Bayarcash

Data Protection & Privacy Policy

Version 1.0
Effective Date [Insert Date]
Approved By Compliance & Risk Committee
Next Review Date [Insert Date]

1. Purpose

Bayarcash values your privacy and is committed to protecting your personal data. This policy explains how we collect, use, store, share, and protect your information when you use our services, websites, applications, and digital platforms (collectively, the “Services”).

We handle all personal data in accordance with applicable data protection laws and regulations, including the Data Privacy Act of 2012 (Republic Act No. 10173) and other relevant international privacy standards.

2. Scope

This policy applies to:

  • All customers, merchants, partners, users, and visitors of Bayarcash platforms;
  • All personal data collected and processed through Bayarcash systems, applications, and services; and
  • All employees, contractors, and third parties who have access to such personal data.

3. Definitions

TermDefinition
Personal DataAny information that can identify an individual (e.g., name, address, ID number, email, phone number).
ProcessingAny operation performed on personal data such as collection, recording, storage, use, disclosure, or deletion.
Data SubjectThe individual whose personal data is processed.
Data ControllerThe person or entity that determines the purpose and means of processing personal data.
Data ProcessorThe entity that processes personal data on behalf of the controller.
Sensitive Personal InformationIncludes data such as government-issued IDs, financial information, health, religion, or other information classified as sensitive under law.

4. What Information We Collect

We may collect the following types of personal data:

A. Information You Provide Directly

  • Full name, address, date of birth, gender, and contact details;
  • Government-issued identification (e.g., passport, national ID, driver’s license);
  • Financial details (bank account, payment card, transaction data);
  • KYC (Know Your Customer) documentation;
  • Employment or business registration data (for merchants);
  • Correspondence or feedback you send to us.

B. Information Collected Automatically

  • Device and browser information;
  • IP address, geolocation, and usage analytics;
  • Log-in data, cookies, and app performance data;
  • Transaction and behavioral data.

C. Information from Third Parties

  • Credit bureaus, partner financial institutions, identity verification providers, and regulatory agencies (for compliance, fraud prevention, or credit scoring).

5. How We Use Your Personal Data

We process your data to:

  • Verify your identity and perform KYC/AML checks;
  • Facilitate transactions, payments, and wallet operations;
  • Maintain your Bayarcash account and provide customer support;
  • Detect and prevent fraud, financial crimes, or misuse;
  • Comply with legal, regulatory, and reporting obligations;
  • Improve and personalize our products, features, and user experience;
  • Send you service updates, alerts, and relevant marketing communications (with your consent);
  • Conduct analytics, research, and risk assessments.

We will only process your personal data for legitimate and lawful purposes.

6. Lawful Basis for Processing

Bayarcash processes personal data based on one or more of the following legal grounds:

  • Consent - when you voluntarily agree to provide your data.
  • Contractual necessity - when processing is required to fulfill our service agreement.
  • Legal obligation - when required by law (e.g., AML/CFT, tax reporting).
  • Legitimate interests - when necessary for our operations without infringing your rights.

7. Data Sharing & Disclosure

We may share your personal data with:

  • Affiliates and subsidiaries of Bayarcash;
  • Service providers and sub-processors (e.g., payment gateways, IT vendors, cloud hosting providers, KYC partners);
  • Regulatory and government authorities, as required by law;
  • Financial institutions and partners to complete transactions;
  • Auditors, consultants, or legal advisors under confidentiality obligations.

We never sell your personal data to third parties.

8. Cross-Border Data Transfers

If personal data is transferred outside your country, Bayarcash ensures that:

  • The receiving country provides adequate data protection; or
  • Appropriate safeguards (such as Standard Contractual Clauses) are in place to ensure data security.

9. Data Retention

We retain personal data only for as long as necessary:

  • To fulfill the purposes stated in this Policy;
  • To comply with regulatory retention periods (e.g., AML/CFT record-keeping of 5-10 years); or
  • Until you withdraw consent or close your account, unless longer retention is legally required.

After the retention period, data will be securely deleted or anonymized.

10. Data Protection & Security Measures

We maintain robust technical and organizational security measures, including:

  • Data encryption (in transit and at rest);
  • Secure authentication and access control;
  • Network firewalls and intrusion detection systems;
  • Regular security testing and audits;
  • Employee confidentiality agreements and data protection training.

While we employ industry-leading safeguards, no system is 100% secure. We continuously improve our practices to mitigate risks.

11. Your Rights as a Data Subject

You have the following rights under applicable data protection laws:

RightDescription
Right to be informedTo know how your data is collected and used.
Right to accessTo request a copy of your personal data.
Right to rectificationTo correct inaccurate or incomplete data.
Right to erasureTo request deletion of your data under certain conditions.
Right to objectTo refuse processing for marketing or other non-essential purposes.
Right to data portabilityTo obtain your data in a portable format.
Right to lodge a complaintWith the National Privacy Commission (NPC) or relevant authority.

Requests may be sent to our Data Protection Officer (DPO) (see contact below).

12. Data Breach Notification

In the event of a data breach involving your personal information, Bayarcash will:

  • Notify affected users and the appropriate authorities within 72 hours, where required;
  • Provide details of the breach, affected data, and recommended steps; and
  • Take immediate corrective measures to mitigate risks.

13. Cookies & Tracking Technologies

Bayarcash uses cookies and similar technologies to:

  • Enable secure logins and essential functions.
  • Improve performance and analytics.
  • Personalize user experience.

You can control cookie settings through your browser. However, disabling certain cookies may affect the functionality of our Services.

Our website or app may contain links to third-party websites. We are not responsible for the privacy practices or content of these third parties. We encourage users to review their privacy policies before providing any personal data.

15. Children’s Privacy

Our services are not directed at children under 18 years old. We do not knowingly collect data from minors. If we become aware that we have collected such data without parental consent, we will delete it immediately.

16. Updates to This Policy

We may update this policy periodically. Material changes will be notified through our website, app, or via email. Continued use of our services after an update constitutes your acceptance of the revised policy.

17. Contact Us

Email compliance@bayarcash.com
Address PT 2499 Tingkat 1, Kampung Cherang, 15200 Kota Bharu, Kelantan