Privacy Policy & Notice

Overview

Simplepay Gateway Sdn Bhd (Company Registration No. 201501030418 (1155742-H)) (hereinafter referred to as “senangPay”, “we”, “us” or “our”) is the Data Controller responsible for deciding how and why your personal data isprocessed and has developed and issued this Privacy Policy & Notice in accordance with the Personal Data Protection Act 2010 (as amended) (“PDPA”) and its regulations, guidelines and orders to inform you by notice of how we, as the Data Controller may collect, retain, process, share and transfer your Personal Data (as defined within the PDPA) whenyou use the services offered and provided by us (“Services”).

This Privacy Policy & Notice applies to the Personal Data provided by you when you visit our websites (“Sites”) or use our Services, but does not apply to your Personal Data provided on other online websites, mobile applications or services that we do not own or control, including websites, mobile applications or services of other users of senangPay’s services.

senangPay has been validated against the external network vulnerability scan requirements of Payment Card IndustryData Security Standard (PCI DSS) and is fully in compliance with PCI DSS level 2 standards.

For the purposes of this Privacy Policy & Notice, please note that:

“Account” refers to an account created on our Sites or to use our Services.

“Device Information” refers to information about the device used to access our Services, which may include but is not limited to device type, model, operating system, browser type, unique device identifiers, IP address, and other diagnostic information.

“Geolocation Information” refers to data that determines your geographic location, which may be derived from your IP address, GPS, Wi-Fi signals, or other technologies.

“Merchant” refers to the party onboarded as a merchant of senangPay to accept credit cards, debit cards, FPX and other payment methods to receive payments, manage, and analyse the exchange of funds for goods or services between the Users and such Merchant, generate reports, and perform other financial transactions using the Services.

Participant” refers to any individual or entity involved in a transaction facilitated through our Services.

“Personal Data” refers to the personal data as may be defined under the PDPA.

“Technical Usage Data” refers to data automatically collected when you interact with our platform, including details such as your interactions with the payment gateway, time and date of access, transaction logs, page views, session durations, error logs, and other technical data.

Users” refers to any individual who accesses, interacts with, or uses our Services, the Sites or any platform and mobile application in relation thereto.

 

1. Your Acknowledgment and Consent

Personal Data provided to senangPay will generally be kept confidential. By using our Services, and/or providing uswith your Personal Data, you hereby consent and authorise us to collect, retain, process, use, share, transfer and/ordisclose your Personal Data in accordance with this Privacy Policy & Notice. You hereby acknowledge that you have read and understood this Privacy Policy & Notice and agree and consent to our use and processing of your Personal Data.

If you have provided or disclosed Personal Data of individual third parties or if you are a corporation whereby you have provided or disclosed Personal Data of individual third parties including but not limited to your directors, individual shareholders, employees, authorized signatories, agents, representative, or otherwise, you hereby represent and warrant to us that you have obtained the consent of such third parties and are entitled to provide theirPersonal Data to us to be used, processed and/or disclosed in accordance with this Privacy Policy & Notice.

Our services and website are intended for individuals who are at least eighteen (18) years of age. If you are under 18,you shall not provide any personal data to us and must immediately stop using our Services unless you obtain the consent of your parent or legal guardian to do so.

If you are a parent or legal guardian of an individual below the age of eighteen (18), you must not permit that individual to disclose their personal information to us unless you have read and agree to this Privacy Policy & Notice. As a parent or legal guardian, by allowing those individuals to use our services or by providing their Personal Data, you hereby consent to the processing of their personal data in accordance with this Privacy Policy & Notice and accept full responsibility for their actions on our Site or platform.

 

2. What Types of Personal Data Do We Collect?

We may collect information about you when you visit our Sites or use our Services or when you provide your PersonalData to use or when we receive information from a third party, including the following:

  • Identity & Profile Data: Name, NRIC/Passport number, age, gender, and identification documents, Company name and company registration number, postal address, telephone/mobile number, and email address.
  • Employment Data: Company name, company registration number, and employment details.
  • Financial & Transaction Data: Bank account details (balance, account number), credit/debit card information, funding instruments, spending patterns, and transaction history (amounts sent/requested/paid).
  • Technical & Usage Data: Device information (ID, model), IP address, geolocation information, and data regarding how you interact with our Sites.
  • Third-Party Participant Data: Information you provide about other Participants in a transaction (names, mobile numbers, or email addresses).

 

3. What are the Sources of Personal Data?

We obtain your Personal Data through the following:

  • Directly From You: When you register for an Account, fill out forms, participate in additional or optional features and functionality, communicate with our customer support, engage in marketing, promotions and cross selling.
  • Transactions: Information provided during the course of your use of our Services including to enhance the Services, to receive money, to invite other potential merchants .
  • Automated Collection: Cookies, technical data and geolocation collected automatically when you visit our Sites or use our Services.
  • Third-Party Sources: Information from Merchants, third party commercial partners, credit bureaus and data providers.
  • Service Providers: Data from credit bureaus, data providers, analytics providers, advertising partners and third-party services providers.
  • Referrals: Information provided by other users via our Affiliate
  • Public & Social Platforms: Information shared when you engage with us through social media, surveys, or at physical events.

 

4. Why Do We Retain Your Personal Data?

We retain your Personal Data to fulfil our legal or regulatory obligations and for our business purposes and to provideour Services to you. We may retain Personal Data for longer periods than required if it is in our legitimate business interests and not prohibited by the applicable laws.

If your Account is closed, we will take reasonable steps to mask your Personal Data and other information but wereserve our ability to retain and access the data for so long as required to comply with applicable laws including for the purposes of resolving disputes, fraud prevention, or meeting regulatory requirements. We will continue to use anddisclose such Personal Data in accordance with this Privacy Policy & Notice.

 

5. Do We Share Your Personal Data?

We may share your Personal Data or other information about you with others including with the following parties in a variety of ways as described in this the Privacy Policy & Notice.

  • With other members of the senangPay corporate family: We may share your Personal Data with members of the senangPay family of entities including our holding, subsidiary, related, affiliated and any future entities.
  • With other companies that provide services to us: We may share your Personal Data with third-party service providers that perform services and functions at our direction or on our behalf. These third parties act as data processors on our behalf.
  • With the other parties to transactions when you use the Services, such as other Users, Merchants, and their service providers: We may share information about you and your Account with the other parties involved in processing your transactions (including those located outside of Malaysia). This includes theParticipants, other Users, such as those you are sending funds to or receiving funds from, as well as theMerchants and their service providers when you use the Services to pay for goods or The informationmay include without limitation:
    • Personal Data and Account information;
    • Information that are able help other Participants(s) resolve disputes and detect and prevent fraud; and
    • Aggregated data and performance analytics.
  • With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties (including those located outside of Malaysia) for senangPay’s business purposes or as permitted or required by law, whenever necessary.
  • With your consent: We will share your Personal Data and other information with your consent or direction, including if you authorize an Account connected with a third-party account or platform.
  • Cross-Border Transfers of Personal Data: As a payment gateway operating across multiple jurisdictions, we may transfer your Personal Data to recipients located outside Malaysia, including payment network partners,fraud detection services, cloud infrastructure providers, and group entities. We will only transfer your Personal Data outside Malaysia where at least one of the following conditions is satisfied:
    • the destination country has in force a law substantially similar to the PDPA or ensures an equivalent level of protection (assessed via a Transfer Impact Assessment where required);
    • you have given your explicit consent to the transfer, having been informed of the class of recipient and the purpose of the transfer;
    • the transfer is necessary for the performance of a contract between you and us, or a contract entered into at your request or in your interests;
    • the transfer is for the purpose of any legal proceedings or for the purpose of obtaining legal advice or for establishing, exercising or defending legal right;
    • the data controller has reasonable grounds for believing that in all circumstances of the case:-
      • the transfer is for the avoidance or mitigation of adverse action against the you;
      • it is not practicable to obtain your consent in writing of the data subject to that transfer; and
      • if it was practicable to obtain such consent, the you would have given your consent; or
    • we have taken all reasonable precautions and exercised all due diligence to ensure that the recipient treats the Personal Data no less protectively than required under the PDPA, including through contractual data protection obligations binding on the recipient.

We maintain records of all cross-border transfers, including details of the recipient, the destination country, the categories of Personal Data transferred, the purpose of transfer, and evidence of compliance with PDPA.

