SETEL GROUP PRIVACY STATEMENT
INTRODUCTION
Setel Group is committed to protecting and respecting your privacy. This privacy statement (“Privacy Statement”) explains what personal data we collect through the use of our mobile application and our websites (respectively, “App” and “Website”), as well as products, services and any features offered by Setel Group (collectively, “Services”), when and why we collect it, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.
This Privacy Statement is issued to all individuals who are visitors or users of our App and Website or otherwise have their personal information provided to us in the course of using or procuring any of our Services. Depending on the context, “you” or “your” may refer to:
- Our end users and customers, i.e., individuals who use any of our Services for personal use and individuals who transact with us or any of our merchants through our App or Website, whether using our Setel Pay feature or any other methods;
- Representatives of our end users and customers, i.e., individuals acting on behalf of any business or corporate users in any communications, registration process or transactions with us;
- Our visitors, i.e., individuals who use our App or Website or otherwise communicate with us without being logged into a user account (for instance, if you send an email to us requesting for more information because you are considering being a user of our Services); and
- Our merchants, i.e., potential or existing individual merchants as well as any individuals acting on behalf of, owning any interests in, or holding a directorship position in, any potential or existing business merchants (for instance, if you are administering an account with us for a business merchant (“Merchant”). If you are a Merchant, please also refer to the Addendum to this Privacy Statement for terms which specifically apply to you.
We would like you to understand that in connection with your commercial dealings with us, it is necessary for us to collect and process data about yourself and/or your business entity. Please read this Privacy Statement carefully to understand our practices regarding your personal data and how we will treat it.
For the purpose of this Privacy Statement, the term “personal data” shall refer to any information that relates directly or indirectly to an individual, from which the said individual may be identified, and shall include sensitive personal data and expressions of opinion about any individual. Sensitive personal data may include information such as physical or mental health or medical conditions, political opinions, religious or other similar beliefs, commission or alleged commission of any offence.
You may choose whether or not to provide your personal data to us, including sensitive personal data. By providing your personal data to us and/or using our Services, App and Website, you consent to our collection, use and disclosure of your personal data in accordance with this Privacy Statement.
WHO WE ARE
In this Privacy Statement, the terms “Setel Group”, “we”, “us”, and “our” refer to the combination of the following three (3) entities:
- Setel Ventures Sdn. Bhd., (“Setel Ventures”), a company registered in Malaysia with company number 201901000991 (1310317-A), and a wholly-owned subsidiary of PETRONAS Dagangan Berhad (“PDB”);
- Setel Express Sdn. Bhd., (“Setel Express”), a company registered in Malaysia with company number 199901009862 (484762-U), and a wholly-owned subsidiary of PDB; and
- Setel Pay Sdn. Bhd., (“Setel Pay”), a company registered in Malaysia with company number 202201015869 (1461566-T), and a wholly-owned subsidiary of PDB.
INFORMATION GATHERING AND USAGE
We may collect information about you directly from you, such as when you actively interact with our Website and App, when you contact us for further information, register for an account to use our Services, or take part in any of our online or digital initiatives, or when you communicate with us by email, chat, telephone or any other means.
We may also collect information about you indirectly, when we obtain information from third parties such as identity verification services, credit reporting agencies, regulatory and enforcement agencies, public databases or sources, third parties that are connected to you (e.g., other customers that are related to you), and from such other sources where we have obtained your consent to disclose your personal data.
The personal data that we collect and process may include, but is not limited to, the following:
- Personal information such as name, date of birth, age, gender, nationality, race, employment and income information, government-issued identification number (e.g., passport number and National Registration Identity Card), location information, vehicle and parking information, driver’s licence information, insurance information, personal photograph and biometric data;
- Contact information including residential, mailing and billing address, telephone/facsimile number and email address;
- Transaction and financial details, including the purpose of transaction, transaction history, types of Services requested, credit/debit card details (including card number, cardholder name, CVV codes and expiration dates), gift card data, and bank account details;
- E-wallet information including e-wallet balance, top-up and transaction information as well as e-wallet transaction limits;
- Personal preferences and interests, including post-transaction and spending behaviour;
- Feedback and opinions, including your testimonials, reviews, and ratings of our products and services, whether they are provided directly to us or whether they are published on any other platforms in the public domain;
- Device information such as device hardware information, IMEI number, UUID (unique identifier), phone number, phone model, app version serial number, current software version, Mobile Country Code, Mobile Network Code, device operating system versions, and settings of the devices you use to access our App and Website;
- Log information such as browser information, geolocation information, IP address information, the time and duration of your use of our App and Website, diagnostic, technical, error, and usage information page views, history of profile updates and password changes;
- Loyalty information, if you decide to become a member of our loyalty programme, we may process relevant data such as the status of your account, information regarding the number of points you have earned, purchase history, any subscription information, your reward status levels and reward redemption history; and
- Any other personal data you provide to us or collected by us in the course of your dealings with us.
The above description of personal data is a general description of the various types of personal data that we collect from our customers. Depending on the nature of business and circumstances, we may only need to collect and process a more limited form of personal data from certain customers. In other situations, there may be a need to collect more personal data depending upon the nature of transaction, business and so forth.
We may use personal data that we obtain from you for the following purposes:
- in respect of personal details and contact information which you have provided to us, to verify your identity (and in order to comply with laws and regulations related to anti-money laundering and counter-terrorism financing requirements), to contact you through any method (whether verbal or written), and to personalise our communications with you (including callbacks and follow-up communications) as well as any of our Services for you;
- in respect of information which is collected from you automatically, to ensure that content is presented in the most effective manner and in a personalised way for you and for your device, to allow you to participate in interactive features of our App and Website, when you choose to do so, as well as being part of our efforts to keep our App and Website safe and secure;
- to obtain information about your preferences, online movements (to the extent that you have not opted-out of the same), and use of our App and Website;
- to carry out research, benchmarking, statistical analysis, product analysis, customer profiling activities, analysis of customer patterns, behaviours and choices, customer surveys and interviews to help improve our content and our Services, to help us better understand your requirements and interests as well as to publish your testimonials, reviews, and ratings on our platform for advertising and marketing purposes;
- to target our marketing and advertising campaigns and those of our partners more effectively by providing interest-based advertisements that are personalised to your interests, and to make your customer experience more seamless, efficient and enjoyable;
- to analyse your preferences and habits in order to personalise and optimise your experience on our application, website and your usage of our Services;
- to tailor our offerings to you and to provide you with targeted content and advertising;
- to process, facilitate, administer, and provide you with our Services, to administer your account, to process and deliver your order, to carry out, manage and maintain your relationship with us, your commercial transactions and dealings with us;
- to send you promotional materials relating to our Services, or to promote the product and services of our partners or such third parties which we think may be of interest to you subject to your right to opt-out or opt-in as required by the law;
- to provide you with service support, management and optimisation, customer support and other related services, including responding to your inquiries, concerns or complaints;
- to administer contests, redemptions, or similar promotions that you enter, including to provide you with your rewards and/or contest prizes (monetary and non-monetary);
- to perform data matching, that is the bringing together of at least two (2) data sets that contain personal information, and that come from different sources, and the comparison of those data sets with the intention of producing a match, in order to provide our Services to you which are geared to your personal preferences;
- for internal diagnostics and related assessments in order to provide software updates, maintenance services, technical support and other important notices and support;
- for internal record keeping, maintenance and updating of any information database(s), customer service-related matters and other administrative purposes;
- to prevent, detect and perform investigation on fraudulent activities and other crimes, including detecting patterns in the datasets collected to gather insights on fraudulent activities;
- to satisfy our legal obligations, including responding to requests by government, regulators or law enforcement authorities;
- to manage risks including to perform creditworthiness and solvency checks, as well to obtain your credit information and verify your credit history with data obtained from credit reporting agencies or any other source deemed appropriate under any applicable laws in relation to your transaction or dealings with us;
- to enable any due diligence and other appraisals or evaluations in connection with any actual or proposed mergers, acquisitions, financing transactions or joint ventures; and
- in other circumstances, such purposes that are necessary or directly related to your relationship with us or where it is permitted under the applicable personal data protection laws.
