Dasar Privasi

Effective Date: December 2021. Last updated: 2nd August 2021.


Our aim is to:

  • always keep your personal data safe and private;
  • never sell your personal data; and
  • allow you to manage and review your marketing choices at any time


1. About us

This Privacy Policy (“Privacy Policy”) is issued by MyMy Payments Malaysia Sdn Bhd (“MyMy”) who is a private limited company registered in Malaysia and its parents, subsidiaries, affiliates, related companies, officers, directors, employees, agents, representatives, partners, and/or licensors (the “Company” or “We/Our/Us”) with respect to the provision of services offered by MyMy and are committed to the highest standard of protecting and respecting privacy and personal data in compliance with applicable laws and rules. We will advise you on which MyMy company you have a relationship with when you first apply for or use a MyMy product or service.
In compliance with the Personal Data Protection Act 2010 (“PDPA”) and all other relevant regulations and guidelines pertaining to data protection, this notice is issued to all our valued customers and/or prospective customers. This notice will inform you of your rights with regards to your personal data that has been and/or will be collected and processed by MyMy Payments Malaysia Sdn Bhd (“MyMy”). 

2. Why do I need to read this policy?

We will collect your personal data when you use:

  • our website at www.my-my.com;
  • the MyMy app; or
  • any of the services you can get access to through the MyMy app or website.

MyMy has created the following Privacy Policy to keep you informed about the information we collect when you visit our site, mobile app and/or use MyMy’s services. We keep you posted on why we collect it and how it is used and stored, it also advises on how you can access your details and seek correction of your details, the control of your own personal information and how you can contact us. We are committed to ensuring that your privacy is safeguarded, and we are transparent as to how we process your personal information. This Privacy Policy takes into consideration the rights and obligations as outlined under the Personal Data Protection Act 2010 (PDPA), relevant regulations and guidelines issued by Bank Negara Malaysia (BNM), and any other relevant laws of Malaysia pertaining to this subject matter.

When we say ‘personal data’, we mean information which can be used to personally identify you (for example, a combination of your name and address). Personal data also includes any sensitive personal data or expression of opinion about the data subject. Personal data does not include any information that is processed for the purpose of a credit reporting business carried on by a credit reporting agency under the Credit Reporting Agencies Act 2010. Personal information simply means any information or data that can be used to distinguish, identify or contact you.

By using our mobile application (“Mobile App”), visiting our website at www.my-my.com, applying for, registering and/or subscribing for any of our services and/or products, you are deemed to have read and agreed to be bound by this Privacy Policy (read together with our Terms and Conditions and any other documents referred to in it). By appointing or engaging us to provide the Services, when you access or use our Services or interact with us, you consent to us using, collecting and processing your personal data in the manner as stipulated in prescribed in this Privacy Policy. 

We may periodically make changes to this Privacy Policy that we will include on this page. It is your responsibility to review this Privacy Policy frequently and remain informed about any changes to it. We encourage you to visit this page regularly.

If you have concerns about how we use your personal data, you can contact our Data Protection Officer at compliance@my-my.com.

Your Personal Data

3. What personal data do you collect about me?
We collect different types of personal data from you and others. The information below explains what personal data we collect and use.

Information you give us
How we collect information you provide when you:

  • visit MyMy's website or use MyMy’s services or MyMy’s mobile app, we collect information sent to us by your computer, mobile phone, or other access device. This information may include your IP address, device information including, but not limited to, unique identifier, name and type, operating system, location, mobile network information and standard web log information such as your browser type, traffic to and from our site, and the pages you accessed on our website
  • fill in any forms;
  • correspond with us;
  • take part in online discussions, surveys or promotions;
  • speak with a member of our customer support team (either on the phone or through the MyMy app);
  • enter a competition; or
  • contact us for other reasons

Information from your device
Whenever you use our website or the MyMy app, we collect the following information:

  • Technical information, including the internet protocol (IP) address used to connect your computer to the internet, your log-in information, the browser type and version, the time-zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use.
  • Information about your visit, including the links you have clicked on, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page.
  • Information on transactions (for example, payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received with the payment, details of device used to arrange the payment and the payment method used.
  • Information stored on your device, including if you give us access to contact information from your contacts list. The MyMy app will regularly collect this information in order to stay up to date (but only if you have given us permission).

