Privacy Policy

CTOS Privacy Policy

This Privacy Policy is aim to inform how CTOS Data Systems Sdn Bhd and its holding, related and subsidiary companies (collectively referred to as “CTOS”, “us” or “we”) collect, store and handle personal information of individuals. It also tells you how you can access and update your personal information.

Acknowledgement and Consent

 When you communicate with us, engaging with us, use our services, access our website or mobile application and/or purchase products and services from us, you acknowledge that you have read and understood this Privacy Policy and agree and consent to the use, processing and transfer of your personal information by us as described in this Privacy Policy.

This Privacy Policy may be updated from time to time and we shall have the right to modify, update or amend the terms of this Privacy Policy and the updated Privacy Policy shall be placed on our website.  Where permissible under the laws, by continuing to communicate with us, using our services, purchasing products from us or by your continued engagement with us following the modifications, updates or amendments to this Privacy Policy, such actions shall signify your acceptance of such modifications, updates or amendments.

What does this Privacy Policy apply to?

This Privacy Policy applies to all personal information collected by us including via:

  • CTOS portal, when you transact with us;
  • CTOS websites, including any consumer-directed websites operated by CTOS and pages that we run on third party social networks including but not limited to Facebook, Twitter and LinkedIn;
  • CTOS mobile sites and applications;
  • registration forms which we may collect from consumers, whether online or offline, including by post, during in-person events or campaigns;
  • any of CTOS’ events or campaigns;
  • call centres;

This Privacy Policy does not apply to information outside of our possession, control or power.

Type of Personal Information Collected

If you choose to transact with CTOS for any products and / or services or use CTOS’s Portal, you will be asked to provide your personal information such as (but is not limited to) name, identification card number, mailing address, phone number(s), email address(es), contact preferences and language preferences. Where you intend to use CTOS’s Portal for purposes of making transactions involving online payments, your banking account or credit card information may also be collected for the purpose of processing your payments.

  • Personal contact information – information that would allow us to contact you personally such as your name, home or mailing address, phone number,email address or any additional personal contact information obtained from third party sources. In some cases it would include information you give us about someone else (e.g. if you provide a friend’s email address for a tell-a-friend programme).
  • Account login information
  • Demographic information (e.g. date of birth, age etc)
  • Technical computer information (e.g. IP addresses, type of operating system, web browser type)
  • Website Usage Information – information about how you use or navigate our websites, applications, online advertisements including which links you click, which pages you view and for how long, and other similar information and /or statistics such as date and time of visit, which site you came from, and site activities).
  • Information from verification processes undertaken by us.
  • Consumer generated content – This includes information that you create and voluntarily share with us (and perhaps others) by uploading it to one of our websites or applications, including on our social network sites such as but not limited to Facebook, Twitter and LinkedIn.
  • Social network information – this includes information that is part of your profile registered on a third party social network (such as but not limited to Facebook, Twitter and  Linkedin) and if you register, follow, like or are a fan of such pages and that you allow the third party social network to share with us your personal information,
  • Payment information including your credit card details, billing name and address (when you transact with us via the CTOS Portal),
  • Other information which we might need to collect for a specific campaign, form, feature or other service that you use or request.
  • Sensitive personal information – This includes information about your physical or mental health or your medical condition and your religious beliefs which was gathered with your explicit consent at the point of collection.

Use of Personal Information Collected

The purpose of collecting your personal information may include but not limited to the following:

  • Identity verification; please note that when we obtain information about individuals from third parties, we use reputable sources, including public repositories. CTOS takes appropriate measures to assure the quality of information which we collect.
  • Assessing your application;
  • Notifying you about information newly captured or processed about you;
  • To investigate, respond to, or defend claims made against, or involving CTOS;
  • Responding to your enquiries;
  • Investigation of complaints and suspicious transactions;
  • Research for service or products improvement;
  • To notify you about benefits and changes to the features of our Products and/or Services including new products and services;
  • General operation and maintenance of the products and/or services provided including accounting (billing and auditing), statistical and marketing analysis, information systems management, system testing, maintenance and development, operational, support, customer surveys, customer relations and to improve and help us in any future dealings with you, for example by identifying your requirements and preferences
  • To provide you with information about third party services and/or products, which may be of interest to or benefit you, except where otherwise requested or notified by you.
  • For any other purposes that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities.

