DIGI TELECOMMUNICATIONS SDN BHD (201283-M)
1.1 We value your privacy and take the protection of your personal information seriously, so it is important to us that you understand how we collect and process personal information about you.
1.2 This privacy notice applies to the processing of the personal information that we collect about you when you use any of our services, including our telecommunication networks, applications or any of our websites (collectively referred to as “services”). Please read it in conjunction with the Terms of Service of any particular service that you use, which may set out additional service-specific terms regarding the personal information we collect about you.
1.3 This privacy notice explains what personal information we collect about you, why and how we collect and process it, and how we share it with others. It also explains the privacy rights that you have in relation to your personal information and how you can exercise these rights.
2.1 Digi’ Privacy Position can be summarised as follows:
2.2 Digi (and the Telenor Group, which we are a part of) believes that all our customers should enjoy the same standards of privacy protection. When we use the word “customer”, it includes not only our current customers, but also our past, future and subscribers to other networks that roam with us. Digi will process the personal information collected from you in accordance with the following key principles:
3.1 Digi determines the purposes for which and the means by which your personal information is processed, and therefore acts as the “data user” as defined under the Malaysian Personal Data Protection Act 2010. Digi is legally responsible for ensuring that your personal information is processed in accordance with our key privacy principles, this privacy notice and applicable law.
3.2 When we share your personal information with the Telenor Group in accordance with the section on How we share and disclose your personal information below, we will ensure that the Telenor Group is legally responsible for ensuring that the personal information that has been shared with it (or any member of the Telenor Group) is processed in accordance with our key privacy principles, this privacy notice and applicable law.
4.1 We collect personal information about you in three ways:
4.2 We explain below what personal information we typically collect about you in these three ways.
4.3 For some of our services, for example financial, music or video conferencing services, it may be necessary to collect additional personal information about you, collect personal information in other ways, and/or collect personal information for purposes that are specific to that service. In such cases, our relevant Terms of Service explain the service-specific personal information processing activities.
4.4 When you sign up for one of our services or when you receive one of our services, you may provide us with certain personal information. The types of such information may include:
4.5 When you use any of our services, we will automatically collect certain information about you and your device. The information that we collect automatically will vary depending on the service that we provide to you and the type of device that you are using to access and/or benefit from our service.
4.6 We will collect information about the type of device and software that you use to access our services, for instance whether you are using an iPhone or Samsung phone, and what operating system is running on your device.
4.7 When you use our telecommunication services, we automatically collect information about your communications, including:
4.8 When you visit one of our websites and/or use one of our online services, we collect information concerning your terminal equipment or device and your use of our online services. Such information usually includes:
4.9 When you visit one of our websites and/or use one of our online services we may also collect the following information:
4.10 The information that we collect automatically when you use our websites and/or services is collected through cookies and other similar technologies. Click here to find out more about these technologies and why and how we use them.
4.11 We collect information when we link our digital services with the services of third parties, for instance when you have requested that we integrate our services with the services of third party service providers such as with social networks like Facebook, Instagram or Twitter or VoIP services such as Skype and Viber. Such information usually includes:
4.12 We sometimes collect personal information about you from third parties, in connection with services that we provide to you.
4.13 For instance when you purchase products or apply for service with us, we may obtain credit information about you from outside credit reporting agencies to help us with customer authentication and credit-related decisions. We also work closely with third parties (including, for example, business partners, contractors, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
4.14 When you use your social media credentials to login to or otherwise interact with a Digi or Telenor webpage or offer, we may collect information about your social media profile, such as your interests, “likes” and friends list. You can control this data collection via the options made available by your social media service provider in your social media account.
4.15 We may combine the personal information that we receive from such other sources with personal information which you have given to us as well as information which we have automatically collected about you.
5.1 We collect information about your location when you use our telecommunications services. For instance, we collect the Cell ID, which is a piece of information concerning the location of your device on our network that reveals your approximate geographical location. We need to know your approximate location so that we can deliver mobile telecommunications services to you.
5.2 We may also collect information about your location when you use our location-based services or receive location-based offers. Depending on the location-based service or offer that you use and your position within our network, we may use the Cell ID and/or location data generated by the Global Positioning System (‘GPS’). GPS data reveals much more precise information about the geographical location of your device. For these purposes we may also use geofencing techniques to determine when your device enters a defined geographical area.
6.1 We use your personal information to provide our services to you, support and improve our services, to provide more personalised and relevant services to you and our subscriber base, and send you communications about the services we provide to you. For these purposes, if you fail to supply us with the necessary personal information, or if the personal information supplied is insufficient or not satisfactory to us, or if you withdraw your consent for us to process your personal information, we may not be able to process your application and/or provide you with our services.
6.2 We may also process your personal information to contact you from time to time with news and offers that may be of interest to you, as further explained in the section on How we use your personal information for marketing purposes below.
6.3 We also use your personal information to:
6.4 In many cases we aggregate and/or anonymise your personal information to an extent that it no longer identifies you. We process such aggregated and/or anonymised data for various purposes, including for research purposes and to help us understand our customers and how they use our services so that we can improve our services to provide a better customer experience or create new services.
7.1 We may share your personal information with the Digi and Telenor Group for them to process it for the purposes listed in the section on How we use your personal information above. In processing this personal information on our behalf, they will always process it in accordance with this privacy notice and applicable law.
7.2 We use partners and service providers for a variety of business purposes such as to help us offer, provide, bill, repair, and improve our services and/or such other third party services that you use. In such cases it may be necessary to disclose your personal information to third parties for these purposes. We will typically share your personal information with third parties when:
7.3 When we share your personal information we will take steps to ensure that the recipient will protect your privacy, keep your personal information secure and process it in accordance with applicable law. Such measures may include entering into appropriate contracts with third parties, which set out sufficient guarantees in respect of the technical and organisational security measures governing the processing of your personal information, and ensuring that the third parties take reasonable steps to comply with those measures.