 

6.  Why Do We Process Your Personal Data?

We may process and your Personal Data and any other information collected for the following reasons (the list of which may not be exhaustive):

  • To operate the Sites and provide the Services, including to:
    • facilitate the transaction;
    • initiate a payment or send money;
    • authenticate your identity and access to your Account;
    • communicate with you about your Account, the Sites, the Services, or senangPay;
    • create an account connection between your Account and a third-party account or platform;
    • perform credit worthiness and other financial standing checks, evaluate applications, and compare information for accuracy and verification purposes;
    • keep your Account and financial information up to date; and/or
    • provide customer support.
  • To manage our business needs, such as monitoring, analysing, and improving the Services and the Sites’ performance, and to help Merchants better understand Users and enhance their experiences.
  • To help assess and manage risk, prevent abuse of our Sites and Services, and to detect and prevent fraud involving us, our Users, the Participants, our business partners, strategic ventures, Merchants, other individuals, our Sites or our Services.
  • To provide personalized Services, market and promote senangPay products and Services on third-party websites and online services as well as the products and services of unaffiliated businesses.
  • To uniquely tailor the marketing content and certain Services or Sites experiences to better match your interests on senangPay and other third-party websites.
  • To use cookies and other tracking technologies to provide these online Services and/or work with other third-parties such as Merchants, advertising or analytics companies to provide these online services.
  • To enhance the security of the Sites and Services and provide you with location-specific options, functionality oroffers if you elect to share your Geolocation Information through the Services such as advertising, search results, and other personalized content.
  • To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with the law, legal process or regulations, law enforcement, regulators, government officials, or other third parties inrelation to any subpoena, court order, or other legal process or requirement under Malaysian law or regulation, or the laws and regulations of other jurisdictions that are applicable to senangPay or one of its affiliates,including any such law or credit card rules.
  • To prevent physical harm or financial loss.
  • To report suspected illegal activity or to investigate violations of a user agreement and/or senangPay’s policy.
  • To facilitate a purchase, sale, merger, or acquisition involving all or part of senangPay’s business, including the disclosure of Personal Data to relevant companies.
  • To support our audit, compliance, and corporate governance functions.
  • In connection with shipping and related services for purchases made using a Service.
  • To banking partners as required by card association rules for inclusion on their list of terminated Merchants.
  • To credit reporting and collection agencies.
  • To engage in direct marketing, promotions and cross selling.

 

7.  How Do We Use Cookies & Tracking Technologies?

When you visit our Sites, use our Services, or visit a third-party website for which we provide online Services, we andour business partners and vendors may use cookies and other tracking technologies (collectively, “Cookies”) for the following reasons:

  • to recognize you as a User or Participant and to customize your online experiences, the Services you use, and other online content and advertising;
  • to measure the effectiveness of promotions and perform analytics; and
  • to mitigate risk, prevent potential fraud, and promote trust and safety across our Sites and Services.

Certain aspects and features of our Services and Sites are only available through the use of Cookies, so if you choose to disable or decline Cookies, your use of the Sites and Services may be limited or not possible. For a full list of the cookies we use, their specific purposes, and how you can manage your preferences, please refer to our Cookie Policy.

 

8. What Privacy Choices Are Available To You?

You have choices when it comes to the privacy practices and communications described in this Privacy Policy. Many of your choices may be explained at the time you sign up for or use our Services or in the context of your use of the Sites. You may be provided with instructions and prompts within the experiences as you navigate the Services.

  • Choices Relating to the Personal Data We Collect
    • Personal Data: It is obligatory for you to provide the accurate and updated Personal Data requested by us that is mandatory to provide the Services. You may decline to provide Personal Data when it isrequested by senangPay, but certain Services or all of the Services would become unavailable to you.
    • Location and other device-level information: The device you use to access the Sites or Services maycollect information about you, including Geolocation Information and User usage data that senangPay may then collect and use.
  • Choices Relating to Cookies
    • You may have options available to manage your cookies preferences. For example, your browser or internet device may allow you to delete, disable, or block certain cookies and other tracking You may choose to enable these options but doing so may prevent you from using many ofthe core features and functions available on a Service or Site.
    • You may have an option regarding the use of cookies and other tracking technologies when you use a Service or visit parts of a Site. For example, you may be asked if you want the Service or Site to “remember” certain things about you, and we will use cookies and other tracking technologies to the extent that you permit them.

