Acknowledgement and Consent
- CTOS portal, when you transact with us;
- CTOS websites, including any consumer-directed websites operated by CTOS and pages that we run on third party social networks including but not limited to Facebook, Twitter and LinkedIn;
- CTOS mobile sites and applications;
- registration forms which we may collect from consumers, whether online or offline, including by post, during in-person events or campaigns;
- any of CTOS’ events or campaigns;
- call centres;
Type of Personal Information Collected
If you choose to transact with CTOS for any products and / or services or use CTOS’s Portal, you will be asked to provide your personal information such as (but is not limited to) name, identification card number, mailing address, phone number(s), email address(es), contact preferences and language preferences. Where you intend to use CTOS’s Portal for purposes of making transactions involving online payments, your banking account or credit card information may also be collected for the purpose of processing your payments.
- Personal contact information – information that would allow us to contact you personally such as your name, home or mailing address, phone number,email address or any additional personal contact information obtained from third party sources. In some cases it would include information you give us about someone else (e.g. if you provide a friend’s email address for a tell-a-friend programme).
- Account login information
- Demographic information (e.g. date of birth, age etc)
- Technical computer information (e.g. IP addresses, type of operating system, web browser type)
- Website Usage Information – information about how you use or navigate our websites, applications, online advertisements including which links you click, which pages you view and for how long, and other similar information and /or statistics such as date and time of visit, which site you came from, and site activities).
- Information from verification processes undertaken by us.
- Consumer generated content – This includes information that you create and voluntarily share with us (and perhaps others) by uploading it to one of our websites or applications, including on our social network sites such as but not limited to Facebook, Twitter and LinkedIn.
- Social network information – this includes information that is part of your profile registered on a third party social network (such as but not limited to Facebook, Twitter and Linkedin) and if you register, follow, like or are a fan of such pages and that you allow the third party social network to share with us your personal information,
- Payment information including your credit card details, billing name and address (when you transact with us via the CTOS Portal),
- Other information which we might need to collect for a specific campaign, form, feature or other service that you use or request.
- Sensitive personal information – This includes information about your physical or mental health or your medical condition and your religious beliefs which was gathered with your explicit consent at the point of collection.
Use of Personal Information Collected
The purpose of collecting your personal information may include but not limited to the following:
- Identity verification; please note that when we obtain information about individuals from third parties, we use reputable sources, including public repositories. CTOS takes appropriate measures to assure the quality of information which we collect.
- Assessing your application;
- Notifying you about information newly captured or processed about you;
- To investigate, respond to, or defend claims made against, or involving CTOS;
- Responding to your enquiries;
- Investigation of complaints and suspicious transactions;
- Research for service or products improvement;
- To notify you about benefits and changes to the features of our Products and/or Services including new products and services;
- General operation and maintenance of the products and/or services provided including accounting (billing and auditing), statistical and marketing analysis, information systems management, system testing, maintenance and development, operational, support, customer surveys, customer relations and to improve and help us in any future dealings with you, for example by identifying your requirements and preferences
- To provide you with information about third party services and/or products, which may be of interest to or benefit you, except where otherwise requested or notified by you.
- For any other purposes that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities.
Disclosure of Personal Information to Third Parties
Whenever required by law, we will disclose your information to the government bodies, authorities or third parties pursuant to a subpoena or other legal process accordingly. Further, we may also use or disclose your information as permitted by law to protect the rights or property of CTOS, our customers, our website, or its users. We may also disclose your information, whether in part or in full, to our contracted or authorised companies such as our data processors.
If you choose to register and transact with CTOS, your personal information may be shared where necessary and only on a need to know basis with companies within the CTOS Group of Companies (i.e. subsidiaries under CTOS Digital Sdn. Bhd.), so as to serve you in the most efficient and effective manner.
CTOS may disclose your personal information to the following parties for the purposes stated above:-
- companies and/or organisations that act as our agents, contractors, service providers and/or professional advisers;
- companies and/or organisations that assists us in processing and/or fulfilling transactions and providing you with Products and/or Services that you have subscribed or requested;
- advertising and marketing agencies including but not limited to social media platforms, data analytics companies and media agencies;
- law enforcement agencies;
- government agencies
In certain instances, we reserve the right to disclose your personal information to our preferred merchants and strategic partners. We take reasonable steps to ensure that agreements with our merchants and/or strategic partners include appropriate privacy and confidentiality obligations.
If you do not wish your personal information to be shared with these third parties, please e-mail us at firstname.lastname@example.org or at any CTOS Service Centre via the contact details provided below. Your latest written instructions to us will prevail. Your personal information will not be disclosed to any unauthorized third party.
Transfer of your Personal Information outside of Malaysia (where applicable)
For your information, in certain circumstances your personal information may be stored in a server which is located outside Malaysia. In this instance, we would endeavor to bind the service provider in an agreement that ensures a high standard of privacy protection.
Information Security: How We Protect Your Privacy
CTOS is committed to implementing the highest standards of information security to protect the privacy and confidentiality of your personal information. We limit access to your personal information to authorized employees. We also maintain physical, electronic, and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure.
Some of the other central features of our security measures include:
- A dedicated group of Information Security specialists that designs, implements, and provides oversight to our information security programme
- The use of specialized technology such as firewalls
- Testing of the security and operability of products and services before they are introduced to the Internet , as well as on-going scanning for publicly-known vulnerabilities in the technology
- Internal and external reviews of our Internet sites and services
- Monitoring of our systems infrastructure to detect weaknesses and potential intrusions
- Implementing controls to identify, authenticate and authorise access to various systems or sites
- Protecting non-public communications through encryption or other means
Accessing your Personal Information
The following outlines the choices you have with respect to the collection and use of your personal information by us.
How to opt out – If you do not want to receive communications and/or services from CTOS website or brand, please do not opt-in for those communications or services at the time of registration. If you have opted-in and, at a later time, wish to opt-out, please e-mail us at email@example.com or at any CTOS Service Centre via the contact details provided below. Your latest written instructions to us will prevail.
How to withdraw and revoke consent
Access and Correction
You may request to have access and/or do correction to your personal information submitted to us by sending an e-mail to firstname.lastname@example.org or you may apply at any CTOS Service Centre via the contact details provided below. You further acknowledge that we may impose a fee to you for such request. We reserve the right to refuse to correct your personal information as provided under the law.
What if I receive an e-mail, message or another contact I am not expecting – Along with every e-mail marketing communication sent to you, we provide you the opportunity to discontinue receiving future marketing communications (i.e., unsubscribe). Simply follow the unsubscribe process or directions provided in the email.
How do I know whether I am opted in – You are opted in for the communications and/or services from CTOS website or brand unless you chose not to receive them at the time of registration or you clicked unsubscribe on the marketing material received. Alternatively, you may email us at email@example.com to unsubscribe.
UPDATED: 20 March 2023