Updated: 3rd February 2022
This Privacy Notice describes how SHIELDCARD HOLDINGS SDN. BHD. (“SHIELDCARD”) collects, stores, processes, discloses and otherwise uses Personal Data of AXXESS Members or information provided by you in enrolling under AXXESS. Your Personal Data is collected, stored, used, disclosed or otherwise processed only in relation to websites, applications, products, services, content, benefits, events and other experiences under AXXESS. In addition, this Privacy Notice also governs other websites, products, services, content, benefits, events and experiences which are owned, facilitated or managed by SHIELDCARD and which make reference to this Privacy Notice. This Privacy Notice shall only have jurisdiction over the collection, storage, processing, disclosure and usage of Personal Data as provided for in the Personal Data Protection Act 2010. This Privacy Notice also does not apply to any websites, products, services, benefits, content, events or experiences that are not owned or operated by SHIELDCARD or are operated or managed by third parties which included but are not limited to our Programme Partners, Panel Insurers and Insurance Agents.
Throughout this Privacy Notice, any reference to we”, “us”, “Company” or “SHIELDCARD” refers to Shieldcard Holdings Sdn. Bhd. and SHIELDCARD’s parent company(ies) and subsidiaries. Unless specifically stated or defined otherwise, words and expressions used in this Privacy Notice shall have the meanings attributed to them in the AXXESS Terms and Conditions. Whenever used, the expression “Personal Data” shall have the meaning ascribed to it under the Personal Data Protection Act 2010.
This Privacy Notice is meant to help you understand how, what and why Personal Data or other information you provide is collected, stored, processed, disclosed and otherwise used by the Company.
By applying for, enrolling as and continuing to be a Member, you expressly consent to the collection, storage, processing, disclosure and use of your Personal Data as described in this Privacy Notice.
1.Collection of Personal Data
You will need to provide Personal Data when you apply to be eligible for and enjoy Benefits under AXXESS which are provided by our Programme Partners or Panel Insurers. Such Personal Data may include but not be limited to:
- Your name and NRIC or passport number
- Your email and mailing address
- Your date of birth, gender and race
- Mobile, office and home contact numbers
- Your choice of user identification name (User ID) and password
- Personal details which can be used to authenticate your identity
You may also be asked for other personal information which is required for the enjoyment of Benefits, to determine your eligibility for a Benefit or to perform transactions under AXXESS (such as but not limited to third party loyalty point conversions or purchases of products from AXXESS Programme Partners or Panel Insurers). Any information provided by you may be recorded by us for compliance purposes and in accordance with the Personal Data Protection Act 2010. Information collected by us may include payment or billing information (such as credit or debit card and banking account details). Any correspondences or notices howsoever sent or copied to us shall also be recorded and stored by us.
In relation to your interactions with us, we will collect and record:
- Device-specific information such as your computer hardware model, operating system version and, where applicable, the, unique device identifier, mobile network information and mobile phone number used during
- Your location information (including GPS coordinates) during
- Your IP address, other online log information and (where applicable) network tower location and identification
- Your web browser storage, (including HTML) and application data caches and history (where applicable).
2. Technologies used
We may use various proprietary and third party technologies to collect and store information such as cookies and similar technologies. Such technologies and their attendant programs or software may be stored on your personal mobile device or computer. We make no representations with regards to technologies which are not owned by us; however we will, where practicable, employ industry best practices and technologies. We also makes no representations as to the security and confidentiality of the computers, servers, networks or systems of Programme Partners, Panel Insurers or Insurance Agents and shall not be held liable in the event of any breach of your Personal Data originating from the computers, servers, networks or systems of the Programme Partners and Panel Insurers or Insurance Agents.
3. Mandatory Information to be specified
Any information provided by you and collected by us is consented by you to be given, whether or not such information is indicated as mandatory to be provided for enrolment or is disclosed voluntarily. Where any information is mandatory to be provided, withholding such information will mean that you do not agree to enrol in AXXESS, enjoy a Benefit or have decided to terminate your Membership.
4. Use of information
Our primary purpose in collecting personal information is to facilitate your safe, smooth and efficient enjoyment of Benefits. Among others, information provided by you will be used by us to, directly or indirectly:
- process your application for enrolment;
- generate your Member Account and Membership Account Number;
- record the number and details of AXXESSpoints earned by you;
- communicate with you via telephone, e-mail messages social network communications and/or (where applicable) electronic data messages such as short message service or other online message services;
- facilitate the provision of Benefits;
- facilitate the redemption of AXXESSpoints; and
- determine and collect any amounts due in relation to your Membership or enjoyment of Benefits;
- facilitate access or use of the AXXESS Website and other AXXESS Online Channels (as applicable);
- carry out investigations and resolve disputes related to your Membership;
- ensure compliance of the AXXESS Terms and Conditions;
- suspend or terminate your Membership;
- update your Member Account records and status;
- monitor trends, volume and other such spending patterns and information of Members;
- conduct market research and statistical analysis including consumer behavioral analysis;
- identify and (where possible) prevent fraud and other illegal activities;
- market and promote products or services of Programme Partners, Panel Insurers and Insurance Agents (unless you decline to receive such materials);
- reply to your enquiries via telephone, email, letters, faxes, message services or social
We may combine and consolidate or provide aggregate, statistical, demographical or trending information data from your interactions with us and information collected by us and disclose the same to Programme Partners, Panel Insurers and/or Insurance Agents in order to market, advertise and/or personalise services or products offered to you by our Programme Partners or Panel Insurers and ‘push’ such marketing content to you via your mobile device unless you have chosen to not to receive such ‘push’ notifications. In such cases, the data provided will be statistical and not disclose your identifiable information.
