Privacy Policy

Website Privacy Policy

1.0 Introduction

MTD Group (including its present and future subsidiaries and affiliate companies, hereinafter referred to as ‘MTD Group’, ‘we’, ‘us’, or ‘our’) acting as Data Controller (as defined under the Personal Data Protection Act 2010), is committed to protecting your Personal Data and your privacy. This Privacy Policy outlines how we collect, process, use, disclose, and safeguard your Personal Data in compliance with the applicable data protection laws, particularly the Malaysian Personal Data Protection Act 2010 and its subsequent amendments (“the PDPA”). This Policy applies to all individuals whose Personal Data we collect, including but not limited to our current and prospective customers, suppliers, business partners, employees, job applicants, and visitors to our premises or digital platforms. Personal Data.

By interacting with us, using our services, accessing our website, or otherwise providing your Personal Data to us, you acknowledge that you have read and understood this Privacy Policy and, where applicable, consent to the collection and processing of your Personal Data as described herein. Where required by law, we will obtain your explicit consent for specific processing activities.

Please note that MTD Group reserves the right to amend this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy on our website or through other appropriate communication channels.

2.0 Personal Data

2.1 Types of Personal Data

By virtue of the Act, ‘Personal Data’ refers to any information, in respect of commercial transactions, that relates directly or indirectly to an individual (‘Data Subject’) who is identified or identifiable from that information, or from that and other information in our possession. This includes any Sensitive Personal Data (information as to the physical or mental health or condition of a data subject, his political opinions, his religious beliefs or other beliefs of a similar nature, the commission or alleged commission by him of any offence, biometric data, or any other personal data as the Minister may, by order published in the Gazette, determine) which also includes expressions of opinion about you that are related to your personal data.

The Personal Data that we collect or provided by you to MTD Group may include but not limited to the following: Personal Data

Identification data: full name, identification (e.g., national identification number, passport number, or other government-issued identifiers), age, gender, date of birth, nationality and marital status.

Contact data, including phone numbers, email addresses, and mailing addresses (residential and business).

Financial and banking data: , including account details, credit/debit card information, payment information and history, transaction records, tax information.

Family members data: spouse, siblings, parents, relatives, dependents, and next of kin, provided you have obtained their consent for us to process their data.

Employment data: Resume/CV, employment history, qualifications, payroll information, benefits, performance records.

Transaction data: references and purchasing history related to our products and services.

Information collected through cookies, IP addresses, browser type, operating system, pages visited, time spent on our website, and similar technologies.

Security data: CCTV/security recordings, biometric data, and location tracking/GPS information.

Any other personal data that you provide to us through various channels or that is necessary for us to provide our services and fulfil our contractual obligations.

2.2 Source of Personal Data

We may collect Personal Data through the following channels:

Directly from you: When you apply for our products or services, register on our website, fill out forms (online or physical), participate in surveys or events, communicate with us via email, phone, or social media.

Third-party sources: Business partners, introducers, credit reference agencies, financial institutions, payment processors, publicly available sources (e.g., public registers, social media platforms), and other entities with whom we have a contractual relationship.

Automated Technologies: Through cookies, web analytics tools, tracking pixels, server logs, and other similar technologies when you interact with our websites or applications.

Publicly accessible data: From government agencies, public records, and other public databases.

From third parties authorized by you: Where you have provided consent for them to share your data with us.

3.0 Purposes of Collecting and Processing Your Personal Data

In the course of your dealings with MTD Group, we will collect and process your Personal Data for various purposes essential to our operations and to enable us to enter into and perform commercial transactions with you. These purposes include, but is not limited to, the following:

To process and fulfill your requests for products or services.

To facilitate your participation in promotions, contests, loyalty programs, or events.

To communicate with you regarding our services, offers, and updates.

To process payments, refunds, and financial transactions related to your purchases.

To provide after-sales support, customer service, and complaint resolution.

To maintain the safety and security of our premises and digital platforms.

To conduct internal investigations, audits, and security assessments.

To comply with health, safety, and regulatory standards.

To conduct data analytics and market research to improve our products and services.

To personalize and tailor our services based on your preferences.

To provide recommendations, targeted advertising, and customized marketing materials.

To engage in partnerships and collaborations with third parties for marketing and promotional activities.

To send seasonal greetings, promotional messages, and event invitations.

To comply with applicable laws, regulations, and industry guidelines.

To meet our contractual obligations with business partners, regulators, and governing authorities.

To ensure optimal functionality and user experience on our website and mobile applications

To store data securely and enable seamless interaction across digital platforms.

To manage and integrate loyalty programs and third-party reward systems.

To maintain internal records and support customer relationship management.

By providing your Personal Data, you acknowledge and consent to its collection, processing, and storage for the purposes stated above. We ensure that all personal data is handled responsibly and in accordance with data protection laws.

4.0 Disclosure of Personal Data

4.1 Disclosure to Affiliated Entities

Your Personal Data may be shared with affiliated entities within our corporate group, including subsidiaries, holding companies, and associated companies, whether currently existing or established in the future, and located within or outside of Malaysia. This sharing is conducted strictly for the purposes outlined in Section 3 (Purposes of Collecting and Processing Your Personal Data) above and in compliance with applicable data protection laws. Access to Personal Data is granted only to employees, agents, or contractors of MTD Group who require such information to fulfill their job functions and are bound by stringent confidentiality obligations.

4.2 Disclosure to Third Parties

We may disclose your Personal Data to selected third parties in accordance with legal requirements, contractual obligations, or for business-related purposes. These third parties may include but are not limited to:

Professional Service Providers

Auditors, legal advisors, tax consultants, and other professional advisors.

Payment Processing & Financial Institutions

Banks, payment gateways, credit card companies and financial service providers to facilitate transactions, and financial reporting.

