Digi Privacy Notice
DIGI TELECOMMUNICATIONS SDN BHD (201283-M)
Last revised on April 27, 2018, effective as of May 25, 2018
- Key privacy principles
- Who is legally responsible party?
- How we collect personal information about you
- How we collect location data
- How we use your personal information
- How we share and disclose your personal information
- How we use your personal information for marketing purposes
- How long we keep your personal information for
- How we protect your personal information
- Data exports
- Your rights
- Information about children
- Links to other websites & services
- Changes to this privacy notice
- Questions about this privacy notice
1.1 We value your privacy and take the protection of your personal information seriously, so it is important to us that you understand how we collect and process personal information about you.
1.2 This privacy notice applies to the processing of the personal information that we collect about you when you use any of our services, including our telecommunication networks, applications or any of our websites (collectively referred to as “services”). Please read it in conjunction with the Terms of Service of any particular service that you use, which may set out additional service-specific terms regarding the personal information we collect about you.
1.3 This privacy notice explains what personal information we collect about you, why and how we collect and process it, and how we share it with others. It also explains the privacy rights that you have in relation to your personal information and how you can exercise these rights.
2. Key privacy principles
2.1 Digi’ Privacy Position can be summarised as follows:
- We are open about how we collect and use your personal information.
- We are committed to using your personal information to provide you with better and more relevant services.
- We always take steps to ensure that we keep your personal information safe and secure.
2.2 Digi (and the Telenor Group, which we are a part of) believes that all our customers should enjoy the same standards of privacy protection. When we use the word “customer”, it includes not only our current customers, but also our past, future and subscribers to other networks that roam with us. Digi will process the personal information collected from you in accordance with the following key principles:
- We will process your personal information in accordance with this privacy notice, the Personal Data Protection Act 2010, and all relevant regulations, standards, and guidelines as may be prescribed from time to time (referred to as “applicable law”).
- We will tell you what personal information we collect about you, as well as why and how we collect and process it.
- We will only process your personal information for legitimate purposes and only for as long as it is necessary to achieve those purposes, unless we are otherwise required by any applicable law to retain it or have grounds for doing so.
- We will enable you to exercise choice and control over our processing of your personal information wherever possible, including personal information relating to other persons who may be identified from your personal information, as set out in this privacy notice.
- We will respect the privacy rights that you have under applicable law, including your right to access the personal information that we hold about you, correct it and keep it up to date.
- We will implement appropriate security measures to keep your personal information safe and secure.
- We will take steps to ensure that your personal information is adequately protected regardless of the place or location in which we process it.
- Unless otherwise specified by us at the time the personal information is collected, it is obligatory that you supply us with the personal information requested in order for you to use our network and/or to receive any of our services.
- If you fail to supply us the above personal information or if the personal information supplied is insufficient or not satisfactory to us, or if you withdraw your consent for us to process your personal information, we may not be able to process your application and/or provide you with our services detailed in Section 6 “How we use your personal information”.
3. Who is legally responsible party?
3.1 Digi determines the purposes for which and the means by which your personal information is processed, and therefore acts as the “data user” as defined under the Malaysian Personal Data Protection Act 2010. Digi is legally responsible for ensuring that your personal information is processed in accordance with our key privacy principles, this privacy notice and applicable law.
3.2 When we share your personal information with the Telenor Group in accordance with the section on How we share and disclose your personal information below, we will ensure that the Telenor Group is legally responsible for ensuring that the personal information that has been shared with it (or any member of the Telenor Group) is processed in accordance with our key privacy principles, this privacy notice and applicable law.
4. How we collect personal information about you
4.1 We collect personal information about you in three ways:
- information that you provide to us, for instance when you subscribe for our services;
- information that we collect automatically when you use any of our services; and/or
- information that we may obtain about you from third parties.
4.2 We explain below what personal information we typically collect about you in these three ways.
4.3 For some of our services, for example financial, music or video conferencing services, it may be necessary to collect additional personal information about you, collect personal information in other ways, and/or collect personal information for purposes that are specific to that service. In such cases, our relevant Terms of Service explain the service-specific personal information processing activities.
