Privacy Policy

This Privacy Policy is aimed to inform how CTOS Digital Berhad collects, stores and handles personal information of individuals. It also tells you how you can access and update your personal information.

What does this Privacy Policy apply to?

This Privacy Policy applies to all personal information collected by us including via:

  • CTOS portal, when you transact with us;
  • CTOS websites, including any consumer-directed websites operated by CTOS and pages that we run on third party social networks;
  • CTOS mobile sites and applications;
  • registration forms which we may collect from consumers, whether online or offline, including by post, during in-person events or campaigns;
  • any of CTOS’ events or campaigns;
  • call centres;

This Privacy Policy does not apply to information outside of our possession, control or power.

Type of Personal Information Collected

Under certain circumstances, you may be asked to provide your personal information such as (but is not limited to) name, identification card number, mailing address, phone number(s), email address(es), contact preferences and language preferences. Examples of personal information that may be collected are as follows: 

  • Personal contact information – information that would allow us to contact you personally such as your name, home or mailing address, phone number or email address. In some cases it would include information you give us about someone else (e.g. if you provide a friend’s email address for a tell-a-friend programme).
  • Technical computer information (e.g. IP addresses, type of operating system, web browser type)
  • Website Usage Information – information about how you use or navigate our websites, applications, online advertisements including which links you click, which pages you view and for how long, and other similar information and /or statistics such as date and time of visit, which site you came from, and site activities).
  • Consumer generated content – This includes information that you create and voluntarily share with us (and perhaps others) by uploading it to one of our websites or applications, including on our social network sites such as but not limited to Facebook or Twitter.
  • Social network information – this includes information that is part of your profile on a third party social network (such as but not limited to Facebook) and that you allow the third party social network to share with us,
  • Other information which we might need to collect for a specific campaign, form, feature or other service that you use or request.
  • Sensitive personal information – This includes information about your physical or mental health or your medical condition and your religious beliefs which was gathered with your explicit consent at the point of collection.

Use of Personal Information Collected
The purpose of collecting your personal information may include but not limited to the following

  • Responding to your enquiries;
  • Research for service or products improvement;
  • To investigate, respond to, or defend claims made against, or involving CTOS;
  • To notify you about benefits and changes to the features of our Products and/or Services including new products and services;
  • General operation and maintenance of the products and/or services provided including accounting (billing and auditing), statistical and marketing analysis, information systems management, system testing, maintenance and development, operational, support, customer surveys, customer relations and to improve and help us in any future dealings with you, for example by identifying your requirements and preferences
  • To provide you with information about third party services and/or products, which may be of interest to or benefit you, except where otherwise requested or notified by you.
  • For any other purposes that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities.

Disclosure of Personal Information to Third Parties
Whenever required by law, we will disclose your information to the government bodies, authorities or third parties pursuant to a subpoena or other legal process accordingly. Further, we may also use or disclose your information as permitted by law to protect the rights or property of CTOS, our customers, our website, or its users. We may also disclose your information, whether in part or in full, to our contracted or authorised companies such as our data processors.

If you choose to register and transact with CTOS, your personal information may be shared where necessary and only on a need to know basis with companies within the CTOS Group of Companies (i.e. subsidiaries under CTOS Digital Berhad), so as to serve you in the most efficient and effective manner.

CTOS may disclose your personal information to the following parties for the purposes stated above:-

  • companies and/or organisations that act as our agents, contractors, service providers and/or professional advisers;
  • companies and/or organisations that assists us in processing and/or fulfilling transactions and providing you with Products and/or Services that you have subscribed or requested;
  • law enforcement agencies;
  • government agencies

In certain instances, we reserve the right to disclose your personal information to our preferred merchants and strategic partners. We take reasonable steps to ensure that agreements with our merchants and/or strategic partners include appropriate privacy and confidentiality obligations.

If you do not wish your personal information to be shared with these third parties, please e-mail us or at any CTOS Service Centre via the contact details provided below. Your latest written instructions to us will prevail.
Your personal information will not be disclosed to any unauthorized third party.

Transfer of your Personal Information outside of Malaysia (where applicable)
For your information, in certain circumstances your personal information may be stored in a server which is located outside Malaysia.  In this instance, we would endeavor to bind the service provider in an agreement that ensures a high standard of privacy protection.

Information Security: How We Protect Your Privacy
CTOS is committed to implementing the highest standards of information security to protect the privacy and confidentiality of your personal information. We limit access to your personal information to authorized employees. We also maintain physical, electronic, and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure.
Some of the other central features of our security measures include:

  • A dedicated group of Information Security specialists that designs, implements, and provides oversight to our information security programme
  • The use of specialized technology such as firewalls
  • Testing of the security and operability of products and services before they are introduced to the Internet , as well as on-going scanning for publicly-known vulnerabilities in the technology
  • Internal and external reviews of our Internet sites and services
  • Monitoring of our systems infrastructure to detect weaknesses and potential intrusions
  • Implementing controls to identify, authenticate and authorise access to various systems or sites
  • Protecting non-public communications through encryption or other means

Update of Privacy Policy
We may review and update this Privacy Policy from time to time to reflect changes in the law, changes in our business practices, procedures and structure, and the community’s changing privacy expectations. The latest version of the Privacy Notice will be made available on our website.

Accessing your Personal Information
The following outlines the choices you have with respect to the collection and use of your personal information by us.

How to opt out – If you do not want to receive communications and/or services from CTOS website or brand, please do not opt-in for those communications or services at the time of registration. If you have opted-in and, at a later time, wish to opt-out, please log in to your profile on our website or application and amend your preferences by unchecking the box for marketing materials.

What if I receive an e-mail, message or another contact I am not expecting – Along with every e-mail marketing communication sent to you, we provide you the opportunity to discontinue receiving future marketing communications (i.e., unsubscribe). Simply follow the unsubscribe process or directions provided in the email.

How do I know whether I am opted in – You can always review or update any personal information that we may have collected about you. To do this, log in to your profile on our website or application and look for a checked box for marketing materials. If the box for marketing materials in your profile is unchecked but you continue to receive marketing materials from CTOS, kindly write in to us at

If you have questions or complaints about this Privacy Policy, or you would like to review or update any personal information that we may have collected about you, kindly contact us at ( via our Contact Us page or you can either reach us via: