Bank Simpanan Nasional (the “Bank”/“ we”) is dedicated to ensure that all our products and services are safe and secure for our valued customers. The privacy of our customers is our top priority, as well as your trust and confidence in us. This Privacy Policy outlines the principles and practices governing the collection, use, storage, protection, and sharing of your personal information. It is designed to provide transparency to customers, regulators, and stakeholders regarding the Bank's data management processes and its commitment to safeguarding personal information in accordance with applicable laws and regulations.

The Bank will only collect, record, hold, use, disclose and store ("process") your personal information in accordance with this Privacy Policy, the applicable laws (including the Personal Data Protection Act 2010 and other applicable data protection or privacy laws regulations) and the agreement(s) between the Bank and you (if any).

“Personal Information” or “Information” refers to any information or data which relates directly or indirectly to you and/or your transactions with us. This information includes your name, address, occupation, contact details, pictures, the details of your account(s), biometrics, the type of products and/or services subscribed to and such other necessary information regarding yourself and your transaction(s) with us.

TYPES OF INFORMATION WE COLLECT FROM YOU

In order to enable us to deal with your inquiries, open and operate an account/facility for you and/or to generally provide you with the Bank’s financial products and services and/or perform any transaction(s) via any of our channel or platform and/or to carry out other purposes required to operate and maintain our business with you, we may need to process your Personal Information and you consent to its use for processing. The type of Personal Information which we collect from you include but is not limited to:

• Personal information that you provide when you apply for any of our products and services including your name, address, occupation, contact details, age, gender, identity card number, particulars, images and biometrics to establish your identity and background;
• Financial information to establish your financial standing (including but not limited to your income, assets, liabilities, account balance and banking transaction), employment details, and/or suitability for any of our products/services applied for;
• Information relating to your activities and interests arising from your use of products and services of the Bank, our partners or vendors;
• Specimen signatures, including, digital or electronic signatures as defined under the applicable laws and regulations;
• Other electronic data or information relating to you such as IP (internet protocol) addresses, cookies, activity logs, online identifiers and location data through your usage of our products and services or in the course of their delivery to you;
• For myBSN Internet Banking, we collect your contact list (to enable the DuitNow feature to Mobile Number when myBSN Mobile application is in use) and image (to enable QR Scan function);
• Your images and videos that we or our agents capture when you attend or participate in any of our events, booths or any other promotional or marketing activities;
• Images captured via closed circuit television (CCTV)cameras at the Bank’s branches, office premises or third party premises (where self-service terminals are located), when visiting the Bank branches or office premises or self-service terminals at third party premises.

We may obtain this Information from yourself and from a variety of sources, including from publicly available sources, authorities, third parties connected with you (e.g. employers, joint account holders, security providers, etc), and from such other sources to which you have given your consent to disclose your Personal Information. Failure to provide or access such Information may result in the Bank being unable to provide or continue to provide the product and/or services.

Your sensitive information (if any) will be processed by the Bank strictly in accordance with Section 40 of the Personal Data Protection Act 2010, the Bank’s Whistleblowing Policy and other applicable laws and policies.

PURPOSES FOR WHICH YOUR PERSONAL DATA IS COLLECTED

Your Personal Information is generally processed to provide you with our financial services or products that you requested. Other than that, we may use your Personal Information for one or more of the following purposes:

• to verify your financial standing and to conduct credit checks;
• to manage and maintain your account(s) and facility(ies) with us;
• to better manage and/or improve our business, products, services, records and your relationship with us;
• to promote and market our products and services;
• to provide you with information on our and selected third parties products, services, offers and/or contests which may be of interest to you and in this respect, to contact you via mobile device, email, mail, in person and/or any other appropriate communication channels;
• to manage and/or inform you of any offers, contests and promotions;
• to respond to your enquiries and complaints;
• to produce data, reports and statistics which have been anonymised;
• to fulfil legal and regulatory requirements and obligations;
• to protect or enforce the Bank’s rights, including but not limited to the Bank’s right to recover any debt owing to the Bank;
• to protect the interest of the public, for example in the detection of crimes, etc;
• to prevent fraud, conduct anti-money laundering checks; for crime detection, investigation, prevention and prosecution;
• to fulfil any request made by Bank Negara Malaysia to the Central Credit Unit; and/or
• for any other purpose that is required or permitted by any law, regulations, guidelines and/or the order of any court and/or relevant regulatory authorities.

We will request for your consent before we use your Personal Information for a purpose other than those set out in this Privacy Policy.

LIMITED EMPLOYEE ACCESS

The Information is only made available to our authorised employees on a need to know basis. All our employees are committed in ensuring your Information is safe and secure at all times. Failure of any of our authorised employees to comply with this privacy policy, will be subjected to disciplinary action.

SECURITY MEASURES

We are fully committed to ensuring the security, privacy and confidentiality of your Information, including the Information disclosed to us through our AI-based and automated decision-making processes. To protect your data, we employ advanced cybersecurity systems and adhere to stringent security standards. Our systems are rigorously controlled to ensure your Information remains in a secure and private environment.