When you access our website or content or use our application or MyMy’s services, we or companies we work with may place small data files called cookies or pixel tags on your computer or other device. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

We use the following cookies:

  1. Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
  2. Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  3. Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

Our website uses Google Analytics, a web traffic analysis service provided by Google Inc. (“Google”). Please refer to https://policies.google.com/technologies/partner-sites  to find out more about how Google uses data when you use our website and how to control the information sent to Google.

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

Furthermore, you can prevent Google’s collection and processing of data by using the Google Ads Settings page or downloading and installing their browser plug-in (https://tools.google.com/dlpage/gaoptout).

We collect Internet Protocol (IP) addresses of all visitors to our site. An IP address is a number assigned to your computer automatically when you use the Internet. This information is only collected in aggregate (in other words, we are not able to monitor your individual usage of the site) and helps us monitor site traffic patterns and refine content based on Country of Origin in order to improve our service. Our site additionally uses cookies for some interactive features.

Information about your location
If you have location services in the MyMy app switched on, we track your location using GPS technology.

Information from others
We collect personal data from third parties, such as credit-reference agencies, financial or credit institutions, official registers and databases, as well as fraud-prevention agencies and partners who help us to provide our services.

This includes your credit record, information about late payments, information to help us check your identity, information about your spouse and family (if applicable in the context of an application for credit that you make) and information relating to your transactions.

When you ask us to, we will also collect personal data from accounts you hold with third party banks (and some accounts with third party providers that aren't banks) so that you can see everything in one place in your MyMy app. You can create a linked account by activating Open Banking in the app.

Information from social media
Occasionally, we will use publicly available information about you from selected social media websites or apps to carry out enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to us when we conduct general searches on you (for example, to comply with our anti-money laundering or sanctions screening obligations).

If you are a MyMy Business customer, we may collect information about you if you make it publicly available on social media websites or apps. We only do this as part of our MyMy Business KYC checks. For example, if you have not yet set up a website for your business, we may need to look at information available on social media websites or apps to make sure your business is legitimate.

Information from publicly available sources
We collect information and contact details from publicly available sources, such as media stories, online registers or directories, and websites for enhanced due diligence checks, security searches, and KYC purposes for MyMy Business customers.

We will collect the following information:

  • Your name, location, address, date of birth, nationality, national identification card number/ passport number, ;
  • Your email address, phone number and details of the device you use (for example, your phone, computer or tablet);
  • Your MyMy username (this is random and is automatically assigned to you when you first join but you will be able to change it), password and other registration information;
  • Government issued identification document
  • Details of your bank account, including the account number, sort code and IBAN;
  • Details of your MyMy card (or other debit or credit cards you have registered with us), including the card number, expiry date and CVC (the last three digits of the number on the back of the card);
  • Identification documents (for example, your passport or driving licence), copies of any documents you have provided for identification purposes, and any other information you provide to prove you are eligible to use our services;
  • Information you provide when you apply for credit, including details about your income and financial obligations;
  • Records of our discussions, if you contact us or we contact you (including records of phone calls);
  • Your image in photo or video form (where required as part of our Know-Your-Client (KYC) checks or where you upload a photo to your MyMy account).

If you give us personal data about other people (such as your spouse or family), or you ask us to share their personal data with third parties, you confirm that you have brought this policy to their attention beforehand.

In order to help protect you from fraud and misuse of your personal information, we may collect information about your use and interaction with our website or MyMy’s services. For example, we may evaluate your computer, mobile phone or other access device to identify any malicious software or activity that may affect the availability of MyMy’s services.

You may choose to provide us with access to certain personal information stored by third-parties such as social media sites (e.g. Google, Facebook and Twitter). The information we have access to varies by site and is controlled by your privacy settings on that site and your authorization. By associating an account managed by a third-party with your MyMy account and authorizing MyMy to have access to this information, you agree that MyMy may collect, store and use this information in accordance with this Privacy Policy.

We use your personal data so we can provide the best service, tell you about products and services you may be interested in, and meet our legal obligations.

Whenever you apply for a product or service, we will use your personal data to check your identity (as part of our KYC process) and decide whether or not to approve your application.

