Privacy Notice

Our commitment to your privacy

This Privacy Notice outlines how Etiqa collects, uses, maintains, processes and discloses your personal data in respect of commercial transactions and how Etiqa safeguards the personal data pursuant to the Personal Data Protection Act 2010 (“PDPA”) and any other applicable laws and regulations on data protection in Malaysia, your jurisdiction or any other jurisdiction where the information is subject to this Privacy Notice.

“We” “Us”, “Our” in this notice refers to Maybank Ageas Holdings Berhad, Etiqa Life Insurance Berhad, Etiqa General Insurance Berhad, Etiqa Family Takaful Berhad, Etiqa General Takaful Berhad, Etiqa Life International (L) Ltd or Etiqa Offshore Insurance (L) Ltd (“Etiqa”), including its branches in Malaysia and in other countries as well as its local and overseas subsidiaries or, as the context may require, any of them.

“Maybank Group” in this notice refers to Malayan Banking Berhad, including its branches in Malaysia and in other countries as well as its local and overseas subsidiaries or, as the context may require, any of them.

For the purpose of this Privacy Notice, the terms “personal data” and “processing” shall have the same meaning as prescribed in the PDPA and the laws of the country where the information is subject to this Privacy Notice

For users from other than Malaysia, please click here to read more in the specific countries Supplemental Terms.

Your consent is important

This Privacy Notice serves to inform you that your personal data is being processed by us or on our behalf when you use our services provided by Etiqa through Etiqa’s Etiqa+ Mobile Application (“App”)

When you request or provide us with your information or sign up for or use our products and services, you will be required to provide Etiqa with your personal data. In addition, your personal data may also be collected from the App from time to time when you use the App. In doing so, you consent to the collection, processing and disclosure of your personal data by Etiqa in accordance with this Privacy Notice.

We may also collect your sensitive personal data (including data relating to your physical or mental health, the commission or alleged commission of offences etc.) when you provide us with your information or apply for or use certain products and services. Where collection of any personal data requires a stand-alone consent as per the applicable data protection law in your jurisdiction, we shall do it only after obtaining such consent from you.

You are responsible for ensuring that the information you provide us is accurate, complete, not misleading and kept up to date.

You have the choice, at any time, not to provide your personal data or to revoke your consent to Etiqa processing of your personal data. However, this may result in Etiqa being unable to provide you with the products or services which you have requested.

What types of personal data do we collect?

The personal data we collect can be either obligatory or voluntary. Obligatory personal data are those that we require in order to provide you with our products and services. If you do not provide us with obligatory personal data, we would not be able to provide you with our products and services. Voluntary personal data are those that are not mandatory in order for us to provide you with our products and services. If you do not provide us with voluntary personal data, you can still sign up for our products and services. Obligatory and voluntary personal data differ for each product and service and will be required/indicated in the application/online forms.

We will collect personal data shall which include but not limited to the following that will enable us to:

Identify you,;
Keep in contact with you,;
Assess your profile,;
Fulfill our legal and regulatory obligations,;and
Record details of your transactions/communications with us,; ;
Your personal data shall include but not limited to the following:

1. Non-Sensitive Personal Information
1. name and age;
2. home/mailing address;
3. NRIC/Passport No.;
4. contact information, telephone number, e-mail address;
5. biodata profile;
6. photograph or video image;
7. employment information;
8. financial information;
9. investment and risk preferences;
10. vehicle registration;
11. personal information of family members or next of kin/beneficiaries/nominees/trustees/ assignees; and/or
12. such other personal information required (with your consent).
2. Sensitive Personal Information
1. thumbprint or DNA profile;
2. physical and/or mental health condition;
3. religious belief;
4. commission or alleged commission of any offence or contravention of law;
5. expression of opinion; and/or
6. such other sensitive personal information required (with your consent)

If you are supplying personal data of other parties such as your family members, legal guardians, nominees, directors, shareholders or officers, please do ensure that you have obtained their consent and bring this Privacy Statement to their attention.

How do we collect your personal data?