7.4 We will not sell the personal information that we process about you to third parties without your consent.
8.1 We would like to increase the value you get from being a Digi customer and provide you with more relevant information about our products and services as well as those products and services of our selected third parties. Except where you opt-out of receiving marketing communications from us and/or our selected third parties (as provided at 8.2), we and our selected third parties may use your personal information to send you marketing communications about products and services based on your preferences and interests.
8.2 You have ultimate control over how we use your personal information for marketing purposes If you do not intend to receive or continue receiving marketing communications from us and/or our selected third parties, you can opt out of marketing from Digi, by notice at any time, by contacting the Call Center at 016-221 1800.
8.3 Please note that if you opt out, we will stop sending you marketing communications, but we will continue sending you communications that relate to the services we provide to you.
10.1 We will not keep your personal information for longer than is necessary for the purposes for which we collect and process it, except when we are required by law to keep it for longer than that or have valid grounds for doing so.
11.1 Our appointed privacy officer’s job is to ensure that the processing of your personal information will always comply with this privacy notice and applicable laws.
11.2 We have put in place appropriate technical and organisational security measures to protect your personal information from unauthorised access, collection, use, disclosure, copying, modification or disposal. Our specialist security teams review these security measures regularly, to ensure that we are in compliance with the applicable laws (including any security standards or guidelines as may be issued by the Personal Data Protection Commissioner from time to time).
11.3 When we use service providers or other data processors to process personal information on our behalf, we require them to follow our instructions and apply appropriate technical and organisational security measures to protect the personal information they process on our behalf, which may include the following:
11.4 When you log into your account to use our services with your phone number or username and password, all data is using cryptographic protocols designed to provide communications security such as Transport Layer Security (TLS) and Secure Socket Layer (SSL) encryption. We employ such cryptographic protocols on all pages on our websites where we collect personal information. To make purchases from these web pages, you must use an TLS or SSL-enabled browser such as Internet Explorer, Safari, Firefox, or Chrome. This ensures that your personal information remains confidential and is protected while it is transmitted over the Internet.
11.5 If you have a user name and password to access our services, you are responsible for keeping them secure and confidential. Where you have logged in to your account and have been inactive for some time, to keep your details secure and to protect your account from unauthorised access, we will automatically log you out of the account.
12.1 The Internet is a truly global environment. We use various local and international partners and service providers to provide certain services such as our digital service and the technical infrastructure (such as the servers) which may be located outside Malaysia.
12.2 This means that we may transfer your personal information to countries outside Malaysia for the processing of Personal Data. Such countries may not provide the same level of protection as Malaysia, so when we process personal information internationally, we take appropriate steps to ensure that your personal information is adequately protected. Typically, such steps include carrying out data security reviews of any recipients and putting in place contracts with such recipients, which require the recipients to ensure that personal information in that country will not be processed in a manner which, if that country is Malaysia, would be in contravention of the applicable data protection laws in Malaysia.
13.1 You have certain rights in relation to the personal information that we hold about you. We have in place measures and processes to enable you to exercise your rights and ensure that we can fulfil your requests concerning the personal information that we hold about you.
We will enable you to access the personal information that we hold about you as required by the applicable laws. If you wish to access the personal information that we hold about you by obtaining a copy, please contact our Call Center at 016-221 1800 or write in to Customer Service, Digi Telecommunications Sdn Bhd, Lot 10, Jalan Delima 1/1, Subang Hi-Tech Industrial Park, 40000 Subang Jaya, Selangor.
13.2 Before we are able to respond to your request, we may ask you to prove your identity and to provide further details about your request. We will respond to your request within an appropriate timeframe and, in any event, within any timescales and subject to payment of any fees prescribed by applicable law.
13.3 In addition, you can also access most of the personal information that you provide to us via your online account at any time, to obtain a copy and to correct, amend, or delete information that is inaccurate. You can also close your account altogether.
13.4 We will do our best to ensure that the personal information we hold about you is correct, complete and accurate. However, it is your responsibility to ensure that you provide us true, accurate and complete information, and that you keep information on your online account up to date.
14.1 As a general rule, our services are not aimed at children under the age of 18, and generally we do not intentionally collect personal information about them. If we become aware that we have collected information about children under the age of 18 which we should not have been collecting, we will take steps to delete the information as soon as possible, except where we are required by law to keep it.
14.2 However, some services may be designed for use by children under the age of 18. We will let you know in these services and the applicable Terms of Service exactly how we are protecting the relevant data and will make sure each of these services complies with our guiding principles.
16.1 This privacy notice was last updated on 23 August 2017. We may update this privacy notice from time to time, in which case we will post a prominent announcement on our website home page for 30 days. By continuing to use our services after that period you confirm your continuing acceptance of this privacy notice.
16.2 Where we think it is appropriate, and in any event where we make material changes to our privacy notice, we will also email you or text you to inform you that our privacy notice has been updated.
16.3 If we make material changes to the privacy notice and you do not wish to accept them, you will have 30 days in which you may terminate the service subject always that all outstanding payment due and payable shall be settled in accordance with the Subscribers Terms and Conditions and/or such other terms and conditions that may be imposed by Digi on you from time to time for the provision of service. If you do not terminate the service within 30 days from the date of such material change as mentioned in Clause 16.1 above, by continuing to use our services you confirm your continuing acceptance of this privacy notice.
17.1 If you have a question, concern or complaint about this privacy notice or our handling of your information, you can contact:
Last revised on April 27, 2018, effective as of May 25, 2018