Kindly note that tis notices inform you, our customer, of STMB’s commitment do use/disclose and deal with your information during the course of our business with due care and compliance with the Personal Data Protection Act 2010 (“the Act”) and the Code of Practice on Personal Data Protection for the Insurance and Takaful Industries in Malaysia (“Code”).
Privacy Notice
Types of Personal Information STMB may collect
1. In this regard, when providing our services we may require and collect your personal information such as follows:-
(i) Non-Sensitive Personal Information
a) name and age;
b) home/mailing address;
c) NRIC/Passport No.;
d) contact information, telephone number, e-mail address;
e) biodata/personal profile;
f) photograph or video image;
g) employment information;
h) financial information;
i) investment and risk preferences;
j) vehicle registration;
k) personal information of family members or next of kin;
l) personal data of beneficiaries, nominees, trustees, assignees, relevant to the processing of claims, the provision of takaful cover and related products and services; and/or
m) such other personal information required (with your consent).
(ii) Sensitive Personal Information
a) Thumbprint or DNA profile;
b) Physical and/or mental health condition;
c) Religious belief;
d) Commission or alleged commission of any offence or contravention of law;
e) Expression of opinion; and/or
f) such other sensitive personal information required (with your consent).
The purpose of STMB’s use of your Personal Information.
2. It shall be our duty to only utilise such personal information solely to conduct our business and no other reason of which shall include but not limited to the following:-
i) carrying out any activity in relation to or in connection with carrying STMB’s duties as a Takaful Operator, as licensed under the Islamic Financial Services Act 2013;
ii) customer service under an agreement, complaints handling, conservation, including any value-added services. Agreement shall include family takaful, general takaful, medical takaful, group takaful certificates, agency contract, broking agreements and employment contracts;
iii) carrying out any activity for any investigation during any assessment of proposals and claims;
iv) carrying out any activity in exercising the right to subrogation/recovery;
v) carrying out any activity for the purpose of preventing , investigating and/or reporting any actual or suspected criminal activity (e.g. money loundering, terrorist financing, bribery, corruption, fraud, etc.);
vi) carrying out any activity in compliance with the requirements of any law, regulation or guidelines that are issued by or in cooperation with any regulatory or other authority within or outside Malaysia;
vii) carrying out any activity for marketing (including direct marketing, unless expressly instructed to cease by you);
viii) carrying out research, audit, risk assessment, survey, including statistical/actuarial research or data analytics/study provided you cannot be independently identified in such report/study;
ix) the performance of any obligations under any lawful scheme of transfer of business;
x) cooperation in the assistance of investigations by any insurer or takaful operator;
xi) conducting investigations on third party service providers (including any related party) for any allegation of fraud, conspiracy, breach of law, rules and regulations, codes of practice and misconduct or any unethical behaviour or practices;
xii) performance of re-takaful; and
xiii) information sharing with other insurers, takaful operators and any other information sharing systems, which may include credit-rating systems.
STMB’s source of Personal Information
3. STMB has obtained your information from various sources, such as:
i) When you complete and/or provide documentation and/or verbal information to participate in a takaful product;
ii) When you complete and/or provide documentation and/or verbal information to make a claim under a takaful product;
iii) When you contact STMB through our various methods such as application forms, emails and letters, telephone calls and conversations you have with our staff in a branch. If you contact us or we contact you using telephone, we may monitor or record the phone call for quality assurance, training and security purposes; and/or
iv) From our analysis of your transactions (e.g. payment history, product purchases); and/or
v) When we obtain your personal data through your participation in our customer surveys or when you sign up for any of our competitions or promotions; and/or
vi) When we obtain any data and information from third parties (e.g. credit reference agencies, regulatory and enforcement agencies, hospitals, adjustors, solicitors, employers, beneficiaries, legal representatives, spouses, parents, guardians, dependents and/or companies/partnership that you hold directorships, shareholdings or partnership in); and/or
vii) When you enter into any commercial transactions with STMB including but not limited to you providing goods and/or services or your professional services; and/or
viii) From video recordings from close circuit security surveillance cameras and audio recordings at our premises or at events organised by us; and/or
ix) From publicly available sources.
Your Rights to view and correct your personal information.
4. Your personal information is very important to STMB to enable us to provide our services. Whilst we will use all reasonable efforts to ensure the validity of your information, we may have relied on sources as mentioned in item 3 above and as such cannot guarantee the accurateness of your personal information.
5. In the circumstances it is completely within your rights to request access to view your personal information.
6. If you find your personal information to be inaccurate, incomplete, misleading or not up-to- date you have the right to change such personal date.
7. You may make inquiries, complaints or request for access to or correction of your Personal Information at any time by submitting such request to us via email to [email protected].
Who STMB may disclose your information to?