We obtain your personal data in various ways, and you hereby consent to such collection, such as:

• When you request or provide us with your information or sign up for or use one of the many products and services we provide or when you access or use any Etiqa’s website and App.
• When you connect or sync your wearable technology or any other electronic devices to the App.
• When we obtain your medical history and health status from your doctor.
• If you are a non-policyholder insured / non-certificate holder covered, we may obtain your information from the policy holder/certificate holder (e.g. your employer).
• When you contact Etiqa through various methods such as application forms, emails and letters, telephone calls and conversations you have with our staff in a branch or through our authorized agent. If you contact us or we contact you using telephone, we may monitor or record the phone call for quality assurance, training and security purposes.
• From your transactions (e.g. payment history, account balances, etc.).
• When you participate in customer surveys or when you sign up for any of our competitions or promotions.
• When we obtain any data and information from authorised third parties (e.g. regulatory and enforcement agencies, employers, joint policyholders / certificate holders, legal representatives, nominees, assignees).
• From video recordings from close circuit security surveillance cameras and audio recordings.
• From publicly available sources.

What is the purpose of processing your personal data?

We may process your personal data for the following reasons:

• To process your registration and provide you with access to the App and hosted application services.
• To deliver rewards, articles on wellness and sustainability based on the data generated by the wearable technology in the App.
• To process the requests made by you and to provide the information requested by you through the App.
• To assess your application for any of our products and services or continue provisioning of the products and/or services (whichever is applicable).
• To administer your insurance policy / Takaful certificate and any claims made against your policy / Takaful certificate.
• To manage and maintain your account with Etiqa.
• To continue performing the contractual obligations entered into between Etiqa and you.
• To respond to your enquiries and complaints and to resolve disputes.
• For internal functions and to support the Maybank Group such as evaluating the effectiveness of marketing, market research, statistical analysis and modelling, reporting, audit and risk management and to prevent fraud from time to time.
• To provide you with information on products and/or services of Etiqa and Maybank Group.
• To prevent fraud or detect crime for the purpose of investigation.
• For security reasons in particular personal data collected from close circuit security surveillance cameras.
• For any purpose required by any applicable law or regulation.
• To offer additional products and services that may be of interest to you and as directed by you with your consent.

If you are a beneficiary and not a policyholder / certificate holder, we will only process your personal data for purposes relating to administering the insurance policy / Takaful certificate.

To whom do we disclose your personal data?

Your personal data held by us shall be kept confidential. However, in order to provide you with effective and continuous products and services and to comply with any legal and regulatory requirements, we may need to disclose your personal data to:

• our related corporations, including Etiqa Life Insurance Berhad, Etiqa Family Takaful Berhad, Etiqa General Insurance Berhad, Etiqa General Takaful Berhad, Etiqa Life International (L) Ltd or Etiqa Offshore Insurance (L) Ltd, as the context may require.
• Other entities within Maybank Group.
• Our authorised agents and service providers with whom we have contractual agreements for some of our functions, services and activities.
• Other insurance / Takaful and distribution parties (e.g. banks, Islamic banks, insurance brokers, Takaful brokers, reinsurance companies, Retakaful companies, as the context may require).
• Industry trade associations such as Life Insurance Association of Malaysia (LIAM), Persatuan Insurans Am Malaysia (PIAM) and Malaysian Takaful Association (MTA).
• Our merchants and strategic partners.
• Your employer (Applicable for Group Corporate Client only).
• Any parties authorised by you (from time to time).
• Enforcement regulatory and governmental agencies as permitted or required by applicable law in any jurisdiction (including, without limitation, your jurisdiction), authorised by any order of court or to meet obligations to regulatory authorities.

We will share your personal data (including sensitive personal data) with Maybank Group, our agents or strategic partners and other third parties ("other entities") as Etiqa deems fit and you may receive marketing communication from us or from these other entities about products and services that may be of interest to you. If you no longer wish to receive these marketing communications, please notify us to withdraw your consent and we will stop processing and sharing your personal data with these other entities for the purpose of sending you marketing communications. For avoidance of doubt, the withdrawal does not affect the processing of mandatory personal data.