When we collect personal data from you through our App and Website, we will only do so when needed for the fulfilment of one or more of the purposes set out above, or in other ways for which we provide specific notice at the time of collection, or for which you have subsequently consented. Should there be a new purpose for the collection of data which is not covered under any purposes listed above, we shall notify you as provided for in this Privacy Notice.
Please note that we may also anonymise or aggregate your personal data by excluding information (such as your name) that make the data personally identifiable to you (“Anonymous Information“). As Anonymous Information is no longer considered personal data under personal data protection laws , our processing of Anonymous Information is not subject to the requirements as stated in this Privacy Statement.
Processing your personal data, and obtaining your consent
Where we rely on your consent for processing your personal data, you may withdraw your previous consent to this processing at any time, by contacting us by using the contact details below. Please note, however, that withdrawing your consent will not affect the lawfulness of processing based on your previous consent prior to withdrawal.
There may be instances where we process your personal data on the basis of other lawful grounds (without having obtained your consent) where there are other lawful grounds to process the relevant personal data. We do not seek your consent in such cases largely so that we provide you with our Services in an efficient way (or where in some cases it might not be possible for us to seek your consent because we must process personal data, for example, for the detection of fraud).
The collection of your personal data by us may be mandatory or voluntary in nature depending on the purposes for which your personal data is collected. Where it is mandatory for you to provide us with your personal data, and you fail or choose not to provide us with such data, or do not consent to the above or this Privacy Statement, we will not be able to provide our Services or otherwise deal with you.
References to consent given, or deemed to have been given, by an individual for the collection, use or disclosure of personal data about the individual, include consent given, or deemed to have been given, by any person validly acting on that individual’s behalf for the collection, use or disclosure of such personal data.
Storage of your information
All information you provide to us is stored in a secure manner. We maintain appropriate administrative, technical and physical safeguards to protect against loss, misuse or unauthorised access, disclosure, alteration or destruction of the personal data you provide to us, in accordance with applicable data protection laws. In addition, we adopt contractual, technical, organisational and such other measures to safeguard your personal data in instances in which it is transferred to our data processors, including preventing personal data from being kept longer than is necessary for processing of the data, and from unauthorised or accidental access, processing, erasure, loss or use.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our App and Website, you are responsible for keeping this password confidential. We ask you not to share your password (including one-time passwords (OTPs), or any other temporary passwords or verification codes) with anyone.
Period for which we store your personal data
We only keep your personal data for as long as we require it in order to fulfil the purpose for which it was collected or provided to us (unless a legal obligation requires us to keep it for a longer period).
Disclosure of your information
We treat the confidentiality of your personal data very seriously and we limit access to personal data we collect about you to our employees and third parties (whether within or outside Malaysia), who we reasonably believe need to have access to your information to provide you with the information or services you request from us. Such third parties may include:
- our parent company, affiliate companies, related companies, associated companies, and other companies within the Petroliam Nasional Berhad (“PETRONAS”) group of companies;
- our contractors, sub-contractors, business partners, professional advisors, or other service providers providing any kinds of products or services to us or to any member of the PETRONAS group of companies, including without limitation, data storage service providers, data processors and customer engagement platform providers;
- our Merchants that provide you with products, services and other offerings on or through our Services;
- financial service providers such as banks, credit card issuers, card associations, acquiring institutions, payment gateways or payment service providers;
- analytics and search engine providers that assist us in the improvement and optimisation of our App, Website and Services;
- advertisers and advertising networks that require the data to select and serve relevant advertisements to you and others;
- any parties assisting with fraud investigations or processes;
- in the event that Setel Group is involved in a merger, acquisition or due diligence exercise, your personal data may be transferred to a relevant outside party to the extent such data is reasonably required to decide on matters relating to the acquisition or merger. Examples of relevant outside parties include the counterparty, their financial advisors, bankers and lawyers. Your personal data may also be transferred to new owners of the business;
- any party required or deemed relevant in relation to legal proceedings or prospective legal proceedings;
- relevant third parties in connection with the transfer of all or any part of our business or assets;
- any government authorities or law enforcement body or regulatory / professional bodies or any persons to whom we are compelled or required to disclose your personal data pursuant to any applicable laws or to protect the rights, property, or safety of the Setel Group, PETRONAS group of companies, our customers, or others; and
- any other third parties which we will disclose to you at the point of collection of the personal data, and subject to your consent before such disclosure is made (if and to the extent required by the applicable data protection laws).
