PRIVACY NOTICE
This Privacy Notice serves as an information for customers and/or prospective customers of TM [Telekom Malaysia Berhad (128740-P)] and its group of companies on the collection, processing and protection of your personal data and ensure our compliance to the Personal Data Protection Act 2010 (PDPA 2010).
“TM”, “we”, “us” or “our” refer to TM and its subsidiaries, affiliates and related corporations. Please visit www.tm.com.my for full details on TM’s group of companies.
To find out more about PDPA 2010, you may visit the Department of Personal Data Protection of Malaysia at https://www.pdp.gov.my.
We may review and update this Privacy Notice from time to time to reflect changes in the law, changes in our business practices, procedures and structure, and the community’s changing privacy expectations. The latest version of the Privacy Notice shall be available at http://www.tm.com.my and https://myunifi-store.com/
This Privacy Notice will take effect from 19 August 2024.
1. WHO WE ARE
TM is a leading convergence player in Malaysia, serving as a national provider of connectivity and digital technology. We value all our customers and are committed to build your trust by protecting your personal data. It is our utmost priority to ensure all your personal data provided to us are collected, processed and protected in the best possible way and in compliance with PDPA 2010.
As part of our commitment to comply with PDPA 2010, we have in place a governing structure for data privacy management including appointment of a Data Privacy Officer (DPO) who oversees the data privacy and protection across TM and its group of companies.
Our registered office is located at Level 51, North Wing, Menara TM, Jalan Pantai Baharu, 50672 Kuala Lumpur, Malaysia.
2. YOUR CONSENT
In order to serve you efficiently, your acceptance and consent to the terms of this Privacy Notice is required. By communicating, engaging with us or by using our products and services, you acknowledge that you have read and understood this Privacy Notice and agree, consent and explicitly consent to the use, processing,
disclosure and transfer of your personal data and sensitive personal data by us as described in this Privacy Notice as below:
2.1. Contract fulfilment
The collection and processing of your personal data in the form and manner as indicated in the registration process.
2.2. Personal data of minors
We do not knowingly collect Personal Data from children below the age of 18. If you are under the age of 18, you are required to obtain consent of your parents or legal guardian on your behalf to the processing of your Personal Data as described in this Privacy Notice.
2.3. Sensitive personal data
We shall not collect and process your sensitive personal data without obtaining your explicit consent and/or without having any purpose related to the products and/or services provided by us. “Sensitive personal data” refers to information of an individual related to their biometric data e.g. thumbprint, face recognition etc.
2.4. Third party collection, processing and verification
By submitting your information to us you have provided your consent for the collection, processing and verification of your personal data by one or more of our authorised third parties as stated in Section 5.1 of this Privacy Notice.
2.5. Third party personal data
In the event that you are to provide or disclose to us the personal data of a third party in any application, you hereby represent and warrant that consent has been obtained from the third party for collecting, processing and storing of their data.
2.6. Transfer of personal data outside Malaysia
It may be necessary to transfer your personal data and information to our authorised companies and third parties located outside of Malaysia. This may happen as these companies are based outside of Malaysia or where you access TM Portal or TM corporate website and/or use TM products and/or services from outside of Malaysia. By continuing accessing and/or using TM products and/or services, you consented to such transfer.
2.7. Transmit personal data to other service provider (data portability)
Upon your request, we will transmit your personal data to another service provider subject to our technical capability, feasibility and compatibility with the other provider.
2.8. Review and update to Privacy Notice
In the event of review and update of this Privacy Notice, we will communicate such review and update on our website or any other mode we may deem suitable. By continuing to use our services and products after the notification of review and update, you hereby agree to the review and update.
3. YOUR PERSONAL DATA
3.1. With your consent, we will collect, process and store your personal data as below (but not limited to):
a) Name;
b) Identification Card No.;
c) Passport No.;
d) Address;
e) Telephone No.;
f) Email Address;
g) Contact Preferences;
h) Date and/or Place of Birth;
i) Photos and/or Images;
j) Video Recordings e.g. CCTV surveillance & monitoring etc.;
k) Audio Recordings e.g. voice records, call records etc.;
l) Social Media Accounts/ Handles e.g. Tik Tok, Instagram, Facebook, You Tube etc.;
m) Biometric Data e.g. thumbprint recognition, face recognition, voice recognition etc.
3.2. Should you intend to use TM Portal for online payment transactions, we will also collect, process and store additional personal data related to your financial information such as (but not limited to):
a) Credit or Debit Card Information;
b) Bank Account Information.
3.3. We may also collect, process and store non-personal data that are collected passively and cannot be used to specifically identify you which include:
a) device-specific information such as hardware model, operating system version, unique device identifiers, mobile network information, memory, sound card data, Internet Protocol (IP) address;
b) cookies that may uniquely identify your browser;
c) details of how you access and/or use TM Portal or TM corporate website for example your search queries;
d) total number of visitors accessing and/or using TM Portal or TM corporate website;
e) diagnostic and usage data generated by your device;
f) how you and other users use and interact with TM portal or TM corporate website.
3.4. Nonetheless, in the event where these non-personal data are collected, processed and stored with any of your personal data, these combined data will be treated as personal data as long as they remain combined.
