Privacy Policy

General

Gold, a division of Provident Banc Berhad [Company Registration No. 199101020861 (231172-P)], its group of companies, affiliates and/or subsidiaries (individually and collectively , “Provident”, “we”, “our”, or “us”) is committed to safeguarding your privacy in strict compliance with the provisions of the Personal Data Protection Act 2010 (“PDPA”) , especially in the context of the trust you place in us when you use our website and/or digital platform (collectively referred to as the “Site”) for the purchase, sale, and management of gold products. In recognition of this trust and our legal responsibilities under the PDPA, this Privacy Policy has been developed to describe, inter alia:

  1. The categories of personal data collected by Provident, whether directly or indirectly, and the mechanisms employed in obtaining such data;
  2. The purposes for which such personal data is processed, retained, stored, or utilised by the Provident;
  3. The categories of third-party recipients, including both domestic and international entities, to whom such personal data may be disclosed, pursuant to the statutory and contractual obligations of Provident; and
  4. Your statutory rights under the PDPA, including the right to request access, rectification, removal or limitation of your personal data, as well as the right to withdraw consent, where applicable.

For the purposes of this Privacy Policy, “Personal Data” means any information which, whether directly or indirectly identifies you, relates to you or any other third party related to you which was collected and provided to Provident for the purposes stated in Clause 4 below. We process your personally identifiable information which may include but not limited to your name, National Registration Identity Card number, contact details, residential or correspondence address, email address, photographic or biometric data, personal preferences, financial and banking account details, information regarding your family, relatives or any third party that you provide to us, your preferences in relation to products and services your purchase from us, and other identifying data, whether stated hereinafter in Clause 2 below. The term “Personal Data” also includes sensitive data as defined under Section 4 of the PDPA, including but not limited to physical or mental health, political affiliations, religious beliefs, and data concerning any criminal record.

Failure to provide your Personal Data to Provident as stipulated in any section of the Site, or otherwise required by Provident, whether through manual or electronic means, may result in Provident being unable to fulfil its contractual obligations, including but not limited to, the inability to process registration and/or application, execute transactions, maintain accurate user records, or provide ongoing services available on this the Site, whether or not the provisions of transactions and/or services requested are to be conducted, performed or rendered through virtual platforms or physical channels, subject to operational requirements. Such non-compliance will inhibit Provident from offering, continuing, or fulfilling any platform-services to you.

1. Scope and Applicability

This Privacy Policy applies to all users, customers, potential customers, and visitors who access, browse, or transact through our Site, as well as any related communications, transactions, or interactions—whether initiated electronically, manually, or through intermediaries—and regardless of whether such interactions culminate in formal transactions or agreements.

By providing Provident with any Personal Data related to third parties, including but not limited to beneficiaries, nominees, or authorized representatives, you represent and warrant that all necessary consents, authorizations, or legal permissions from such third parties have been obtained in full compliance with the PDPA for the purposes outlined in this Privacy Policy, thereby indemnifying us from any claims arising from such third-party disclosures.

2. Categories of Personal Data Collected

The types of personal data that we collect, either directly from you, from third parties acting on your behalf, or indirectly through technological means (such as cookies and digital identifiers), may include, but are not limited to, the following categories:

  1. Identification information such as your full name, national registration identity card (NRIC) or passport number, date of birth, nationality, gender, and photograph;
  2. Contact information, including physical mailing address, email address, and mobile or telephone number;
  3. Financial and transactional data, including bank account information, credit/debit card details, transaction history, and payment preferences;
  4. Account-related information, including login credentials, password hints, security verification answers, and two-factor authentication logs;
  5. Technical and usage information, such as device type, IP address, browser version, access logs, navigation patterns, and platform interaction metadata;
  6. Compliance data, including data collected as part of our Know-Your-Customer (KYC) and anti-money laundering (AML) due diligence.

3. Collection of Personal Data

Provident may collect your Personal Data from you, authorised agent(s), other party(ies), or publicly available source(s), including but not limited to:

  1. When you enter into contractual relations with Provident or sign up to its products(s) and/or service(s)
  2. When you submit any formal documentation, including forms, agreements, or declarations, whether electronically or manually;
  3. When you engage with Provident for any inquiries, grievances, or feedback, whether through in person visits, electronic correspondence, or other digital platforms including but not limited to social media or affiliates;
  4. When you initiate or during the course of any business relationship transaction with Provident;
  5. When you visit any premises or events organised by Provident;
  6. In the course of any employment-related interactions, including job applications;
  7. When you visit or navigate the Provident website or platform;
  8. When you participate in any of the Provident corporate events or training sessions;
  9. When Provident acquires your Personal Data from publicly available sources, business affiliates, or third-party references, including through agents, financial institutions, or credit reporting agencies;
  10. When you interact with our customer service, third-party service integrations, cookies or tracking technologies;
  11. When you consent to marketing communications or participate in promotions.

