Bank Negara Malaysia ("the Bank") takes your right to privacy seriously and commits to protecting your personally identifiable information ("personal data") in line with the Personal Data Protection Act 2010 and other applicable laws. This Privacy Statement sets out the Bank's approach in handling personal data.
This Privacy Statement applies to personal data collected by the Bank but does not apply to personal data collected by other entities including those owned or controlled by or affiliated to the Bank, individuals that are not employees or agents of the Bank, or websites that are not under the Bank's control.
The Bank may amend this Privacy Statement from time to time. As such, you are expected to read this Privacy Statement each time you wish to provide your personal data to the Bank. Substantial amendments to this policy will be announced on this website.
2. Purposes and legal basis for processing of personal data
As a central bank, the Bank may need to process your personal data to perform our statutory functions and exercise powers under the Central Bank of Malaysia Act 2009 ("CBA") and other laws as well as for other related purposes including but not limited to -
- engagement with the public and stakeholders;
- including members of public on the Bank's mailing list upon request;
- procurement of goods or services, specifically –
- to assess suitability of service provider; and
- to enforce the rights and obligations in the contract including making payments and maintaining the list of personnel who carry out the rights and obligations of the service provider;
- recruitment and employment;
- ensuring security of our premises and systems;
- ensuring the safety and well-being of our employees and visitors; and
- audit purposes.
The legal basis we rely on for processing of your personal data may be:
- your consent;
- performance of contract or in order to enter into a contract with you or your employer;
- compliance with the Bank's legal obligations;
- protection of your vital interests as well as the vital interests of other individuals;
- the Bank's performance of statutory duties; or
- the Bank's legitimate interests.
3. Types of Personal Data collected and processed by the Bank
The types of personal data which the Bank may need to process include but are not limited to –
- the name, address, contact details, identification number and passport number;
- occupation, designation and employer;
- details of professional experience and educational qualification;
- sensitive or special categories of personal data such as racial or ethnic origin, biometric data and data concerning health;
- information relating to criminal convictions and disciplinary proceedings; and
- details of shareholdings, business interests and positions.
The Bank will only collect and process personal data to the extent that such personal data is necessary for the relevant purpose.
4. How Personal Data is collected by the Bank
The Bank may collect personal data directly from you where it is necessary, reasonable or practical to do so. When we collect your personal data, we will inform you how we may use or disclose your personal data unless it is apparent at the point of collection. In some cases, it may be necessary, reasonable or practical for the Bank to collect your personal data from other persons, with or without your knowledge or involvement as part of our statutory functions and for recruitment purposes.
For visitors to the Bank's premises, the Bank may collect personal data prior to entry for identity verification and security purposes. The Bank also operates CCTVs at exterior perimeters and within our premises for safety of the visitors and Bank's employees, crime prevention and crime detection which may collect photo videos or voice recordings of individuals.
5. Protection of personal data
The Bank ensures the security of your personal data by taking appropriate security measures to preserve confidentiality of your personal data.
In some instances, it is necessary for us to process sensitive or special categories of personal data such as racial or ethnic origin, biometric data and data concerning health as well as criminal data as part of our functions as described above. In such case, we will apply additional care as required by law.
6. Disclosure of Personal Data to Third Parties
Efforts will be made to prevent your data being made available to third parties. However, we may share personal data with third parties if -
- it is provided for in this Privacy Statement;
- your consent is obtained;
- a service provided requires interaction with a third party, or is provided by a third party on our behalf;
- it is pursuant to legal action or law enforcement; or
- it is to perform our statutory functions and exercise powers under the law.
The Bank may disclose your personal data to third parties including but not limited to:
- financial institutions;
- other parties authorised by you;
- regulatory and governmental agencies as permitted or required by law, authorised by any order of court or to meet obligations to regulatory authorities;
- other central banks;
- third party service providers;
- past or future employers of the Bank's employees or prospective employees,
within and outside of Malaysia.
Where the Bank appoints a third party service provider to process personal data on behalf of the Bank, the Bank will instruct such third party service provider to only process such personal data for the specific purposes as required by the Bank.
If we disclose any of your personal data to any person, we will require such person to appropriately safeguard the personal data provided to them.
7. Retention of personal data
It is the Bank's policy to retain personal data for as long as it is necessary for the purpose such personal data was collected, other purposes that are not incompatible with the original purpose and as required by law. Where the personal data is no longer necessary, such personal data will be disposed unless the law requires it to be archived in the public interest.
8. Data Subject's rights
Under certain circumstances, you may have the right under the law to:
- withdraw your consent to the processing of your personal data if we rely on your consent as the legal basis to process personal data;
- request for confirmation whether your personal data is being processed by the Bank, a copy of your personal data which the Bank holds and information on the Bank's processing of such personal data;
- request the Bank to correct or complete your personal data held by the Bank if it is incorrect, out of date, incomplete or misleading;
- request for erasure of your personal data from the Bank's systems and records;
- request the Bank to suspend processing of your personal data;
- request the Bank to provide you with your personal data in a manner that allows you to transmit such personal data to a third party or, if technically feasible, to directly transmit such personal data to a third party;
- object to the Bank's processing of your personal data;
- not be subject to a decision based solely on automated processing without human involvement where such decision may produce legal effects or significantly affect you.
- complain to the relevant data protection authority about the actions of the Bank that may be in contravention of any data protection law applicable to the Bank's processing of your personal data.
Where the data protection law applicable to the Bank's processing of your personal data does not provide for a right or set out limitations and exemptions which the Bank may rely on, we have the right to deny your request or allow such request at our discretion.
9. Contact information
If you have any questions about this website, concerns on any aspect of this Privacy Statement, or you wish to exercise your rights in respect of your personal data, you may address them to the site administrator via e-LINK Form. If you wish to exercise your right to access and right to rectify your personal data that we hold, please also complete our "Personal Data Access / Correction Request Form".
10. Other information
When you visit this website, details about your visit may be recorded by the Bank and our third party service, Google Analytics, including through the setting and usage of cookies.
This website may display content of, and provide links to, our advertising partners, content partners, third party social media and third party video websites such as Facebook, Twitter, Instagram, Pinterest and Youtube. The practices on handling information and cookies by third parties are governed by the privacy statements of such other third party and you are expected to refer to their privacy statements. The Bank does not collect or use any information stored in cookies that may be set by any third party from their websites and such third parties do not have access to cookies set by the Bank's website.
You are able to manage or delete cookies directly from your browser history (cache). For instructions on how to manage or delete cookies, please check the support website for your browser. To opt out from being tracked by Google Analytics for all websites, visit https://tools.google.com/dlpage/gaoptout.
Updated: March 2021