4. OUR PURPOSES & SOURCES
4.1. All your personal data collected, processed and stored will only be used for one or more of the purposes below (but not limited to) and will not be used beyond the limit of these purposes:
a) assess your application or continued provisioning of the products and/or services;
b) verify and process payment, billing and billing enquiries;
c) customising advertisements and content on TM Portal and any online sites of TM and its group of companies;
d) responding to your enquiries;
e) research purposes including but not limited to product and/or service improvement, historical and statistical purposes and analysis;
f) general operation, maintenance and audit of products and/or services provided including its related website(s);
g) verification purposes;
h) matching any data relating to you which are held by TM and its group of companies from time to time;
i) provide you with regular communications from TM relating to our products and/or services;
j) investigation of complaints, suspicious transactions and to detect and prevent fraudulent activity;
k) administer your participation in contest or loyalty programme organised by TM or any of its group of companies;
l) credit checking with credit bureau or credit reporting agency or its subsidiaries;
m) conduct market research;
n) provide you with latest information, promotions and latest updates, special offers as well as marketing and advertising materials;
o) comply with any regulatory, statutory or legal obligations.
4.2. Your personal data may be collected from one or more of the sources below (but not limited to):
a) during service application/ registration;
b) during interactions with us via any channel to resolve your enquiry and for service improvement;
c) when you take part in any competition or survey;
d) existing personal data publicly available;
e) browser or website cookies;
f) during your visit to our branches/ Unifi Store/ TMPoint.
5. DISCLOSURE OF YOUR PERSONAL DATA
5.1. In order for us to serve you efficiently, your personal data may be disclosed and processed by our authorised third parties including (but not limited to):
a) respective Authorised TM Partner who are involved in providing Add-Ons;
b) authorised Third Party or TM agents who are involved in providing the products and/or services for TM;
c) companies in TM group of companies, affiliates and/or Authorised Third Party located outside of Malaysia who provides data processing services for TM;
d) credit bureau or any credit reporting agency or its subsidiaries on the conduct of your account or business account;
e) debt collection agencies;
f) any person engaged by TM to fulfil its obligations to you and is under a duty of confidentiality and has undertaken to keep such data confidential;
g) any actual or proposed assignee, transferee, participant or sub-participant of TM’s rights or business.
5.2. Your personal data may be disclosed to public and government authorities for one or more of purposes below:
a) reasons of law;
b) legal and/or litigation process;
c) national security;
d) law enforcement;
e) other matters related to public interest
6. SECURITY OF YOUR PERSONAL DATA
6.1. All your personal data will be processed and stored securely only for as long as they are necessary (refer to Sections 3 and 4). In order to prevent your personal data from unauthorised access, improper usage and disclosure, unauthorised modification, unlawful destruction or accidental loss we have implemented measures below:
a) comprehensive and systematic information security policies and rules;
b) high level information security systems;
c) continuous monitoring of the information security systems by our certified IT experts;
d) our systems are only accessible by our dedicated personnel including authorised third parties with comprehensive password management;
e) sharing, processing and storing of personal data between TM and authorised third parties are within secured environment;
f) all our personnel including authorised third parties are obligated to comply with PDPA 2010;
g) all our employees will be provided with regular awareness and training on PDPA 2010 related matters;
h) regular risk assessment conducted on data privacy matters to ensure effective mitigations.
6.2. For transactions done via personal devices, we cannot accept responsibility for any unauthorised access or loss from using these devices as it may not be secured and may be exposed to unauthorised third party interception.
6.3. We will not request for your personal data from sources other than our authorised channels (refer to Section 8.2) and authorised third parties.
6.4. We will notify you and related authority without unnecessary delay on potential data breach to your personal data that could potentially cause significant harm.
6.5. For the safety and security of your personal data, we would advise for you to exercise the followings (but not limited to):
a) Always log off from any system or application after accessing from any device including your own personal devices
b) Refrain from using public wi-fi connections
c) Use strong password (refrain from using your IC number either in whole or partly)
d) Do not share your password with others e.g. banking portals/ apps, unifi portal etc.
e) Do not simply share your personal, financial and sensitive information with others e.g. via phone calls, emails, sms, whatsapp etc.
f) Do not simply accept or install any application without checking the legitimacy and authenticity e.g. APK, links to website etc.
g) Keep your device software up-to-date
h) Install appropriate and licensed anti-virus in your device
7. RETENTION OF YOUR PERSONAL DATA
7.1. We will retain your personal data as long as you remain as our customer.
7.2. Once you are no longer our customer, we will retain your personal data within a reasonable timeframe as permitted by the law and for one or more of purposes below (but not limited to):
a) billing;
b) tax purposes.
7.3. All your personal data will be disposed with good care and we implement appropriate measures to prevent from accidental loss and destruction.
8. DATA INTEGRITY & YOUR RIGHTS TO ACCESS
8.1. It is obligatory for our customers to provide us with the most accurate personal data for our services to be rendered to you. We reserve the right not to provide you with any of our services should the personal data provided do not meet our requirements.
8.2. You may request to access, correct and update your personal data and limit TM’s right to process your data within the purposes as stated in Section 4.1 via channels below:
a) TM Contact Centre;
b) walk-in to our Unifi Store/ TMPoint;
c) Unifi apps;
d) Unifi Selfcare portal
8.3. Any request of access to correct personal data may be subjected to a fee and also to applicable provisions in the PDPA 2010. However, we reserve the right to decline requests which jeopardise the security and privacy of the personal data of others as well as requests which are impractical or not made in good faith.
9. YOUR QUERIES OR COMPLAINTS
9.1. If you have any query or complaints on Personal Data, or if you wish to opt-out of targeted advertising, sharing of your personal information, or correction of your personal information, you may reach us via:
a) 100 (from fixed or mobile number);
b) +603 2241 1290 (from overseas number);
c) https://www.tm.com.my/corporate/corporate-contact;
d) privacyofficer@tm.com.my