Information that you give us
4.4 When you sign up for one of our services or when you receive one of our services, you may provide us with certain personal information. The types of such information may include:
- Your name, phone number, email address, postal address, date of birth, gender and other information you give us when registering to receive one of our services in a store, online or by phone.
- Credit or debit card information, bank account number and Swift code or other banking or payment information, as well as amounts, dates and times of any payments that you make to us.
- Your preferences regarding the services that we provide. This will usually be collected through your service settings when setting up the service.
- Information about your customer account with us, for example the type of contract you hold with us, any service you have subscribed to, and any dates of payment owed and received.
- Records of your contact with us, for example a customer note or recording of a call you make to one of our contact centres, an email or letter you send to us, information about any customer support requests that you make or any feedback that you provide to us.
- Information about your communications with us, for example any customer support requests that you make or any feedback that you provide to us.
- The contact information that you provide to us in order to receive marketing and promotional materials, news and updates from us.
- The contact information and other information, such as demographic information about you and your household, that you provide to us when you agree to participate in one of our competitions, prize draws, research surveys or consumer panels or provide other feedback to us regarding our products or services.
- Some of the services provided on our websites, require you to have an online account with us. If you want to set up an account, we will ask you to give us certain personal information, such as your name, phone number and email address, and to create a unique password for your account. Generally, these services enable you to be a registered owner of the online account and/or an individual responsible for making payments for our services for one or more users. If you choose to let other users, such as members of your family, use your account, you should ask them to read this privacy notice.
Information that we collect automatically
4.5 When you use any of our services, we will automatically collect certain information about you and your device. The information that we collect automatically will vary depending on the service that we provide to you and the type of device that you are using to access and/or benefit from our service.
4.6 We will collect information about the type of device and software that you use to access our services, for instance whether you are using an iPhone or Samsung phone, and what operating system is running on your device.
4.7 When you use our telecommunication services, we automatically collect information about your communications, including:
- the phone numbers that you call/text or that call/text you;
- the date and time of the calls and texts you send or receive;
- the duration of calls received and made through our network;
- your approximate location at the time these communications take place, as further explained in the section on location data below;
- your browsing information, as further explained in the section on cookies below; and
- the level of service you receive from us.
4.8 When you visit one of our websites and/or use one of our online services, we collect information concerning your terminal equipment or device and your use of our online services. Such information usually includes:
- the IP address of your terminal equipment or device, such as your PC, laptop or smartphone;
- information about your terminal equipment or device model and settings;
- network information; and
- details of when, where and how you used the service.
4.9 When you visit one of our websites and/or use one of our online services we may also collect the following information:
- log-in information;
- browser type and version;
- browser plug-in types and versions;
- operating system and platform;
- information about your visit including the websites from which you come to our website, the pages on our websites that you visit, and the websites you visit from our websites;
- information about the services and products that you viewed or searched for on the website and/or services;
- download errors; and
- length of visits to certain pages and how you interact with those pages.
4.10 The information that we collect automatically when you use our websites and/or services is collected through cookies and other similar technologies. Click here to find out more about these technologies and why and how we use them.
4.11 We collect information when we link our digital services with the services of third parties, for instance when you have requested that we integrate our services with the services of third party service providers such as with social networks like Facebook, Instagram or Twitter or VoIP services such as Skype and Viber. Such information usually includes:
- certain general information such as the information described above (including, for instance, information that you provide to us when you register for a service, information that we collect automatically when you use our services (including, for instance, IP address and information about your device), location information that we collect when you use location-based services, and other information that you provide to us or which we collect on the basis of your consent or as permitted by applicable law); and
- certain service-specific information, such as information that is necessary to enable us to link your Digi or Telenor log-in credentials to the third party service login credentials in a non-personally identifiable manner, to enable us to integrate our digital services with the services of those third parties.
Information that we collect from other sources
4.12 We sometimes collect personal information about you from third parties, in connection with services that we provide to you.
4.13 For instance when you purchase products or apply for service with us, we may obtain credit information about you from outside credit reporting agencies to help us with customer authentication and credit-related decisions. We also work closely with third parties (including, for example, business partners, contractors, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
4.14 When you use your social media credentials to login to or otherwise interact with a Digi or Telenor webpage or offer, we may collect information about your social media profile, such as your interests, “likes” and friends list. You can control this data collection via the options made available by your social media service provider in your social media account.