You have a choice to withdraw your consent for receiving marketing or promotional materials/communication, you may contact us using the contact details found below. Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to fourteen (14) working days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time. Please note that even if you opt out from receiving marketing or promotional materials, Etiqa may still contact you for other purposes in relation to the accounts, products, plans or services that you hold or have subscribed to with Etiqa.

The disclosure of your data may involve the transfer of your personal data to places outside of Malaysia or your jurisdiction, and by providing us your personal data you agree to such a transfer where it is required to provide you the services you have requested or access to the features within the App, and for the performance of any contractual obligations you have with Etiqa including for storage purposes. If transfer of your personal data out of your jurisdiction requires a stand-alone consent as per the data protection law in your jurisdiction, we shall do only after obtaining such consent from you.

Changes to this Privacy Notice

We may update this Privacy Statement from time to time. Please periodically review this Privacy Statement to stay informed on how we are protecting your information.

We provide the Privacy Statement in both English and Bahasa Malaysia. In case of any inconsistency between these two, the English version shall prevail. In case there are inconsistencies on how we collect or use your personal data between this Privacy Statement and the terms and conditions of your specific product or service or other contractual documents, the terms and conditions of your specific product or service or other contractual documents shall prevail.

This Privacy Statement was last updated in January 2023.

How can you correct / update your personal data?

We are committed to ensure that the personal data we hold about you is accurate, complete, not misleading and up-to-date. If there are any changes to your personal data or if you believe that the personal data we have about you is inaccurate, incomplete, misleading or not up-to-date, please contact us so that we may take steps to update your personal data. You can also update your details as directed on the App at Support section if any details you have provided to us during your registration changes.

How can you access your personal data?

You have the right to access your personal data. If you would like to request access to your personal data, please fill in the Access Request Form which is available at all our branches/ Customer Service Centers and send to us via email to PDPA@etiqa.com.my. Please note that depending on the information requested, and to the extent permissible by the applicable laws in your jurisdiction, we may have the right to charge a prescribed fee for the processing of any data requested. We may also take steps to verify your identity before fulfilling your request for access to your personal data.

How may you contact us?

If you need to contact us, you may email us as Support section of the App, call our contact centre at Etiqa Oneline at 1300 13 8888, email us at etiqamysupport@etiqa.com.myor visit us at www.etiqa.com.my. For corporate customers, you may contact your relationship manager directly.

We provide the Privacy Notice in both English and Bahasa Malaysia. In case of any inconsistencies, the English version shall prevail. In case there is a discrepancy on how we collect or use your personal data between this Privacy Notice and the terms and conditions of your specific product or service, the terms and conditions of your specific product or service shall prevail.

Unless specified otherwise hereunder, we shall respond to any request or enquiry raised hereunder within fifteen (15) days after the receipt of your request or enquiry.

China Supplemental Terms

The following terms shall apply if you are a user based in China:

Retention and Deletion of Personal Information

We will only keep your personal information as long as you remain an active customer or user of the App or any other our product or service and for such duration afterwards as appropriate for fulfilling the purpose of the applicable personal information, unless otherwise required by applicable Chinese laws.

We may need to retain certain personal information even once a customer account has been closed or deleted to enforce our terms, to comply with legal or regulatory obligations, for fraud prevention, to identify, issue or resolve legal claims and/or for proper record keeping purposes.

We may also retain a record of any stated objection by you to receiving our marketing communications for the purpose of ensuring we can continue to respect your wishes and not contact you further.

Beyond such duration as set forth above and subject to the above, your personal information will be deleted, destroyed or anonymised in a manner that cannot be restored or reproduced.

In the following circumstances, you may also request to delete your personal information via etiqamysupport@etiqa.com.my:

1. if we have processed your personal information in violation of applicable PRC law;
2. if we failed to obtain your consent for collecting and processing any of your personal information;
3. if we have processed your personal information in breach of this Privacy Notice or any other agreement between you and us; or
4. if you have voluntarily cancelled or de-registered your account with us.