8. Solely for the purpose as set out in item 2 above and to effectively provide our services, please note that STMB will/or may disclose your personal information to the following people or parties:-
i) Individuals or organizations within STMB’s group, or another insurance/takaful group of companies;
ii) Bankatakaful partners, their party outsourcing service providers, third party call centers, insurance/takaful agents registered with a licensed insurance/takaful provider and the necessary associations STMB is registered with or independent licensed insurance/takaful brokers;
iii) Re-insurers/retakaful service providers;
iv) Claims investigation companies or loss adjusters/surveyors or other parties necessary to process claims;
v) Relevant government authorities, law enforcement agencies, courts tribunals, regulatory bodies and/or statutory agencies or bodies or any other person we are under an obligation or required or expected to make disclosures for the purposes set out;
vi) Industry associations and federations;
vii) Doctors, medical specialists, hospitals, clinics or healthcare institutions;
viii) our auditors, consultants, lawyers, accountants, fund managers or other professional advisers appointed in connection with our business on a strict confidential basis, appointed to provide services to us;
ix) Bank, credit companies or other financial institutions for the purposes of collection or refund of any monies due or payable;
x) Any person permitted by you or, as the case may be, your executor, administrator or legal personal representative;
xi) Information-sharing systems, for purposes of enabling exchange of information in order to facilitate fraud prevention and detection;
xii) Any person to whom disclosure is necessary for the purpose of investigation into any allegation of service providers’ and their third party service providers’ breach of any laws, rules and regulations, codes of practice including this Code, misconduct or unethical behaviours or practices;
xiii) Any person to whom the disclosure is necessary for the purposes of investigations under any written law, criminal proceedings or civil proceedings, or nay person to whom the disclosure is required to be made under court order; and/or
xiv) Other third party service providers appointed to provide administrative, telecommunications, payment, data processing, data storage, or other services to us.
STMB protects your data
9. The protection of your personal information is important to us. STMB has taken all practical physical, technical and organisational measures to protect your personal information from any loss, misuse, modification, unauthorised or accidental access, disclosure, alteration or destruction. All authorised disclosure of your personal information to our authorised agents or service providers, we have and will require them to appropriately safeguard your personal data provided to them.
STMB Destruction Policy
10. Once STMB has utilised your data for our purposes mentioned and you no longer have dealings with us, we shall promptly destruct or permanently delete such information.
STMB’s commitment to your right to ask us to stop using your personal information
11. It is well within your right to request that we stop using your personal data by:-
a) withdrawing your consent;
b) requesting in writing for us to cease or not begin the processing of your personal information if you feel that the use of your personal data is causing or likely to cause substantial damage or substantial distress to you; and the damage or distress is or would be unwarranted; or
c) requesting in writing that we cease or not begin processing your personal data for purposes of direct marketing.
12. We treat all information requested as obligatory. However, a withdrawal of consent or request not to deal with your personal information may result in us not being able to continue providing our services and products, which may include the cancellation of any existing takaful certificate you may have with us.
13. We may change or update parts of this Privacy Notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating the wording on this webpage and updating the publication date at the top of this page, although, please be aware; you will not necessarily be directly notified of such a change. Therefore, please ensure that you regularly check this notice so you are fully aware of any changes or updates.
Purpose of this notice
14. This notice is in compliance with the Act and the Code which requires us to cover the following:-
i) General Principle: The processing of data requires consent. This is self-explanatory but it should be noted that even if you do give your consent, STMB may only use your data for lawful purposes only, and for purposes directly related to our the activities and only to such an extent as is necessary and not excessive in relation to that purpose. If you have given us your information voluntarily, then we can deem that you have given consent.
However, it does not last forever. You may, by notice in writing, revoke your consent and we must cease processing your personal information.
ii) Notice and Choice Principle.
This principle sets outs requirements which, among others, that STMB must inform you in writing that your personal information is being processed (by us or by third parties) and for what purpose (which we hereby do).
iii) Disclosure Principle.
The disclosure principle has two aspects:
a) Firstly, we are only allowed to disclose data for the purpose or directly related purpose of which it was collected/received; and
b) We can only disclose to the data to a third party or a class of third parties who are stated in this notice to you.
iv) Security Principle.
We must take practical steps to protect the personal data from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction.
v) Retention Principle.
This principle provides that your personal information shall be kept and/or processed for so long as is necessary only. Once the purpose for which the data was collected is achieved, it is mandatory for your personal information to be disposed. For example, if your first proposal is rejected by us, then, your data must be destroyed or permanently deleted.
vi) Data Integrity Principle.
This principle imposes a duty on us to ensure that the personal data is accurate, complete, not misleading and up-to- date for its purpose or directly related purpose.
vii) Access Principle.
The right to access your data and correct it if inaccurate is ancillary to the Data Integrity Principle above.