For the Bahasa Malaysia version, please click here.
This Privacy Statement describes what information (“Information”) Experian Information Services (Malaysia) Sdn. Bhd. (“EIS”, “We” or “Us”) collects and how We will be using it while providing our products and/or services (“Services”) through our websites https://creditinfo.experian.com.my/ and https://ct.experian.com.my/ (“Website”). It also describes how you can access and update your Information. By providing your Information to Us, you are agreeing to the terms of this Privacy Statement and the processing of your Information as detailed in this Privacy Statement.
This Privacy Statement applies solely to the Websites and does not apply to any third party websites you may access from Our Websites. To determine how they deal with your personal data, you should ensure that you read their respective privacy policies.
For Personal Self-Check reports and services, please refer to the privacy statement at https://www.mycreditinfo.com.my/.
Experian Information Services (Malaysia) Sdn. Bhd.
EIS is a credit reporting agency that is regulated under the Credit Reporting Agencies Act 2010. EIS is part of a group of companies, whose parent company is Experian Plc, which is listed on the London Stock Exchange (EXPN). For more information on the Experian Group, please visit the group’s website at www.experiangroup.com. We are the global leader in providing data, analytical, marketing and credit services to organizations and consumers to help them manage risks and make every day commercial and financial decisions.
What kind of Information do We collect?
Registration and your account set up related information – business name, business registration number, registered address, phone number, type of business, nature of business, ownership profile, individual information such as name, designation, and email addresses.
Information contained in the Services you purchase – entity and financial information, individual information such as identity card number, addresses and phone numbers.
Information provided by you about yourself and third parties (including children under 18 years old) and selected by you to be monitored when enrolling to CSID Dark Web Monitoring service – identification number, passport number, phone number, email address, local and international bank account number, and credit/debit card number.
Except for the purpose of providing CSID Dark Web Monitoring service, We do not collect and do not store (i) any bank account/credit card number; and (ii) any personal data of children under 18 years old, and they cannot be accessed by EIS staff.
We also do not collect and process any sensitive personal data (as defined in the Malaysian Personal Data Protection Act 2010), such as information regarding an individual’s physical or mental health, his political opinions, his religious beliefs, or the commission or alleged commission by him of any offence.
Where the provision of your Information is considered necessary or mandatory in order for Us to provide you with our products and/or services, and you fail to provide such data to Us, We will be unable to provide you with the respective products and/or services.
In the event you provide Us with Information relating to third parties, you confirm that you have (i) obtained their consent or are otherwise entitled to provide their Information to Us and for us to process accordingly; and (ii) informed them to read and understand this Privacy Statement.
How do We collect your Information?
We collect your Information when you have completed and submitted the subscription application form to Us, log in to your account on the Websites or otherwise interact with Us, use or purchase the Services using the Websites, participate in any activity on our Websites or subscribe to our publications or marketing materials. We also collect your Information from publicly available sources and from third parties.
Why do We collect your Information and how do We use it?
EIS collects and uses your Information for the following purposes:
- To facilitate your use of the Services and access to the Websites;
- To process your order(s) and purchase(s);
- To deliver Services you choose to purchase or have requested;
- To administer and maintain your account and the Services We provide you;
- To provide customer support, respond to your queries, feedback, claims or disputes;
- To deliver notices, updates, prizes and/or promotional materials to you;
- To conduct survey/analysis and client profiling activities;
- To maintain and update internal record keeping;
- To carry out market research;
- To detect and prevent crime (including but not limited to fraud, money laundering, bribery which takes subject to the relevant laws as well);
- To improve and enhance Our Services;
- To meet any legal or regulatory requirements;
- To send you marketing or promotional materials by email, telecommunication means or social media about products, services and/or promotions offered by EIS and selected third parties that We think may interest you.
How to opt-out from receiving marketing or promotional materials?
You may at any time contact our Customer Support at 03-26151111 or via email firstname.lastname@example.org and to require Us to cease or not to begin processing your Information for purposes of marketing. Also, along with every e-mail marketing communication sent to you, We provide you the opportunity to discontinue receiving future marketing communications (i.e., unsubscribe). Simply follow the unsubscribe process or directions provided in the email.
Who do we disclose your Information to?
To enable development and provision of Services to you, EIS might need to disclose your Information to:
- our agents, sub-contractors, service providers, suppliers or business partners;
- other members of Experian Group which may include Experian companies located in and outside of Malaysia;
- payment channels including without limitation financial institutions for purpose of assessing, verifying, effectuating and facilitating payment of any amount due to Experian in connection with your acquisition of our services and/or products.
Under certain circumstances EIS may disclose your Information to any person to whom We are required to do so by law or other legal order or we reasonably believe that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by or on behalf of an enforcement body.