Marketing & Advertising Partners

Agencies. Media partners and platforms involved in promotional activities, analytics, and targeted advertising.

Cloud, IT, and Data Security Providers

Hosting services, data storage providers, cybersecurity firms, and infrastructure and technology vendors.

Customer Support & Communication Services

Call centers, customer relationship management platforms, and feedback service providers.

Market Research & Analytics Firms

Organizations conducting surveys, research, or consumer behavior analysis on our behalf.

Logistics & Supply Chain Partners

Courier services, shipping providers, warehouse operators, and inventory management companies.

Social media & Digital Platforms

Online platforms that facilitate interactions, advertisement, and customer engagement.

Business & Strategic Partners

Joint venture partners, affiliate networks, or service providers offering complementary products and services.

Regulatory & Government Authorities

Bank Negara Malaysia, Lembaga Lebuhraya Malaysia, Kementerian Kerja Raya, and/or Jabatan Kerja Raya, Bahagian Pinjaman Perumahan, Kementerian Kewangan Malaysia, Kumpulan Wang Simpanan Pekerja, Lembaga Hasil Dalam Negeri; Land Office; Local authorities; High court, lower courts or tribunals; law encorcement agencies and other statutory bodies as required by law.

In the event of a corporate transaction, such as a merger, acquisition, restructuring, or sale of assets, your Personal Data may be disclosed or transferred to the relevant third-party entities involved in the transaction. We will ensure that such parties are contractually obligated to handle the data in accordance with applicable data protection laws.

4.1 International Data Transfers

Where necessary, we may transfer your Personal Data may be transferred to Personal Data to authorised third parties or affiliates or data processors located in countries outside of Malaysia. Such transfers will only occur:

        • When required to fulfill the purposes outlined in this policy;
        • In compliance with applicable data protection regulations; 
        • With appropriate safeguards in place, including binding corporate rules, standard contractual clauses, or other legally recognized mechanisms to ensure the security and confidentiality of your Personal Data;
        • Upon adherence to recognized international data transfer frameworks; and
        • Where the recipient country is deemed to have adequate data protection laws;

By using our services or providing us with your information, you acknowledge and, where legally required, consent to such international transfers of your Personal Data, subject to applicable legal requirements and the safeguards detailed herein.

5.0 Websites

5.1 External Links

Our website may contain links to third-party websites for your convenience. Please note that these websites operate independently from us and have their own privacy policies, which we recommend reviewing. We do not control, endorse, or take responsibility for their content, privacy practices or their handling of your Personal Data.

5.2 Cookies

We use cookies to enhance your browsing experience, analyze website traffic, and understand user behavior. Cookies are small text files stored on your device that help us recognize you and remember your preferences when you visit our website. During your visit, we may also collect information such as:

        • The date and time of your access.
        • The URL of webpage that referred you to our site.
        • Your web browser type and the pages you visit.
        • Your operating system. 
        • The time spent on each page. 
        • Your IP address. 
        • Device identifiers.

Some website features may require you to provide provide specific Personal Data,, such as login credentials or contact information. These data will only be used for their intended purpose, such as responding to your inquiries or providing requested services, or personalizing your experience.

6.0 Data Security

6.1 Security Measures

We are committed to safeguarding your Personal DataPersonal Data and have implemented reasonable physical, technical, and procedural security measures to prevent accidental loss, unauthorized access, misuse, alteration, or disclosure of your data. All Personal DataPersonal Data collected is securely stored on protected servers, and we continuously review our security practices to ensure compliance with industry standards and legal requirements.

Our security protocols include, but are not limited to:

Employee access to personal data is strictly controlled and limited to authorized personnel only.

Unique user IDs and secure passwords are assigned to authorized employees for system access.

Access credentials are promptly deactivated when no longer required.

Data storage areas are secured with controlled access, limiting entry to authorized personnel only.

Regular updates and maintenance of backup and recovery systems to prevent data loss.

Deployment of up-to-date anti-virus and malware protection to safeguard against cyber threats.

Firewalls and encryption technologies are used to secure digital data.

Any authorized transfer of data is recorded and conducted with appropriate safeguards in place.

Third-party service providers processing personal data on our behalf must comply with stringent security protocols and contractual obligations.

Data transfers to cloud services are conducted in accordance with data protection laws, both locally and internationally.

Access logs are maintained and periodically reviewed to ensure data security compliance.

6.2 Limitations & Responsibilities

Despite our efforts to implement robust security measures, data transmission over the internet or method of electronic storage carries inherent risks. While we take all reasonable steps to protect your Personal DataPersonal Data, we cannot guarantee its absolute security against all potential threats. 

We encourage users to take precautions when sharing Personal Data online, such as using strong and unique passwords and avoiding public networks for sensitive transactions and being vigilant against phishing attempts.

Should any unauthorized access or security breach occur, we will take immediate action in accordance with applicable laws and industry best practices.

7.0 Retention of Personal Data

Please be informed that we e retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with our legal obligations, to resolve disputes, to enforce our agreements, or protect our legitimate interests. Once your Personal Data is no longer required, we will take reasonable steps to securely delete or anonymize it.

8.0 Your Rights

As a Data Subject, you have the following rights regarding your Personal Data under the PDPA:

      • The right to access and obtain a copy of your Personal Data.
      • The right to correct or update inaccurate or incomplete Personal Data.
      • The right to withdraw consent for data processing (where applicable). Please note that withdrawing consent may affect our ability to provide you with certain services.
      • The right to request deletion or restriction of your Personal Data.
      • The right to opt out of marketing communications.
      • The right to obtain your Personal Data in a commonly used, and machine-readable format and to transmit that data to another Data Controller, where applicable.