The purposes of sharing your personal data with third parties shall be for our business needs, to carry out your requests and/or as require by law. This includes:

• our related corporations, including Etiqa Life Insurance Berhad, Etiqa Family Takaful Berhad, Etiqa General Insurance Berhad, Etiqa General Takaful Berhad, Etiqa Life International (L) Ltd or Etiqa Offshore Insurance (L) Ltd, as the context may require and other entities within Maybank Group for the purposes stipulated in this privacy notice.
• Our authorised agents and service providers with whom we have contractual agreements for some of our functions, services and activities and/or our merchants and strategic partners for the purpose of performing the contractual obligations entered into between Etiqa and you.
• Other insurance / Takaful and distribution parties (e.g. banks, Islamic banks, insurance brokers, Takaful brokers, reinsurance companies, Retakaful companies, as the context may require) for the purposes stipulated in this privacy notice.
• Industry trade associations such as Life Insurance Association of Malaysia (LIAM), Persatuan Insurans Am Malaysia (PIAM) and Malaysian Takaful Association (MTA) for the purpose of regulatory compliance.
• Your employer (Applicable for Group Corporate Client only) for the purposes stipulated in this privacy notice.
• Any parties authorised by you (from time to time).
• Enforcement regulatory and governmental agencies as permitted or required by applicable law in any jurisdiction (including, without limitation, your jurisdiction), authorised by any order of court or to meet obligations to regulatory authorities and to comply with applicable laws.

Cambodia Supplemental Terms

The following terms shall apply if you are a user based in Cambodia:

By using the “App”, you represent and warrant that you attained the legal age of majority under the applicable laws.

How we protect your personal data?

We take every precaution and use reasonable measures to protect your personal data and to keep your personal data secure.

Security of your information is very important to us and we are striving to protect your personal data to the best of our ability. Nonetheless, please note that no data transmission over the internet or any wireless networks can be guaranteed to be completely free from intrusion by others. As a result, while we employ reasonable and appropriate security measures to protect data, we cannot guarantee the security of information transmitted to and from the App and are not responsible for the actions of the third parties that receive any such information.

Philippines Supplemental Terms

The following terms shall apply if you are a user based in the Philippines:

Where the personal data processed involves Philippine citizens or residents, or Etiqa has a link with the Philippines (i.e. a contract is entered in the Philippines, an entity of Etiqa has central management and control in the Philippines, or has a branch, agency, office or subsidiary in the Philippines and the parent or affiliate of the Philippine entity has access to personal data, or we carry on business in the Philippines, or the personal data was collected or held by an entity in the Philippines), or where personal data is processed in the Philippines, the Data Privacy Act of 2012 (Republic Act No. 10173) (“DPA”) shall also apply.

When used under this policy, sensitive personal information shall mean personal information:

1. about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
2. about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
3. issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
4. specifically established by an executive order or an act of Congress to be kept classified.

What are your rights as a data subject?

Apart from the rights above-mentioned, you shall also have the following rights under the DPA:

1. the right to file a complaint with the National Privacy Commission; and
2. the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

How long do we retain your data?

The personal data shall only be retained for as long as necessary for the fulfilment of the purposes for which the data was obtained or for the establishment, exercise, or defense of legal claims, or for legitimate purposes, or as provided by law.

Changes to this Privacy Notice

Please note that we may update this Privacy Notice from time to time. If there are material changes to this Privacy Notice, we will notify you by posting a notice of such changes on our App or by sending you a notification directly. Do periodically review this Privacy Notice to stay informed on how we are protecting your information. We will obtain your consent for those amendments which affect the information under Section 16(b) of the DPA.

