DATA PROTECTION & PRIVACY POLICY

DATA PROTECTION & PRIVACY POLICY

This Data Protection and Privacy Policy (“Policy”) describes how Multi Trust Ltd (“MTL”, “We”, “Our”, “Us”), a licensed financial services company under the Labuan Financial Services and Securities Act 2010 (Act 704) and regulated by the Labuan Financial Services Authority (LFSA), collects, uses, and discloses personal information obtained through our engagement, website (https://www.multitrustltd.com/), and other sources.

  1. Collection of Personal Data

Your personal data may be collected from various sources, including:

  • Information you provide directly through queries, contact forms, engagement letters, questionnaires, or application forms
  • Information collected automatically when you access our website (IP address, browser type, device information, pages visited, cookies)
  • Information from third parties, public records, regulatory authorities, and professional advisers
  • Payment information processed through CHIP IN (CHIP IN SDN. BHD., Company No.: 202201010914), our payment processor
  1. Types of Personal Data Processed

We may process the following personal data:

  • Identity Information: Name, identification number, passport number, nationality, date of birth, occupation
  • Contact Information: Address, telephone, email address, fax number
  • Financial Information: Transaction records, payment information (processed by CHIP IN), billing address, transaction history
  • Technical Information: IP address, browser type, device identifiers, pages visited, operating system
  • Query Content: Information you submit through contact forms
  • Professional Information: Work experience, academic qualification, professional membership (if applicable)
  • Cookies and Tracking Data: Session and persistent cookies, web beacons

Important: We do NOT store your full credit card information. Payment card data is encrypted, tokenized, and stored securely by CHIP IN in compliance with PCI DSS. See CHIP IN’s privacy policy at the provider’s website.

  1. Purposes of Processing

We collect and process your personal data for the following purposes:

  1. Respond to your inquiries and requests
    b. Process applications and payments you submit
    c. Communicate with you regarding our services
    d. Comply with legal and regulatory obligations (LFSA 2010, PDPA 2010, GDPR, CCPA, COPPA)
    e. Maintain accounting records as required by LFSA 2010 Section 175
    f. Prevent fraud, money laundering, and terrorism financing
    g. Improve our services through analytics
    h. Establish, exercise, or defend legal claims
    i. Security and user protection

We Do NOT: Sell your data, use it for marketing without consent, or engage in automated profiling.

  1. Sensitive Data & Children’s Privacy

We do NOT intentionally collect sensitive personal data (health, political opinions, religious beliefs) unless legally required.

We do NOT knowingly collect data from children under 13. If discovered, we will delete it immediately. Parents can contact info@multitrustltd.com to request deletion.

  1. Disclosure & Data Sharing

We may share your data with:

  • Service Providers: CHIP IN (payment processor), website hosting, email, analytics, legal advisers
  • Regulatory Authorities: LFSA, Malaysian regulators, law enforcement (when legally required)
  • Business Partners: Only with your consent or as required by law
  • Business Transfers: If MTL is acquired or merged, your data may be transferred (we will notify you)

All service providers are bound by confidentiality agreements and LFSA 2010 secrecy obligations.

We Do NOT: Sell data to advertisers, share with marketing partners, or provide data to data brokers.

CHIP IN Contact: | https://chip-in.asia/ | Privacy: https://chip-in.asia/privacy-policy

  1. International Data Transfers

If your data is transferred outside Malaysia, we implement appropriate safeguards:

  • EU users (GDPR): Standard Contractual Clauses per GDPR Article 44-50
  • California users (CCPA): Equivalent privacy protections
  • LFSA-regulated: Equivalent secrecy and security standards under LFSA 2010 Section 178
  1. LFSA 2010 Secrecy Obligations

As a licensed financial services company under LFSA 2010 Section 178, we maintain strict confidentiality. Your personal information cannot be disclosed without your prior written consent, except as authorized by law. We implement reasonable security measures to prevent unauthorized access, misuse, or disclosure.

