after receiving it and the nominal fee.

How Do We Handle Cookies at Our Website?

For the purpose of analyzing the use of Our website, when You use Our website or access Our content through another website, We collect information of such usage from cookies. These cookies, which are automatically stored on the device accessing Our website, only identifies the device and not the user. Such cookies, which are retrieved by our website whenever accessed, have information which assist Your navigation by customizing site information according to Your preferences. Though You may reject the use of cookies through Your browser, the rejection may affect Your usage of Our website.

What is Our Security Assurance?

We take appropriate practical, technical and organizational, security measures against loss or unauthorized, access or processing, of Personal Information (including by Our staff without clearance). For example:

  1. when You transmit Personal Information to Us, We encrypt the input by use of 128 bit Secure Sockets Layer (SSL) software;
  2. only the last four digits of your credit card/debit card number is shown for the purpose of confirming a payment transaction whilst the whole number is encrypted when transmitted to the credit card agency bank/we do not store your credit card details and instead direct You to Paypal’s website to effect Your payment to us
  3. We employ firewalls to prevent unauthorized access and monitor our System.

What are the Security Measures You Should Consider?

The internet is not a secure environment. Whilst We make the aforementioned efforts to prevent breach, You should transmit confidential information only if You have taken appropriate security steps to protect the transmission. In particular, You should be extra vigilant when You transmit particulars which may, financially impact You or result in identity theft or on-line fraud. You are advised to independently verify the input sought before giving out any particulars so as to prevent inadvertent passing of information to fraudsters.

When You commence using Services, You will be prompted to select Your, unique user-id and password. Please do not make a selection (for example using, Your or a close family member’s, name or birthday, etc.) that is easily identifiable with You. You should also ensure that Your, password and account details, are kept secret (without, writing or recording, them) and that You sign off at the end of every session of using Our Service, so as to prevent an unauthorized person using Your account. As a matter of prudence, do not share Your, password or account details, with others or allow others to access Your account. We cannot be responsible for unauthorized access which does not arise out of Our, default or negligence.


We will not know Your password nor will we ask You for Your password. We also do not ask by, e-mail or through links within it, for any, Personal Information or confirmation of security particulars; links if any in our e-mails would direct you to informational pages only. Thus You should not respond to e-mails, which may seem to come from Us, making requests for such Personal Information. Instead please contact Us at the contact indicated below to report, any such e-mail requests or Your suspicion that Your, password or user-id, is compromised or other suspicious activities.

Is Personal Information Transferred Outside Malaysia?

We do not transfer Personal Information outside Malaysia save for instances the parties mentioned above to whom we pass Personal Information are “Overseas Entities” located outside Malaysia. You consent to passing such Personal Information to Overseas Entities where necessary.

Our Contact

If you have any questions, please contact us:
By email: hello@todakdigitech.com


For any clarification of this Policy or complaints related to this Policy, please do not hesitate to contact us by e-mail with your query
Please note, this Policy may be amended by Us at any time at Our sole discretion.