Limitations to Right to Access

You have the right to access your personal data. However, the following instances may limit this right:

• Publicly available information. If an existing law or regulation requires us to make the personal data available to the public, we have the discretion on whether to comply with the request or to direct you to where such data may be found or accessed.
• Repeated requests. We may decide not to comply with repeated, identical, or similar requests if such request for access has been previously granted unless a reasonable interval of time from the previous request has elapsed. The determination of what constitutes a reasonable interval of time shall depend on the nature of the request, considering any changes or updates in the personal data and/or the other information from the time of the previous request.
• Requests which will entail disproportionate effort. After reasonable evaluation, if the request for access would result in a disproportionate amount of effort or resources, we may refuse to comply with the request. The determination of what constitutes disproportionate effort may be made on the basis of the particular circumstances of the request. Factors to consider may include the availability of the information, the need for extraordinary measures to retrieve the information, the purpose of the request, and the necessity and benefit of the requested information to you.
• Consideration of your safety. In exceptional cases and subject to any applicable ethical guidelines, limitations on the right to access may apply if, in our professional evaluation and determination, providing access to the requested information may cause serious harm to the physical, mental, or emotional health to you.

Security

We use appropriate and reasonable measures to keep your personal data confidential and secure.

Destruction and Retention

We will take all reasonable steps to ensure that your personal data is not retained longer than is necessary for the fulfilment of the purpose for which it was collected, unless retention of such data is necessary to protect our interests and where otherwise required by the relevant laws and regulations including any operational, audit, legal, regulatory, tax, or accounting requirements.

We will destroy your personal data once it is no longer required to be retained by us.

How may you contact us?

If you need to contact us, you may reach us through:

Head, Innovation and Data Privacy at PDPA@etiqa.com.my

Myanmar Supplemental Terms

The following terms shall apply if you are a user based in Myanmar:

General Information

We adopt these Supplemental Terms to comply with the Electronic Transaction Law 2004 and the Amendment of Electronic Transaction Law 2021 (“ETL”) and any terms defined in the ETL have the same meaning when used in these Supplemental Terms.

Your consent is important

The word of “process” shall mean collecting, receiving, transferring, dissemination, coordinating, restricting, destroying, documenting, archiving, storing, altering, recollection of stored data, advising, utilizing, and disclosing of your personal data pursuant to the ETL of Myanmar.

Upon receiving your consent, we may also collect your personal data (including data relating to your physical or mental health, the commission or alleged commission of offences etc.) when you apply for certain products and services.

If you are supplying personal data of another person such as your family members, legal guardians, nominees, directors, shareholders or officers, please do ensure that you have obtained their consent prior to providing the personal data of such person to us and to bring this Privacy Notice to their attention or receive on his/her behalf this Privacy Notice. We may, at any time, request for documentary evidence relating to such consent, as deemed appropriate.

You as the data subject have the rights to withdraw your consent at any time.

For how long do we retain your personal data?

We retain your personal data for so long as and to the extent that it is required to fulfil our contractual obligations, provide our services to you, achieve the purposes of processing your personal data, or comply with other legal requirements and obligations under the applicable laws, and a certain period after the cessation of our contractual relationship, or the last performance of our services. We shall destroy your personal data after the end of such retention period.

Where we process your personal data solely with your consent, your personal data will be deleted, destroyed, or de-identified, subject to the requirements and conditions prescribed by the existing laws of Myanmar.

Thailand Supplemental Terms

The following terms shall apply if you are a user based in Thailand:

General Information

We adopt these Supplemental Terms to comply with the Personal Data Protection B.E. 2562 of Thailand and its implementation rules and regulations (“PDPA of Thailand”) and any terms defined in the PDPA of Thailand have the same meaning when used in these Supplemental Terms.

Your consent is important

The word of “process” shall mean collect, use and disclosure of your personal data pursuant to the PDPA of Thailand.

Upon receiving your explicit consent, we may also collect your sensitive personal data (including data relating to your physical or mental health, the commission or alleged commission of offences etc.) when you apply for certain products and services.

What types of personal data do we collect?

The types of personal data we collect may include, but not limited to your name, address, other contact details (including family/employment information), age, occupation, place of birth, marital status, data generated through your wearable technology connected to the App or your actions when using the App and financial reference and information such as your income or income tax particulars.

We may also collect your sensitive personal data, upon obtaining an explicit consent from you, or where necessary as permissible under the law, which may include data that is contained in the copy of your Thai national identification card and/or passport (i.e. religion and/or blood type), biometric data, screening checks, and health-related data.