  1. Data Security

We implement commercially reasonable security measures:

  • Encryption: SSL/TLS for data in transit; industry-standard encryption at rest
  • Access Controls: Only authorized employees have access on a need-to-know basis
  • Secure Storage: Protected servers with firewalls, regular patches, physical security
  • Audits: Periodic security assessments and penetration testing
  • Training: Staff trained on data protection and LFSA 2010 obligations
  • Payment Security: PCI DSS compliance through CHIP IN; tokenization of payment cards

Note: No internet transmission is 100% secure. Use of our services is at your own risk.

Breach Notification: We will notify affected individuals within 72 hours (GDPR) or as required by law, and notify LFSA as required.

  1. Data Retention

MTL retains your personal data as follows:

  • Query/Contact Data: 6 years (LFSA 2010 Section 82)
  • Transaction/Payment Data: 6 years (LFSA 2010 Section 82)
  • Usage Data & Analytics: 1 year
  • Session Cookies: Deleted when browser closes
  • Persistent Cookies: Until deleted by user or expiry date
  • Backup Data: Up to 6 months after deletion
  • Regulatory Records (AML/CFT): 7 years

The 6-year retention requirement under LFSA 2010 Section 82 is statutory and cannot be shortened.

  1. Your Privacy Rights

You have the right to:

  • Access, correct, and delete your personal data
  • Port your data in a portable format (GDPR)
  • Withdraw consent for non-essential processing
  • Object to marketing communications
  • Lodge complaints with relevant authorities:
    • Malaysia: Labuan Financial Services Authority (compliance@labuanfsa.gov.my)
    • EU: Your local Data Protection Authority
    • California: California Attorney General
    • USA: Federal Trade Commission (COPPA)

Data Deletion Limits: We cannot delete data required by law to retain (e.g., 6-year retention under LFSA 2010, AML/CFT records).

If You Refuse Data Provision: Certain data is obligatory. Failure to provide it may prevent us from offering services or completing transactions.

  1. How to Exercise Your Rights

To request access, correction, or deletion:

Email: info@multitrustltd.com
Phone: +6018 7777 938
Mail: Multi Trust Ltd, Block D, Lot 11 First Floor, Pertama Industrial Estate, Off Jalan Asrat, 87000 Labuan, Federal Territory, Malaysia
Web Form: https://www.multitrustltd.com/privacy-policy/

Include:

  • Your full name
  • Email address
  • Specific request(s)
  • Transaction/query reference (if applicable)
  • Proof of identity

Response Time: 30 days (60 days for complex requests requiring coordination with third parties).

  1. Legal Basis for Processing (GDPR)

We process your data under the following legal grounds:

Legitimate Interest: Responding to queries, service improvement, website security, user protection

Performance of Contract: Payment processing through CHIP IN

Legal Obligation: Compliance with LFSA 2010, PDPA 2010, AML/CFT regulations, and record retention (6-year requirement under LFSA 2010 Section 82)

Consent: Non-essential cookies and web beacons (you may withdraw consent at any time)

  1. Notification to Third Parties

If you are a firm, partnership, corporation, or other business entity, you warrant that you have obtained consent from all partners, directors, employees, and shareholders whose data you provide to us. You undertake to notify them of this Policy.

  1. Compliance with AML/CFT

MTL complies with anti-money laundering and counter-terrorism financing regulations. We may collect and verify identity information, monitor transactions, and retain records as required by law.

  1. Additional Disclosures

Do Not Track (DNT): We do not recognize DNT signals. Use your browser settings to manage cookies.

CCPA (California): We do NOT sell or share your data for behavioral advertising.

Sensitive Information: We do not collect health, biometric, or genetic information unless legally required.

  1. Changes to This Policy

We may update this Policy at any time. Significant changes will be notified by email or prominent notice on our website. Your continued use constitutes acceptance of updates.

  1. Acknowledgment

By using our services, you acknowledge that you have read this Privacy Policy and agree to its terms. Your continued use constitutes consent to the collection, use, and processing of your personal data as described herein.

This Policy reflects MTL’s commitment to compliance with LFSA 2010, PDPA 2010, GDPR, CCPA, and COPPA.

 

Get in touch

Leave us a message here and we'll get back to you as quick as possible!

 Call: +6018-7777- 938
Send WhatsApp