Our commitment to your privacy
This Privacy Notice outlines how the Rex Group collects, uses, maintains and discloses your personal data in respect of commercial transactions and how the Rex Group safeguards the personal data.
“Rex Group” or “We” in this notice refers to Rex Industry Berhad (‘Rex’), including its offices in Malaysia and in other countries as well as its local and overseas subsidiaries or, as the context may require, any of them.
Your consent is important
When you request information or sign up for our products and services, you may be required to provide the Rex Group with your personal data. In doing so, you consent to its use by the Rex Group in accordance with this Privacy Notice.
We may collect your sensitive personal data (including data relating to your physical or mental health, the commission or alleged commission of offences, etc.) if you take part in the promotion exercises carried out by the Rex Group which require you to disclose such sensitive personal data to us. We will only use your sensitive personal data to provide the service(s) you signed up for. If we collect, use, maintain or disclose your sensitive personal data, we will ask for your express consent.
You have the choice, at any time, not to provide your personal data/sensitive personal data or to revoke your consent to the Rex Group processing of your personal data/sensitive personal data.
What types of personal data do we collect?
Personal data refers to any information that relates directly or indirectly to an individual, who is identified or identifiable from that information or from that and other information in the possession of the Rex Group, including any sensitive personal data and expression of opinion about the individual.
The types of personal data we collect may include, but is not limited to your name, address, other contact details, age, occupation, marital status, financial information such as your transaction history.
How do we collect your personal data?
We obtain your personal data in various ways, such as:
- When you sign up for or use one of the many services we provide or when you register an account at any of the Rex Group websites.
- When you contact any of Rex Group entities through various methods such as emails and letters, telephone calls and conversations you have with our staff in a branch. If you contact us or we contact you using telephone, we may monitor or record the phone call for quality assurance, training and security purposes.
- From our analysis of your transactions (e.g. payment history, credit or debit card purchases).
- We may also obtain your personal data when you participate in customer surveys or when you sign up for any of our competitions or promotions.
- When we obtain any data and information from authorised third parties (e.g. credit reference agencies, regulatory and enforcement agencies, employers, joint account holders, guarantors, legal representatives).
Personal data we collect from our websites
An IP address is a number that is automatically assigned to your computer when you signed up with an Internet Service Provider. When you visit our website, your IP address is automatically logged in our server. We use your IP address to help diagnose problems with our server, and to administer our website. From your IP address, we may identify the general geographic area from which you are accessing our website. Generally, we do not link your IP address to anything that can enable us to identify you unless it is required by law and regulation.
Information on Cookies
What is the purpose of processing your personal data?
We may process your personal data for the following reasons:
- To assess your interest in any of our products and services.
- To verify your financial standing through credit reference checks.
- To manage and maintain your account and facility.
- To evaluate your preferences.
- To respond to your enquiries and complaints and to resolve disputes.
- For internal functions such as evaluating the effectiveness of marketing, market research, statistical analysis and modelling, reporting, audit and risk management and to prevent fraud.
In addition, we may also use your personal data for the fulfillment of any regulatory requirements and for any other reasons connected with providing you the services you require.
From time to time, we may share your personal data with other entities within the Rex Group, our agents or strategic partners and other third parties (“other entities”) as the Rex Group deems fit and you may receive marketing communication from us or from these other entities about products and services that may be of interest to you. If you no longer wish to receive these marketing communications, please notify us to withdraw your consent and we will stop processing and sharing your personal data with these other entities for the purpose of sending you marketing communications.
You have a choice to withdraw your consent for receiving marketing or promotional materials/communication. You may contact us using the contact details found below. Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to fourteen (14) working days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time. Please note that even if you opt out from receiving marketing or promotional materials, the Rex Group may still contact you for other purposes in relation to the accounts, facilities or services that you hold or have subscribed to with the Rex Group.
To whom do we disclose your personal data?
Your personal data held by us shall be kept confidential. However, in order to provide you with effective and continuous products and services and to comply with any legal and regulatory requirements, we may need to disclose your personal data to:
- Our authorised agents with whom we have contractual agreements for some of our functions, services and activities.
- Our merchants and strategic partners.
- Parties authorised by you.
The disclosure of your data may involve the transfer of your personal data to places outside of Malaysia, and by providing us your personal data you agree to such a transfer where it is required to provide you the services you have requested, and for the performance of any contractual obligations you have with the Rex Group including for storage purposes.
How do we protect your data?
The security of your personal data is our priority. Rex Group takes all physical, technical and organisational measures needed to ensure the security and confidentiality of personal data. If we disclose any of your personal data to our authorised agents, we will require them to appropriately safeguard the personal data provided to them.
How long may we retain your personal data?
We will only retain your personal data for as long as necessary to full the purpose(s) for which it was collected or to comply with legal, regulatory and internal requirements. Afterwards we will destruct or permanently delete your data.
Changes to this Privacy Notice
Please note that we may update this Privacy Notice from time to time. If there are material changes to this Privacy Notice, we will notify you by posting a notice of such changes on our website or by sending you a notification directly. Do periodically review this Privacy Notice to stay informed on how we are protecting your information.
