DIGI PRIVACY NOTICE
This Privacy Notice explains how we collect, use, process and store your Personal Data when you subscribe to any of our products and services, including telecommunications infrastructure and network, applications, digital services and solutions, or visit any of our office branches, Digi Stores, or websites (collectively referred to as “Services”).
This Notice applies to the processing of Personal Data that relates directly or indirectly to you, from which you may be identified as an individual, and includes sensitive personal data. Personal Data includes your name, home address or email address, as well as less obvious data like demographic data, device-related data, call records, online identifiers and location data.
Please read this Notice in context with the Terms & Conditions of the service that you use. It may set out additional service-specific terms regarding your Personal Data which we collected from you and the related processing activities.
We have summarised the Privacy Notice into an infographic. Click here to find out.
Updated 1 October 2021
CHANGES TO THIS PRIVACY NOTICE
As part of our ongoing commitment to transparency, we’re updating our Privacy Notice to empower you to make the best decisions about the information that you share with us.
These updates take effect on 1 October 2021. By using our Services on or after that date, you’ll be agreeing to these revisions. You should read the documents in full, but the key updates in our Privacy Notice are:
- Updated categories of Personal Data collected, and
- New processing of Personal Data to facilitate alternative credit scoring.
Please find the previous Privacy Notice here.
1. WHO ARE WE?
Digi Telecommunications Sdn Bhd (and the Telenor Group, which we are part of) (referred to “Digi”, “us” or “we”) is committed to protecting and respecting your privacy.
Digi is a mobile connectivity and internet services provider. Our office is located at Lot 10, Jalan Delima 1/1, Subang Hi-Tech Industrial Park, 40000 Subang Jaya, Selangor Darul Ehsan.
2. WHAT IS THE LAWFULNESS OF PROCESSING?
Digi will process your Personal Data based on:
2.1The performance of your contract and to act on your requests. For example, allowing you to make calls and texts, and browsing the Internet on your phone and enabling us to generate your bill, based on your usage.
2.2Legitimate business interests, for example, fraud prevention, maintaining the security of our network and services, direct marketing, and the improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. For more information on your rights, visit the 'What Are Your Rights' section below.
2.3Compliance with legal obligations, including accounting and tax requirements, and any lawful request from the government or law enforcement officials.
2.4Consent which you provided where Digi does not rely on other legal basis. When you give your consent, you may withdraw it at any time. For more information on your rights, visit the ‘What Are Your Rights' section below.
3. WHEN DO WE COLLECT YOUR PERSONAL DATA?
We collect your Personal Data in three ways:
3.1Information you give us when you:
(i) Register or subscribe for any of our Services,
(ii) Contact us through various channels or ask for information about a Service,
(iii) Take part in a competition, prize draw or survey,
(iv) Publish your information publicly, and
(v) Are the customer of a business that we acquire.
3.2Information we collect automatically when you:
(i)Use our Services
(ii)Visit or browse any of our websites, we use cookies (small text files stored in your browser) and other techniques such as web beacons (small, clear picture files used to follow your movements on our website). For more details on this and how to opt-out, visit the 'Cookie Notice'.
(iii)Visit any of our office branches / Digi stores, we may also collect information about you on CCTV as part of our security and crime prevention measures.
3.3Information from other sources, such as fraud-prevention agencies, business directories, credit reporting agencies, financial institutions, business partners and connected network providers:
(i)Before initiating your Services,
(ii)When you interact with us via social media, or
(iii)Where you have given permission to other companies to share information about you.