If you are already a MyMy customer, we use your personal data to meet our obligations relating to any transactions you make (for example, making payments into and out of your MyMy account, withdrawing cash or making payments with your MyMy Card). If you ask us to exchange the currency of the e-money you hold in your MyMy account, we'll use your personal data to help us do that.

Our primary purpose in collecting personal information is to provide you with a secure, efficient, and customized experience. We may use collect, use, process and examine your personal information when reasonable, relevant and necessary to:

  • to verify/ascertain User identity;
  • to communicate with you including responding to your enquiries;
  • all purposes related to or in connection with engagement of our Services;
  • for the purposes of enforcing or defending our legal rights and/or obtaining legal advice;
  • to comply with legal and/or regulatory requirements in and outside of Malaysia including, audits, reporting, investigation and/or etc.;
  • ensuring that content from our site is presented in the most effective manner for you and for your computer;
  • to send you materials and publication including providing you with alerts, newsletter, education materials, updates and/or information that you requested or signed up to or information about event(s) that may be of interest to you;
  • to promote, offer or market our current and/or future services to you, subject to your right to opt-out (please see further details in clause 6.2 below);
  • carrying out our obligations arising from any contracts entered into between you and us;
  • to assist in the prevention, detection or investigation of crime or possible criminal activities or for the administration of justice;
  • for security and internal audit purposes;
  • allowing you to participate in interactive features of our Service, when you choose to do so;
  • designing and conducting surveys/questionnaires for client profiling/segmentation, statistical analysis, improving and furthering the provision our products and services;
  • researching, designing and launching services or products including seminars/events/forums;
  • for such other purposes as may be directed or consented to by you; and/or
  • purposes directly related or incidental to the above.
  • monitor the quality and security of the network and staff training.

We also intend to use your personal data in direct marketing and we require your consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

  1. your name, contact details (including address, contact number, email address), products and services information, transaction pattern and behaviour, background and demographic data held by us from time to time may be used by us in direct marketing;
  1. the following classes of services, products and subjects may be marketed in direct marketing:
    i. services and products related to our Services (including marketing affiliates programs we are a part of);
    ii. reward, loyalty or privileges programmes, promotional offers and related services; and
    iii. invitations to events such as seminars/webinars/tele-seminars, conferences, live programs or events.
  1. We may conduct direct marketing via fax, email, direct mail, telephone and other means of communication or send e-newsletters to you. You may choose not to receive promotional materials, by simply telling us (see below for contact details), and we will cease to do so, without charge.

We use your personal data to do the following:

  • provide you with information about other products and services we offer that are similar to those you have already used (or asked about, where allowed by law).
  • provide you with information about our products or services which we think you might be interested in. To help us do this, we may use information about you to help us better understand your interests. You can opt out of this by using the privacy settings in the MyMy app or by emailing our Data Protection Officer at compliance@my-my.com.
  • if you agree, provide you with information about our partners’ promotions or offers which we think you might be interested in.
  • if you agree, allow our partners and other organisations to provide you with information about their products or services.
  • measure or understand the effectiveness of our marketing and advertising, and provide relevant advertising to you.
  • ask your opinion about our products or services.

process applications for products and services available through us, and make decisions about whether to approve applications.

Remember, you can ask us to stop sending you marketing information by adjusting your marketing choices.

If you are a MyMy customer, we may contact you about optional extras or promotional offers. We may use personal data we gather about you through your use of our services to tailor these offers to you.

We use your personal data to manage our website and the MyMy app, (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content from our website is presented in the most effective way for you and your device.

We also use your personal data to allow you to take part in interactive features of our services, to tell you about changes to our services, and to help keep our website and the MyMy app safe and secure.

If any changes we make to our services affect you, we'll normally contact you using the email address you gave us when you signed up, or through the MyMy app, to tell you about the changes.

Our legal basis is one or more of the following:

  • keeping to contracts and agreements between you and us;
  • legitimate interests (to be efficient about how we meet our obligations and keep to regulations that apply to us); or
  • consent (where required by law).

We use your personal data to help social interactions through our services or to add extra functions in order to provide a better experience.

We'll let you know if any MyMy customers are in the same area as you (if you and they have location services switched on).

If you give us permission, we'll use the contacts list on your phone, so you can easily make payments to your contacts using the MyMy app or upload photos to your savings vaults in the MyMy app.