This Privacy Notice was last updated in February 2023.
How can you access/correct/update your personal data?
We are committed to ensure that the personal data we hold about you is accurate, complete, not misleading and up-to-date. If there are any changes to your personal data or if you believe that the personal data we have about you is inaccurate, incomplete, misleading or not up-to-date, please contact us so that we may take steps to update your personal data.
You have the right to access your personal data. If you would like to request access to your personal data, please contact us. Please note that depending on the information requested we may charge a small fee. We may also take steps to verify your identity before fulfilling your request for access to your personal data.
How may you contact us?
If you need to get in touch with us, please click the ‘Contact Us’ section of this website.
We provide the Privacy Notice in English.
Frequently Asked Questions (FAQ) for Personal Data Protection Act 2010 (PDPA)
1. What is Personal Data Protection Act (“PDPA” or the “Act”) 2010?
The Personal Data Protection Act is an act enacted by the Malaysian government in 2010 to protect individual’s personal data in commercial transactions.
2. When was PDPA enforced?
The PDPA came into force on 15th November 2013. For new customers who enter into a contract with Rex after 15th November 2013, we have to comply immediately. However, existing customers who have been a customer of Rex even before 15th November 2013, we are given 3 months before we have to fully follow the PDPA requirements.
3. What is personal data?
The PDPA defines personal data as any information in respect of commercial transactions that relates directly or indirectly to an individual, who is identified or identifiable from that information or other information in possession of the individual. This includes name, address, IC number, passport number, email address and other contact details.
4. What is sensitive personal data?
The PDPA defines sensitive personal data as personal data consisting of information as to the physical or mental health or condition of individual, political opinions, religious beliefs or other beliefs of a similar nature, the commission or alleged commission of any offence or any other personal data as determined by the Minister by order published in the Gazette.
5. What are “commercial transactions”?
Commercial transactions mean any transaction of a commercial nature, regardless of whether it is contractual. This includes the collection of personal data of potential customers.
6. What is “processing” of personal data?
Processing personal data is the act of collecting, recording, holding or storing personal data and carrying out any operation or set of operations on the personal data.
7. What are your rights as a customer under the PDPA?
The PDPA gives you certain rights in relation to your personal data.
– To access your personal data and to correct this information to make sure that the personal data is accurate, complete, not misleading and up-to-date.
– To withdraw your consent for disclosing of your personal data for marketing purposes or any other purposes than for the fulfilment of the service you have subscribed for.
8. What can Rex do with your consent?
If you give consent to Rex for marketing purposes, Rex may send marketing materials to you via various channels (e.g. email, letters and phone calls etc.).
9. What happens if you do not give consent?
If you do not give consent to Rex for marketing purposes, Rex will stop sending you marketing material for your products and services. However, Rex may still use your personal data for purposes of providing the products or services that you have signed up for or fulfilling any other contractual obligations, and for legal or regulatory purposes
10. How often can I change my consent?
After changing the consent information, you are only able to change the consent after 14 days.
11. Why can I only change consent after 14 days again?
The consent information has to be processed throughout the whole Rex Group organisation and be reflected in the respective IT systems which are used by the Group.
12. After withdrawing consent do you still receive marketing information?
Rex has 14 days to process the consent information throughout the whole Rex Group. Within these 14 days it might be possible for you to receive marketing material. However, Rex tries to stop sending marketing material immediately, and at the latest, after 14 days.
13. Can you request for access to your personal data?
Yes, Rex will provide access to your personal data which the Rex Group holds.
14. Can Rex deny your request to access personal data?
Rex can only deny your request to access personal data when there is insufficient information to confirm your identity.
15. Can any other person request access to your personal data?
A person other than you may request access to your personal data in the following situations:
- If you are below the age of 18, a parent, guardian or a person who is responsible for you may request access to your personal data.
- A person appointed by the court to manage our customer’s affairs may request our customer’s personal data.
- A person our customer has authorised in writing may request access to our customer’s personal data.
Yes, Rex has a Privacy Notice which you may download a PDF version. Download here
17. How does Rex safeguard your personal data?
We take steps to protect our customers’ personal data by maintaining physical and logical security measures in order to ensure that all information and IT systems are adequately protected from a variety of threats.
18. What security measures ensure that in the event of disclosing your personal data it is kept secure by other parties?
If we disclose your personal data to third parties such as vendors, we will ensure that they have policies and procedures in place to comply with PDPA as well as to secure all our customers’ personal data.
19. How long does Rex retain your personal data?
We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which it was collected or to comply with legal, regulatory and internal requirements.
20. Does Rex send customer’s personal data overseas? If yes, why is it necessary to send overseas?
In some cases Rex may transfer customers’ personal data to places outside of Malaysia when it is required to provide customers with the services that they have requested for and for the performance of any contractual obligations Rex has with its customers.
21. Does the PDPA cover personal data transferred to those foreign entities?
Yes, if the personal data is first processed in Malaysia before transferring to a foreign entity, it will be covered under the PDPA. However, the PDPA will not cover personal data that is processed outside of Malaysia.