Dear valued MSCTG Customers, Thank you for your continuous support and trust in us. As you are aware, the Personal Data Protection Act 2010 (Act 709) (PDPA), which was passed in 2010, came into force on 15 November 2013. The Personal Data Protection (Amendment) Act 2024 (Act A1727), which came into force in January 2025, is also relevant. In our effort to ensure compliance with the said Act, we wish to draw your attention to MSC Trustgate.com’s (“MSCTG”) Privacy Notice as below.

If you choose to transact with MSCTG i.e. for subscription of any products and/or services or use of MSCTG’s Portal, you will be asked to provide your personal information such as and not be limited to name, photocopy/scanned of identification card, mailing address, phone number(s), email address(es), biometric data and contact preferences. When you intend to use MSCTG’s Portal for purposes of making transactions involving online payments, your bank account or credit card information will also be collected for the purpose of processing your payments.

You will also be required to explicitly provide your consent to the provision of your personal information aforementioned in the form and manner as indicated in the registration process, failing which you will not be able to subscribe for the products and / or services or register for the use of our Services/Portal.

Rest assured, your personal data will be kept locally here in Malaysia and encrypted to ensure it safety.

Your personal information will be used or processed for the following purposes: -

• • assessing your application or continued provisioning of the products and / or services (whichever is applicable);
• • customizing advertisements and content on MSCTG’s website(s)
• • responding to your enquiries;
• • research purposes including historical and statistical purposes and analysis;
• • general operation and maintenance of the products and / or services provided including audit and its related website(s);
• • verification purposes;
• • matching any data held by MSCTG relating to you from time to time;
• • provide you with regular communications from MSCTG relating to the products and / or services provided;
• • investigation of complaints, suspected suspicious transactions and research for service or products improvement; and
• • in compliance with any regulatory, statutory or legal obligation

By submitting your information to MSCTG, you hereby consent and authorize MSCTG to process and verify any information about you from any third party, especially credit bureau or credit reference agencies, which MSCTG be authorised to require in connection with your application for any of MSCTG’s products and / or services and / or review of the existing account with MSCTG. Such consent and authorization herein will extend to any information obtained from any of the account(s) presently maintained for you, any new application for any form of services rendered or products provided by MSCTG, such historical financial or credit records, data or information whether or not provided personally or by any other sources relating to you which was collected, received, captured, compiled, secured and/or obtained by MSCTG through or by whatever means or methods or forms.

If you choose to register and transact with MSCTG, your personal information be authorised to be shared where necessary and only on a need-to-know basis with MSCTG so as to serve you in the most efficient and effective manner. An example might be in terms of resolving or addressing complaints that require escalation to MSCTG. MSCTG be authorised to disclose your personal information to the following parties for the purposes stated above: -

• • MSCTG’s service providers or agents who are involved in providing the products and / or services;
• • third parties (including those overseas) who provide data processing services;
• • any credit reference agencies or, in the event of default, any debt collection agencies;
• • any person, who is under a duty of confidentiality to which has undertaken to keep such data confidential, which MSCTG has engaged to fulfil its obligations to you; and
• • any actual or proposed assignee, transferee, participant or sub-participant of MSCTG’s rights or business.

Your personal information will not be disclosed to any unauthorized third party. Your personal information be authorised to be disclosed due to reasons of law, legal process, litigation, and/or requests from public and governmental authorities and any disclosure will be to such public and governmental authorities only. We be authorised to also disclose information about you if we determine that disclosure is necessary or appropriate for purposes of national security, law enforcement, or other issues of public importance.

If you would like to request access or correction of your personal information or where you elect to limit MSCTG’s right to process your personal information, you have the right to contact us at https://www.msctrustgate.com via our Contact Us section, MSCTG Helpdesk or you can visit the MSCTG’s office. Any request of access to correct personal information be allowed to be subjected to a fee and also to applicable provisions in the PDPA. However, we reserve the right to decline requests which jeopardize the security and privacy of the personal information of others as well as requests which are impractical or not made in good faith.

We have the right to review and update this Privacy Notice from time to time to reflect changes in the law, changes in our business practices, procedures and structure, and the community’s changing privacy expectations. The latest version of the Privacy Notice will made available at https://www.msctrustgate.com/privacy-notice

As per Regulation 22 of the Digital Signature Regulations 1998, the Certification Authority Disclosure Record of a licensed certification authority shall be retained for a minimum period of ten (10) years from the date of the last entry, unless otherwise directed by the Controller. This retention policy is specific to the disclosure record and ensures compliance with applicable laws and regulatory requirements. Personal data will be retained only as long as necessary to fulfil the purposes it was collected for or as required by law. Once no longer needed, data will be securely destroyed or anonymised. MSCTG will periodically review data retention schedules to ensure alignment with applicable laws, contractual obligations, and industry standards.

If you have any queries or complaints about this Privacy Notice, you can contact us at https://www.msctrustgate.com/contact-us or email at dpo@msctrustgate.com. MSCTG has appointed a Data Protection Officer (DPO) to oversee compliance with the PDPA. For related matters, please contact the DPO at dpo@msctrustgate.com.

In the event of a personal data breach, MSCTG will notify the Personal Data Protection Commissioner as soon as practicable and affected data subjects where there is a risk of significant harm, in accordance with the Act.

You may request that your personal data be transmitted to another service provider, subject to technical feasibility and compatibility, by submitting a written request to MSCTG.