While we make every effort to safeguard your data, it is important to note that no data transmission conducted over the internet can be guaranteed as entirely secure. Therefore, we advise against transmitting sensitive or confidential Information over the Internet unless explicitly directed to do so through our secure channels. Despite our best efforts, we cannot ensure absolute protection of such transmissions and shall not be held liable for any damages or losses arising from the interception, theft, tampering or misuse of your information.

To further enhance your cybersecurity, we strongly encourage you to take the following measures:

• Ensure that your computer and mobile devices are equipped with updated operating systems, applications and security software;
• Use strong and unique passwords for your accounts and change them regularly;
• Avoid using public or unsecured Wi-Fi networks when accessing sensitive information; and
• Stay vigilant against phishing attempts and fraudulent communications.

For further Information on our security measures, please refer to our Security Statement.

SHARING OF INFORMATION

We do not share or disclose your Information to any unauthorized third party or external organisations in line with our strict compliance of the Personal Data Protection Act 2010 and the Development Financial Institutions Act 2002 (DFIA).

However, in order to serve you better and to provide and keep you informed about the Bank’s products and services that are beneficial to you, your Information may be provided to our third party vendors, affiliates and strategic partner and/or any other relevant third parties where necessary, and subject at all times to any agreement executed by the Bank and you and/or the applicable laws (including regulations, guidelines and/or obligations).

These third parties, include but are not limited to:

• Any officer, employee, agent or director of the Bank, its subsidiaries, associated companies, affiliates and representatives;
• Relevant third parties such as professional advisers, strategic business partners and alliances, service providers, insurers/Takaful operator or insurance/Takaful brokers, outsourced agents, merchants, vendors, business partners and business agents who supports the operational activities of the Bank and whom are under legal obligation to maintain the confidentiality of your data;
• Any assignee, novatee or transferee of the Bank rights and/or obligations under any transaction between your and the Bank (or any agents or professional advisers);
• Any rating agency or direct/indirect provider of credit protection to the Bank;
• Any party as required by any law or any government, quasi government, administrative, regulatory/supervisory body or authority, court or tribunal;
• Any credit reference agency that the Bank uses for your credit assessment or credit review and parties related to the facilities provided by Bank;
• Any financial crime references agencies, other financial institution and any of their respective agents;
• Any guarantor or collateral provider for your financing facilities; and/or
• Tax authorities of the country/ jurisdiction in which your account(s) is/are maintained and/or exchanged with any tax authorities of another country/ jurisdiction or countries/ jurisdictions in which you may be the tax resident pursuant to intergovernmental agreements in which the Bank has an obligation to disclose any Information.

All of these entities are required to comply with the measures and practices of this Privacy Policy.

You are deemed to have consented to us using, processing and sharing your personal Information for marketing purposes, if you continue to deal or transact with us. Should you wish to withdraw your consent or not wish to disclose your Personal Information or be solicited for further products and services offered by us or other third parties, please notify us via phone or email given at the end of this Privacy Policy at any time.

Where you disclose data of other individual apart from yourselves, you hereby warrant that you have obtained the consent of all such individual to the provision of their data to us for the aforementioned purposes and for disclosure to such aforesaid parties.

ACCURACY OF INFORMATION

It is vital for us to keep your data and Information accurate, complete and updated. Therefore, you are advised to ensure that the Information you provide is accurate, not misleading and updated for the purpose whether directly or indirectly for which your Information was collected and processed.

YOUR RIGHTS TO ACCESS AND CORRECT YOUR PERSONAL INFORMATION

Subject always to our rights and obligations under relevant laws and regulations, you may exercise your choice in respect of the use or the extent of use of your Personal Information. If you wish to access your Personal Information, you may either access your internet banking account or contact our Customer Service Centre by phone or by email particularized at the end of this Privacy Policy. On the other hand, if you wish to correct or delete your Personal Information, please visit any of our branches for us to assist you in your request. We may charge a nominal fee for your access to the Information.

However, we reserve the right to decline to process any requests which may jeopardize the security and privacy of the personal data of others as well as requests which are impractical or not made in good faith.

CUSTOMER FEEDBACK

For any queries, concerns or complaints relating to your Personal Information, please contact us through our hotline number or write to us via email:

BSN Contact Centre

Telephone: 1300 88 1900 or +603-2613 1900 (Overseas) from 8.00am until 10.00pm
Email: customercare@bsn.com.my

Important Notices:
BSN Contact Centre operating hours are from 8.00am to 10.00pm. However, after 10.00pm your calls will be directed to our Automatic Interactive Voice Response to:

• Report fraud & scams
• Request to suspend myBSN Internet Banking
• Report lost and stolen card
• Instalment Pay Plan Request or other cards enquiries

You may also utilize our Whistleblowing Channel by contacting us via:

Telephone: +6019 2558 538
Email: whistleblowing_igu@bsn.com.my

UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Please visit our website at www.bsn.com.my to periodically review this Privacy Policy and to stay informed on how we are protecting your Information. By continuing your banking / business relationship with us after communication of the update, you are deemed to have accepted and consented to such update.