Privacy Policy

1. Scope

This Privacy Policy applies to all individuals ("you", or "your") interacting with MetaFin, including users, customers, suppliers, partners, membership advisors, contractors, and service providers. It covers all interactions with MetaFin platform, services, applications, and customer service.

This Policy Outlines:

• The types of personal information we collect, how we use it, and any third-party sharing.
• The available options regarding the handling of your data.
• The security measures in place to prevent unauthorised access or misuse.
• The steps you can take to correct any inaccurate information.

We remain committed to honouring, securing and safeguarding your personal data you entrust to us.

2. Personal Data We Collect

Personal data refers to any information that identifies or can be used to identify you, directly or indirectly. This includes but is not limited to your full name, national registration identification number (NRIC), passport number, date of birth, gender, photographs; contact information such as your address, email, phone number, communication preferences; financial data (e.g., bank or credit card details), insurance and vehicle information. We may also collect sensitive data such as health information, religious beliefs, or biometric information with your explicit consent.

Other data includes demographic data (age, gender, location, etc.), behavioral data (website visits, app usage, etc.), technical data (IP address, browser type, device information), and transaction data (purchase history, standing instructions, communications and preferences).

3. Sources of Personal Data

We obtain personal data from a various sources, when you voluntarily provide it to us via:

• application or registration forms;
• emails, phone calls and other direct communications with you;
• enquiries, feedback forms, submissions or surveys on our website or platform;
• when users add you as an emergency contact
• business cards that were dropped or given to our affiliates, employees or associates;
• authorised service or product providers, payment providers and third party referrals;
• marketing services providers or partners;
• participation in any campaigns, contests or any other promotional events organised by us;
• governmental sources of data, public records, and marketing partners;
• feedbacks, reviews, and ratings in interaction our apps, websites or services including content interaction and features used;
• vehicle data, travel data, home data entered for ownership and item verification;
• any documents you submit to us for processing;
• publicly available sources and data.

By providing us with your Personal Data or by continuing to use our services, you consent to the use, processing, transfer, and/or disclosure of your Personal Data in accordance with this Policy.

4. Purpose of Collecting and Processing Personal Data

By engaging with MetaFin via our website and Platform, or using the Company's product and services, you acknowledge and understood this notice and consent to the use, processing, disclosure and transfer of your personal data for purposes such as:

• generating quotation for the specific product or services you have requested,
• assessing and processing your application for the products and/or services by the service providers including to handle any issues and/or enquiries;
• to provide services and send you updates via postal mail, e-mail, telephone calls, SMS or social network applications, push notifications, internet social media or in-person about the services and campaigns offered by MetaFin and our authorised service providers you while we maintain control over your Personal Data;
• to conduct marketing and client outreach and promotional activities related to our latest programs, products, services or incentive campaigns;
• maintaining internal record keeping and administrative purposes;
• handling billing, accounting, payments and other financial matters;
• meeting legal or regulatory obligations, including disclosure to government authorities if required;
• facilitating commercial transactions in relation to any incentive campaigns, rewards, membership programs and/or services;
• providing personalized services, and recommending third party products, services and offers that may interest you;
• comparing and verifying information/data with third parties to ensure the accuracy of our records;
• improving our Platform and services, and developing new features based on user feedback and usage patterns;
• storing and processing Personal Data on cloud service providers within Malaysia or outside Malaysia in order to carry out any of the Purposes stated in this Privacy Policy;
• transferring Personal Data to foreign jurisdictions to enable any cross border transactions, for the performance of a contract, legal proceedings or to comply with request from a foreign regulatory or government authority or body,; and/or
• for any other purposes as required or permitted by any law, regulation, court order or guidelines.

If you prefer not to receive marketing and promotional materials, you may opt out by clicking the "unsubscribe" link in our emails or by adjusting your preferences in our app settings.