4.15 We may combine the personal information that we receive from such other sources with personal information which you have given to us as well as information which we have automatically collected about you.
5. How we collect location data
5.1 We collect information about your location when you use our telecommunications services. For instance, we collect the Cell ID, which is a piece of information concerning the location of your device on our network that reveals your approximate geographical location. We need to know your approximate location so that we can deliver mobile telecommunications services to you.
5.2 We may also collect information about your location when you use our location-based services or receive location-based offers. Depending on the location-based service or offer that you use and your position within our network, we may use the Cell ID and/or location data generated by the Global Positioning System (‘GPS’). GPS data reveals much more precise information about the geographical location of your device. For these purposes we may also use geofencing techniques to determine when your device enters a defined geographical area.
6. How we use your personal information
6.1 We use your personal information to provide our services to you, support and improve our services, to provide more personalised and relevant services to you and our subscriber base, and send you communications about the services we provide to you. For these purposes, if you fail to supply us with the necessary personal information, or if the personal information supplied is insufficient or not satisfactory to us, or if you withdraw your consent for us to process your personal information, we may not be able to process your application and/or provide you with our services.
6.2 We may also process your personal information to contact you from time to time with news and offers that may be of interest to you, as further explained in the section on How we use your personal information for marketing purposes below.
6.3 We also use your personal information to:
- Manage your customer relationships with us, manage and fulfil your orders, send you bill statements, tax invoices and such other payment documents related to your transactions with or through us, and collect payment for our services.
- Communicate with you about the services that we provide to you, send you notices about purchases and about errors in the service, and to respond to your queries and feedback.
- Adjust the service according to your age, including to implement parental controls.
- Provide you with an overview of the services and the parts of a service that you have been or are currently using, tell you about changes to our service and our Terms of Service, remind you about the benefits you enjoy as part of our service and advise you about how to use our service to ensure you get the best value out of it.
- Make our services and communications more relevant to you, including by creating customer profiles, offering you personalised content and making recommendations that are relevant to you.
- Monitor and record our communications with you and use that information for training purposes, quality assurance, record details about the products and services you order from us or discuss with you your orders or the services you receive.
- Administer our services for internal operations, including troubleshooting, network management and network optimisation, so that we can provide you and our other customers with a better customer experience.
- Ensure that content from our website is presented in the most effective manner for you and your devices so that you are able to make the most out of the services that you have subscribed to.
- Promote products, services, or special offers by us or our selected third parties, where we think such products, services, or special offers may be of interest to you, and provide tailored or targeted advertising in respect of such products, services, or special offers.
- Measure and understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
- Make suggestions and recommendations to you and other users of our services about products or services that may interest you or them.
- Protect and keep our service and network secure and ensure security for you and our staff.
- Investigate, prevent or take action regarding illegal activities and violations of our Terms of Service and/or applicable law, including maintaining a database of such illegal activities or violations.
- Meet our legal and regulatory obligations.
- Create aggregated statistics about our sales, services, customers, network traffic and location patterns, which we may provide to third parties. Such aggregated statistics do not include information that can personally identify you through the use of means that are likely reasonably to be used either by us or by any other person.
- Research, monitor and analyse customer use of our network and services on an anonymous or personalised basis, in order to identify general trends, conduct market research or surveys, internal marketing analysis, customer segmentation, and improve our understanding of our customers’ patterns, behaviours and choices, so that we can better understand you and tailor our products and services to you and partner with third parties to develop new products and services, and personalise the products and services we offer to you.
- Carry out a credit check in order to assess your application for a contract for telecommunications services.
- Send you public service announcements either on our own behalf or on behalf of the statutory and/or regulatory bodies.
- Fulfill any other related or incidental purpose in order to operate, maintain and better manage our services to you as well as our business relationship with you.
6.4 In many cases we aggregate and/or anonymise your personal information to an extent that it no longer identifies you. We process such aggregated and/or anonymised data for various purposes, including for research purposes and to help us understand our customers and how they use our services so that we can improve our services to provide a better customer experience or create new services.
