Privacy Policy

Overview

DOKU Malaysia Sdn. Bhd. (formerly known as SimplePay Gateway Sdn. Bhd.) (hereinafter referred to as “DOKU Malaysia”, “we”, “us” or “our”) is a company incorporated in and under the laws of Malaysia and is licensed by Bank Negara Malaysia.

This Privacy Policy & Notice is prepared and issued in accordance with the Personal Data Protection Act 2010 (“PDPA”) and the relevant regulations, guidelines and orders to inform you by notice of how we collect, retain, process, share and transfer your Personal Data (as defined within the PDPA) when you use the services offered and provided by us (“Services”). You are required to read this Privacy Policy & Notice along with the applicable DOKU Malaysia Terms & Conditions.

This Privacy Policy & Notice applies to you in respect of the Personal Data provided by you when you visit our applications, platforms and/or web portals (“Sites”) or use our Services but does not apply to Personal Data that is provided on any web portals, mobile applications or services that we do not own or control, including web portals, mobile applications or services of the Merchants (defined hereunder) or other users of DOKU Malaysia’s services.

Definitions

For the purposes of this Privacy Policy & Notice, please note that:

• “Account” refers to an account created on our Sites or to use our Services.
• “Device Information” refers to information about the device used to access our Services, which may include but is not limited to device type, model, operating system, browser type, unique device identifiers, IP address, and other diagnostic information.
• “Geolocation Information” refers to data that determines your geographic location, which may be derived from your IP address, GPS, Wi-Fi signals, or other technologies.
• “Merchant” refers to the party onboarded as a merchant of DOKU Malaysia to accept credit cards, debit cards, FPX and other payment methods to receive payments, manage, and analyse the exchange of funds for goods or services between the Users and such Merchant, generate reports, and perform other financial transactions using the Services.
• “Participant” refers to any individual or entity involved in a transaction facilitated through our Services.
• “Personal Data” refers to any information which can be used to identify you or from which you are identifiable and may be defined under the PDPA and as may be described under this Privacy Policy & Notice.
• “Technical Usage Data” refers to data automatically collected when you use or interact with our platform, including details such as your interactions with the payment gateway, time and date of access, transaction logs, page views, session durations, error logs, and other technical data.
• “Users”, “you” or “your” refers to any person who accesses, interacts with, or uses our Services, the Sites or any platform and mobile application in relation thereto which may include the Participants and any end users that uses our Services via our Merchants’ applications, platforms and/or web portals.

1. Your Acknowledgment and Consent

Personal Data provided to DOKU Malaysia will generally be kept confidential. By visiting our Sites, using our Services, and/or providing us with your Personal Data, you hereby authorise and consent for us to collect, retain, process, use, share, transfer and/or disclose your Personal Data in accordance with this Privacy Policy & Notice. You hereby acknowledge that you have read and understood this Privacy Policy & Notice and you agree and consent to our use and processing of your Personal Data.

You hereby agree that:

• By providing Personal Data to us, you have done so voluntarily without coercion, in a competent condition, and in a conscious state.
• The Personal Data and information provided to us is clear, accurate, correct, complete, valid, current, not misleading, original, authentic.

If you have provided or disclosed Personal Data of an individual third parties or if you are a corporation whereby you have provided or disclosed Personal Data of individual third parties including but not limited to your directors, individual shareholders, employees, authorized signatories, agents, representative, or otherwise, you hereby represent and warrant to us that you have obtained the consent of such third parties and are entitled to provide their Personal Data to us to be used, processed and/or disclosed in accordance with this Privacy Policy & Notice.

If you are a Merchant, you are required to provide all necessary notices including this Privacy Policy & Notice and obtain all necessary rights and consents from Users accessing our Services through your application, platform and/or web portals in which you provide your services, to enable us to lawfully collect, use, retain and disclose the Personal Data as part of our Services. Nevertheless, Merchants, as data controllers, are responsible for the contents of their own privacy notice and cookie banner.

We reserve the right to develop information obtained but not related to your personal information, so that you are not individually identified, including for processing, development and collaboration with third parties ("Aggregate Information/Anonymous Information").

