1. Introduction
Bayarcash Sdn. Bhd. (“we,” “our,” “us”) values your privacy and is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (Act 709) of Malaysia, as amended by the PDPA Amendment Act 2024. This policy explains how we collect, use, share, and protect information when you:
- Use our website (bayarcash.com)
- Register for or use Bayarcash services
- Interact with our platform as a merchant or end-user
By using our services, you agree to the practices described in this policy.
2. Information We Collect
| Source | Data Collected |
|---|---|
| Personal Information | Name, email address, phone number, and postal address. Identification documents (e.g., government ID, business registration documents). Account login details and credentials. Payment and banking information. Biometric data (where collected for identity verification). |
| Non-Personal Information | Device and browser information. IP address and location data. Usage analytics, including pages visited and interactions on our platform. |
| Cookies & Tracking | We may use cookies and similar technologies to improve website performance, personalise user experience, and analyse traffic and trends. You can manage cookies through your browser settings. |
Biometric data is classified as sensitive personal data under the PDPA Amendment Act 2024 and is processed only with your explicit consent.
3. How We Use Your Information
We use your information to:
- Provide and improve our services
- Verify identities and prevent fraud
- Process transactions and settlements
- Communicate important updates, security alerts, and promotional materials (where consented)
- Comply with legal, regulatory, and contractual obligations
- Conduct analytics to improve service quality
4. How We Share Your Information
We do not sell your personal data. Information may be shared with:
| Recipient | Purpose |
|---|---|
| Service providers | For payment processing, cloud hosting, analytics, and other operational services. |
| Regulatory authorities | To comply with laws, AML/KYC, and sanctions regulations. |
| Business partners | Only to the extent necessary for service delivery. |
| Legal or security reasons | To protect Bayarcash, users, or third parties from fraud, abuse, or legal claims. |
| Business transfers | In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. |
Under the PDPA Amendment Act 2024, vendors and data processors who process personal data on our behalf are directly accountable for compliance. All third-party engagements involving personal data are governed by a Data Processing Agreement that sets out security, confidentiality, and breach notification obligations.
5. Cross-Border Data Transfers
Under the PDPA Amendment Act 2024, stricter controls apply to cross-border transfers of personal data. Before transferring personal data outside Malaysia, Bayarcash:
- Undertakes a rigorous assessment of the receiving country’s data protection framework
- Maintains a register of all cross-border data transfers, including the categories of data, recipient countries, and safeguards applied
- Ensures appropriate safeguards (such as contractual clauses, binding corporate rules, or equivalent measures) are in place to maintain data security and compliance
6. Data Security
Bayarcash implements reasonable technical, administrative, and physical safeguards to protect personal information from unauthorized access, loss, misuse, or disclosure.
- Data is encrypted in transit and at rest.
- Access to personal information is restricted to authorized personnel only.
- Users are responsible for maintaining confidentiality of account credentials.
7. Data Retention
We retain personal information only as long as necessary to:
- Provide our services
- Comply with legal or regulatory obligations (e.g., AML/CFT record-keeping of 5–10 years)
- Resolve disputes or enforce agreements
After the retention period, data will be securely deleted or anonymised. Records are handled in accordance with Bayarcash’s Record Retention Policy.
8. Your Rights
Under the PDPA and the PDPA Amendment Act 2024, you have the following rights:
| Right | Description |
|---|---|
| Right to access | Request a copy of the personal data we hold about you |
| Right to correction | Correct or update inaccurate or incomplete information |
| Right to erasure | Request deletion of your personal data where retention is no longer necessary or consent has been withdrawn, subject to legal retention obligations |
| Right to data portability | Obtain your personal data in a structured, commonly used, and machine-readable format for transfer to another service provider |
| Right to withdraw consent | Withdraw your consent to processing at any time, subject to legal and contractual restrictions |
| Right to object | Object to or restrict processing for marketing or other non-essential purposes |
| Right to lodge a complaint | File a complaint with the Personal Data Protection Commissioner (JPDP) at https://www.pdp.gov.my |
Requests may be sent to our Data Protection Officer at the contact details below. We will respond to valid requests within 21 days of receipt.
9. Data Breach Notification
In accordance with the PDPA Amendment Act 2024, in the event of a personal data breach that causes or is likely to cause significant harm, Bayarcash will:
- Notify the Personal Data Protection Commissioner and affected data subjects within 72 hours
- Provide details of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken to address the breach
- Take immediate corrective measures to contain and mitigate the impact
Non-compliance with breach notification obligations is subject to penalties under the PDPA.
10. Data Protection Officer (DPO)
In compliance with the PDPA Amendment Act 2024 (mandatory appointment since 1 June 2025), Bayarcash has appointed a Data Protection Officer responsible for overseeing compliance with data protection obligations and serving as the point of contact for data subjects and the Personal Data Protection Commissioner.
For any enquiries, requests, or complaints regarding your personal data, please contact our DPO at the details below.
11. Third-Party Links
Our website or services may contain links to third-party websites. Bayarcash is not responsible for the privacy practices or content of external sites.
12. Children’s Privacy
Bayarcash services are not directed to individuals under 18 years old. We do not knowingly collect personal information from children. If we become aware that we have collected such data without parental consent, we will exercise the right to erasure under the PDPA Amendment Act 2024 and delete it promptly.
13. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated through our website or via email. Your continued use of Bayarcash services constitutes acceptance of the revised policy.
14. Contact Us
| trust-center@bayarcash.com | |
| Address | PT 2499 Tingkat 1, Kampung Cherang, 15200 Kota Bharu, Kelantan |