7. How we share and disclose your personal information
7.1 We may share your personal information with the Digi and Telenor Group for them to process it for the purposes listed in the section on How we use your personal information above. In processing this personal information on our behalf, they will always process it in accordance with this privacy notice and applicable law.
7.2 We use partners and service providers for a variety of business purposes such as to help us offer, provide, bill, repair, and improve our services and/or such other third party services that you use. In such cases it may be necessary to disclose your personal information to third parties for these purposes. We will typically share your personal information with third parties when:
- It is necessary to involve a third party partner, agent or other service provider (including other telecommunications service providers, for example when you choose to roam on local or foreign networks) to facilitate or extend our services so that we can provide a better service to you.
- We engage service providers or other data processors that process your personal information on our behalf and on our instructions. In such cases, we will take steps to ensure that your personal information remains protected and that the third parties with which we share it will process it in accordance with our instructions and will not use it for their own purposes.
- We share information with third parties that provide services (such as social networks or VoIP services) that you have chosen to link with our services, to the extent that such sharing is necessary to enable you to use these services.
- You request that we share your personal information with a third party in accordance with our privacy notice.
- You have given us your consent to share your personal information.We are required or allowed by law to disclose your personal information, for example in order to protect you, us or someone else from harm or damage, or we are required by a warrant, court order or other legal or regulatory requirement to disclose your personal information to law enforcement agencies, courts or other public authorities.
- If we decide to sell, buy, merge or otherwise re-organise our business, we may share your personal information with prospective or actual purchasers, sellers or partners and their advisers.
7.3 When we share your personal information we will take steps to ensure that the recipient will protect your privacy, keep your personal information secure and process it in accordance with applicable law. Such measures may include entering into appropriate contracts with third parties, which set out sufficient guarantees in respect of the technical and organisational security measures governing the processing of your personal information, and ensuring that the third parties take reasonable steps to comply with those measures.
7.4 We will not sell the personal information that we process about you to third parties without your consent.
8. How we use your information for marketing purposes
8.1 We would like to increase the value you get from being a Digi customer and provide you with more relevant information about our products and services as well as those products and services of our selected third parties. Except where you opt-out of receiving marketing communications from us and/or our selected third parties (as provided at 8.2), we and our selected third parties may use your personal information to send you marketing communications about products and services based on your preferences and interests.
8.2 You have ultimate control over how we use your personal information for marketing purposes If you do not intend to receive or continue receiving marketing communications from us and/or our selected third parties, you can opt out of marketing from Digi, by notice at any time, by contacting the Call Center at 016-221 1800.
8.3 Please note that if you opt out, we will stop sending you marketing communications, but we will continue sending you communications that relate to the services we provide to you.
10. How long we keep your personal information for
10.1 We will not keep your personal information for longer than is necessary for the purposes for which we collect and process it, except when we are required by law to keep it for longer than that or have valid grounds for doing so.
11. How we protect your personal information
11.1 Our appointed privacy officer’s job is to ensure that the processing of your personal information will always comply with this privacy notice and applicable laws.
11.2 We have put in place appropriate technical and organisational security measures to protect your personal information from unauthorised access, collection, use, disclosure, copying, modification or disposal. Our specialist security teams review these security measures regularly, to ensure that we are in compliance with the applicable laws (including any security standards or guidelines as may be issued by the Personal Data Protection Commissioner from time to time).
11.3 When we use service providers or other data processors to process personal information on our behalf, we require them to follow our instructions and apply appropriate technical and organisational security measures to protect the personal information they process on our behalf, which may include the following:
- Obtaining the data processor’s undertaking that neither itself nor its employees shall disclose personal information to any third party without our authorisation.
- Obtaining the data processor’s undertaking to deploy technical and organisational security measures, as agreed by us, as well as the obligation to inform us should any of the measures be breached.
- Obtaining the data processor’s undertaking to otherwise conduct itself in such a manner so as to not cause any breach of the applicable laws.
- Requiring the data processor to return all personal information upon expiry or termination of agreement.
- Conducting an audit of the technical and organisational measures employed by the data processor, where necessary.