If you are supplying personal data of another person such as your family members, legal guardians, nominees, directors, shareholders or officers, please do ensure that you have obtained their explicit consent prior to providing the personal data of such person to us and to bring this Privacy Notice to their attention or receive on his/her behalf this Privacy Notice. We may, at any time, request for documentary evidence relating to such consent, as deemed appropriate.

For how long do we retain your personal data?

We retain your personal data for so long as and to the extent that it is required to fulfil our contractual obligations, provide our services to you, achieve the purposes of processing your personal data, or comply with other legal requirements and obligations under the applicable laws, and 10 years after the cessation of our contractual relationship, or the last performance of our services. We shall destroy your personal data after the end of such retention period.

Where we process your personal data solely with your consent, your personal data will be deleted, destroyed, or de-identified, subject to the requirements and conditions prescribed by the PDPA of Thailand.

To whom do we disclose your personal data?

Where we transfer your personal data to our related corporations, entities within Maybank Group and/or other third parties, including our servers located outside Thailand, we will protect your personal data by implementing adequate personal data protection standards for such transfer, and ensure that any of our related corporations, entities within Maybank Group and/or third parties to whom your personal data will be disclosed shall implement adequate personal data protection standards as required under the PDPA of Thailand.

What are your data subject's rights?

You as the data subject have the rights to withdraw your consent at any time, request us for an access, a deletion, or anonymization of your personal data. You also have the rights to object, cease or suspend the use or disclosure of your personal data including update or rectify your personal data processed by us.

If we reject any of your rights mentioned above, you can ask us to record the rejection of your request and file a complaint against us or our data processor on their violation of the PDPA of Thailand.

How may you contact us?

For users/data subjects in Thailand, if you need to contact us, you may email to our Head, Innovation and Data Privacy in Malaysia at PDPA@etiqa.com.my. You may find more information at the Support section of the App. For corporate customers, you may contact your relationship manager directly.

Vietnam Supplemental Terms

The following terms shall apply if you are a user based in Vietnam:

How do we store and protect your personal data?

We are committed to and use reasonable methods to ensure the safety and security of personal data collected to prevent unauthorized theft, access, alteration, destruction of personal data.

We will implement various security measures to ensure the safety of your personal data on our system. Your personal data is stored in a secure network and can only be accessed by a limited number of our employees.

We will keep your personal data in accordance with applicable laws. We will destroy or delete your personal data when we have reasonable grounds to determine that: (i) the retention of such personal data no longer serves the purpose for which it was collected; (ii) retention is no longer required for any legal or business purpose; and (iii) there is no longer any other legitimate interest to continue to retain this personal data.

California Supplemental Terms

The following terms shall apply if you are a user based in California:

You may have the rights to:

1. request that we delete any personal information we hold about you;
2. restrict the processing of your personal information; and
3. receive any personal information we hold about you in a structured and commonly used machine-readable format or have such personal information transmitted to another company. We may ask you for additional information to confirm you identity and for security purposes before disclosing that information to you.

You also have the right not to be discriminated against for exercising any of your rights under this policy.

To exercise your rights, please contact us as detailed above in the section titled “How may you contact us?”

Children

Our App is not intended or directed to anyone under the age of 16. If you are under the age of 16, you may not use our App. If you are an adult who becomes aware of a child’s data being entered into the App or sent to Etiqa or any related entity, please contact us at: PDPA@etiqa.com.my.

Singapore Supplemental Terms

The following terms shall apply if you are a user based in Singapore:

References to the PDPA shall include references to Singapore’s Personal Data Protection Act 2012 (No. 26 of 2012), where relevant.

We will only collect your identity card or passport number if required by law, or if we need to ascertain or verify your identity to a high degree of fidelity, e.g. to prevent fraud or to prevent a significant safety or security risk.

The disclosure of your data may involve the transfer of your personal data to places outside of Singapore, and by providing us your personal data you agree to such a transfer where it is required to provide you the services you have requested or access to the features within the app, or for the performance of any contractual obligations you have with Etiqa including for storage purposes.