Disclosure of Personal Information to Third Parties

Whenever required by law, we will disclose your information to the government bodies, authorities or third parties pursuant to a subpoena or other legal process accordingly. Further, we may also use or disclose your information as permitted by law to protect the rights or property of CTOS, our customers, our website, or its users. We may also disclose your information, whether in part or in full, to our contracted or authorised companies such as our data processors.

If you choose to register and transact with CTOS, your personal information may be shared where necessary and only on a need to know basis with companies within the CTOS Group of Companies (i.e. subsidiaries under CTOS Digital Sdn. Bhd.), so as to serve you in the most efficient and effective manner.

CTOS may disclose your personal information to the following parties for the purposes stated above:-

  • companies and/or organisations that act as our agents, contractors, service providers and/or professional advisers;
  • companies and/or organisations that assists us in processing and/or fulfilling transactions and providing you with Products and/or Services that you have subscribed or requested;
  • advertising and marketing agencies including but not limited to social media platforms, data analytics companies and media agencies;
  • law enforcement agencies;
  • government agencies

In certain instances, we reserve the right to disclose your personal information to our preferred merchants and strategic partners. We take reasonable steps to ensure that agreements with our merchants and/or strategic partners include appropriate privacy and confidentiality obligations.

If you do not wish your personal information to be shared with these third parties, please e-mail us at or at any CTOS Service Centre via the contact details provided below. Your latest written instructions to us will prevail. Your personal information will not be disclosed to any unauthorized third party.

Transfer of your Personal Information outside of Malaysia (where applicable)

For your information, in certain circumstances your personal information may be stored in a server which is located outside Malaysia.  In this instance, we would endeavor to bind the service provider in an agreement that ensures a high standard of privacy protection.

Information Security: How We Protect Your Privacy

CTOS is committed to implementing the highest standards of information security to protect the privacy and confidentiality of your personal information. We limit access to your personal information to authorized employees. We also maintain physical, electronic, and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure.
Some of the other central features of our security measures include:

  • A dedicated group of Information Security specialists that designs, implements, and provides oversight to our information security programme
  • The use of specialized technology such as firewalls
  • Testing of the security and operability of products and services before they are introduced to the Internet , as well as on-going scanning for publicly-known vulnerabilities in the technology
  • Internal and external reviews of our Internet sites and services
  • Monitoring of our systems infrastructure to detect weaknesses and potential intrusions
  • Implementing controls to identify, authenticate and authorise access to various systems or sites
  • Protecting non-public communications through encryption or other means

Update of Privacy Policy

We may review and update this Privacy Policy from time to time to reflect changes in the law, changes in our business practices, procedures and structure, and the community’s changing privacy expectations. The latest version of the Privacy Notice will be made available on our website.

Accessing your Personal Information

The following outlines the choices you have with respect to the collection and use of your personal information by us.

How to opt out – If you do not want to receive communications and/or services from CTOS website or brand, please do not opt-in for those communications or services at the time of registration. If you have opted-in and, at a later time, wish to opt-out, please e-mail us at or at any CTOS Service Centre via the contact details provided below. Your latest written instructions to us will prevail.

How to withdraw and revoke consent

You may withdraw or revoke your consent from our use and processing of your personal information as stipulated in this Privacy Policy by sending an e-mail to or you may request any CTOS Service Centre via the contact details provided below. Once we have received your request to withdraw or revoke consent, your personal information all information collected by us (except the information that we are required or permitted to by law to keep) will be permanently deleted.

Access and Correction

You may request to have access and/or do correction to your personal information submitted to us by sending an e-mail to or you may apply at any CTOS Service Centre via the contact details provided below. You further acknowledge that we may impose a fee to you for such request. We reserve the right to refuse to correct your personal information as provided under the law.

What if I receive an e-mail, message or another contact I am not expecting – Along with every e-mail marketing communication sent to you, we provide you the opportunity to discontinue receiving future marketing communications (i.e., unsubscribe). Simply follow the unsubscribe process or directions provided in the email.

How do I know whether I am opted in – You are opted in for the communications and/or services from CTOS website or brand unless you chose not to receive them at the time of registration or you clicked unsubscribe on the marketing material received. Alternatively, you may email us at to unsubscribe.

If you have questions or complaints about this Privacy Policy, or you would like to review or update any personal information that we may have collected about you, kindly contact us at ( via our Contact Us page or you can either reach us via:

UPDATED: 20 March 2023