Unless provided for in this Privacy Notice or permitted under the Personal Data Protection Act 2010, Programme Partners, Panel Insurers or other third parties will not be provided with access to your Personal Data without your express consent. Your consent will also be obtained before your Personal Data is used for any purpose other than those set out or contemplated under this Privacy Notice.
5. Privacy Control
Once logged in to the AXXESS Website or (where available) other AXXESS Online Channels, you may set your personal preferences which may include, among others, whether or not you wish to receive automatic notifications, allow storage of cookies and other privacy and security options. If you choose to block cookies associated with AXXESS you should be aware that blocking such cookies may result in the impairment of the overall Member experience and certain AXXESS Website and (where available) other AXXESS Online Channel functionalities. Among others, your language of preference may not be automatically displayed upon logging in. used. You should be aware that when you make changes deletions or changes to your personal information, the deletions or changes made may not be immediately updated and replaced on our servers and residual copies of the deleted or changed information may reside on our backup systems. You can request that we delete such residual information by contacting us via email.
Certain information and privacy preferences may only be updated by the Company upon request and are not capable of being personally and automatically updated by you. Requests from you that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or would be extremely impractical may be rejected by the Company.
Nothing in this Privacy Notice shall limit or prevent the exercise of your rights to privacy control as provided for under the Personal Data Protection Act 2012
6. Sharing and disclosure of information
Personal Data and other information provided by Members will be shared if such disclosure is required to comply with the requirements of any law or pursuant to the direction of a governmental authority or court of competent jurisdiction.
Your personal information may, as permitted by law, be shared with companies, organisations or individuals if, in good faith, we believe that access, use, preservation or disclosure of such information is reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property or safety of the Company, Members or the public.
We may also share your personal information, within or outside Malaysia, with:
- Third-parties under contract with us who assist in fulfilling our business operations and/or perform functions on our behalf such as service providers who provide marketing assistance, payment gateways, channels or processors, fraud investigators, and customer service providers. Such third parties will only have access to your personal information on a needs basis only for them to perform their
- Identified third parties whom you have been explicitly notified of in relation to a certain Benefit and have explicitly agreed or consented
- Other business entities whom we plan to merge with or are in the process of acquiring or being acquired
7. Withdrawal of Consent
You may withdraw your consent to the collection of your Personal Data and/or information at any time by notifying us in accordance with the Terms and Conditions. In such event and depending on the information denied to be provided to us, your Membership in the Programme may be terminated.
You expressly agree that you will hold the Company harmless against any loss or damage, direct or indirect, suffered as a result of the collection, storage, use or processing of your Personal Data or information you provide in accordance with the terms of this Privacy Notice. You shall not institute any legal actions or claims against the Company in respect of such loss or damage arising from any such disclosures. You shall indemnify the Company for any costs incurred in defending any actions brought by you including for any legal fees or expenses incurred by the Company.
9. Members Account Protection
Your username and password are essential to the privacy and security of your information and your Member Account. By enrolling and continuing Membership, you agree that you shall not disclose your username or password to any other person, including via emails purporting to have been sent by the Company or its employees. Subject to the results of investigations, actions taken under your Member Account are assumed to be lawfully made and legally binding. You are especially advised to be extra careful when using shared computers.
10. Data Security
Your Personal Data and information is stored on our servers in a secure location in Malaysia. We treat information on our servers as assets that must be protected and use industry standard encryption tools, complex and passwords and physical security measure to protect all data stored against unauthorised access.
Periodically we also review our data collection, storage and processing practices to emulate industry best practice methods with regards to security and preventing unauthorized access.
Access to data stored is restricted to our employees, contractors and agents who require such access to perform their duties or any other obligations under AXXESS. Such employees, if not permanent are required to issue confidentiality undertakings to the Company and accept liability for any data breaches committed by them.
Notwithstanding and in spite of our security measures, it is impossible to guarantee that our systems and servers are 100% secure against third party unlawful intrusions whether such access is gained unlawfully via direct access to data stored on our servers or intercepted in communications or transmissions involving you and the AXXESS Website and (where applicable) other AXXESS Online Channels. Although we will comply with
industry standard security protocols, we do not promise, nor you should you expect, that the confidentiality of information provided by you under the Programme is guaranteed.
11. Disclosure by Third Parties
Subject to the sharing of information expressly set out in this Privacy Notice, information you disclose to Programme Partners or Panel Insurers will be governed by the different privacy policies of such third parties. We have not control over these other privacy policies and you should therefore review their contents before agreeing to any disclosures or your Personal Data or information.
12. Changes to Privacy Notice
We reserve the right to modify, amend or change this Privacy Notice at any time without the need to obtain your prior and express consent. Updated Privacy Notice(s) shall be posted on the AXXESS Website. It is your responsibility to carry out periodical checks for updated versions of this Privacy Notice and ensure you agree with any updates before continuing as a Member.
No provision of this Privacy Notice shall prevent, restrict or limit disclosures which are permitted under the Personal Data Protection Act 2010.