MobyPay – Buy Now, Pay Later

moby logo final-01 (1)

Objectives & Application

MobyMoney Sdn. Bhd, its parent company, its subsidiaries and affiliates (“MobyMoney”, “Us”, “Weis the owner and operator of MobyPay (https://www.mobypay.my/) any subdomain thereof (“Website”) or related mobile application (“Apps”), related databases and supporting software which you may access in the course of engaging with us (collectively referred to as “Platforms”).

As a ‘Buy Now Pay Later’(“Services”) service provider, we heavily weigh your needs when it comes to affordable payment plans and seamless online shopping experience. This means, we require various any information that is associated with you or that can be used to identify you (“Personal Data”) to ensure our Services are better catered to meet your needs. We understand that you may have some concerns about the usage and processing your Personal Data, however, we are here to assure you that we hold the data privacy of your Personal Data in the highest regard.

Section I of this Privacy Policy is curated to ensure you understand how we collect, disclose, use, process your Personal Data and how we are committed to protecting the security and privacy of your Personal Data in our custody in accordance with the Personal Data Protection Act 2010 and any other applicable data protection laws and regulations (hereinafter referred to as “Applicable Laws”). Section II of this Privacy Policy will inform you of your data privacy rights and how you can be in control of your Personal Data.

Please note that this Privacy Policy shall apply automatically on the account of you using our Platforms and Services. To make an informed and conscious decision before using our Platforms, products and Services, we highly encourage you to study and understand this Privacy Policy.

SECTION I: PROCESSING OF PERSONAL DATA

A. What Is Personal Data?

For your better understanding, we have broken down several categories of Personal Data as follows:-

Identity Information

Name, date of birth, age, gender, identification or passport number, identification documents such as identification card, passport, driving licence, social medial handle, biometric verification such as fingerprint, facial image, voice recording, proof of address such as utility bills and any other documents capable of corroborating your identity.

Contact Information

Contact details such as residential address, shipping and billing address, email address, phone number, proof of address such as utility bills.

Purchase Information

Bank account number, credit card number, debit card number, shopping items, wishlist items, purchase history, browsing behaviour, product reviews, purchase behaviour such as frequency of purchase, time of purchase and type of purchase.

Credit Profile

Payment behaviour, income amount, proof of income such as bank statement and other income statement, credit information obtained from credit reports which includes outstanding payment, number of loans, credit score, employment documents such as latest EPF Statement, latest pay slip and latest business card.

Sensitive Information

Personal Data may also constitute another class information that are highly sensitive such as data related to your health, religious, political views or other similar beliefs. Due to the nature of our products and Services, we typically may not need this class of Personal Data. However if collection and processing of Sensitive Information becomes reasonably necessary to provide our Services, we will obtain your explicit consent.

Others

IP address, server logs, login and logout details, device information, geographical location, other information you provide to us voluntarily.

B.How and When Do We Collect Your Personal Data?

We may collect your Personal Data in the process of providing our Services or in the course of our transaction or engagement with you.

Here is how and when we collect your Personal Data:

(i) Your use of our Platforms e when you browse through the Website and Apps and when you accept the Cookies on your device.

(Cookies is an element of data that a website can send to your browser, which may then store it on your device. We use cookies in some of our pages to store your preferences and record session information. You can adjust settings on your browser so that you will be notified when you receive a cookie. Please refer to your browser documentation to check if cookies have been enabled on your computer or to request not to receive cookies.)

(ii) Your interaction with us on Social Media such as Facebook, LinkedIn, Instagram, Twitter etc by liking, commenting and sharing our posts and messaging us through the available direct messaging feature.

(iii) Your direct engagement with us i.e when you engage with our customer support team or our official representatives via live chats, telephone calls, emails, face-to-face meetings or during events and roadshows. Filling out questionnaire and surveys, participation in our promotions or public campaigns shall also be deemed as direct engagement.

(iv) From publicly available sites or directories

(v) From official sources in the financial service industry, for example any bureaus or agencies under Bank Negara Malaysia, Securities Commission or other regulatory authorities, the Association of Islamic Banks Malaysia

(vi) From third party affiliatese when you use our Services via services provided by our affiliate online merchants, partnering businesses, financial institutions, third party service credit providers for example private employment debt collection agencies or via their respective platforms.

(vii) From registered Credit Reporting Agencies or entities providing credit background verification servicese when we perform credit risk assesment on you to determine the eligibility for our Services.

(viii) Your voluntary submission of your Personal Data for any reason.