We may also disclose your Information to the general public when you become a winner in a contest by publishing your name, photographs and other Information without compensation for advertising and publicity purposes.
Disclosure of your Information to third parties is always subject to complying with all laws and regulations applicable to EIS and third parties mentioned above. In circumstances where We disclose Information, We generally retain control of that information. We can therefore ensure that the Information We disclose is used only in accordance with this Privacy Statement and in accordance with the requirements of the Malaysian Personal Data Protection Act 2010 and other applicable data protection laws and regulations.
EIS also employs a number of security measures to ensure the safety and security of any disclosure of your Information, including without limitation, IP whitelisting, web application firewall (WAF), log analysis tool and REST API with basic authentication.
Transfer of your Information outside of Malaysia
In instances where our third parties are located outside of Malaysia, such as where you make use of Experian eKYC or place an order for an international credit report, We may disclose and transfer your Information outside of Malaysia, but always ensuring to adhere to the local and foreign data protection laws.
If you subscribe to our CSID Dark Web Monitoring service, We will transfer your Information outside Malaysia to be registered with our global server for the purpose of data matching as part of the CSID Dark Web Monitoring service.
How secure is your Information?
As a global leader in the management of data, EIS recognizes and acknowledges the importance of keeping the Information and data that it holds, secure and protected from unauthorized access. To do this, EIS utilizes industry standard security and encryption processes and technology to ensure that access to your Information is only provided to those employees who need to have access in order to perform their role. We may be obliged to disclose Information we hold to law enforcement agencies. In such circumstances, the use and security of that information is determined by the rules governing the relevant agency.
To ensure that We maintain the standards We have set for security and that We comply with our obligations in relation to the storage and handling of your Information, EIS requires all of its employees to complete regular training in relation to the handling of Information and the application of our security policies. We will also regularly review this policy and assess our performance against it to ensure We are meeting and continue to meet our obligations under the Malaysian Personal Data Protection Act 2010 and other applicable laws.
How long do we retain your Information for
We will retain your Information for the following periods:
Information contained in the Services you purchase – (i) in respect of your online report files (HTML/PDF), for 3 years; (ii) in respect of your online order history, monitoring services, B2B requests, response files and consent documents, for 7 years; and (iii) in respect of defaulters’ data or payment aging data which you provide, for 10 years.
Information provided by you about yourself and third parties (including children under 18 years old) and selected by you to be monitored when enrolling to CSID Dark Web Monitoring service – for 6 months after the termination of the CSID Dark Web Monitoring service.
How can you access or correct the Information We hold?
You have the right to request for access to and correction of your information held by Us and in this respect, you may:
- check whether We hold or use your Information and request access to such data;
- request that We correct any of your Information that is inaccurate, incomplete or out-of-date;
- request that your Information is retained by Us only if necessary, for the fulfilment of the purposes for which it was collected;
- request that We specify or explain our policies and procedures in relation to data and types of Information handled by Us;
- communicate to Us your objection to the use of your Information for marketing purposes as described under How to Opt-Out whereupon We will not use your Information for these purposes; and
- withdraw, in full or in part, your consent given previously, in each case subject to any applicable legal restrictions, contractual conditions and a reasonable time period.
In general, We aim to respond to all complaints promptly and in any event in less than 21 working days. We aim to act promptly and reasonably in resolving any complaints. There are some circumstances, for example, where the matter is complex, or the resolution relates to a product with a long update cycle, where We may require additional time to resolve an issue or to implement a correction.
If you wish to exercise any of your rights listed above, you may contact Us at the following:
Website: https://www.creditinfo.experian.com.my and https://ct.experian.com.my/
For Personal Self-check report, please contact the following instead:
There are certain limited circumstances permitted under the Malaysian Personal Data Protection Act 2010 in which We may decline to permit access to the Information We hold or We may decline to apply a correction to that Information which you have requested. In such circumstances, you may require that We note that a request for access or correction has been refused by Us.
Generally, We are happy to provide details of the Information We hold free of charge. However, to the extent permissible under law, We reserve the right to charge a nominal fee (if applicable) to commensurate with our costs of extraction and collation of Information where significant work is involved. We will require you to adequately identify yourself when requesting a copy of your Information.
This Privacy Statement is written both in English and Bahasa Malaysia languages. Should there be any contradictions between the English version and the Bahasa Malaysia version, the English version shall prevail.
Updates to this Privacy Statement
We may amend this Privacy Statement from time to time and the updated version shall apply and supersede any and all previous versions. You are encouraged to check our Websites periodically for our most up-to-date Privacy Statement (as indicated by the date of the update set out at the bottom of this Privacy Statement).
Updated @ 06/07/2022