Digi Privacy Notice
1. WHO WE ARE?
Digi Telecommunications Sdn Bhd (and the Telenor Group, which we are part of) (referred to “Digi”, “us” or “we”) is committed to protecting and respecting your privacy.
Digi is a mobile connectivity and internet services provider. Our office is located at Lot 10, Jalan Delima 1/1, Subang Hi-Tech Industrial Park, 40000 Subang Jaya, Selangor Darul Ehsan.
This Privacy Notice sets out the basis on which we collect, use, process and store your personal information when you subscribe to any of our products and services, including telecommunications network, applications, digital services and solutions, or visit any of our office branches or Digi stores, and any of our websites (collectively referred to as “Services”). Please read this Notice in context with the Terms of Service of the service that you use. It may set out additional service-specific terms regarding your personal information which we collected from you and the related processing activities.
We have summarised the Privacy Notice into a short infographic. Click here to find out.
2. WHAT IS THE LAWFULNESS OF PROCESSING?
Digi will process your personal data based on:
2.1. The performance of your contract and to act on your requests. For example, allowing you to make calls and texts, and browsing the Internet on your phone and enabling us to generate your bill, based on your usage.
2.2. Legitimate business interests, for example, fraud prevention, maintaining the security of our network and services, direct marketing, and the improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. For more information on your rights, visit the 'What Are Your Rights' section below.
2.3. Compliance with a mandatory legal obligation, including accounting and tax requirements, and any lawful request from the government or law enforcement officials.
2.4. Consent which you provided where Digi does not rely on other legal basis. When you give your consent, you may withdraw it at any time. For more information on your rights, visit the ‘What Are Your Rights' section below.
3. WHEN DO WE COLLECT YOUR PERSONAL INFORMATION?
We collect your personal information in three ways:
3.1. Information you give us
Digi will collect your personal information when you:
3.1.1. Buy or use any of our Services,
3.1.2. Register for a specific Service,
3.1.3. Subscribe to newsletters, alerts or other Services from us,
3.1.4. Contact us through various channels or ask for information about a Service,
3.1.5. Apply for a position to work in Digi,
3.1.6. Take part in a competition, prize draw or survey,
3.1.7. Publish your information publicly, and
3.1.8. Are the customer of a business that we acquire.
3.2. Information we collect automatically
3.2.1. When you use our Services,
3.2.3. When you visit any of our office branches / Digi stores, we may also collect information about you on CCTV as part of our security and crime prevention measures.
3.3. Information from other sources
3.3.1. We may also collect information from third-party sources before initiating your Services, or get background information with regards to employment opportunities, or where you have given permission to other companies to share information about you. The third-party sources include fraud-prevention agencies, business directories, credit check reference/vetting agencies, billing calculating agencies and connected network providers.
4. WHAT DO WE COLLECT?
The types of information we collect depend on the use of our Services and the ways that you interact with us. This may include:
4.1. Contact, billing and other information you provide
This includes your:
- Telephone and/or mobile number,
- Date of birth,
- Email address,
- CCTV recording and footages,
- Voice recordings,
- Biometric identifiers,
- Identification number,
- Credit or debit card information,
- Swiss Code and other payment passwords,
- Security information used for authentication, ,
- Access to accounts and services information, and
- Information you provide in surveys, Digi-sponsored promotions, and job applications to Digi.
4.2. How you use our Services and your devices
- Call records containing phone numbers you call and receive calls from (including those you make to our contact centre),
- The time and duration of the call or how you are using data,
- Websites you visit,
- Text records,
- Wireless location,
- Application and feature usage,
- Product and device-specific information and identifiers,
- Router connections,
- Service options you choose,
- Mobile and device numbers,
- Video streaming,
- Video packages and usage,
- Demographic data,
- Interest-based data,
- Traffic flow,
- Power, and
- Environmental conditions such as nearby Wi-Fi access points, connectivity, and
- Internet browsing behaviour information.
4.3. How you use our websites and applications
4.3.1. This includes information about your browsing, searching and buying activities; IP address, mobile phone number, device numbers and identifiers, web addresses of the sites you come from and go to next, screen records, browser and operating system information, platform type, connection speed and attributes collected using cookies, web beacons and other technologies.
4.3.2. When your device’s web browser utilises our data services to access websites other than our own, we automatically capture information associated with your browsing activities, and measure and monitor network and internet connection performance.
4.4. Location of your wireless devices
This can be precise as it uses Global Positioning System (GPS) data or when your devices communicate with cell towers, Wi-Fi routers or access points and/or with other technologies, including the satellites and other location information.
We may not be able to process your application and/or provide you with our Services for reasons such as:
4.4.1. If you fail to supply us with the necessary personal information;
4.4.2. If the personal information supplied is incomplete and not accurate; and/or
4.4.3. If you withdraw your consent for us to process your personal information.
Our online services may contain links to third party websites, or access to third party services (such as social networks or VoIP services). We have no control over how third-party websites and services process your personal information and we are not responsible for their privacy practices. Please read the privacy policies of any third-party websites or services that you access from our websites or services.
