Privacy Policy

Privacy Policy (English)
1. INTRODUCTION AND APPLICATION

1.1 This policy ("Privacy Policy") describes how StashAway Malaysia Sdn. Bhd. (Company No. 201701046385) ("StashAway Malaysia") manages Personal Data which is in our possession or under our control. "Personal Data", is defined in the Personal Data Protection Act 2010 of Malaysia (“PDPA”), and currently refers to any information in respect of commercial transactions, that relates directly or indirectly to an individual, who is identified or identifiable from that information or from that and other information which is in our possession and includes any sensitive personal data and expression of opinion about the individual.

1.2 By using our services pursuant to your agreement(s) with us ("Services"), operating any account maintained with us, accessing the online platform operated by us (which is accessible through our website at www.stashaway.com or through our mobile application) ("Platform"), websites or mobile applications, or otherwise providing information to or communicating with us, you are taken to have agreed to our collection, use, processing and disclosure of your Personal Data in accordance with this Privacy Policy.

1.3 This Privacy Policy does not supersede or replace any other consents you may have previously or separately provided to us in respect of your Personal Data, and your consent to this Privacy Policy is in addition to any other rights which we may have at law to collect, use, process or disclose your Personal Data.

1.4 The words "we", "us", "our" or any of their derivatives refer to StashAway Malaysia and its successors and any novatee, assignee, transferee or purchaser of StashAway Malaysia's rights and/or obligations hereunder and any reference to StashAway Malaysia includes a reference to such successor, novatee, assignee, transferee or purchaser. The words "you", "your", "yours" or any of their derivatives refer to the person using our Services, operating any account maintained with us, accessing our Platform, website or mobile applications, or otherwise providing information to or communicating with us and shall include, as the context may require, personal representatives (as the case may be).

1.5 This Privacy Policy shall be governed by, and construed in accordance with, the laws of Malaysia. Without prejudice to your rights under any applicable laws, any dispute arising out of or in connection with this Privacy Policy and/or the documents referred to herein, including any question regarding their existence, validity or termination, shall be referred to and finally resolved by the Courts of Malaysia and both you and we hereby unconditionally and irrevocably submit to the exclusive jurisdiction of the Courts of Malaysia.

BASICALLY,

Section 1 sets out StashAway Malaysia's (i.e. our) Privacy Policy. The Privacy Policy describes how we manage Personal Data in our possession or under our control.

This Summary in this right column provides a short explanation of the Privacy Policy. This is not legally binding and not comprehensive, and you are encouraged to read and understand the Privacy Policy.

If there are any differences between the Summary and the Privacy Policy, the Privacy Policy prevails.

Before you use our Services, operate any accounts maintained with us, access or use our Platform, websites, mobile applications or otherwise provide information to or communicate with us, you must agree to our collection, use, processing and disclosure of your Personal Data in accordance with this Privacy Policy.

2. PERSONAL DATA THAT WE COLLECT

2.1 We collect, use, disclose, transfer and otherwise process Personal Data about you or individuals who are connected or associated with you including but not limited to your legal representa(a) persontives (“Associated Persons”) in accordance with this Privacy Policy.

2.2 The Personal Data that we collect or may collect include:

  1. contact data including name, telephone number, email address, residential address and correspondence address;
  2. specimen signature(s);
  3. occupation, education and income levels;
  4. identification card or passport number, date of birth, place of birth and other information for the verification of identity;
  5. financial and banking information (e.g. Information on net assets, income, expenses, credit history, bank account and banking transactions, securities trading account);
  6. images and voice recordings of our conversations with you;
  7. tax and insurance information;
  8. information about your risk profile, investments, investment objectives, knowledge and experience and/or business interests and assets;
  9. personal opinions made known to us (e.g. your feedback or responses to any surveys);
  10. browsing history, patterns or other unique information;
  11. your internet protocol address and information associated with such address;
  12. any other personal data reasonably required in order for us to provide the services requested by you; and
  13. any other personal data permitted by or required to comply with any applicable local or foreign laws, rules, acts, regulations, subsidiary legislation notices, notifications, circulars, licence conditions, directions, requests, requirements, guidelines, directives, codes, information papers, practice notes, demands, guidance and/or decisions of any national, state or local government, any agency, exchange, regulatory or self-regulatory body, law enforcement body, court, central bank or tax revenue authority or any other authority whether in Malaysia or elsewhere, whether having the force of law or not (including any intergovernmental agreement between the governments or regulatory authorities of two or more jurisdictions or otherwise), as may be amended from time to time ("Applicable Laws") and our internal control and compliance policies.
BASICALLY,

Section 2 sets out the type of Personal Data that we collect or may collect from you.

3. SOURCES OF INFORMATION

3.1 The Personal Data has/or will be obtained from the following sources, where applicable, or such other sources which we may see fit from time to time:

  1. information provided or submitted by you through among others, your dealings and agreements with us, which includes information provided when registering as a user, providing information regarding any account which you may open with us, providing answers to security questions, completing any confirmations, declarations or forms, or through your utilization of any of our Services, accessing or viewing our Platform;
  2. as applicable, publicly available or publicly accessible information; and
  3. such other written, electronic or verbal communications or documents delivered to us prior to and during the course of our contractual or pre-contractual dealings with you.

3.2 As the accuracy of your Personal Data depends largely on the information you provide to us, you should inform us as soon as practicable if there are any errors in the Personal Data or if there have been any changes to the Personal Data. We intend to keep the Personal Data accurate and up-to-date, and retain the Personal Data no longer than necessary for the above purposes or as required or permitted by any applicable law.

BASICALLY,

Section 3 sets out where we may obtain Personal Data from.

As the accuracy of your Personal Data depends largely on the information you provide to us, you should inform us as soon as practicable if there are any errors in the Personal Data or if there have been any changes to the Personal Data.

4. PURPOSE OF COLLECTING, USING AND DISCLOSING YOUR PERSONAL DATA

4.1 We may use your Personal Data for our business purposes, including the provision and continuing operation of the Platform and the Services provided to you. This includes, the following purposes ("Purposes"):

  1. provision of the Services as requested by you;
  2. carrying out any transactions on your behalf contemplated on the Platform and the Services thereto;
  3. assessing and processing applications, instructions or requests from you;
  4. communicating with you, including providing you with updates on changes to our Services;
  5. to verify your identity for the purposes of providing Services to you;
  6. conducting due diligence checks, screenings or credit checks as may be required by any Applicable Laws or our internal policies and procedures;
  7. for the specific purpose for which it was volunteered or provided to us;
  8. to detect and protect us or any third parties against negligence, fraud, theft and other illegal activities;
  9. to understand your needs and preferences;
  10. improving the content, appearance and utility of the Platform;
  11. to manage and develop infrastructure and business operations;
  12. to administer any account which you may open with us;
  13. to process payments;
  14. to comply with our internal policies and procedures;
  15. to respond to queries or feedback;
  16. to address or investigate any complaints, claims or disputes;
  17. as permitted by any Applicable Laws;
  18. to comply with any Applicable Laws or any request from any relevant governmental or regulatory authority;
  19. financial reporting, regulatory reporting, management reporting, risk management, audit and record keeping purposes;
  20. enforcing obligations owed to us;
  21. seeking professional advice, including legal advice;
  22. any other reasonable purposes in connection with the provision of our Services;
  23. with your consent, providing you with marketing materials in connection with the services we may provide;
  24. fulfilling any purpose directly related to the above Purposes; or
  25. any other purposes that are appropriate or authorized by any Applicable Laws.

BASICALLY,

Section 4 sets out how we may use your Personal Data. This includes using your Personal Data for the provision of our Services / Platform to you, for marketing purposes, and to comply with regulatory requirements.

5. DISCLOSURE AND SHARING OF YOUR PERSONAL DATA

5.1 We may from time to time disclose and share your Personal Data to our directors, officers, employees, representatives, agents or delegates or any third parties, whether located in Malaysia or otherwise, to carry out the Purposes. This includes, disclosing and sharing your Personal Data with the following:

  1. any of our directors, officers, employees, representatives, agents or delegates;
  2. any of our shareholders or related corporations, and any of their successors or assigns, and their directors, officers, employees, representatives, agents or delegates;
  3. our professional advisers, consultants and auditors;
  4. any service providers, agents, contractors, delegates, suppliers or third parties which we may appoint from time to time to provide us with services in connection with the Platform or the Services that we offer to you, and their directors, officers, employees, representatives, agents or delegates;
  5. any sub-contractors which any of our service providers, agents, suppliers, delegates or contractors may appoint from time to time to provide them with services in connection with the Platform or the Services that we offer to you, and their directors, officers, employees, representatives, agents or delegates;
  6. anyone who takes over or may take over all or part of our rights or obligations under any agreement we have with you or anyone (or any part thereof) which is transferred to or may be transferred to;
  7. any person who we believe in good faith to be your legal advisers or other professionals;
  8. any relevant governmental or regulatory authority, in so far as we need to do so to keep to any Applicable Laws, or which we in good faith believe that we should keep to;
  9. pursuant to a request by any relevant governmental or regulatory authority (regardless of the reason for such request and whether such request is exercised under a court order or otherwise);
  10. parties which assist us in carrying out the Purposes laid out above in this Privacy Policy; and
  11. any person to whom we are, in our belief in good faith, under an obligation to make disclosure as required by any Applicable Laws,
  12. provided that in the case of disclosures under any of the circumstances in (a) to (d), we shall procure that the recipient is subject to the same duty of confidence.

BASICALLY,

We may also disclose and share your Personal Data with other persons in connection with the Purposes described in Section 4.

6. TRANSFER OF YOUR PERSONAL DATA OUTSIDE MALAYSIA

We may transfer, store and/or process your Personal Data outside Malaysia. In doing so, we will comply with the PDPA and other applicable data protection and privacy laws in respect of your Personal Data and ensure that the recipient outside of Malaysia is obliged to protect your Personal Data at the standard comparable to the protection under the applicable laws.

BASICALLY,

We may transfer your Personal Data outside Malaysia. If we do, we will comply with applicable data protection and privacy laws.

7. RETAINING YOUR PERSONAL DATA
Your Personal Data is retained as long as the purpose for which it was collected remains and until it is no longer necessary for any other business purposes or to comply with any Applicable Laws.

BASICALLY,

We may retain your Personal Data for as long as it is necessary for the purpose it was collected, for business purposes or to comply with applicable laws.

8. YOUR RIGHTS OF ACCESS TO AND CORRECTION of PERSONAL DATA

8.1 You may also request access to Personal Data we hold, or request the correction of any inaccurate, incomplete, misleading or not up-to-date data. If you would like to do so, please contact our Data Protection Officer at dataprotection@stashaway.my or +603 9212 4356.

8.2 Please note that a reasonable fee n in accordance with the applicable laws and regulations may be charged for an access request. If so, we will inform you of the fee before processing your request.

8.3 We will respond to your request as soon as reasonably possible. In general, our response will be within twenty-one (21) days from receipt of your request. Should we be unable to respond to your request, or supply, correct or update the information as requested by you within twenty-one (21) days after receiving your request, we will inform you in writing soonest as practicable within fourteen (14) days after the expiry of the initial period of twenty-one (21) days from receipt of your request. If we are unable to provide you with any personal data or make a correction as requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

BASICALLY,

You may contact our Data Protection Officer to access or request changes to your Personal Data.

9. PROTECTION OF PERSONAL DATA

9.1 To safeguard your Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as:

  1. minimised collection of personal data;
  2. authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.);
  3. encryption of data;
  4. data anonymization;
  5. up-to-date antivirus protection;
  6. regular patching of operating system and other software;
  7. securely erase storage media in devices before disposal;
  8. web security measures against risks;
  9. usage of one time password(“OTP”)/ 2 factor authentication (“2FA”)/ multi-factor authentication (“MFA”) to secure access, and;
  10. security review and testing performed regularly.

9.2 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

BASICALLY,

We have introduced administrative, physical and technical measures to ensure the protection of your Personal Data with us.

10. SUPPLY OF PERSONAL DATA AND WITHDRAWING YOUR CONSENT

10.1 Except as otherwise provided in this Privacy Policy, we only collect the Personal Data that you provide to us. If you would prefer that we do not collect Personal Data from you, please do not provide us with such information, use our Services, operate any account maintained with us, or access our Platform, websites or mobile applications. By using our Services, operating any account maintained with us, visiting our Platform, websites or mobile applications or otherwise, providing information to, or communicating with us you shall be deemed to have read and provided your consent to our collection, use, processing and disclosure of your Personal Data or Personal Data relating to other persons in the manner as described in this Privacy Policy. You may withdraw your consent to our collection, use, processing and disclosure of the Personal Data for any of the above Purposes, at any time by submitting your request in writing or via email to our Data Protection Officer, the details of which are below in Paragraph 14. If we do not receive any notification from you concerning our collection, use, processing and disclosure of the Personal Data, we shall proceed to continue to process the same for the Purposes as set out above, on the basis that you have consented to our current as well as all our previous collection, use, processing and disclosure of the Personal Data in accordance with this Privacy Policy.

10.2 Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

10.3 Please note that we may not be able to provide you with our Services if you do not provide us with your consent or withdraw your consent to the collection, use, processing and disclosure of the Personal Data for any of the Purposes.

10.4 Where you provide us with the Personal Data of other individuals, we shall assume, without independent verification, that you have obtained such individual's consent to our collection, use, processing and disclosure of their Personal Data in accordance with this Privacy Policy.

10.5 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.

10.6 You may, at any time, withdraw your consent to receive marketing information from us. If you wish to do so, please click on the “Unsubscribe” option available on all marketing/newsletter emails that you may receive from us or contact our Data Protection Officer at dataprotection@stashaway.my or +603 9212 4356.

BASICALLY,

You consent to us collecting, using, processing and disclosing your Personal Data in the manner as described in this Privacy Policy. You may withdraw your consent at any time by contacting our Data Protection Officer. In the event that you withdraw your consent, we may not be able to provide you with our Services. If you provide us with the Personal Data of other individuals, you will ensure that the individual has given their consent to our collection, use, processing and disclosure of their Personal Data in accordance with this Privacy Policy.

11. USE OF COOKIES AND RELATED TECHNOLOGIES

11.1 Our Platform, websites and mobile applications (“apps” or an “app”) use cookies. A cookie is a small text file placed on your computer, system or mobile device when you visit a web site or use an app. Cookies collect information about users and their visit to the web site or use of the app, such as their Internet protocol (IP) address, how they arrived at the web site (for example, through a search engine or a link from another web site) and how they navigate within the web site or app. We use cookies and other technologies to facilitate your internet sessions and use of our apps, offer you products and/or services according to your preferred settings, track use of our web sites and apps and to compile statistics about activities carried out on our web sites and/or through our apps.

11.2 A pixel tag, also known as a web beacon, is an invisible tag placed on certain pages of our web site but not on your computer. Pixel tags are usually used in conjunction with cookies and are used to monitor the behaviour of users visiting the web site.

11.3 You may set up your web browser to block cookies which will in turn disable the pixel tags from monitoring your web site visit. You may also remove cookies stored from your computer or mobile device. However, if you do block cookies and pixel tags, you may not be able to use certain features and functions of our web sites or the Platform.

11.4 We also use analytics programs such as Google Analytics for web analytics purposes to manage and improve our websites, mobile applications, the Platform and/or our Services. Features of Google Analytics that we may use include Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. Accordingly, your information may be collected for reports such as impression reporting, demographic reporting, interest reporting and to assist with tailoring our online advertising to provide you with a better experience. You may refer to https://www.google.com/policies/privacy/partners for more information about how your data is collected through Google Analytics.

11.5 We and our third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together, to inform, analyse, optimise, and serve custom ads based on your interests, searches and prior usage patterns when visiting our websites, mobile applications and Platform, and for other market research analysis purposes such as impression reporting and how your interactions with these ads are related to visits to our websites, mobile applications and Platform, amongst others. As a consequence, third party vendors may show our ads on other websites or mobile applications. We neither support or endorse the goals, causes or statements of these websites or mobile applications which display our ads.

11.6 Using the Google Ad Settings (https://www.google.com/settings/u/0/ads/authenticated), you may control the ads you view, block specific advertisers, learn how ads are selected for you, and opt-out of Google Analytics for Display Advertising. To opt out from any collection or use of information by Google Analytics, please download and install the Google Analytics Opt-Out Browser Add-on available at https://tools.google.com/dlpage/gaoptout. By opting out, you will not be subject to online advertising or marketing analysis by Google Analytics and you will no longer receive ads tailored to your browsing patterns and usage preferences.

BASICALLY,

We may collect information, your Personal Data, through cookies on our Platform, website and mobile applications. We use analytics programs such as Google Analytics to manage and improve our websites, mobile applications, the Platform and/or our Services. We may with the help of Google Analytics use your browsing behaviour and prior usage patterns together with any other Personal Data previously provided by you in accordance with this Privacy Policy.

12. THIRD PARTY SITES

Our web sites may contain links to other web sites which are not maintained by us. This Privacy Policy only applies to our websites, mobile applications, the Platform and/or our Services. When visiting these third party web sites, you should read their privacy policies which will apply to your use of the web sites.

BASICALLY,

This Privacy Policy does not apply to third party web sites which may be linked to our web sites.

13. CHANGES

Our Privacy Policy may change from time to time. We will post any privacy policy changes on this page, for which you will be notified. If you continue to use our Services, operate any account maintained with us, access our Platform, websites or mobile applications, and/or otherwise provide information to or communicate with us, you are deemed to have agreed to such changes without reservation.

BASICALLY,

The Privacy Policy is subject to changes made by us; and if you continue to use our Services, operate any account maintained with us, access our Platform, websites or mobile applications, and/or otherwise provide information to or communicate with us, you will be treated as if you have agreed to the changes.

14. CONTACTING US

If you have any questions about any aspects of this Privacy Policy or any inquiries or complaints in respect of your Personal Data, please contact our Data Protection Officer at dataprotection@stashaway.my or +603 9212 4356.

BASICALLY,

You may contact our Data Protection Officer if you have any questions about this Privacy Policy.