C. Why Do We Collect Your Personal Data and To Whom We May Disclose It To?


Purpose Recipient of Personal Data Type of Personal Data Most Likely Disclosed
1.     Identification & Account
(a) To verify your identity and to prevent identity theft
(b) Performance of Know Your Customer (KYC) checks
(c) Creation of your online account in our Platforms
·       MobyMoney’s relevant employees
·       Third party agents who conducts the (KYC) checks.
Identity Information, Contact Information, Others
2.     Customer Support
(a) To respond to your enquiry, complaints, requests
(b) To provide customer support and to learn about your level of satisfaction with our Services
(c) To diagnose problems with our server, database and to administer our Platforms
·       MobyMoney’s customer support, data protection officer, IT team
·       Third Party IT Service Providers
Identity Information, Contact Information, Purchase Information, Others
3.     Credit Risk Assessment
(a) To ascertain your creditworthiness and background to ensure that you are capable of paying the agreed instalments. We usually do this by extracting a credit report from a registered Credit Reporting Agency and reviewing your past credit behaviour and credit score.
(b) To determine the eligible credit limit by reviewing your sources of income and proof of employment.
·       MobyMoney’s credit team
·       Registered Credit Reporting Agencies
·       Banks and Financial Institutions
·       Insurance providers
·       Credit Card companies
·       Securities and Investment Services providers
Identity Information, Contact Information, Purchase Information,  Credit profile
4.     Compliance
a) To monitor compliance with internal risk controls, terms of use,  and usage of Platforms.
b) To conduct audit, business reporting, quality control
c) To comply with directions provided by regulatory or statutory authority such as example Bank Negara Malaysia Securities Commission and Bursa Malaysia or parties as mandated by the Applicable Laws (“Govermental & Regulatory Authorities”).
d) To assist Governmental & Regulatory Authorities with  law enforcement, judicial proceedings,  and investigations
e) To comply with any requirement of Applicable Laws, order of any court or tribunal
·       MobyMoney’s relevant employees
·       Professional advisors
·       Auditors
·       Consultants
·       Affiliate online merchants
·       Partnering businesses.
·       Governmental & Regulatory Authorities
Identity Information, Contact Information, Purchase Information, Credit Profile, Sensitive Information, Others.
5.     Product and Platform Development
a) To conduct surveys for the development of our products and Services
b) To improve and personalise user experience when you visit our Website and Apps;
c) To perform data and trend analysis on your usage of our Platforms
·       MobyMoney’s relevant employees
·       Third Party IT service providers
·       Data Analytics Service Providers
·       Investors
Identity Information, Contact Information, Purchase Information, Others
6.     Marketing
a) To send you materials such as newsletters alerts updates, mailers promotional materials special privileges festive greetings from us our partners sponsors or advertisers;
b) To share your name and contact number with our partners advertisers event companies or sponsors who may communicate with you for the purpose of marketing.
c) To notify and invite you to events or activities organised by us our partners sponsors or advertisers.
d) To provide you with information on marketing campaigns, promotions that we or our business partners believe would be of interest to you;
e) To process your registration to participate in or attend an event or activity and to communicate with you regarding your attendance at the event or activity
f) To collect demographics, outreach of our campaigns, promotions and events
·       MobyMoney’s customer support team  third party agents who communicate with you
·       Affiliate online merchants
·       Partnering businesses.
·       Advertising companies
·       Funding managers
·       Sponsors
·       Event organisers
Identity Information, Contact Information, Purchase Information, Others
7.     Fraud, Money  Laundering & Bribery
a) To investigate or report any suspected crime such as money laundering, fraud and other prohibited activities
b) To track suspicious behaviour by analysing payment behaviour, rejected credit cards, multiple login failures etc
·       MobyMoney’s relevant employees
·       Information Technology (IT) service providers
·       Consultants
·       Regulators
·       Statutory Authority
·       Government Authorities
·       Police and Enforcement
Identity Information, Contact Information, Purchase Information, Credit Profile, Others
8.     Enforcement of Our Rights
a)     To enforce our legal or contractual rights including to recover any debt owing by you to us.
·       MobyMoney’s relevant employees
·       Professional advisors
·       Auditors
·       Consultants
·       Debt Collection Company
·       Third parties in connection with the restructuring of any facility granted to your sale of debts or assets or acquisitions by us
Identity Information, Contact Information, Purchase Information, Credit Profile, Others
9.     Operations
a)     Payment collection
·       MobyMoney’s relevant employees
·       Third Party Payment Service Provider
Identity Information, Contact Information, Purchase Information
10.  Transfer of Personal Data to Places Outside of Malaysia
We may transfer your Personal Data to places outside of Malaysia for the following reasons:
a) Cloud based storage [LM1] – To store our database or files  on the Internet or a designated private  network connection through a Cloud Computing Provider in an off-site location (outside Malaysia).
b) to share your Personal Data with our international affiliate online merchants and partnering businesses to enable the provision of our products and Services and our fulfilment of our contractual obligations with you.
c) For purposes of any legal proceedings, obtaining legal advice or for establishing, exercising or defending legal rights
·       MobyMoney’s relevant employees
·
Cloud Computing Provider
·       Affiliate online merchants
·       Partnering businesses.
·       Relevant governmental and/or regulatory authorities in other jurisdictions.
·       International Credit Reporting Agencies
·       Any other third parties that we deem fit
Identity Information, Contact Information, Purchase Information, Credit Profile, Others
11.  Others
a)     Other purposes to which you have consented from time to time
b)     Other purposes as required or permitted by Applicable Laws
 ·       MobyMoney’s relevant employees ·       Affiliate online merchants ·       Partnering businesses. Identity Information, Contact Information, Purchase Information, Credit Profile, Others

What type of information will we be storing in the Cloud?

  1. Security of Personal Data

To ensure the security of your Personal Data, we have inbuilt processes, procedures and controls that in line industry best practices to protect the Personal Data from any loss, misuse, modification, unauthorized or accidental access or disclosure. Some of the many mitigations we have in place are as follows:

  • Robust KYC processes to verify your identity;
  • Secure user login and password authentication to prevent unauthorised access;
  • Audit trails and logs to detect unusual activities and unauthorised access;
  • Limited access to our systems and database;
  • Regular security and vulnerability assessment of our Platforms;
  • Regular maintenance of our Platforms to avoid bugs, error, faults in our algorithms;
  • Storage of our servers, mainframes and other network assets in a secured location

As much as we have implemented these mitigations, we appreciate your understanding that we will not be responsible for any unauthorized use of Personal Data by third parties which is attributable to factors beyond our control.

SECTION II: KNOW YOUR RIGHTS
  1. Consent
Provision of Consent

You are deemed to have consented the processing, collection, usage, disclosure, transfer of your data, and retention of your Personal Data for the Purposes mentioned above to the extent permitted under Applicable Laws when:-

  • You use our Platforms and Services;
  • You use platforms operated by our affiliate online merchants and partnering business to engage or find out about our products and Services; and
  • You directly provide your Personal Data
We may also collect your Personal Data in circumstances where such collection does not require consent under Applicable Laws.

When you provide your personal data to Moby you consent to its use for the Purpose. Before submitting personal data of other persons, you undertake and will ensure that they have authorized the disclosure of their Personal Data and consent to the terms and conditions of this Privacy Statement.

We understand that Sensitive Information is highly confidential and therefore we will only use your Sensitive Information to provide the service(s) you signed up for. If we collects, uses, maintains or discloses your sensitive personal data, we will ask for your express consent.

Withdrawal of Consent

Your consent to the of your Personal Data shall be valid until such time you withdraw your consent in writing. If you do not consent to us collecting, disclosing, using or processing your Personal Data for the Purposes mentioned above, you may choose to withdraw your consent by submitting a written request to our Data Protection Officer at [insert email ID to receive data protection related requests].

You may be specific about the extent of your consent withdrawal i.e you may prohibit the use or disclosure of certain class of Personal Data. Subsequent to the withdrawal, we will no longer collect, disclose, use or process your Personal Data except to the extent we retain your Personal Data for compliance, regulatory or other legal purposes.

Though we respect your decision to withdraw your consent, we wish to remind you that we may not be able to continue to provide you with some or all of our products or Services and keep you updated about our future, new and/or enhanced services and products.
B. How Can I Access or Correct My Personal Data

If you wish to have access to the Personal Data that we have processed or if you wish to correct the Personal Data which you believe to be inaccurate, incomplete, misleading or not up-to-date, you or the relevant person who is authorised to make the data access request or data correction request on your behalf (“Requestor”) may request to obtain the copy of the Personal Data and also to correct your Personal Data.

You may forward your written request of access or correction to by to our Data Protection Officer at [insert email ID to receive data protection related requests]. We will endeavour to provide the access and correction requests within 21 days from date of receipt of requests. We may require further information Identity Information to verify your identity or the Requestor’s identity and to validate the authenticity of the request. If we are unable to comply with your requests for reasons exempted under the Applicable Laws, we will generally inform you of such reasons.

Please note that depending on the information requested and where permitted by law, a nominal administrative fee may be charged.

C. How Long May We Retain Your Personal Data?

We will not retain your personal data longer than necessary for the fulfilment of the Purpose. However, relevant personal data may be retained subject to the conditions below:

  • As and when required under Applicable Laws;
  • Where legal actions have arisen and there are ongoing legal proceeding;

If we disclose any of your personal data to our authorised agents or service providers, we will require them to appropriately safeguard the personal data provided to them.

We shall take all reasonable steps to ensure that all Personal Data is destroyed or permanently deleted when no longer required for the Purpose.

D. Notification of Changes

Please note that this Privacy Policy may be amended from time to time in accordance to Applicable Laws and such variations may be applicable to you. The latest version of this Privacy Policy will be made available for your reading in our Platforms. Please visit the ‘Privacy Policy’ section our respective Platforms from time to time for updates on the Privacy Policy.

E. Contact

You submit your written queries, requests or complaints in relation to our handling of your Personal Data or our Privacy Policy to:

Data Protection Officer

pdpa@mobypay.my
Suite 6.02, Penthouse, Wisma Academy,
No 4A, Jalan 19/1, 46300,
Petaling Jaya, Selangor,
Malaysia