5. HOW DO WE USE?
Digi may use and process your personal information for the following purposes:
5.1. To provide you with our Services
5.1.1. Processing your application and providing you with our Services
- To keep you updated on your subscription, benefit and rewards.
- To provide relevant information about the Services.
5.1.2. Billing and customer care
- To issue you the bill statement for using our Services and payment collection.
- To respond to any questions or concerns you may have about our Services.
- To monitor and record our communications with you for training purposes and quality assurance.
5.1.3. Service messages
- To send you latest information that relates to your subscribed Services, benefits and rewards.
- To notify changes to our terms and conditions or service interruptions.
- To send you public service announcements either on our own behalf or on behalf of the statutory and/or regulatory bodies.
5.1.4. Roaming services
- To connect you to our roaming partners, solve technical issues (if any) and improve your roaming experiences.
- To detect and resolve fraudulent use of our networks (and our partners' roaming networks).
5.2. To manage and improve our Services
5.2.1. To manage the volumes of calls, texts, troubleshooting, and other uses of our Services for a better customer experience.
5.2.2. To develop more interesting and relevant Services, including implementing parental controls.
5.3. To send marketing materials and personalise our Services to you
- Depending on the extent of consent obtained from you, to send you promotional materials relating to our Services, or promote the Services of our partners or such third parties which we think may be of interest to you;
- We tailor these messages based on the Services you’ve subscribed from us in the past, or information we have from third parties.
- You can control your marketing permissions and the data we use to tailor these communications at any time. For more details on this and how to prevent processing of your personal information, visit the 'What Are Your Rights' section below.
5.3.2. Online advertising
- To target our marketing and advertising campaigns [and those of our partners] more effectively and personalised, and to make your online experience more efficient and enjoyable. This is known as interest-based advertising. It can be on websites belonging to Digi, other organisations as well as other online media channels such as social media sites. We may also combine data collected via the cookies with other data we have collected about you.
- To prevent any processing of information, you can change your cookies settings. Refer to the 'Cookie Notice' for more information.
- Opting out of interest-based advertising does not stop advertisements from being displayed – it is just that they would not be tailored to your interest. To stop receiving advertising on your social media, go to the relevant platform’s ad settings.
5.4. To conduct research and analytics
5.4.1. To conduct research, monitor and analyse customer use of our Services on an anonymous or personalised basis, in order to identify general trends, conduct market research or surveys, internal marketing analysis, customer segmentation, develop new Services, and improve our understanding of our customers’ patterns, behaviours and choices.
5.4.2. To create aggregated statistics about our sales, customer network traffic, location patterns and customer demographics. Such aggregated statistics do not include information that can personally identify you.
5.5. To carry out credit checks, fraud prevention and security measures
5.5.1. Credit checks
- To carry out a credit check when you apply for a contract for any Services with us.
- To verify your identity when you request access to your account and for general account management purposes. We sometimes supplement the information we collect about you with information from other sources to assess the accuracy of the information that we hold.
- To exchange information about you with credit reference agencies while you have a relationship with us. This includes your settled accounts or any outstanding debt you have with us. This information may be supplied to other organisations by the credit reference agencies.
5.5.2. Fraud prevention and security
- To protect your account from unauthorised access, fraud, misuse or damage to our Services.
- To prevent illegal activities, suspected fraud, and potential threats to our Services and customers.
- To detect and stop cyber security threats to our internal systems, network and Services.
6. WHO DO WE SHARE WITH?
We use partners and service providers for a variety of business purposes. In such cases, where applicable, we share information about you with:
6.1. Affiliates: We may share your personal information with Telenor Group for processing activities listed in ‘How Do We Use’ section above.
6.2. Roaming Partners: We share your personal information with roaming partners when you choose to roam on local or foreign networks, to facilitate or extend our Services so that we can provide a better service to you.
6.3. Data Processors: We engage third party to process your personal information on our behalf and on our instructions.
6.4. Business Partners: We work with partners to deliver services you have subscribed to, including service development and package delivery on our behalf.
6.5. Service Providers: We share your information to services providers such as social networks or VoIP that you have chosen to link with our Services, to the extent of enabling you of using these Services.
6.6. Marketing Partners: We may share your information with marketing and advertising partners to provide you with more tailored content and better service.
6.7. Researchers: We may share your personal information to third parties for research or statistical analytics purposes to help us understand how you use our Services.
6.8. Professional Advisors: We engage professional advisors on matters relating to our Services, including debt collection agencies, credit reporting agencies, legal advisors, accountants and auditors.
6.9. Fraud Management: We will release information if it’s reasonable for the purpose of protecting us against fraud, defending our rights or property, or to protect the interests of our customers.
6.10. Law Enforcement: We may also need to release your information to comply with our legal obligations and to respond to the authorities’ lawful demands. Your personal data shall only be provided in good faith; when we are obliged to do so in accordance with the law and pursuant to an exhaustive evaluation of all legal requirements.
6.11. Other Organisations: If our company is reorganised or sold to another organisation, we will provide your information to that organisation.
Where you buy a third-party product or service through your Digi account, the contract is with the party selling that product or service. As part of this, you are agreeing that Digi may pass certain personal information (for instance, to verify your mobile number) to such parties to complete your purchase. The seller’s terms and conditions, privacy and cookie notice will apply to how it uses your personal information – please read them carefully.
When we share your personal information, we will take steps to ensure that the recipient will protect your privacy, keep your personal information secure and process it in accordance with applicable law and this privacy notice.
We will not sell the personal information that we process about you to third parties without your consent.
7. HOW LONG DO WE KEEP?
We will keep your personal information as long as necessary for the purposes for which we collect and process it, unless a longer retention period is required by the Malaysian law. Your information will be deleted in accordance to our Retention Schedule below.
Types of data
Lawful Basis for Retention
Account closure + 7 years
Billing and financial information
Account closure + 7 years
Network and location data
Date of network activity + 1 year
Website and application usage
Date of browsing + 1 year
Survey responses and competition submissions
End of purpose + 1 year
Communications related to Digi Customer Service
Date of communication + 2 years
CCTV footage at Digi premises
Date of recording + 30 days
8. HOW DO WE PROTECT?
We have specialised security team who constantly review and improve our measures to protect your personal information from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction.
We will never ask for your secured personal or account information through an unsolicited means of communication. You are responsible for keeping your personal and account information secure and to not share it with others.
Our website may provide links to third-party websites. We are not responsible for the security and content of such third-party websites. Make sure you read the respective organisation’s privacy and cookie notice before using or putting your personal information on their sites.
9. DO WE TRANSFER?
When we need to transfer your personal information to countries outside Malaysia for processing purposes, we will take appropriate steps to ensure that your personal information is adequately protected (for countries that may not provide the same level of protection as Malaysia). This includes having a proper legal agreement that covers the data transfer and carrying out data security reviews of any recipients to ensure that personal information in that country will not be processed in a manner which would contradict applicable data protection laws in Malaysia.
10. WHAT ARE YOUR RIGHTS?
You have rights in relation to the personal information that we hold about you. Your privacy rights include:
10.1. Right to withdraw consent: At any point of time, you have the right to withdraw your consent to us to use, process or share your personal information by contacting us or walking into a Digi Store. However, withdrawing your consent will result in us not being able to process your application and/or provide you with our services.
10.2. Right to access your information: At any point of time, you can request a copy of the personal information that we hold about you by contacting us or access the information directly through your account on our Digi website.
10.3. Right to correct personal data: At any point of time, You can request to correct or amend your personal information that is inaccurate by walking into a Digi Store or through your account on our Digi website.
10.4. Right to prevent processing:
10.4.1. You can request for us to temporarily suspend processing activities of your personal information when you believe that there are concerns over the accuracy, legitimacy and lawfulness of the processing. During the temporary suspension period, we may not be able to process your application and/or provide you with our Services.
10.4.2. You can request for us to cease processing activities of your personal information for marketing purposes. If you no longer want to receive personalised content and marketing messages from Digi, you can choose to opt-out at any time.
Please note: You may still receive marketing messages for a short period after opting out while we update our records.
10.4.3. You can request for us to cease or not to begin processing your personal information if the processing causes or is likely to cause you unwarranted substantial damage or distress. If you exercise this right, we will not be able to process your application and/or provide services to you.
To ensure that the personal information we hold about you is correct and up to date, we may from time to time contact you to verify the accuracy of your personal information in our record. However, it is your responsibility to ensure that you provide us with true, accurate and complete information.
11. WHAT ABOUT CHILDREN?
There will be instances where children under the age of 18 will subscribe to our Services. Rest assured that it will be subject to parental consent, and their personal information will be processed according to this Privacy Notice.
When services purchased for family use are used by minors without the knowledge of Digi, any information collected from the usage will appear to be the personal information of the actual adult subscriber and be treated as such under this Privacy Notice.
We encourage you to be with your children when they are using the Internet and at the same time, monitor their online activity.
12. CHANGES TO THIS PRIVACY NOTICE
Digi reserves its right to amend this Privacy Notice from time to time based on changes as per the business, legal and regulatory requirements and applicable laws. We encourage you to revisit this notice periodically, allowing you to see any changes made by checking the effective date below.
If we decide to use or disclose information that identifies you personally in a way that is materially different from what we stated in our Privacy Notice at the time we collected that information from you, we will give you a choice about the new use or disclosure by appropriate means, which may include an opportunity to opt-out.
Updated 16 March 2020
In accordance with the requirement of Malaysian data protection and privacy law, this Privacy Notice is issued in both English and Bahasa Malaysia. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail.To view Privacy Notice in Bahasa Malaysia, please click here.
Should you have any queries, concerns or complaints in relation to this Privacy Notice, Kindly each out to our Data Protection Officer via: