| Version | 3.0 |
| Effective Date | 02 March 2026 |
| Approved By | Compliance & Risk Committee |
| Next Review | 02 March 2027 |
Bayarcash Sdn. Bhd. (202201040365)
PT 2499 Tingkat 1, Kampung Cherang, 15200 Kota Bharu, Kelantan
trust-center@bayarcash.com
Bayarcash Sdn. Bhd. (“we,” “our,” “us”) values your privacy and is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (Act 709) of Malaysia, as amended by the PDPA Amendment Act 2024. This policy explains how we collect, use, share, and protect information when you:
By using our services, you agree to the practices described in this policy.
| Source | Data Collected |
|---|---|
| Personal Information | Name, email address, phone number, and postal address. Identification documents (e.g., government ID, business registration documents). Account login details and credentials. Payment and banking information. Biometric data (where collected for identity verification). |
| Non-Personal Information | Device and browser information. IP address and location data. Usage analytics, including pages visited and interactions on our platform. |
| Cookies & Tracking | We may use cookies and similar technologies to improve website performance, personalise user experience, and analyse traffic and trends. You can manage cookies through your browser settings. |
Biometric data is classified as sensitive personal data under the PDPA Amendment Act 2024 and is processed only with your explicit consent.
We use your information to:
We do not sell your personal data. Information may be shared with:
| Recipient | Purpose |
|---|---|
| Service providers | For payment processing, cloud hosting, analytics, and other operational services. |
| Regulatory authorities | To comply with laws, AML/KYC, and sanctions regulations. |
| Business partners | Only to the extent necessary for service delivery. |
| Legal or security reasons | To protect Bayarcash, users, or third parties from fraud, abuse, or legal claims. |
| Business transfers | In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. |
Under the PDPA Amendment Act 2024, vendors and data processors who process personal data on our behalf are directly accountable for compliance. All third-party engagements involving personal data are governed by a Data Processing Agreement that sets out security, confidentiality, and breach notification obligations.
Under the PDPA Amendment Act 2024, stricter controls apply to cross-border transfers of personal data. Before transferring personal data outside Malaysia, Bayarcash:
Bayarcash implements reasonable technical, administrative, and physical safeguards to protect personal information from unauthorized access, loss, misuse, or disclosure.
We retain personal information only as long as necessary to:
After the retention period, data will be securely deleted or anonymised. Records are handled in accordance with Bayarcash’s Record Retention Policy.
Under the PDPA and the PDPA Amendment Act 2024, you have the following rights:
| Right | Description |
|---|---|
| Right to access | Request a copy of the personal data we hold about you |
| Right to correction | Correct or update inaccurate or incomplete information |
| Right to erasure | Request deletion of your personal data where retention is no longer necessary or consent has been withdrawn, subject to legal retention obligations |
| Right to data portability | Obtain your personal data in a structured, commonly used, and machine-readable format for transfer to another service provider |
| Right to withdraw consent | Withdraw your consent to processing at any time, subject to legal and contractual restrictions |
| Right to object | Object to or restrict processing for marketing or other non-essential purposes |
| Right to lodge a complaint | File a complaint with the Personal Data Protection Commissioner (JPDP) at https://www.pdp.gov.my |
Requests may be sent to our Data Protection Officer at the contact details below. We will respond to valid requests within 21 days of receipt.
In accordance with the PDPA Amendment Act 2024, in the event of a personal data breach that causes or is likely to cause significant harm, Bayarcash will:
Non-compliance with breach notification obligations is subject to penalties under the PDPA.
In compliance with the PDPA Amendment Act 2024 (mandatory appointment since 1 June 2025), Bayarcash has appointed a Data Protection Officer responsible for overseeing compliance with data protection obligations and serving as the point of contact for data subjects and the Personal Data Protection Commissioner.
For any enquiries, requests, or complaints regarding your personal data, please contact our DPO at the details below.
Our website or services may contain links to third-party websites. Bayarcash is not responsible for the privacy practices or content of external sites.
Bayarcash services are not directed to individuals under 18 years old. We do not knowingly collect personal information from children. If we become aware that we have collected such data without parental consent, we will exercise the right to erasure under the PDPA Amendment Act 2024 and delete it promptly.
We may update this policy from time to time. Material changes will be communicated through our website or via email. Your continued use of Bayarcash services constitutes acceptance of the revised policy.