This Privacy Notice explains how we collect, use, process and store your Personal Data when you (as an individual or business entity) use or subscribe to any of our products, services, and/or applications (including but not limited to connectivity, business, and digital solutions), and visit any of our retail stores, or websites (collectively referred to as “Services”). 

 

Personal Data includes your name, address or email address, as well as less obvious data like device-related data, call records, online identifiers, and location data.

 

Please read this Privacy Notice in context with the Terms & Conditions of the Service that you use. It may set out additional Service-specific terms regarding your Personal Data which we collect from you and the related processing activities.  


We have summarised the Privacy Notice into an infographic here.



Updated 1 May 2023


1. WHO ARE WE?

Digi Telecommunications Sdn Bhd (as part of CelcomDigi Berhad) (referred to “Digi”, “us” or “we”) is committed to protect and respect your privacy. 

 

Digi is a mobile connectivity and internet services provider. Our office is located at No. 6, Persiaran Barat, Seksyen 52, 46200 Petaling Jaya, Selangor Darul Ehsan.



2. WHY DO WE PROCESS YOUR PERSONAL DATA?

We process your Personal Data based on:

  1. Your consent where Digi does not rely on other legal basis. When you give your consent, you may withdraw it at any time.  For more information, refer to the ‘What Are Your Rights' section below.
  2. The performance of your contract, for example, enabling the Services which you subscribed to. 
  3. Pre-contractual enquiry, for example when you are a potential customer.
  4. Compliance with legal obligations, for example, accounting and tax requirements, and any lawful request from the government, judiciary, or law enforcement officials.
  5. Protecting your vital interest such as disclosing your last known location to the authorities where you have been reported missing for more than 24 hours.



3. HOW DO WE COLLECT?

We collect your Personal Data:

  1. Directly from you, such as during physical and online registration, contact us through various channels, and take part in a competition, prize draw or survey.
  2. When you use our Services, such as connect your devices to our network, use our application or digital solutions, browse any of our websites, or visit any of our retail stores.
  3. From other sources, such as business directories, fraud-prevention agencies, credit reporting agencies, financial institutions, connected network providers, or other business partners either before initiating your Services, when you interact with us on social media platforms, when you are a customer of a business that we acquire, and/or where you have given permission to other companies to share information about you.



4. WHAT DO WE COLLECT?

We collect and process your Personal Data throughout our Service to the extent permitted by law, including but not limited to your:

  1. Account information, such as name, address, mobile number, date of birth, gender, email address, identification number, billing information, payment transactions, purchase history, credit or debit card information, bank account, and other financial information. Where you are subscribed as a business entity, we will also collect your company information. We may also collect your company representative and/or guardian’s information. Where you provide us with such information, it is deemed that you have received their consent to share the information with Digi.
  2. Location information, such as GPS location generated from tower or cell location, Wi-Fi routers, Bluetooth services, or other access points, and information derived from your IP address, postcode, town or city.
  3. Device information, such as device number (IMEI), device model and operating system, and SIM card number (IMSI or ICCID).
  4. Network performance and usage information, such as connectivity performance (including speed, traffic flow, and capacity), SMS, call and roaming records and utilisation, and internet data balance and utilisation.
  5. Web browsing and application information, such as websites you visit or mobile apps you use, browsing activities, and attributes collected using cookies, web beacons, and other technologies (refer to our 'Cookie Notice').
  6. Biometric information, such as fingerprint.
  7. Other information, such as event, competition, or survey participations, photos and videos recorded by us or submitted to us, records of your contact with our various channels (including live chats, emails, or calls made to our Contact Centre), and CCTV recordings at our retail stores.


Digi only collects Sensitive Personal Data when you voluntarily provide us this information or where such information is required or permitted to be collected by law. For instance, when you submit your identification card, we may collect your racial or ethnic origin. 


We may not be able to process your registration and/or provide you with our Services if you fail to supply us with the necessary Personal Data, the Personal Data supplied is incomplete and inaccurate; and/or you withdraw your consent for us to process your Personal Data.