4. WHAT DO WE COLLECT?
Digi may collect, store, use and otherwise process your Personal Data during the course of our Service provision to the extent permitted by applicable law, including but not limited to your:
4.1 Account-related information
(i)Name
(ii)Address
(iii)Telephone and/or mobile number
(iv)Date of birth
(v)Gender
(vi)Email address
(vii)Identification number
(viii)Photos and images
(ix)CCTV recording and footages
(x)Video recordings
(xi)Voice recordings
(xii)Biometric identifiers
(xiii)Account credentials (including username and passwords)
(xiv)Security-related information used for authentication
(xv)Subscription-related information
(xvi)Event, promotion, and/or survey participations
(xvii)Credit or debit card information
(xviii)Swift Code and other payment codes
(xix)Payment amount and method
(xx)Purchase history
4.2 Service-related information
(i)Network connectivity and performance (including speed, traffic flow, and capacity)
(ii)Internet connectivity and performance (including speed, traffic flow, and capacity)
(iii)GPS location
(iv)IP address
(v)Tower and cell location and/or identifiers
(vi)Device number (IMEI)
(vii)Device model and operating system
(viii)SIM card number (IMSI or ICCID)
(ix)SMS records and utilisation (including in-bound and out-bound SMS)
(x)Call records and utilisation (including in-bound and out-bound calls
(xi)Roaming records and utilisation
(xii)Internet data utilisation and balance
(xiii)Application and feature utilisation
(xiv)Web addresses of the sites you come from and go to next
(xv)Browsing activities and purchases
(xvi)Attributes collected using cookies, web beacons, and other technologies
4.3 Sensitive Personal Data
(i)Physical and/or medical health records (including your body temperature and health declarations)
(ii)Racial/ ethnic origin
(iii)Criminal convictions
(iv)Religious beliefs
(v)Political opinions
Digi only collects Sensitive Personal Data when you voluntarily provide us this information or where such information is required or permitted to be collected by law.
We may not be able to process your application and/or provide you with our Services for reasons such as:
(i)If you fail to supply us with the necessary Personal Data;
(ii)If the Personal Data supplied is incomplete and inaccurate; and/or
(iii)If you withdraw your consent for us to process your Personal Data.
In connection with your requests, we may also collect appointed representative and/or guardian’s Personal Data. Where you provide us with such information, it is deemed that you have received their consent to share the information with Digi.
Our Services may contain links to third party websites, or enable access to third party services. We have no control over how third-party websites and services process your Personal Data and we are not responsible for their privacy practices. Please read the privacy policies of any third-party websites or services that you access using our Services carefully.
5. HOW DO WE USE?
Digi may use and process your Personal Data for the following purposes:
5.1To provide you with our Services
(i)Service provisioning
- To process your account registration and purchase of new Services.
- To provide Services that you have subscribed to.
- To manage your customer account.
- To connect you to our roaming partners.
(ii)Billing
- To issue you the bill statement for using our Services and payment collection.
- To recover debts or trace those who owe us money resulting from the use of our Services.
(iii)Customer communications
- To interact with you when you visit any of our Digi Stores.
- To respond to any questions or concerns you may have about our Services through all channels of communication.
- To monitor and record our communications with you for training purposes and quality assurance.
(iv)Service improvements
- To manage the volumes of calls, texts, roaming, and other uses of our Services for a better customer experience.
- To support any troubleshooting and improve our network availability.
- To develop more interesting and relevant Services.
(v)Service messages
- To keep you updated on the latest information relating to your subscribed Services, benefits, and rewards.
- To notify changes to our terms and conditions or service interruptions.
- To send you public service announcements either on our own behalf or on behalf of the statutory and/or regulatory bodies.
5.2To send marketing materials and personalise our Services to you
(i)Marketing
- Where you have consented, to send you promotional materials relating to our Services, or promote the Services of our partners or third parties which we think may be of interest to you through phone calls, SMS, emails, and push notifications.
- We tailor these messages based on the Services you’ve subscribed from us in the past, or information we have from third parties.
- You can control your marketing permissions and the data we use to tailor these communications at any time. For more details on this and how to opt-out from receiving marketing communications, visit the 'What Are Your Rights' section below.
(ii)Online advertising
- To target our marketing and advertising campaigns (and those of our partners) more effectively and to make your online experience more efficient and enjoyable. This is known as interest-based advertising. It can be on websites belonging to Digi or other organisations, as well as other online media channels such as social media sites. We may also combine data collected via cookies with other data we have collected about you.
- To prevent any processing of information, you can change your cookies settings. Refer to the ‘Cookie Notice’ for more information.
- Opting out of interest-based advertising does not stop advertisements from being displayed – it is just that they would not be tailored to your interest. To stop receiving personalised advertising on your social media, go to the relevant platform’s ad settings.
5.3To conduct research and analysis
(i)To research, monitor and analyse customer use of our Services on an anonymous or individual basis, in order to identify general trends, conduct market research or surveys, internal marketing analysis, customer segmentation, develop new Services, and improve our understanding of our customers’ patterns, behaviours and choices.
(ii)To create aggregated statistics about our sales, customer network traffic, location patterns and customer demographics. Such aggregated statistics do not include information that can personally identify you.
5.4To carry out credit checks, fraud prevention and security measures
(i)Credit checks
- To carry out a credit check when you register for any Services with us.
- To exchange information about you with credit reporting agencies while you have a relationship with us. This includes your settled accounts or any outstanding debt you have with us. This information may be supplied to other organisations by the credit reporting agencies.
(ii)Fraud prevention and security
- To verify your identity when you request access to your account and general account management purposes. We sometimes supplement the information we collect about you with information from other sources to assess the accuracy of the information that we hold.
- To detect and resolve fraudulent use of our networks (and our partners' roaming networks).
- To prevent and stop potential cyber security threats to our internal systems, network and Services.
- To protect your account from unauthorised access, fraud, misuse or damage to our Services.
- To investigate suspicious account activity or transactions when you use any of our Services.
5.5To facilitate alternative credit scoring
(i)Building an alternative credit scoring model
- To carry out data exchange and data matching with credit reporting agencies in order to develop alternative score validation or credit scoring models, provided that none of your Personal Data will be provided to the credit reporting agencies, save and except with your consent. For more details on how to opt-out from such processing, visit the 'What Are Your Rights' section below.
- To create aggregated statistics or insights about your consumer behaviour patterns, such as frequency of roaming, number of device changes, device type or brand, payment method, payment channel, auto-billing, number of late payments, and number of barring. Such aggregated statistics or insights may be shared with credit reporting agencies which are in collaboration with us, but shall not include any information that can personally identify you.
(ii)Facilitate alternative credit scoring to third-party service providers
- Digi provides, but only if you have granted consent, consumer behavioural information related to you, for the calculation of the credit scoring, which some financial institutions use as a supplementary, i.e., not decisive, parameter if you show interest in their services. Digi processes the consumer behavioural information only as at the given date – not into the past or the future.
6. WHO DO WE SHARE WITH?
We use partners and service providers for a variety of business purposes. In such cases, where applicable, we share information about you with:
6.1Affiliates: We may share your Personal Data with Telenor Group for processing activities listed in ‘How Do We Use’ section above.
6.2Roaming Partners: We share your Personal Data with roaming partners when you choose to roam on local or foreign networks, to facilitate or extend our Services so that we can provide a better service to you.
6.3Business Partners: We work with partners to facilitate our Services, including our extensive sales channels and agents, as well as package delivery partners.
6.4Service Providers: We share your Personal Data to services providers such as IT vendors who manage our systems, and third-party applications or social networks that you have chosen to link with our Services, to the extent of enabling you of using these Services. We also engage credit reporting agencies and debt collection agencies in relation to our Services.
6.5Marketing Partners: We may share your Personal Data with marketing and advertising partners to provide you with more tailored content and better service.
6.6Researchers: We may share your Personal Data to third parties for research or statistical analytics purposes to help us understand how you use our Services.
6.7Professional Advisors & Investigators: We engage professional advisors on matters relating to our Services, including legal advisors, accountants and auditors. We will also release information to fraud investigators if it’s reasonable for the purpose of protecting us against fraud, defending our rights or property, or to protect the interests of our customers.
6.8Law Enforcement: We may also need to release your Personal Data to comply with our legal obligations and to respond to the authorities’ lawful demands. Your Personal Data shall only be provided in good faith, when we are obliged to do so in accordance with the law and pursuant to an exhaustive evaluation of all legal requirements.
6.9Other Parties: If you are involved in or related to a legal proceeding, or if our company is reorganised or sold to another organisation, we will provide your Personal Data to the relevant parties.
Where you buy a third-party product or service independently and/or through your Digi account, the contract is with the party selling that product or service. As part of this, you are agreeing that Digi may pass certain Personal Data (for purposes listed in ‘How Do We Use’ section above) to such parties to complete your purchase. The seller’s terms and conditions, privacy policy, and cookie notice will apply as to how they use your Personal Data – please read them carefully.
When we share your Personal Data, we will take steps to ensure that the recipient will protect your privacy, keep your Personal Data secure and process it in accordance with applicable law and this privacy notice.
We will not sell the Personal Data that we process about you to third parties without your consent.
7. HOW LONG DO WE KEEP?
We will keep your Personal Data as long as necessary for the purposes for which we collect and process it unless a longer retention period is required by the Malaysian law. Your information will be deleted in accordance with our Retention Schedule below.