As part of the Services offered to you through our App and Website, the information which you provide to us may in some instances be transferred to countries outside of the jurisdiction. The data protection laws in such countries may not provide the same level of protection for your personal data as provided for under the local data protection laws. However, when we transfer your information outside of the jurisdiction, we take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Statement. If we transfer your personal data, we will always do so under strict conditions of confidentiality and similar levels of security safeguards.
Importance of Providing Personal Data
We would like you to understand that it is important for you to provide the necessary personal data to us for the purpose of communication and promotion of our Services or our partners’ offers and for providing convenience to corporate customers, merchants, fleet management and to manage loyalty programmes for our customers.
The failure to supply your personal data as requested may result in us being unable to continue to provide you with the Services requested; unable to provide you with suitable recommendations; or unable to process your personal data for any of the purposes, if at all. It is also important that the personal data you have supplied is kept up-to-date. You should therefore keep your details in your Setel account updated and/or notify us of any changes so that we may update our records accordingly.
YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA
In relation to your personal data, you have the right to:
- contact us at any time in order to request access to the personal data we hold about you;
- correct or complete your personal data by contacting us at any time;
- require us to limit the way in which we process your personal data (i.e., require us to continue to store your personal data, but not otherwise process it without your consent);
- require us to delete or cease the collection, processing or use of your personal data;
- withdraw your consent to the processing of your personal data for any reason (where we are processing your personal data based on your consent). However, please understand that your withdrawal of consent may result in us not being able to properly perform or discharge our obligations to you and unable to continue to provide you with the services and/or products requested; and
- object to us processing your personal data. In particular, where we are using your personal data for direct marketing purposes, you may object to such processing, by opting out or unsubscribing from such communications, at any time.
All requests for access to or correction of personal data should be made in writing to us via the contact details set out below. Our processing of your request may be conditional upon your completion of a data access request form at our request, which requires you to provide information such as “type of data” and “period covered by data”. However, please note that we have the right to refuse your data access or correction request in certain circumstances, in accordance with the applicable personal data protection laws. If we decide to refuse your request, we will inform you of the same in writing as well as the reasons for our refusal.
SECURITY
We adopt technical and organisational security measures to help protect against the loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction of the information under our control. These steps take into account the sensitivity of the personal data we collect, process and store, and the current state of technology. While we cannot guarantee that loss, misuse or alteration to data will not occur, we ensure that our systems adhere to market security standards to help safeguard against such occurrences.
CHANGES TO YOUR DETAILS OR PREFERENCES
We aim to keep our records as up-to-date and accurate as possible. You can review, change or delete the details supplied to us by contacting us at the contact details set out below. You also have the right to ask us not to process your personal data for marketing purposes.
To the extent required by such applicable laws, we may inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by contacting us at the contact details set out below. Please note that if you ask us to delete your data this may impact our ability to provide our Services to you. In addition, we may keep track of certain information for legal compliance purposes, so we may not be able to fully delete it in certain circumstances.
COOKIES AND SIMILAR TECHNOLOGIES
Setel Group, our affiliates and our third-party providers set and use cookies and similar technologies in order to distinguish you from other users of our Website, to provide a better experience when you browse our Website, and to improve the Website’s performance and usefulness. The use of cookies and similar technologies is standard across websites and applications through which information is collected about your online activities.
A cookie is a small data file that websites place on your hard drive when you visit. A cookie file can contain information such as a user ID that tracks the pages you have visited within that site. The cookies on this website are primarily used to recognize that a user has visited the website previously and to track user traffic patterns.
Managing Cookies
If you prefer not to receive cookies through the Website, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You also can refuse all cookies by turning them off in your browser. For more information about cookies, including how to set your browser to reject cookies, visit this link.
Cookie Expiration
The cookies will remain on your computer after the browser is closed. Until removed, the cookies will become active again when the website is reopened. Cookies can be deleted by you, at any time, and will not collect any information when you are not accessing the website.