 

You may access our Services through third party platforms to perform transactions such as balance inquiry, pay your bills, and/or purchase any of our Services. By using those platforms for any of our Services, any Personal Data shared may be governed in accordance with this Privacy Notice



5. HOW DO WE USE?

We may use and process your Personal Data to:


5.1. Provide you with our Services 

  1. Fulfilment purposes, such as process your registration and orders, manage your account, connect you to our partners, install equipment at your property, and deliver your purchases.
  2. Billing purposes, such as process your payment, issue your bills, and recover debts.
  3. Customer support purposes, such as respond to your queries through various channels.
  4. Service improvement purposes, such as monitor our network and maintain network availability, support any troubleshooting activities, and monitor and record your calls to our Contact Centre for training and quality assurance.
  5. Communication purposes, such as keeping you updated on the latest information relating to your subscribed Services (including your benefits and rewards), notify changes to our terms and conditions or service interruptions, and share public service announcements on behalf of the statutory and/or regulatory bodies. You may also contact us on other channels such as social media platforms.


 5.2. Personalise our Services

  1. Marketing purposes, such as sending promotional materials relating to our Services, or promote our partner’s products and services which we think may be of interest to you through phone calls, SMS, emails, and push notifications (where you have consented to receive them). We tailor these messages based on the Services you’ve subscribed to, or information we receive from third parties. 
  2. You can control your marketing permissions. For more details on this and how to opt-out from receiving marketing communications, refer to the 'What Are Your Rights' section below.
  3. Online advertising purposes, such as market our campaigns (and those of our partners) more effectively and make your online experience more efficient and enjoyable. This is known as interest-based advertising. It can be found on websites belonging to Digi or third party websites, as well as other channels such as social media platforms which uses cookies. 
  4. You can control your cookies setting. Refer to our ‘Cookie Notice' for more information. Opting out of interest-based advertising does not stop advertisements from being displayed – it is just that they would not be tailored to your interest. To stop receiving personalised advertising on your social media platforms, go to the relevant platform’s ad settings.


5.3. Protect our Services

  1. Screening purposes, such as conduct a credit check during your application and throughout our Services. This information may be updated from time to time and supplied to other organisations by the credit reporting agencies.
  2. Fraud prevention and security purposes, such as verify your identity, detect and resolve fraudulent use of our networks, prevent and stop potential cyber security threats to our internal systems, network and Services, protect your account from unauthorised access, fraud, misuse or damage to our Services, and investigate suspicious account activity or transactions when you use any of our Services.


5.4. Research, analytics, and reporting 

  1. Research and analytics purposes, such as conduct market research or surveys, perform internal marketing analysis, customer profiling activities, analysis of patterns, behaviours, and choices, and identify general trends using identifiable and anonymous information.
  2. Reporting purposes, such as create aggregated statistics about our sales, customer network traffic, location patterns and customer demographics. Such aggregated statistics may or may not include information that can personally identify you.


5.5. Development of new products and services

  1. Product development purposes, such as explore and develop interesting new products and services on our own and/or with our business partners.



6. WHO DO WE SHARE WITH?

We work with business partners for a number of reasons. Where applicable, we share information about you with:

  1. Affiliates as part of CelcomDigi Berhad Group including and its subsidiaries, for processing activities listed in ‘How Do We Use’ section above. 
  2. Roaming Partners who facilitate our Services when you choose to roam on local or foreign networks.
  3. Dealers and Agents who provides our Services nationwide.
  4. Service Providers who assist us in providing our Services to you such as IT support, network, delivery, as well as social media platform that you have chosen to link with our Services.
  5. Financial Partners who act as our payment channels, debt collectors, and report your creditworthiness when you transact with us.  
  6. Marketing Partners who provides marketing and advertising-related support across various channels using identifiable and non-identifiable data to provide relevant content and insightful reports to us.
  7. Collaboration Partners who work with us to provide the Services you're subscribed to and/or develop new products and services that may interest you.
  8. Researchers who provide research or analytical services to help us understand how you use our Services.
  9. Professional Advisors such as legal advisors, accountants, auditors, and investigators, where reasonable, who defend our rights or property, protect the interests of our customers, and protect us against fraud.
  10.  Regulatory Bodies, Law Enforcement Agencies, and Other Government Authorities to comply with our legal obligations, to respond to the authorities’ lawful demands, and/or valid court order. Your Personal Data shall only be provided in good faith, when we are obliged to do so in accordance with the law and/or valid court order and pursuant to an exhaustive evaluation of all legal requirements.
  11. Other Parties if you are involved in or related to a legal proceeding, or if our company is reorganised or undertake potential corporate exercise, including but not limited to merger and acquisition.