Our legal basis is one or more of the following:

  • legitimate interests (to develop our products and services and to be efficient in meeting our obligations); or
  • consent (to access information held on your phone (for example, contacts in your contacts list), to track you when you have location services switched on).

We use your personal data to provide relevant advertising to you (for example, information on nearby merchants), to protect against fraud, and to let you know when any of your MyMy customers are in the same area as you (if they have location services switched on).

If you go abroad, the MyMy app may automatically tell you the exchange rate in that country.

If you are under the age of 18, please do not share or send any personal data about yourself to us without prior consent from your parent(s) and/or legal guardian.

We will not sell or rent your personal information to third-parties for their marketing purposes without your explicit consent. We may combine your information with information we collect from other companies and use it to improve and personalize MyMy’s services, content and advertising. We will not use or share your personal data with anyone, except as described in this Privacy Policy.

4. What is your legal basis for using my personal data?

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following.

  • Keeping to our contracts and agreements with you
    We need certain personal data to provide our services and cannot provide them without this personal data.
  • Legal obligations
    In some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers).
  • Legitimate interests
    We sometimes collect and use your personal data, or share it with other organisations, because we have a legitimate reason to use it and this is reasonable when balanced against your right to privacy.
  • Consent
    Where you've agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.
  • Substantial public interest

Where we process your sensitive personal data (sometimes known as special category personal data) to adhere to government regulations or guidance, such as our obligation to support you if you are or become a vulnerable customer.

We may need to share personal data about you:

  • with other organisations (for example, fraud-prevention agencies);
  • if this is necessary to meet our legal obligations or in connection with legal claims; or
  • to help detect or prevent crime.

Our legal basis is one or more of the following:

  • legitimate interests (to keep to laws and regulations that apply to us);
  • substantial public interest (if we process your sensitive personal data to keep to legal requirements that apply to us); or
  • legal obligations.

5. Do you make automated decisions about me?
Depending on the MyMy products or services you use, we may make automated decisions about you.

This means that we may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. We do this for the efficient running of our services and to ensure decisions are fair, consistent and based on the right information.

Where we make an automated decision about you, you have the right to ask that it is manually reviewed by a person.

For example, we may make automated decisions about you that relate to:

Opening accounts

  • anti-money laundering and sanctions checks; and
  • identity and address checks.

Detecting fraud

  • monitoring your account to detect fraud and financial crime.

We may share your personal information with:

  1. Service providers under contract who help with parts of our business operations such as fraud prevention, bill collection, marketing and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.
  2. Financial institutions with which we partner.
  3. Companies that we plan to merge with or be acquired by. (Should such a combination occur, we will require that the new combined entity follow this privacy policy with respect to your personal information. You will receive prior notice of any change in applicable policy.)
  4. Law enforcement, government officials, or other third-parties when:
  1. We are compelled to do so by a subpoena, court order or similar legal procedure; or
  2. We believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss;
  3. We report suspected illegal activity or to investigate violations of our User Agreement.
  1. Other third-parties with your consent or direction to do so.

MyMy will not sell or rent any of your personal information to third-parties for their marketing purposes and only share your personal information with third-parties as described in this policy. If there is an actionable breach of your personal information, we will notify you as soon as practicable .

If you establish a MyMy account indirectly on a third-party website or via a third-party application, any information that you enter on that website or application (and not directly on a MyMy website) will be shared with the owner of the third-party website or application and your information may be subject to their privacy policies.

We will notify you of material changes to this policy by updating the ‘Last Updated’ date at the top of this page.  It is recommended that you visit this page frequently to check for changes.

We share your personal data within the MyMy group of companies in order to provide you with the best service.

We will ask you to let us sync your mobile phone contacts. This will help you to identify which of your trusted mobile phone contacts are MyMy customers. Your ‘trusted contacts’ will also be able to see if you are a MyMy customer through our ‘Payment with Friends’ functionality.

‘Payment with Friends’ gives you access to MyMy features like requesting money from your friends, splitting bills, group vaults and paying other MyMy customers near you.

We use technological safeguards to ensure a ‘trusted contact’ is somebody you already know and who knows you (for example, you have each other saved in each other’s mobile phone contacts lists or have already received or given money through a peer-to-peer payment with them).

Both you and your trusted contact must have synced your mobile phone contacts lists with MyMy to be viewable to each other in the MyMy app.

We only show your basic contact details in the MyMy app to your trusted contacts who are also MyMy customers (for example, your name (as saved in your friend’s contacts list), mobile phone number, MyMy username, your MyMy profile photo (if you have one)).

You can, of course, choose not to sync your contacts list with MyMy. This means that you will not be able to identify which of your mobile phone contacts are MyMy customers.

You can also turn off ‘Payments with Friends’ through the privacy settings in the MyMy app.


Where you make a payment from your MyMy account, we will provide the recipient with your details (for example, your full legal name and IBAN).


The information below explains which suppliers we normally share your personal data with and why.

Suppliers who provide us with IT, payment and delivery services

To help us provide our services to you.

Our banking and financial-services partners and payments networks.

To help us provide our services to you. This includes banking and lending partners, banking intermediaries and international payment-service providers.

Card manufacturing, personalisation and delivery companies

To create and deliver your personalised MyMy Card.

Analytics providers and search information providers

To help us improve our website or app.

Customer-service providers, survey providers and developers

To help us to provide our services to you.

Communications services providers

To help us send you emails, push notifications and text messages.

Debt collection agencies

To manage and recover debts that you owe or may become owing if you have a MyMy credit product.

We may share your name with third parties that pay money into your MyMy account. This is necessary to onboard you, confirm your transactions have been made to the destinations.

We may share your personal data with our partners in order to provide you with certain services you have asked us for (for example, when we offer overseas medical insurance as part of our Premium or Metal plans).

If you have asked for insurance services, we will share your relevant personal data with the provider of our insurance services. The service provider will require your personal data to provide you with insurance.

We will only share your personal data in this way if you have asked for the relevant service or it is provided as part of one of our plans.

From time to time we may work with other partners to offer you co-branded services or promotional offers, and we will share some of your personal data with those partners. We will always make sure you understand how we and our partners process your personal data for these purposes.

Our partners will have their own privacy policies explaining how they use your personal data. It's important that you read those privacy policies as well. For example, our third party insurance provider, White Horse Ireland dac, will process your personal data in accordance with its own privacy policy.

If you apply for a credit product, we'll share your personal data with credit-reference agencies to check whether you are likely to make repayments when due.

We may share your personal data with other financial institutions if requested.

If you have activated ‘Open Banking’ through an account you hold with another financial institution and given them permission, we will share data from your MyMy account with that financial institution.

We may also share your personal data with other financial institutions where you do not ask us to. For example:

  • if you make an outbound payment, we share information about you alongside your payment. This is because we, like all payment institutions, are required by law to include certain information with payments; and
  • if a payment is made to your account by mistake, we can share your information with the financial institution the payment came from. This will help the payer and the other financial institution to try and get the payment back themselves.

We also share your personal data with fraud-prevention agencies to check your identity, protect against fraud, keep to anti-money laundering laws and confirm that you are eligible to use our products and services.

If you give us false or inaccurate personal data and we identify fraud, we will let fraud-prevention agencies know. Law-enforcement agencies may check and use this personal data.

If fraud is detected, you could be refused certain services, finance or employment. You can contact us through the MyMy app to ask us for details of the fraud-prevention agencies we may share your personal data with.

We may also need to share your personal data with other third party organisations:

  • if we have to do so under any law or regulation;
  • if we sell our business;
  • in connection with criminal or fraud investigations;
  • to enforce our rights (and those of customers or others); or
  • in connection with legal claims.

We may share your personal data (your name, email address and app events) with our advertising partners in the ways described below, but the personal data is hashed before we send it, and the social-media platform we share it with is only allowed to use that hashed personal data in the ways described below.

When we use social media for marketing purposes, your personal data may be shared with the social-media platforms so that they can check if you also hold an account with them. If you do, we may ask the advertising partner or social-media provider to:

  • use your personal data to send our adverts to you, because we think that you might be interested in a new MyMy product or service;
  • not send you our adverts, because the marketing relates to a service that you already use; or
  • send our adverts to people who have a similar profile to you (for example, if one of our services is particularly useful to people with similar interests to the ones on your social-media profile, we may ask our advertising partner or social-media partner to send our adverts for that service to those people).

An example of how we may use social media for marketing purposes is through Facebook’s ‘Custom Audience’ tool, the terms of which are available here.