11.4 When you log into your account to use our services with your phone number or username and password, all data is using cryptographic protocols designed to provide communications security such as Transport Layer Security (TLS) and Secure Socket Layer (SSL) encryption. We employ such cryptographic protocols on all pages on our websites where we collect personal information. To make purchases from these web pages, you must use an TLS or SSL-enabled browser such as Internet Explorer, Safari, Firefox, or Chrome. This ensures that your personal information remains confidential and is protected while it is transmitted over the Internet.
11.5 If you have a user name and password to access our services, you are responsible for keeping them secure and confidential. Where you have logged in to your account and have been inactive for some time, to keep your details secure and to protect your account from unauthorised access, we will automatically log you out of the account.
12. Data exports
12.1 The Internet is a truly global environment. We use various local and international partners and service providers to provide certain services such as our digital service and the technical infrastructure (such as the servers) which may be located outside Malaysia.
12.2 This means that we may transfer your personal information to countries outside Malaysia for the processing of Personal Data. Such countries may not provide the same level of protection as Malaysia, so when we process personal information internationally, we take appropriate steps to ensure that your personal information is adequately protected. Typically, such steps include carrying out data security reviews of any recipients and putting in place contracts with such recipients, which require the recipients to ensure that personal information in that country will not be processed in a manner which, if that country is Malaysia, would be in contravention of the applicable data protection laws in Malaysia.
13. Your rights
13.1 You have certain rights in relation to the personal information that we hold about you. We have in place measures and processes to enable you to exercise your rights and ensure that we can fulfil your requests concerning the personal information that we hold about you.
We will enable you to access the personal information that we hold about you as required by the applicable laws. If you wish to access the personal information that we hold about you by obtaining a copy, please contact our Call Center at 016-221 1800 or write in to Customer Service, Digi Telecommunications Sdn Bhd, Lot 10, Jalan Delima 1/1, Subang Hi-Tech Industrial Park, 40000 Subang Jaya, Selangor.
13.2 Before we are able to respond to your request, we may ask you to prove your identity and to provide further details about your request. We will respond to your request within an appropriate timeframe and, in any event, within any timescales and subject to payment of any fees prescribed by applicable law.
13.3 In addition, you can also access most of the personal information that you provide to us via your online account at any time, to obtain a copy and to correct, amend, or delete information that is inaccurate. You can also close your account altogether.
13.4 We will do our best to ensure that the personal information we hold about you is correct, complete and accurate. However, it is your responsibility to ensure that you provide us true, accurate and complete information, and that you keep information on your online account up to date.
14. Information about children
14.1 As a general rule, our services are not aimed at children under the age of 18, and generally we do not intentionally collect personal information about them. If we become aware that we have collected information about children under the age of 18 which we should not have been collecting, we will take steps to delete the information as soon as possible, except where we are required by law to keep it.
14.2 However, some services may be designed for use by children under the age of 18. We will let you know in these services and the applicable Terms of Service exactly how we are protecting the relevant data and will make sure each of these services complies with our guiding principles.
16. Changes to this privacy notice
16.1 This privacy notice was last updated on 23 August 2017. We may update this privacy notice from time to time, in which case we will post a prominent announcement on our website home page for 30 days. By continuing to use our services after that period you confirm your continuing acceptance of this privacy notice.
16.2 Where we think it is appropriate, and in any event where we make material changes to our privacy notice, we will also email you or text you to inform you that our privacy notice has been updated.
16.3 If we make material changes to the privacy notice and you do not wish to accept them, you will have 30 days in which you may terminate the service subject always that all outstanding payment due and payable shall be settled in accordance with the Subscribers Terms and Conditions and/or such other terms and conditions that may be imposed by Digi on you from time to time for the provision of service. If you do not terminate the service within 30 days from the date of such material change as mentioned in Clause 16.1 above, by continuing to use our services you confirm your continuing acceptance of this privacy notice.
17. Questions about this privacy notice
17.1 If you have a question, concern or complaint about this privacy notice or our handling of your information, you can contact:
- Tel: 016 221 1800
- Email: firstname.lastname@example.org
- DIGI TELECOMMUNICATIONS SDN BHD
Lot 10, Jalan Delima 1/1
Subang Hi-Tech Industrial Park
40000 Subang Jaya
Selangor Darul Ehsan.