4. Purposes of Collecting and Further Processing (Including Disclosing) Personal Data

We collect and further process your Personal Data as required or permitted by law and to give effect to your requested commercial transaction, including but not limited to the following:

  1. To facilitate the creation, verification, and ongoing administration of your user account on our Site;
  2. To process your requested transactions involving the purchase, sale, redemption and/or delivery of gold, whether where the record stored virtually or gold stored physically;
  3. To process any payments related to your requested transactions and/or services;
  4. To perform regulatory screening, identity verification, and client due diligence in compliance with anti-money laundering laws, terrorist financing prevention obligations, and internal risk management protocols;
  5. To deliver customer service, respond to inquiries, investigate complaints, and address service requests efficiently and with due care;
  6. To enhance our online platform by analysing user engagement, browsing habits, and transaction patterns to improve usability, functionality, and relevance of content;
  7. To administer and communicate with you in relation to our services, products, events, transactional updates, service changes, system maintenance, security alerts and/or policy updates that may affect your account;
  8. To manage internal administrative functions, including data integrity management, audit logs, reconciliation, reporting, and archival purposes;
  9. To enable the exercise or defence of legal claims, whether actual or anticipated, including facilitating legal proceedings, dispute resolution, or enforcement of contractual rights;
  10. To comply with applicable laws, regulations, directives, and obligations imposed by financial authorities, courts, or enforcement bodies, whether within Malaysia or abroad; and/or
  11. Any activity related or incident to any abovementioned purposes.

5. Disclosure and Sharing of Personal Data

In the course of providing, managing and/or operating Provident products and services to you, Provident may provide or disclose your Personal Data, to the extent necessary, to the following parties for the purposes set out in Clause 4, subject at all times to any applicable laws or practice, guidelines, obligations and/or directives from any regulatory authorities:

  1. Any officers, employees, directors or authorized agents of Provident insofar as necessary to fulfil and/or their duties, obligations and/or operational support;
  2. Any companies and/or organizations that act as agents, service providers and/or professional advisors engaged by Provident (if applicable);
  3. Any person authorized to act as an agent of Provident in relation to the distribution of products and services offered by Provident (if applicable);
  4. Any external service providers engaged by Provident for IT hosting, data processing, customer support, cloud storage, payment gateway integration, cybersecurity monitoring or communications management;
  5. Third party credit reference and/or reporting agencies registered under the Credit Reporting Agencies Act 2010, any authority including Bank Negara Malaysia, any other governmental or regulatory authority or body, and any insolvency department;
  6. Any agent or third-party service provider, within or outside Provident responsible for executing transactions, rendering services and/or processing instructions on your behalf; and/or
  7. Any other authorized third party Provident believes in good faith to be tendering payment on your behalf.

6. Security Measures and Data Protection

We have implemented reasonable physical, technical and procedural measures to secure your personal information from accidental loss and from unauthorized or accidental access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers. The measures we implement include the following:

  1. Prohibiting the transfer of personal data through removable media device and cloud computing service unless consent has been obtained from the top management of Provident and appropriate safeguards have been implemented;
  2. Recording any transfer of data through removable media device and cloud computing service unless consent has been obtained from the top management of Provident and appropriate safeguards have been implemented;
  3. Ensuring that personal data transfer through cloud computing service comply with the personal data protection principles in Malaysia, as well as with personal data protection laws of other countries;
  4. Maintaining a proper record of access to personal data periodically and making such record available for submission when directed by the Personal Data Protection Commissioner;

While we are committed to ensuring a high standard of data security to protect your Personal Data, we must acknowledge the inherent vulnerabilities associated with digital communications and do not warrant or guarantee the security of your Personal Data transmitted on the Site.

7. Data Retention and Disposal

Provident shall retain your Personal Data to the extent where its legal or business purposes for acquisition or use remain applicable, until the information has fulfilled its intended purpose, or unless otherwise compelled by law, mandated by government authority, or required for legal proceedings.

Upon expiry of the retention period, we shall securely dispose of or anonymize your data in accordance with our data destruction policy, unless otherwise required for the resolution of ongoing disputes or the establishment of legal claims.

8. International Data Transfers

In some circumstances, it may be necessary for us to transfer your Personal Data outside of Malaysia if any of the third parties mentioned in Clause 5 (Disclosure and Sharing of Personal Data) above including our service providers or business partners who are involved in providing any services to us are located or have processing facilities in countries outside of Malaysia.

You consent to us transferring your Personal Data outside Malaysia to such third parties and for the purposes set out in Clause 4 (Purposes of Collecting and Further Processing (Including Disclosing) Personal Data) above.

We shall take necessary steps to ensure that any such third parties are contractually bound to protect your Personal Data while upholding confidentiality, data minimization, and integrity safeguards.

9. Your Rights under PDPA

You are entitled, subject to applicable exceptions under the PDPA, to request access to your Personal Data held by us, to correct any inaccuracies, to withdraw your consent to certain types of processing, or to object to processing which you reasonably believe is not justified by legitimate interests or legal grounds.

Any request abovementioned must be made in writing and accompanied by sufficient proof of identity to prevent fraudulent manipulation; we may impose a reasonable administrative fee for processing access requests where such fees are permitted under the law.

10. Cookies, Analytics, and Online Tracking

Our Site may employ the use of cookies in the processing of your information to enhance your browsing experience, remember preferences, perform analytical evaluations, and serve content tailored to your user profile. We may also collect the following information during your visit to our Site and/or the fully qualified domain name from which you accessed the Site, or alternatively, your IP address:

  1. The date and time you accessed each page on the Site;
  2. The URL of any webpage from which you accessed our Site (the referrer); and
  3. The web browser that you are using and the pages you accessed.

You may disable cookies through your browser settings; however, doing so may limit the functionality of certain features or transaction capabilities.

11. Consent

By submitting your Personal Data, you agree to the use of such data as described in this Privacy Policy, including any amendments. Provident may review and update this Privacy Policy from time to time to reflect changes in the law, business practices, procedures, and structure of Provident. By continuing to use the service, you indicate your acceptance of any such modifications.