5. Legal Basis for Processing Personal Data

Our processing of personal data is based on one or more of the following legal grounds:

6. Retention and Disposal of Personal Data

We retain your Personal Data only as long as necessary to fulfill the purposes for which it was collected or as required by law, whichever is longer. For example, certain financial data may be retained for a minimum number of years under accounting and taxation laws.

Once your Personal Data is no longer needed or upon your valid request for erasure or withdrawal of consent, we will securely delete, anonymize, or dispose of it in a manner that ensures confidentiality is maintained, in line with applicable legal requirements and our internal policies.

7. Your Rights

Subject to applicable laws and regulations, you have the following rights regarding your personal data:

Please note that after deleting your Personal Data, we may not be able to provide the same level of servicing to you as we will not be aware of your preferences.

All requests may be submitted in writing (post or email) to our contact details provided below. The Data Officer may request information or documents from you to verify the authenticity of the person making the request and any information relating to the corrections requested. A nominal fee may apply for repeated or complex requests, where permitted by law.

Attention to: Database Department 

MetaFin Sdn. Bhd

Level 1201, Block A,

Pusat Dagangan Phileo Damansara II,

No 15, Jalan 16/11, Off Jalan Damansara,

46350 Petaling Jaya, Selangor Darul Ehsan



Email: compliance@metafin.com.my

8. Limit Processing of Personal Data

The Personal Data provided to us are wholly voluntary in nature. You may request the removal of your Personal Data or cessation of processing by submitting a written notification addressed to our Data Officer. We will require a reasonable amount of time to process such notices.

Important note:

• We may still need to retain certain information in order to comply with legal or regulatory requirements, for essential storage records purposes, or if there are valid legal grounds apply (such as the defense of legal claims).
• Once your Personal Data is removed, we may no longer be able to provide the same level of service, since we will not have access to your preferences or historical data.
• We reserve the right to decline or discontinue certain products or services if removal or cessation of processing hinders our ability to satisfactorily deliver products and services or fulfill our obligations.

Where you have requested that we erase your Personal Data that have been made public, we will take reasonable, cost effective steps to inform other relevant parties or platforms displaying or linking your Personal Data to erase it as well, subject to valid grounds.

9. Protection of Personal Data

MetaFin is committed to taking appropriate technical, physical and organisational measures to protect your Personal Data. We take appropriate administrative, technical, and physical safeguards to protect your Personal Data against unauthorized access, unlawful processing, accidental loss, and damage.

MetaFin adheres to strict data handling protocols, including:

• Role-based access for employees and authorised personnels;
• Secured networks and encrypted data transmissions where feasible;
• Regular reviews of policies and procedures to ensure ongoing compliance.

All third parties who process Personal Data on our behalf must adhere to similar security standards and are subject to written agreements ensuring the protection of your data.

10. Disclosure of Personal Data

We may disclose your personal data to the following parties where necessary for our operations. These subsidiaries will treat client's personal data as confidential, in accordance with this Privacy Policy and all applicable Data Protection Legislation and will process such personal data only for the Purposes and within the terms set out herein. We are responsible for the personal data under our control, including personal data disclosed by us to a Vendor (referred to as the "data processor"). We take every measure to provide a comparable level of protection for personal data should the information be processed by a Vendor. MetaFin is committed to complying with the Personal Data Protection Act 2010, in particular, its policies as well as corresponding guidelines and orders. The parties may include:

• other entities within MetaFin, and its agents, affiliates and associates;
• strategic or business partners for providing specific products and services;
• auditors, consultants, legal and professional advisors to the extent required;
• transaction processing, technical support, financial and cloud/storage services;
• marketing agencies and analytics providers to improve user experience;
• government authorities and regulators as required by law;
• any parties authorised and/or consented to by you.

Confidentiality Assurance:

Any disclosure to third parties will be subject to appropriate safeguards, contractual and legal obligations to ensure your Personal Data is protected in accordance with established data protection laws and industry standards. This commitment is in adherence to prevailing laws, regulations, court orders, guidelines, or codes, applicable both domestically and internationally.

