Privacy & Security Policy

Privacy Policy

This Privacy Policy informs you about instaDuit’s (“we”, “our” or “us”), policy and practices on data privacy matters which you may be concerned with, before you provide your personal data to us.

In this Privacy Policy, we will tell you:

  1. The source of your personal data
  2. What personal data is collected;
  3. What are the purposes for which we use your personal data;
  4. Whom your personal data may be disclosed to;
  5. What are your rights over your personal data;
  6. How secure is your personal data;
  7. How long do we keep your personal data; and
  8. How to contact us.

This Privacy Policy applies to all information we process in connection with your relationship with us as a customer or potential customer.

1) Source of your personal data

We collect most personal data directly from you when you apply for a loan with instaDuit where you will fill up an application form with your personal data. If you intend to render services or supply goods to us, we may also provide forms where your personal data or that of your directors, shareholders will be collected. We may also verify or source personal information about you from third party sources (both public and private) such as credit reporting agencies, Companies Commission, Insolvency Department.

2) What personal data is collected

Generally, basic personal data such as your name, identity card or passport number, nationality, residential and business addresses and contact details will be collected. Specific personal data may be required and collected from you or third party sources for certain dealings, transactions or activities and for risk/fraud management. These are some examples:

  • When you apply for loan/financing facilities with instaDuit or stand as guarantor for facilities applied by your company or others,
  • Personal data relating to your credit history and income, your employment or business or professional practice, your ownership of properties or other assets will be collected.

We may also collect or seek verification of your data with third party and public sources.

We may require photographs of your Personal Data, as may be applicable, during the application process or while the loan is still active, in order to verify all information you supplied to us.

Third party sources from whom we may either collect or seek verification of your personal data, include the following:

  • Credit bureaus or agencies which provide credit or other information;
  • Public bodies (such as the Companies Commission of Malaysia, National Registration Department, Director General of Insolvency, Registrar of Business, land office etc.)

If the personal data is necessary to initiate any matter with instaDuit and you refuse to provide the personal data to us, then we will not be able to proceed further with your matter.

Sensitive personal data, as defined by law, is any personal data consisting of information as to the physical or mental health or condition, political opinions, religious beliefs or other beliefs of a similar nature, the commission or alleged commission of any offence. If sensitive personal data is collected, the purpose for collecting the data will be explained to you.

Please note that if you use our Website or Services in place of other people, such as your family, friends or employees, you must ensure that you are authorized to provide us with their Personal Data. Use of the Website in this manner automatically presumes that you have obtained proper authorization from the owner(s) of the Personal Data and have informed said person(s) of this Privacy Policy. We shall not be held liable for the collection, use, storage, processing, disclosure of all Personal Data under this paragraph.

3) What are the purposes for which instaDuit uses your personal data

instaDuit only collect and process your personal data that is necessary to perform its functions and activities. instaDuit collects, processes and retains your personal data for purposes which include:-

  • To assist in providing information about a product or service;
  • To consider your request for a product or service;
  • To enable instaDuit to provide a product or service;
  • To tell you about products and services that may be of interest to you;
  • To perform administrative and operational improvement tasks (includin rsk management, systems and website development, credit scoring, staff training, market or customer survey, service improvement and product development);
  • To handle enquiries, audit, complaints or legal proceedings;
  • To prevent or investigate any fraud or crime or a suspected fraud or crime; and as required by the relevant laws and regulations
  • To provide customer support
  • To facilitate the collection of delinquent accounts

4) Classes of Persons whom your personal data may be disclosed to

These are the classes of persons to whom we may need to disclose your personal data:-

  • Regulatory bodies, government agencies, tax authorities, the police, law enforcement bodies and courts,
  • Credit bureaus, credit reporting agencies and corporations set up for the purposes of collecting and providing credit information;
  • Service Providers, to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services;
  • Your referees and persons who introduce you to the instaDuit;
  • Lawyers, custodians and nominee companies;

5) What are your rights

Generally the personal data that we request from you is necessary to perform our functions and activities in relation to the purpose for which your data is collected. If you refuse to provide the data or wish to limit the personal data you disclose, we may not be able to proceed further with your matter.

You may stop us from processing your personal data generally or for specified purposes or in a specified manner so that the processing does not cause unwarranted and substantial damage or distress to you or another person. However the extent in which we can comply with your request without affecting our mutual rights and obligations in relation to the transaction, depend on the stage of the transaction. If such rights or obligations are impacted for eg the transaction is being managed by our collection team, we will not be able to stop processing your personal data.

6) Security of your personal data

instaDuit ensures that the processing of your personal data is carried out in a secure environment to prevent loss, unlawful disclosure and misuse of your personal data:

  • Your personal data is only processed by authorised personnel;
  • Our data processors (within or outside Malaysia) undergo stringent evaluation and audits to ensure they maintain a secure environment;
  • instDuit and its data processors maintain physical security such as locks and security systems over personal data kept in paper and electronic data stores and premises; and
  • instDuit and its data processors also maintain computer and network security such as anti-virus programs, usage of passwords and encryption codes;

instDuit also maintains and monitors its online security systems to ensure your personal data is appropriately protected. Please refer to our Security Policy at the bottom of this page.

7) How long does instaDuit keep your personal data

instaDuit will keep your personal data for the duration of time to carry out the purpose for which your personal data was collected and also for the other purposes set out in this Privacy Policy, including to handle enquiries, audit, complaints or legal proceedings and introduce products or services sold or distributed by the Bank. We will also abide by legal, tax and other regulatory and industry requirements/guidelines for keeping records including our retention of record policy.

8) How to contact the instaDuit

We will attempt to keep customer records complete, accurate and up-to-date. If you have any reason to believe that your records with us are inaccurate, incomplete or not updated, please contact us with the details found in the ‘Contact Us’ page.

9) Changes to this Privacy Policy

Changes may from time to time be made to this Privacy Policy. We will post notice of material changes on the instaDuit’s website. Please re-visit this Privacy Policy from time to time to learn of any such changes.


Security Policy

We are strongly committed to protecting the security, integrity and confidentiality of your personal or private information. We have put in place stringent security and control measures to prevent unauthorised access which could result in the alteration, destruction, theft of data or compromise the confidentiality of our customer’s data.

Our site utilises commercially proven security hardware and software products in our system, network and application infrastructure. These include routers, firewalls, intrusion prevention/ detection system and secure operating systems. Industry standard 128-bit SSL (secure socket layer) communication protocol is the de facto cryptographic standard that is used for securing data communication between the client browser and instaDuit systems. It is used for ensuring transaction privacy, message integrity and server-side authentication using digital certificate technology. Over and above SSL, all passwords are encrypted end-to-end from the client browser to instaDuit systems.

To serve you better, we may combine information you give us on the Web or through other channels. We also use aggregated information about the use of our services to evaluate our users’ preferences, improve our services and facilitate our reporting of Internet usage. Like most websites, we use small bits of data called cookies stored on users’ computers to simulate a continuous connection. Cookies let us “remember” information about your preferences and allow you to move within our service without reintroducing yourself. If we collect information from you, it is held securely and we maintain stringent control and access procedures in accordance with our Privacy Policy.

Please note that you play a part in system security as well. Although we exercise every effort to provide a safe, secure and reliable system, we do not have control over the computer, computer software, systems and other incidentals used by you to access the system and transmission over the Internet cannot be guaranteed to be absolutely secure. You should not share your user ID or password with any other person; you should never display your account information in an area visible to others; and your personal computer or other electronic device should never be left unattended.