Types of data | Retention Period | Lawful Basis for Retention |
Customer account-related data | Account closure + 7 years |
|
Customer billing and financial-related data | Account closure + 7 years |
|
Network and location-related data | Date of network activity + 1 year |
|
Website and application usage-related data | Date of browsing + 1 year |
|
Survey responses and competition submissions | End of purpose + 1 year |
|
Customer communications | Date of communication + 2 years |
|
CCTV footage at Digi premises | Date of recording + 30 days |
|
8. HOW DO WE PROTECT?
We have a specialised security team who constantly review and improve our measures to protect your Personal Data from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction.
We will never ask for your Personal Data or account information through an unsolicited means of communication. You are responsible for keeping your Personal Data and account information secure and to not share it with others.
Our Services may provide links to third-party websites. We are not responsible for the security and content of such third-party websites. Make sure you read the respective organisation’s privacy policy and cookie notice before using or putting your Personal Data on their websites.
9. DO WE TRANSFER?
When we need to transfer your Personal Data to countries outside Malaysia for processing purposes, we will take appropriate steps to ensure that your personal information is adequately protected (for countries that may not provide the same level of protection as Malaysia). This includes having a proper legal agreement that covers the data transfer and carrying out data security reviews of any recipients to ensure that Personal Data in that country will not be processed in a manner which would contradict applicable data protection laws in Malaysia.
10. WHAT ARE YOUR RIGHTS?
You have rights in relation to the Personal Data that we hold about you. Your privacy rights include:
10.1Right to withdraw consent: At any point of time, you have the right to withdraw your consent to us to use, process or share your Personal Data by contacting us or walking into a Digi Store. However, withdrawing your consent will result in us not being able to process your application and/or provide you with our services.
10.2Right to access your information: At any point of time, you can request a copy of the Personal Data that we hold about you by contacting us or access the information directly through your account on our Digi website.
10.3Right to correct personal information: At any point of time, you can request to correct or amend your Personal Data that is inaccurate by walking into a Digi Store or through your account on our Digi website.
10.4Right to prevent processing:
(i)You can request for us to temporarily suspend processing activities of your Personal Data when you believe that there are concerns over the accuracy, legitimacy and lawfulness of the processing. During the temporary suspension period, we may not be able to process your application and/or provide you with our Services.
(ii)You can request for us to cease processing activities of your Personal Data for marketing purposes. If you no longer want to receive personalised content and marketing messages from Digi, you can choose to opt-out at any time.
Please note: You may still receive marketing messages for a short period after opting out while we update our records.
(iii)You can request for us to cease or not to begin processing your Personal Data if the processing causes or is likely to cause you unwarranted substantial damage or distress. If you exercise this right, we will not be able to process your application and/or provide Services to you.
To ensure that the Personal Data we hold about you is correct and up to date, we may from time to time contact you to verify the accuracy of your Personal Data in our record. However, it is your responsibility to ensure that you provide us with true, accurate and complete information.
11. WHAT ABOUT CHILDREN?
There will be instances where children under the age of 18 will subscribe to our Services. Rest assured that their Personal Data will be processed according to this Privacy Notice.
When Services purchased for family use are used by minors without the knowledge of Digi, any information collected from the usage will appear to be the Personal Data of the actual adult subscriber and be treated as such under this Privacy Notice.
We encourage you to be with your children when they are using the Internet and at the same time, monitor their online activity.
12. CHANGES TO THIS PRIVACY NOTICE
Digi reserves its right to amend this Privacy Notice from time to time based on changes as per the business, legal and regulatory requirements and applicable laws. We encourage you to revisit this notice periodically, allowing you to see any changes made by checking the effective date above.
If we decide to use or disclose information that identifies you personally in a way that is materially different from what we stated in our Privacy Notice at the time we collected that information from you, we will give you a choice about the new use or disclosure by appropriate means, which may include an opportunity to opt-out.
13. LANGUAGE
In accordance with the requirement of Malaysian data protection and privacy law, this Privacy Notice is issued in both English and Bahasa Malaysia. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail.
14. CONTACT US
Should you have any queries, concerns or complaints in relation to this Privacy Notice, kindly reach out to our Data Protection Officer via:
Digi Telecommunications Sdn Bhd
Lot 10, Jalan Delima 1/1
Subang Hi-Tech Industrial Park
40000 Subang Jaya
Selangor Darul Ehsan