2. What Types of Personal Data Do We Collect?

We may collect information about you when you visit our Sites or use our Services or when you provide us with your Personal Data or when we receive information your Personal Data from a third party, including the following:

• Registration and Use Information – When you register or create and maintain an Account, we may collect information such as your name, NRIC number, age, gender, biometric information, company name, company number, postal address, telephone number, email address, employment information and other identification information.
• Transaction and Experience Information – When you use our Services, we may collect information about the transactions involving you, as well as other information associated with the such transaction such as your name, NRIC number, bank account number, the amount sent or requested, amount paid for products or services, Merchant information, bank account balance, spending patterns, information about any funding instruments used to complete the transaction (e.g., credit card or bank account details), Device Information, Technical Usage Data, Geolocation Information etc.
• Participant Information – When you use our Services, we collect Personal Data you provide us that may involve other Participants.
• Receive Money – When you receive money through our Services, we may collect Personal Data such as name, NRIC number, postal address, telephone number, financial account, information of other User or Participant who is sending money to you. The extent of Personal Data required about a Participant may vary depending on the Services you are using to receive money.
• Affiliate Programme – If you use our Services to add value by inviting other potential merchants, we may collect Personal Data from you about the other party, or from the other party about you to facilitate the request. We may collect information such as name, mobile number or email address etc of such other party.
• Information that you choose to provide us to obtain additional Services or specific online Services – If you request or participate in an optional feature in the Sites, or request enhanced Services or other elective functionality that is not commonly part of our Services, we may collect additional information from you. We will provide you with a separate notice at the time of collection if the use of that information differs from the uses disclosed in this Privacy Policy & Notice.
• Information about you from third-party sources – We may obtain Personal Data from third-party sources such as Merchants, data providers, and credit bureaus, where permitted by law.
• Verification through various means – We may collect additional information from or about you when you communicate, engage or interact with us through social media or at events, engage in marketing, promotions and cross selling, contact our customer support teams or respond to our survey(s) such as your age, gender, and other information you may volunteer such as your religion, political view, medical information, marital status, occupation and income information, social media logins, images or independently verified payment card information.

3. Why Do We Retain Your Personal Data?

We retain your Personal Data to fulfil our legal or regulatory obligations and for our business purposes and to provide our Services to you. We may retain Personal Data for longer periods than required if it is in our legitimate business interests and not prohibited by the applicable laws.

If your Account is closed, we will take reasonable steps to mask your Personal Data and other information but we reserve our ability to retain and access the data for so long as required to comply with applicable laws including for the purposes of resolving disputes, fraud prevention, or meeting regulatory requirements. We will continue to use and disclose such Personal Data in accordance with this Privacy Policy & Notice.

4. Do We Share Your Personal Data?

We may share your Personal Data or other information about you with others including with to the following parties in a variety of ways as described in this the Privacy Policy & Notice.

• With other members of the DOKU Malaysia corporate family: We may share your Personal Data with members of the DOKU Malaysia family of entities including our parent company, holding, subsidiary, related, affiliated entities and any future entities.
• With other companies that provide services to us: We may share your Personal Data with third-party service providers that perform services and functions at our direction or on our behalf or our partners including parties with whom DOKU Malaysia collaborate for certain events, programs and activities; marketing research, event management, sponsorship, and advertising companies; service providers, including information technology (IT) service providers for infrastructure, software, and development work; and professional advisors, external auditors, legal, financial, consultants, and others.
• With the other parties to transactions when you use the Services, such as other Users, Merchants, and their service providers: We may share information about you and your Account with the other parties involved in processing your transactions (including those located outside of Malaysia). This includes the Participants, other Users, such as those you are sending funds to or receiving funds from, as well as the Merchants and their service providers when you use the Services to pay for goods or services. The information may include without limitation:
  • Personal Data and Account information;
  • Information that are able help other Participants(s) resolve disputes and detect and prevent fraud; and
  • Aggregated data and performance analytics.
• With other third parties for our business purposes or as permitted or required by law: We may share information about you with credit agencies and/or other parties (including those located outside of Malaysia) for DOKU Malaysia’s business purposes or as permitted or required by law, whenever necessary and to authorized institutions, agencies, institutions, bodies or governments based on applicable laws and regulations, warrants, decrees, decisions or official letters, in which case you hereby declare that you have given us consent, permission and authority to disclose data to such parties.
• With your consent: We will share your Personal Data and other information with your consent or direction, including if you authorize an Account connected with a third-party account or platform.

5. Why Do We Process Your Personal Data?

We may process your Personal Data and any other information collected for the following reasons (the list of which may not be exhaustive):

• To operate the Sites and provide the Services, including to:
  • facilitate the relevant transactions;
  • initiate a payment or send money;
  • verify your identity, access and use of the Account and Services;
  • manage administrative aspects of your Account;
  • communicate with you about your Account, the Sites, the Services, or DOKU Malaysia;
  • create an account connection between your Account and a third-party account or platform;
  • perform credit worthiness and other financial standing checks, evaluate applications, and compare information for accuracy and verification purposes;
  • keep your Account and financial information up to date;
  • provide customer support.
• To manage our business needs, such as monitoring, analysing, developing, updating and improving the Services and the Sites’ performance, and to help Merchants better understand Users and enhance Users experiences.
• To help assess and manage risk, prevent abuse of our Sites and Services, and to detect and prevent fraud, embezzlement, theft, or money laundering involving us, our Users, the Participants, our business partners, strategic ventures, Merchants, other individuals, our Sites or our Services.
• To facilitate verification and validation process by our Merchants and partners for certain features or products organized by DOKU Malaysia’s Merchants and partners.
• To provide personalized Services, market and promote DOKU Malaysia products and Services on third-party web portals and online services as well as the products and services of unaffiliated businesses.
• To uniquely tailor the marketing content and certain Services or Sites experiences to better match your interests on DOKU Malaysia and other third-party application, platforms and/or web portals.
• To use cookies and other tracking technologies to provide these online Services and/or work with other third-parties such as Merchants, advertising or analytics companies to provide these online services.
• To enhance the security of the Sites and Services and provide you with location-specific options, functionality or offers if you elect to share your Geolocation Information through the Services such as advertising, search results, and other personalized content.
• To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with the law, legal process or regulations, law enforcement, regulators, government officials, or other third parties in relation to any subpoena, court order, or other legal process or requirement under Malaysian law or regulation, or the laws and regulations of other jurisdictions that are applicable to DOKU Malaysia or one of its affiliates, including any such law or credit card rules.
• To prevent physical harm or financial loss.
• To report suspected illegal activity or to investigate violations of a user agreement and/or DOKU Malaysia’s policy.
• To facilitate a purchase, sale, merger, or acquisition involving all or part of DOKU Malaysia’s business, including the disclosure of Personal Data to relevant companies.
• To support our administrative, audit, compliance, and corporate governance functions.
• To support the interests of DOKU Malaysia, affiliates of DOKU Malaysia, group companies, and subsidiaries of DOKU Malaysia, for the development of business, products, quality, and services including promotional activities, studies, research, and cooperation between DOKU Malaysia and other third parties.
• In connection with shipping and related services for purchases made using a Service.
• To banking partners as required by card association rules for inclusion on their list of terminated Merchants.
• To credit reporting and collection agencies.
• To engage in direct marketing, promotions and cross selling.
• To conduct research on demographic data of the Users.
• For other purposes communicated from time to time by DOKU Malaysia to Users, and permitted or required by applicable laws and regulations, include but are not limited to sending to regulators (Bank Negara Malaysia), authorized officers (police, investigators, and other relevant authorities).
• To facilitate the Transaction on behalf of DOKU Malaysia, including in the case of the sale of all or part of DOKU Malaysia's assets including any purchase, sale, lease, merger or amalgamation or acquisition, disposal or financing of DOKU Malaysia, affiliates of DOKU Malaysia, group companies, and subsidiaries of DOKU Malaysia.

6. How Do We Use Cookies & Tracking Technologies?

When you visit our Sites, use our Services, or visit a third-party application, platform and/or web portals for which we provide online Services, we and our business partners and vendors may use cookies and other tracking technologies (collectively, “Cookies” ) for the following reasons:

• ensure that our Services function properly;
• to recognize you as a User, Merchant or Participant and to customize your online experiences, the Services you use, and other online content and advertising;
• to measure the effectiveness of promotions and perform analytics to improve our Services; and
• to mitigate risk, prevent potential fraud, and promote trust and safety across our Sites and Services.

Certain aspects and features of our Services and Sites are only available through the use of Cookies, so if you choose to disable or decline Cookies, your use of the Sites and Services may be limited or not possible.

7. What Privacy Choices Are Available To You?

You have choices when it comes to the privacy practices and communications described in this Privacy Policy. Many of your choices may be explained at the time you sign up for or use our Services or in the context of your use of the Sites. You may be provided with instructions and prompts within the experiences as you navigate the Services.

• Choices Relating to the Personal Data We Collect
  • Personal Data: You may decline to provide Personal Data when it is requested by DOKU Malaysia, but certain Services or all of the Services may be unavailable to you.
  • Location and other device-level information: The device you use to access the Sites or Services may collect information about you, including Geolocation Information and User usage data that DOKU Malaysia may then collect and use.
• Choices Relating to Cookies
  • You may have options available to manage your cookies preferences. For example, your browser or internet device may allow you to delete, disable, or block certain cookies and other tracking technologies. You may choose to enable these options but doing so may prevent you from using many of the core features and functions available on a Service or Site.
  • You may have an option regarding the use of cookies and other tracking technologies when you use a Service or visit parts of a Site. For example, you may be asked if you want the Service or Site to “remember” certain things about you, and we will use cookies and other tracking technologies to the extent that you permit them.

8. Links to Other Sites, Web Portals and/or Applications

As part of the DOKU Malaysia’s Services, DOKU Malaysia may provide links to or integrate with third party sites, web portals, platform and/or applications. However, We are not responsible for the privacy policies content, or information used by such third party sites, web portals and/or applications. This Privacy Policy & Notice applies only to information collected by us in the course of providing our Services and managing our Sites.