Where you buy a third-party product or service through your Digi account, the contract is with the party selling that product or service. As such, you are agreeing that Digi may pass certain Personal Data (for purposes listed in ‘How Do We Use’ section above) to such parties to complete your purchase. The seller’s terms and conditions, privacy policy, and cookie notice will apply as to how they use your Personal Data, so please read them carefully. 


When we share your Personal Data, we will take steps to ensure that the recipient will protect your privacy, keep your Personal Data secure, and process it in accordance with applicable laws and this Privacy Notice. 


We will not sell Personal Data that we process about you to third parties without your consent.



7. HOW LONG DO WE KEEP?

We will keep your Personal Data as long as necessary unless a longer retention period is required by the Malaysian law. We will take all reasonable steps to ensure that all Personal Data is destroyed or permanently deleted if it is no longer required for the purpose for which it was collected and processed.



8. HOW DO WE PROTECT?

We constantly review and improve our measures to protect your Personal Data from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction. These include entering into legal agreements with partners who process your Personal Data, training our employees on data protection, and implementing appropriate security controls on our IT systems.

We will never ask for your Personal Data or account information through an unsolicited means of communication. You are responsible for keeping your Personal Data and account information secure and to not share it with others. 



9. DO WE TRANSFER?

When we need to transfer your Personal Data to countries outside Malaysia for processing activities listed in ‘How Do We Use’ section above, we will take appropriate steps to ensure that your Personal Data is adequately protected (for countries that may not provide the same level of protection as Malaysia). This includes having a proper legal agreement that covers the data transfer and carrying out data security reviews of any recipients to ensure that Personal Data in that country will not be processed in a manner which would contradict applicable data protection laws in Malaysia. 



10. WHAT ARE YOUR RIGHTS?

You have the rights to:

  1. Access your Personal Data at any point of time by contacting us or accessing the information directly through your account. Personal Data requested has to be specific and limited to what you have submitted to us when you register for our Services.
  2. Correct your Personal Data at any point of time if the Personal Data you submitted is inaccurate by walking into our retail store or directly through your account.
  3.  Withdraw your consent for us to use, process or share your Personal Data at any point of time by contacting us or walking into a retail store. However, withdrawing your consent will result in us not being able to process your application and/or provide you with our Services.
  4. Suspend the processing of your Personal Data if you believe that there are concerns over the accuracy, legitimacy and lawfulness of the processing. During the temporary suspension period, we may not be able to process your application and/or provide you with our Services.
  5. Stop receiving promotional materials by contacting us or directly through your MyDigi account. If you opt-out, we may still send you notifications that relates to your subscription and/or public service announcements.
  6. Cease the processing your Personal Data if the processing causes or is likely to cause you unwarranted substantial damage or distress. If you exercise this right, we will not be able to process your application and/or provide Services to you.      


To ensure that the Personal Data we hold about you is correct and up to date, we may from time to time contact you to verify the accuracy of your Personal Data in our records. However, it is your responsibility to ensure that you provide us with true, accurate and complete information. 



11. WHAT ABOUT CHILDREN? 

There will be instances where children under the age of 18 will subscribe to our Services. When this happens, it is deemed that they have obtained prior consent from their parents and/or guardian to use our Service. Their Personal Data will be processed according to this Privacy Notice. 

 

When Services purchased for family use are used by minors, any information collected from the usage will appear to be of the actual adult subscriber and be treated as such under this Privacy Notice. 

 

We encourage you to monitor their online activity.



12. CHANGES TO THIS PRIVACY NOTICE 

We reserves its right to amend this Privacy Notice from time to time based on changes as per the business, legal and regulatory requirements and applicable laws. We encourage you to revisit this Privacy Notice periodically, allowing you to see any changes made by checking the effective date above. 

 

If we decide to use or disclose information that identifies you personally in a way that is materially different from what we stated in our Privacy Notice at the time we collected that information from you, we will give you a choice about the new use or disclosure by appropriate means, which may include an opportunity to opt-out.



13. LANGUAGE

In accordance with the requirement of Malaysian data protection and privacy law, this Privacy Notice is issued in both English and Bahasa Malaysia. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail.

 


14. CONTACT US 

Should you have any queries, concerns or complaints in relation to this Privacy Notice, kindly reach out to our Data Protection Officer.