11. Cookies and Tracking Technologies

We use "cookies" on this site, where a cookie is a piece of data stored on a site visitor's drive to help us improve your access to our site and identify repeat visitors. Our websites and apps use cookies and similar technologies to enhance user experience, track usage patterns, deliver personalised content, and measure the effectiveness of our campaigns and promotions.

The cookies do not collect personal data that identifies a specific user. In addition, cookies are of a temporary nature, used solely to improve the efficiency of the last transmission. We may also allow trusted third parties (e.g., analytics providers) to use these tools for the above purposes, under strict obligations to protect your data.

You may configure your browser to notify them of the reception of cookies or disable cookies through your browsers settings. Please note, however, that rejecting cookies may limit some functionalities of MetaFin.

12. Data Security Measures

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected online and offline. We implement technical, administrative, and physical safeguards to secure your personal data against unauthorized access, loss, or destruction. Such as:

• Encryption in transit (e.g., HTTPS/SSL) where applicable.
• Access controls and multi-factor authentication (where feasible) for authorised staff.
• Regular security audits, vulnerability assessments, and intrusion detection measures.

Access to Personal Data is granted only to employees who need it to perform their official duties. These measures aim to protect your Personal Data from unauthorised or unlawful processing, accidental loss, destruction, or damage.

13. Appointment of Data Protection Officer

In alignment with global data protection standards and the anticipated amendments to the Malaysian Personal Data Protection Act, MetaFin has designated a Data Protection Officer (DPO) responsible for overseeing data protection strategy and implementation. The DPO also serves as the primary point of contact for any data protection related queries or concerns.

You may reach out to the DPO at compliance@metafin.com.my.

14. Data Breach Notification

MetaFin is committed to promptly addressing and mitigating any personal data breaches. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Personal Data Protection Commissioner within 72 hours (where legally required) and communicate relevant details to affected individuals without undue delay. This includes the nature of the breach, affected data categories, and measures taken.

15. Cross-Border Transfers of Personal Data

We may transfer your Personal Data to jurisdictions outside Malaysia for storage, processing, or the performance of a contract. In such cases, we implement appropriate safeguards (e.g., binding corporate rules, standard contractual clauses) to ensure that the transferred data receives a comparable level of protection to that under Malaysian law. If you have any questions about these safeguards, please contact us at the details provided below.

16. Privacy by Design and Default

MetaFin integrates privacy principles into the design and development of its systems and processes. We:

• Collect only the minimum necessary data for stated purposes.
• Regularly review our data collection and retention practices.
• Implement default settings that limit data sharing to what is strictly required.

These steps align with international best practices for Privacy by Design and Default.

17. Updates to this Privacy Policy

This Privacy Policy may be reviewed, amended and updated from time to time to reflect changes in legal, regulatory, or operational requirements. The most up-to-date version will always be available at https://metafin.com.my/privacy-policy.php

Your continued use of MetaFin after a change to the Privacy Policy means you agree to the new terms of our Privacy Policy. If you do not agree with the Privacy Policy, please discontinue using our services.

18. Language

In accordance to Section 7(3) Personal Data Protection Act 2010, this Policy is issued in both Bahasa Malaysia and English languages. In the event of any inconsistency, the English language version of this Policy shall prevail. Any updates or changes will be reflected in both language versions concurrently.

19. How to Contact Us

If you have any questions, concerns, or requests regarding your Personal Data, please contact our Data Protection Officer:

Attention to: Database Department

MetaFin Sdn. Bhd

Level 1201, Block A,

Pusat Dagangan Phileo Damansara II,

No 15, Jalan 16/11, Off Jalan Damansara,

46350 Petaling Jaya, Selangor Darul Ehsan



Email: compliance@metafin.com.my

20. Consent and Acknowledgement

By providing us with your Personal Data or by continuing to use our services, you acknowledge that you have read and understood this Notice and consent to the collection, use, processing, transfer, and/or disclosure of your Personal Data as described in this Privacy Policy, in accordance with applicable laws and regulations.