LINKS TO THIRD PARTY WEBSITES
Our App and Website may, from time to time, contain links to and from the websites and social media channels of our partner networks, advertisers, service providers, business partners and affiliates. If you follow a link to any of these websites or channels, please note that these websites or channels have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites or channels.
CHANGES TO OUR PRIVACY STATEMENT
We may modify, update or amend the terms in this Privacy Statement at any time. Any amendments we make to our Privacy Statement will be posted on this page and, where appropriate, will be notified to you through the App and/or other appropriate means such as by e-mail. It is your responsibility to review the Privacy Statement regularly. Your continued use of the App, Website or Services, or continuing to communicate or engage with us following the effective date of the modifications, updates or amendments to this Privacy Statement, whether or not reviewed by you, shall constitute your agreement to be bound by such amendments.
LANGUAGE
This Privacy Statement is issued in both English and Bahasa Malaysia. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail.
HOW YOU CAN CONTACT US
If you have any queries about this Privacy Statement or would like to exercise your rights as set out herein, please contact our Data Privacy focal at hello@setel.com or http://wa.me/60189881333.
Effective Date: 1st June 2023
Last Updated: 2nd May 2023
ADDENDUM FOR MERCHANTS
INTRODUCTION
This Addendum additionally describes how we collect, use, process and disclose personal data of Setel Group’s prospective and existing Merchants.
This Addendum supplements the information provided in the Privacy Statement and only applies to you if you are a Merchant. In the event of any inconsistency between the Privacy Statement and this Addendum, this Addendum shall prevail. All capitalised terms used herein shall bear the same meaning as those defined in the Privacy Statement above.
WHAT PERSONAL DATA IS COLLECTED AND PROCESSED AND WHY
In order to register as our Merchants and, consequently, in order to use any of our Services for your business, you may be required to provide any or all of the following information to us:
- personal details such as your full name, date of birth, nationality, a copy of your national identification card or your passport, address, your phone number, your preferred language, and account log-in credentials;
- contact details such as your personal or business email address, your mobile phone number and your address;
- financial information, including your bank account number, bank account statements, debit/credit card information and any other personal information obtained from credit reporting agencies;
- location information, particularly your live location on the live map on the App, to enable your business to be discovered easily by our App users; and
- other information which identifies you as an individual, as reasonably requested by Setel Group as well as any other personal data which you provide to us or collected by us in the course of your dealings with us.
We may use the information collected for the purposes of:
- registering, processing, managing and maintaining your Merchant account with us;
- assessing and verifying your identity, particularly to prevent fraud and enhance security;
- assessing and verifying your eligibility to register as our Merchant, which include assessing your financial capabilities;
- communicating with you, handling your queries, and providing you with real-time operational support, particularly through our Merchant-specific channels;
- responding to our end users’ and customers’ queries or requests in relation to your business;
- tracking your business performance on the App;
- processing and delivering your customers’ transaction record with your business to you;
- collecting feedback from you about our Services and using such feedback to improve our business and/or customise products and services which may be of interest to you;
- meeting our contractual and legal obligations, including anti-money laundering and anti-terrorism financing, Know-Your-Customer (KYC), and other legal obligations. We strive to make our Services safe, secure and compliant, and the collection and use of personal data in this regard is critical to this effort;
- managing our risk, performing creditworthiness and solvency checks on you, or detecting, investigating, preventing or remediating violations of your agreements with us or any applicable policies, industry standards, guidelines, and laws; and
- any other purposes set out in the Privacy Statement above which are necessary or directly related to your relationship with us as our Merchant, as permitted under all applicable laws.
DISCLOSURE
In addition to the parties set out under the “Disclosure of your information” in the Privacy Statement above, we may also disclose your personal data to our end users and customers.
OTHERS
Where you are prompted to provide the personal data of other individuals, such as directors, shareholders, or other personnel of the merchant business to us, you must obtain their consent for the processing of their personal data by us prior to the disclosure to us.
For further information on Setel Group’s personal data protection and privacy practices and on how we process your personal data, please refer to the Privacy Statement above.