EFFECTIVE: 08/04/25  

This written notice (“Notice”) is issued by KAF Digital Bank Berhad (Formerly known as KAF DB Digital Berhad) to demonstrate our commitment to protecting the privacy of our customers’ Personal Data.

This Notice will explain your rights in relation to your Personal Data which has been and/or will be collected and processed by Us. (For the purposes of this Notice, the terms “personal data”, “sensitive personal data” and “processing” shall have the same meanings as set out in the Personal Data Protection Act 2010 (“Act”).

DEFINITION  

In this Notice:-  

“BNM” shall mean Bank Negara Malaysia;  

“Communication Service(s)” shall include bulletin board services, chat areas, news groups, forums, communities, corporate web pages, calendars and/or other messages or communication facilities that may be available to you through KAF DB’s website, mobile applications, social media platforms or through other mode of communication between you and KAF DB which includes but not limited to any letters, emails and/or any application forms filled up by you;  

“Consortium Partners” includes Carsome Sdn. Bhd., MoneyMatch Sdn. Bhd., Jirnexu Sdn. Bhd. and StoreHub Sdn. Bhd.; KAF Digital Bank Berhad for the purpose of this Notice refers to “KAF DB”, “We” or “Us”;

KAF Digital Bank Berhad for the purpose of this Notice, is referred to as “KAF DB”, “Us” or “We”;  “KAF DB Corporate Portal” refers to KAF DB’s corporate website and mobile application that are operated by KAF DB;  

“KAF DB Corporate Portal” refers to the KAF DB Portal Website and mobile application operated by KAF DB;  

“KAF Group” for the purpose of this Notice, refers to all companies that are related to KAF DB, including the parent company of KAF DB and all related subsidiaries of KAF DB’s parent company;  

“PDPA” means Personal Data Protection Act 2010 which includes any subsidiary legislation and/or regulations made thereunder, or as may be supplemented from time to time;  

“Personal Data” whenever used in this Notice shall have the meaning as assigned to it by PDPA, which includes Personal Data which are in possession or control of KAF DB that relates directly or indirectly to you (or any other individual) to the extent that you (or the other individual) are identified or identifiable from that information or from that and other information in the possession of KAF DB;  

“Processing”, whenever used in the Product Service(s) shall have the meaning as assigned to it by PDPA, which includes collecting, recording, holding, storing, using or disclosing Personal Data;  

“Product Service(s)” shall include all Islamic financial services whether offered online or otherwise by KAF DB, by way of electronic application or manual or in any other mode howsoever made;  

“Service(s)” shall collectively mean Communication Service(s) and Product Service(s), or any services under Communication Service(s) or Product Service(s), as required by you;  

“Third Party” refers to agencies, business partners, strategic partners, merchants, service provider and/or any other third parties for any of the Purposes. This Notice explains: -

This notice explains: -  

a. the type of Personal Data about you which are processed by KAF DB when you acquire and/or use any type of Product Service(s) and or Communication Service(s) from KAF DB or KAF DB Corporate Portal;

b. where or how KAF DB obtains this Personal Data (where available);

c. the Purposes for which KAF DB collects and uses your Personal Data;

d. circumstances where KAF DB may disclose your Personal Data to third parties;

e. whether you can limit the processing of your Personal Data;

f. whether it is voluntary or mandatory to supply your Personal Data and the consequences of failing to supply your Personal Data when it is mandatory; and

g. how to contact KAF DB if you have any questions about your Personal Data held by KAF DB or if you wish to exercise your right to get copies of your Personal Data or correct your Personal Data. You are advised that, by registering for and continuing to use the KAF DB Corporate Portal and/or subscribing for the Service(s), you shall be deemed to have agreed and accepted the terms as provided herein.  

You are advised that, by registering for and continuing to use the KAF DB Corporate Portal and/or subscribing for the Service(s), you shall be deemed to have agreed and accepted the terms as provided herein.

1. COLLECTION OF YOUR DATA  

1.1 KAF DB collects your Personal Data from the following sources:

a. From you, during your registration and/or application process which includes but is not limited to any registration forms and/or application forms filled up by you via online or otherwise;

b. From your use of Services, as the case may be, provided by KAF DB;

c. From your visit to and the usage of KAF DB Corporate Portal; 

d. From your communication with staff who have been authorized by KAF DB.  

1.2. The type of your Personal Data which we may collect varies depending on the Service(s) you enjoy or agreements you have with us. But generally, the Personal Data which we may collect includes, but not limited to, the following Personal Data; name, date of birth, age, Malaysian Identification Card number, passport number, or any other personal identification numbers, nationality, ethnicity, religious beliefs, biometric information (facial image/video and fingerprint), preferences, signatures, email address, residential address, phone number, marital status, photographs, bank account details, credit card information, and any other Personal Data provided by you or made available to us periodically, as well as any additional Personal Data we may collect from you on future occasions.

1.3 There is also information about your computer hardware and software that is automatically collected by KAF DB. This information can include: your IP address, browser type, domain names, access times and referring Website addresses.

2. PURPOSE OF COLLECTING AND PROCESSING OF YOUR PERSONAL DATA  

2.1. To the extent permitted by law, KAF DB may collect and process your Personal Data in the ordinary course of business, which shall include but not be limited to as follows: -  

a. for internal record keeping as may be required by law or under relevant regulatory bodies including but not limited to BNM;

b. for the purpose of carrying out and/or processing your information in connection with your usage of our Service(s) or the agreements you have with us;

c. when cross-selling and cross-servicing the Product Service(s) of KAF DB;

d. For the purpose of verifying your identity;

e. to detect and/or prevent fraudulent, illegal and/or criminal activity;

f. for marketing and promotional activities;

g. for provision of associated benefits;

h. for credit checking purposes;

i. to contact you should we need to regarding the Service(s) that you have acquired;

j. to enforce or extend or defend any of our rights;

k. to comply with all applicable laws and regulations; and/or

l. other purposes which are in the ordinary course of business which are not specifically mentioned herein.

3. SOURCE OF PERSONAL DATA  

3.1. Your Personal Data is being or is to be collected from a variety of sources, including without limitation: 

a. from the forms submitted or filled in by you or on your behalf to us through our mobile application, website, and/or any other method;  

b. when you participate in our events;  

c. from any information or document submitted or provided by you to us for any of the Purposes (such as your Identity Card or passport);

d. when you contact us through various methods such as telephone calls, emails and/or using the mobile application;  

e. from any third parties (including without limitation credit reference agencies, regulatory and law enforcement authorities and other thirdparty sources); and/or

f. from all other communications between you and us and all other information that you may provide to us from time to time.  

4. YOUR RIGHTS AND OBLIGATIONS REGARDING YOUR PERSONAL DATA  

4.1. If you would like to: -  

a. be informed of your Personal Data that is being processed by KAF DB;

b. receives a copy of such Personal Data;  

c. corrects the Personal Data;  

d. withdraws your consent to the processing of your Personal Data; or e. transfer your Personal Data to another data controller.  

e.  the Personal Data, in whole or in part, is controlled by another party in a manner which prohibits us from complying with the request;  

Kindly send us a request in the manner stated under  Clause 10 below.  

4.2. Subject to Clause 4.3 and Clause 4.4 below, we will endeavor to comply with any request made pursuant to Clause 4.1 within twenty-one (21) days upon receipt of such request. If we are unable to comply, we will inform you of the reasons within the aforementioned period and comply to the extent that we can.  

4.3. Kindly note that we may refuse to provide access to Personal Data pursuant to a request made under Clause 4.1 if:-  

a. the requestor has not supplied sufficient information as to satisfy us of the identity of the requestor;

b. the requestor has not supplied sufficient information as to enable us to locate the relevant Personal Data;

c. the burden or expense of providing such access is disproportionate to the risk to the requestor’s privacy; 

d. we cannot comply with the request without disclosing the Personal Data of another individual;  

e. the Personal Data, in whole or in part, is controlled by another party in a manner which may prohibit us from complying with the request.

f. providing access would violate an order of a court;

g. providing access would disclose confidential commercial information; or    

h. such access to the Personal Data is regulated by another law.

4.4. Kindly note that we may refuse to correct or update any Personal Data pursuant to a request made under Clause 4.1 if:-  

a. the requestor has not supplied sufficient information as to satisfy us of the identity of the requestor;

b. the requestor has not supplied sufficient information as to enable us to ascertain in what way the Personal Data is inaccurate;  

c. we are of the view that the Personal Data to be corrected is accurate;

d. we are of the view that the requested correction is inaccurate; or

e. the Personal Data, in whole or in part, is controlled by another party in a manner which may prohibit us from complying with the request.

4.5. Should you wish to withdraw your consent to our processing of your Personal Data, kindly notify us in the manner specified under Clause 10 below.  Please note that your withdrawal of consent may result in you not being able to make full use of our Services due to such Service being dependent on or involving, directly or indirectly, the processing of your Personal Data which may affect our ability to perform any of our obligations under any agreements you have with us. Notwithstanding any withdrawal of consent, your withdrawal shall be subject to the disclosure of your information necessary for our compliance to any legal requirements or contractual obligations.  We will endeavor to comply with such request made pursuant to this Clause 4.1 within seven (7) days upon receipt of such request. We shall not be held liable in any way for any loss, damage or other liabilities that may arise resulting from your choice to withhold Personal Data.

5. DATA SHARING ARRANGEMENT  

5.1. Your Personal Data may also be shared with the relevant Third Party, Consortium Partners and KAF Group, for the following Purposes:  

a. to engage you and any other actions relating to the services and/or business of Third Parties, our relevant Consortium Partners (if applicable) and/or the KAF Group; or

b. allowing us and the relevant Third Party, Consortium Partners and/or KAF Group to provide you any related services, business, and/or customer service, improve such services and/or businesses, and promote such related services and businesses through special promotions, offers or rewards (where applicable).  

5.2. Where you have given consent to the sharing of your Personal Data with the relevant Third Party, Consortium        Partners and/or KAF Group, you also provide consent for us to send any correction of Personal Data that you have requested to the relevant Third Party, Consortium Partners and/or KAF Group, to allow them to update their records.  

5.3. Should you wish to withdraw your consent to share your Personal Data with the relevant Third Party, Consortium Partner and/or KAF Group, kindly notify us in the manner specified under Clause 10 below.

6. SECURITY MEASURES  

6.1. We take Personal Data security seriously when processing your Personal Data. We will put in place practical steps to protect your Personal Data from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction as required by law, including but limited to:  

a. control and limit our employees’ access to the Personal Data system;

b. terminating the user ID and password immediately when our authorised employees are no longer handling the Personal Data;

c. keeping all files containing Personal Data in a secured place or ecosystem; and

d. ensuring that all our employees involved in processing Personal Data always protect the confidentiality of your Personal Data.

7. PERSONAL DATA RETENTION PERIOD  

7.1. We retain your Personal Data for as long as is required in order to fulfil the primary Purposes as set out in this Notice and to be in compliance with relevant laws and regulations. We will take all reasonable steps to ensure that your Personal Data is destroyed or permanently deleted once it is no longer required based on the retention principle and practices set out above.

8. THIRD-PARTY PERSONAL DATA  

8.1. If the Personal Data relating to other persons is required to process your Personal Data for the Purposes, you warrant and represent to Us that you have obtained the required consent of third parties for the processing of the relevant Personal Data.  

9. ACCURACY OF YOUR PERSONAL DATA  

9.1. You are responsible for ensuring that the information you provide to us is accurate, complete, not misleading and kept up to date. You are required to inform us promptly and accurately of any changes of your Personal Data in writing to us. Your records will be updated upon receipt of such notice from you.

10. CONTACT INFORMATION  

10.1. KAF DB welcomes any inquiries regarding this Notice, how we handle/or access your Personal Data, or to withdraw your consent to the disclosure of your Personal Data or if you do not wish to be contacted for any marketing activities, you may do so via mobile application, telephone or email at our Contact Centre at:-  

KAF Digital Bank Berhad
13th Floor, Chulan Tower No.3,
Conlay Road 50450, Kuala Lumpur.
Phone: +603 8744 3331 | Email: hello@kaf.com.my  

11. LAWS APPLICABLE            

11.1. This Notice shall be construed and interpreted in accordance with the laws of Malaysia.            

12. AMENDMENT      

12.1. KAF DB will occasionally update (including make amendments, variations and/or addition) this Privacy Statement to reflect company and customer feedback and also to reflect our current policy or subsequent changes to any rules, regulations and acts applicable at that time.      

12.2. KAF DB encourages you to periodically review this Privacy Statement to be informed of how KAF DB is protecting your information.      

12.3. For avoidance of doubt, if there is any inconsistency between any statement contained in this Privacy Statement and any provisions of the laws, including but not limited to the PDPA, the provisions of the laws shall prevail and KAF DB reserves the right to make appropriate amendments or changes herein.  

13. INCONSISTENCIES        

13.1. In case of any conflict or discrepancy between the Bahasa Melayu version of this Notice and the English version of this Notice, the English version shall prevail.