Our legal basis is:

  • legitimate interests.

You can contact us at any time, either through the MyMy app or by emailing dpo@my-my.com, if you do not want us to share your personal data for advertising purposes. You can also use the privacy settings in the MyMy app to opt out from having your personal data shared in this way.

Remember you can also manage your marketing preferences directly with any social media provider that you have an account with.

Where you direct us to share your personal data with a third party, we may do so. For example, you may authorise third parties to act on your behalf (such as a lawyer, accountant or family member or guardian under a power of attorney).

7. How do you use my information for marketing?
If you sign up to our services, and where allowed by law, we will assume you want us to contact you by post, email and SMS text message with information about MyMy products, services, offers and promotions. We may use the personal data we have collected about you in order to tailor our offers to you.

You can adjust your preferences, or tell us you don't want to hear from us, at any time. Just use the privacy settings in the MyMy app or click on the unsubscribe links on any marketing message we send you.

We won't pass your details on to any organisations outside the MyMy group of companies for their marketing purposes without your permission.

Your Rights

8. What are my rights?
We acknowledge that you have the right in deciding the information you wish to provide to us. The provision of the information listed above is voluntary in nature. However, please note that if you do not provide the information above or limit the way such information is to be processed, it may result in us not being able to:

  1. communicate or correspond with you;
  2. undertake the engagement or complete transaction and/or provide our Services to you; and/or
  3. grant you access to our Services.

If you wish to have access to your personal information in our records; or you think that such personal information we have of you is incomplete, not up-to-date, or otherwise inaccurate; or prefer to opt-out of this Privacy Policy you may get in touch with us through the contact details provided below. You may always review and edit your personal information at any time by logging into your account and clicking the ‘Profile’ or ‘My Account’ tab. Any changes and amendments to your information may be subjected to re-verification and the changes shall only take effect after the verification process is completed. If you close your MyMy account, we will mark your account in our database as “Closed,” but will keep your account information in our database as per the time limits above mentioned. However, if you close your account, your personal identifiable information will not be used by us for any further purposes, nor sold or shared with third-parties, except as necessary to prevent fraud, assist law enforcement, as required by law, or in accordance with this Privacy Policy.

The accuracy and completeness of your personal data depends on the information you provide. We assume that the information you have provided is accurate, up to date and complete unless you inform us otherwise.

Where you provide any third party information to us, it is our assumption that such information is accurate, up to date and complete and that you have obtained the necessary consent to disclose the same.

Where you have consented or allowed us to disclose personal data to third party and/or other User when using our Services, you understand that We no longer have any control or authority as to how the said third party and/or other User will use or process the personal data. Therefore, you agree that We will not be responsible for the subsequent use of your personal data by the third party or other User. If you wish to stop them from further using your personal data, please contact them directly.

The information below explains what rights you have and what those rights mean.

You have the right to be told about how we use your personal data
We provide this privacy policy to explain how we use your personal data.

If you ask, we will provide a copy of the personal data we hold about you. We can’t give you any personal data about other people, personal data which is linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you. We also won't provide you with any communication we've had with our legal advisers.

You can ask us to correct your personal data if you think it's wrong 

You can have incomplete or inaccurate personal data corrected. Before we update your file, we may need to check the accuracy of the new personal data you have provided.

You can ask us to delete your personal data

You can ask us to delete your personal data if:

  • there's no good reason for us to continue using it;
  • you gave us consent (permission) to use your personal data and you have now withdrawn that consent;
  • you have objected to us using your personal data;
  • we have used your personal data unlawfully; or
  • the law requires us to delete your personal data.

Just to let you know, we may not be able to agree to your request. As a regulated financial services provider, we must keep certain customer personal data even where you ask us to delete it (we've explained this in more detail below). If you've closed your MyMy account, we may not be able to delete your entire file because these regulatory responsibilities take priority. We will always let you know if we can't delete your information.

You can object to us processing your personal data for marketing purposes

You can tell us to stop using your personal data for marketing.

You can object to us processing other personal data (if we are using it for legitimate interests)

If our legal basis for using your personal data is 'legitimate interests' and you disagree with us using it, you can object.

However, if there is an overriding reason why we need to use your personal data, we will not accept your request.