This Privacy Policy & Notice does not apply to your use of third-party sites, web portals, platform and/or applications accessed via links within the Sites or through our Services. When you access or use our Services through or on other sites, web portals and/or applications, their respective privacy policies will apply. We strongly encourage Users to read the privacy policies of third party sites, web portals, platform and/or applications before using them.

9. Release & Limitation of Our Liability

You are responsible for the security of your accounts and for mitigating any potential breaches, such as implementing appropriate security measures, limiting access, creating a strong PIN, and safeguarding both the PIN and the OTP.

We are not responsible for the exchange or disclosure of User data and personal information carried out by you, including exchanges carried out between Users.

We are responsible for our system, including the protection and security of Personal Data confidentiality. As and when required, we will notify Users in the event of failure to protect User Personal Data via the User's registered e-mail on the Sites and report the incident to law enforcement officers or relevant supervisory agencies in accordance to the relevant laws.

We are not responsible for the authenticity, truth, accuracy, completeness of Personal Data provided by you.

By giving consent to this Privacy Policy & Notice, you waive the right to any claims, losses, demands, or lawsuits that may occur relating to the acquisition, collection, protection, processing, storage, utilization, disclosure, transfer, transmission, and/or deletion of the User's Personal Data and information, as long as there is no evidence of fault on our part.

In the event that you are a minor, we are not responsible for the input of any Personal Data of the minor User. We recommend that the minor’s parents or legal guardians monitor the minor’s internet usage to ensure that any provision of the child’s Personal Data is given under their supervision.

As a parent or legal guardian, please do not allow minors under your care to submit Personal Data to Grab. In the event that such Personal Data of a minor is disclosed to Grab, you hereby consent to the processing of the minor’s Personal Data and accept and agree to be bound by this Notice and take responsibility for his or her actions.

10. How Do We Protect Your Personal Data?

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorization controls.

While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate, complete, not misleading and current. We are not responsible for protecting any Personal Data that we have share with a third-party based on an account connection that you have authorized.

Please note that any transmission of data over the Internet is not completely secure. While we will make every effort to protect your Personal Data, we cannot guarantee the security of data transmitted online. Therefore, any transmission of data is at your own risk.

DOKU Malaysia has been validated against the external network vulnerability scan requirements of Payment Card Industry Data Security Standard (PCI DSS) and is fully in compliance with PCI DSS level 2 standards.

11. Direct Marketing

You hereby consent for us to use your Personal Data for marketing, promotion, direct marketing and cross selling. We may use your Personal Data to provide you with information about our and third-party services and/or products, which may be related to your interests, unless requested otherwise by you.

We may, in some circumstances, disclose your Personal Data to preferred Merchants and strategic partners. Such disclosure will occur where you have subscribed for particular products and/or Services that require such disclosure, and/or where your consent has been obtained, subject at all times to any laws (including regulations, guidelines, and/or obligations) applicable to DOKU Malaysia.

We take reasonable steps to ensure that the third parties we are sharing your Personal Data with also have appropriate privacy and confidentiality obligations.

In addition, you would have been deemed to have given your consent for our continued communication for further information on our products, Services, promotions, and matters relating to the primary purposes below, which we may consider to be interesting to you from time to time.

12. Your Rights To Access, Limit, Correct and Update Your Personal Data

Subject to payment of a prescribed fee, you may request for access to your Personal Data, request for deletion, correction or update of your Personal Data, request to limit the processing of your Personal Data and/or make any inquiries or complaints regarding your Personal Data by contacting us at:

Contact Person : Customer Support Department
Address : Unit 27-8, Level 8 Boulevard Office, Mid Valley City, Lingkaran Syed Putra, 59200 Kuala Lumpur, Wilayah Persekutuan.
Tel No. : 03-2771 2707 / 017-8244534 (WhatsApp Number (Text only))
Fax No. : N/A
E-mail : help@senangpay.my

DOKU Malaysia reserves the right to refuse your request for the aforementioned for reasons permitted under the law.

13. Language

As per Section 7(3) of the PDPA, this Privacy Policy & Notice is issued in both English and Bahasa Malaysia. In the event of any inconsistency, the terms of the English version shall prevail.

14. Applicable laws and regulations

This Privacy Policy & Notice is subject to, regulated by, and interpreted under all applicable laws and regulations in Malaysia including but not limited to any laws or regulations in relation to personal data protection, money laundering, fraud, terrorism, or any other criminal activity. Any disputes arising from or in connection with this Privacy Policy & Notice shall be subject to the exclusive jurisdiction of the courts of Malaysia.

15. Revision of this Privacy Policy

DOKU Malaysia has the right to modify, update, or amend the terms of this Privacy Policy & Notice from time to time. Where the Privacy Policy & Notice is revised, the revised Privacy Policy & Notice will be posted on our Sites and/or communicated to you via any other means of communication deemed suitable by us. If you continue to use our Services, you shall be deemed to have agreed to accept such changes.