 

9. How Do We Protect Your Personal Data?

We maintain technical, physical, and administrative security measures designed to provide reasonable protection foryour Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measuresinclude firewalls, data encryption, physical access controls to our data centres, and information access authorization controls.

While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining theprivacy of your password(s) and Account/profile registration information and verifying that the Personal Data wemaintain about you is accurate, complete, not misleading and current. We are not responsible for protecting any Personal Data that we share with a third-party based on an account connection that you have authorized.

Please note that any transmission of data over the Internet is not completely secure. While we will make every effort toprotect your Personal Data, we cannot guarantee the security of data transmitted online. Therefore, any transmission of data is at your own risk.

 

10.  Direct Marketing

We will not use your Personal Data for direct marketing, promotional communications, or cross-selling purposes unlesswe have received your express opt-in consent to do so. Where you have provided such consent, we may use your Personal Data to provide you with information about our and third-party services and/or products which may be ofinterest to you. You may withdraw your marketing consent at any time by contacting us or using the opt-out mechanism provided in any marketing communication, without prejudice to the lawfulness of any processing carried outprior to withdrawal.

We may, in some circumstances, disclose your Personal Data to preferred Merchants and strategic partners. Such disclosure will only occur where you have subscribed for particular products and/or Services that require such disclosure, and/or where your consent has been obtained, subject at all times to any laws (including regulations, guidelines, and/or obligations) applicable to senangPay.

We take reasonable steps to ensure that the third parties we are sharing your Personal Data with also have appropriate privacy and confidentiality obligations.

Where you have expressly given your consent, we may contact you from time to time with information about our products, Services, and promotions that we consider may be of interest to you.

 

11. Your Rights and Contacting the Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy andensuring compliance with the PDPA. You shall contact our DPO if you wish to:-

  • exercise your right to limit or withdraw your consent to the collection and process of your Personal Data
  • request for access, deletion, correction or update of your Personal Data;
  • make any inquiries or complaints regarding your Personal Data.

 

You may contact our DPO at:

  • Contact Person : Data Protection Officer
  • Address: Unit 27-8, Level 8 Boulevard Office, Mid Valley City, Lingkaran Syed Putra, 59200 Kuala Lumpur, Wilayah Persekutuan.
  • Tel No.: 03-2771 2707
  • E-mail: [email protected]

If we are unable to resolve your complaint, you have the right to lodge a formal complaint with the Personal Data Protection Commissioner (JPDP) at www.pdp.gov.my.

senangPay reserves the right to refuse your request for the aforementioned for reasons permitted under the law.

 

12. Right to Data Portability

Where our processing of your Personal Data is based on your consent or on a contract to which you are a party, youhave the right to data portability. Subject to technical feasibility and compatibility, you may request to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller. To submit a data portability request, please contact us or our DPO using the details provided above.

 

13. Data Breach Notification

We have established internal procedures to detect, assess, and respond to personal data breaches. Where we havereason to believe that a personal data breach has occurred, we will notify the Personal Data Protection Commissioner as soon as practicable and in any case within 72 hours of becoming aware of the breach (“Initial Notification”). Where the breach is likely to result in significant harm to affected data subjects (such as risk of financial fraud oridentity theft), we will also notify the affected individuals without unnecessary delay and no later than 7 days after the Initial Notification.

 

14. Language

As per Section 7(3) of the PDPA, this Privacy Policy & Notice is issued in both English and Bahasa Malaysia. In the event of any inconsistency, the terms of the English version shall prevail.

 

15.  Revision of this Privacy Policy & Notice

senangPay has the right to modify, update, or amend the terms of this Privacy Policy & Notice from time to time. If we make material changes to this Privacy Policy & Notice, we will notify you via your email address registered with us orthrough a notice on our Sites at least twenty-one (21) days before the changes take effect. For minor changes, the revised version will be posted on our Sites with an updated “Effective Date”. Your continued use of our Services afterthe notice period constitutes your acknowledgment and acceptance of the revised terms.