If you object to us using personal data which we need in order to provide our services, we may need to close your account as we won’t be able to provide the services.

You can ask us to restrict how we use your personal data

i. You can ask us to suspend using your personal data if:

  • you want us to investigate whether it is accurate;
  • our use of your personal data is unlawful but you do not want us to delete it;
  • we no longer need the information, but you want us to continue holding it for you in connection with a legal claim; or
  • you have objected to us using your personal data (see above), but we need to check whether we have an overriding reason to use it.

ii. You can ask us to transfer personal data to you

If we can, and are allowed to do so under regulatory requirements, we will provide your personal data in a structured, commonly used, machine-readable format.

iii. You can withdraw your permission

If you have given us any consent we need to use your personal data, you may exercise your opt-out right by notifying us if you wish to object to the use of your personal data for direct marketing purposes. Please send requests for such objections, access to data, correction of data, information regarding policies and practices and kinds of data held, questions or complaints to:

Mailing Address:

MyMy Payments Malaysia Sdn. Bhd. 
D-23A-3, Menara Suezcap 1,
KL Gateway, No. 2 Jalan Kerinchi, 
Gerbang Kerinchi Lestari, 59200 
Kuala Lumpur, Malaysia.

Email: support@my-my.com / compliance@my-my.com
Phone: +60 3 2391 9696

(Note, it will have been lawful for us to use the personal data up to the point you withdraw your permission).

You can ask us to carry out a human review of an automated decision we make about you

If we make an automated decision about you that significantly affects you, you can ask us to carry out a manual review of this decision.

Your ability to exercise these rights will depend on a number of factors. Sometimes, we will not be able to agree to your request (for example, if we have a legitimate reason for not doing so or the right does not apply to the particular information we hold about you).


10. How do I exercise my rights?

To exercise any of your rights set out in the previous section, you can contact us through the MyMy app or send us an email at compliance@my-my.com.

For security reasons, we can't deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.

MyMy will usually not charge you a fee when you exercise your rights. However, we are allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.

If you are unhappy with how we have handled your personal data you can get in touch with the Personal Data Commissioner:


Level 6, Setia Perdana 2
Setia Perdana Complex
Federal Government Administrative Centre
62502 Putrajaya

+ 603 8000 8000 
+ 603 8888 3721


12. Will my information go outside of Malaysia?

As we provide an international service, we may need to transfer your personal data outside Malaysia in order for us to provide our services.

For example, if you ask to make an international payment, we will send funds to banks outside of Malaysia. We might also send your personal data outside of Malaysia to keep to global legal and regulatory requirements, and to provide ongoing support services.

We may share your personal data with credit-reference agencies and fraud-prevention agencies that are based outside of Malaysia.

We will take all reasonable steps to make sure that your personal data is handled securely and in line with this privacy policy and data protection laws.

Further, we may also be required to transfer your personal data outside of Malaysia for the purposes and to such third parties stated in this Statement. The transfer of your personal data outside of Malaysia would also be required if you are traveling, residing or based outside of the said territory.

If you would like more information, please contact us through the MyMy app or by sending an email to compliance@my-my.com.

13. How do you protect my personal data?

We recognise the importance of protecting and managing your personal data. Any personal data we process will be treated with the utmost care and security. This section sets out some of the security measures we have in place.

In our offices we have organized departments so that those persons who are authorized to view, monitor, analyze, and manage personal information are isolated from other employees.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Please be sure to sign off when you finish using our Services on a shared computer.

14. How long will you keep my personal data for?

We will generally keep your personal data for six years after our business relationship ends or such period as may be required by applicable local laws. However, if there is a need to retain the data longer for circumstances out of MyMy’s hand, such as to assist an ongoing investigation and so on.

We are required to keep your personal data for this long by anti-money laundering and e-money laws. We may keep your personal data for longer because of a potential or ongoing court claim or another legal reason.

Nothing in this Statement shall limit your right under applicable local privacy law. This Privacy Policy shall be governed by the laws of Malaysia. You agree to submit to the exclusive jurisdiction of the Malaysia courts.

This agreement is drafted in the English language and Bahasa Melayu. If this agreement is translated into any other language, the English language version shall prevail.

If you have questions, concerns or suggestions regarding this policy, you may contact us on our support page or please contact us at support@my-my.com/compliance@my-my.com.