At RMBex, we value your privacy and strive to protect your personal data. RMBex will only collect and use your personal data in accordance with this Privacy policy and our Terms of Use.Reference in this policy to “RMBex”, “we”, “us”, “our” or any similar term is to RMBex Limited, who is the data controller.

This Privacy policy explains:

• How we collect personal data
• How we use cookies
• Third-party cookies
• Declining cookies
• How we use your personal data
• How we share personal data
• Security of your personal data
• Global company
• Additional matters relating to personal data

How we collect personal data

When we open and operate an account for you, provide you with our products and services, or communicate with you, we may collect your personal data. We do this in various ways, including:

• when you provide it to us such as when you sign up for a RMBex account, use our products and services, or take part in customer surveys, competitions and promotions;
• when you communicate with us by email, chat, telephone or any other means, we collect the communication and any data provided in it;
• when you use the RMBex platform we collect information on your transactions and other use of your RMBex account;
• when we obtain information from third parties such as identity verification services, credit reference agencies, and regulatory and enforcement agencies.

How we use cookies

We also collect personal data through the use of cookies. Cookies (and other similar technologies) help us give you the best experience of using our site.

Cookies are small data files that we or companies we work with may place on your computer or other devices when you visit our website. They allow us to remember your actions or preferences over time.

We use cookies to collect data that helps us to:

• track site usage and browsing behaviour;
• allow you to sign in to your account and navigate through the website;
• tailor our website’s functionality to you personally by letting us remember your preferences;
• improve how our website performs;
• allow third parties to provide services to our website;
• monitor the effectiveness of our promotions and advertising; and
• mitigate risk, enhance security and help prevent fraud.

We use both session and persistent cookies. Session cookies are deleted when you close down your browser, while persistent cookies remain on your device until they expire or you delete them. Persistent cookies allow us to remember things about you when you visit our website again.

Third-party cookies

We may use authorised third-party providers to help us with various aspects of our business, such as website operations, services, applications, advertising, support tools and to serve you relevant content. These service providers may place cookies on your device (third-party cookies) or make use of similar tracking technologies such as web beacons. No personally identifiable information is stored in third-party cookies. The information reported to us is aggregated and anonymous. We use this information to understand, for example, the effectiveness of our advertising and marketing. Web beacons are small graphic images (also known as “pixel tags” or “clear GIFs”) which may be used to collect and store information about visits to our website (such as which pages you viewed and how long you spent on the website) and communication efficiency (such as the email delivery and open rates). Where necessary, the information gathered by web beacons may be tied to your personal data strictly for the purposes set out herein.

Declining cookies

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. Certain aspects and features of our services are only available through the use of cookies. By signing up for an account with RMBex, or continuing to use our website, you agree to our use of cookies as set out in this policy. You may decline our cookies if your browser or browser add-on permits, but doing so may interfere with your use of RMBex's services. For information on how to delete or reject cookies, you can consult the "help" function within your browser, or visit www.allaboutcookies.org, where you will also find more information data about cookies generally.

How we use your personal data

We use personal data for one or more of the following purposes:

• to verify your identity in accordance with Know Your Customer (KYC), Anti-Money Laundering (AML), Countering Financing of Terrorism (CFT) and sanctions screening requirements;
• to manage and maintain your account with us;
• to prevent fraudulent or unauthorised use of our products and services;
• to better manage our business and your relationship with us;
• to improve our products and services, and to develop new products and services;
• to notify you about benefits and changes to the features of our products and services;
• to provide you with personalised advertising and marketing;
• to respond to your enquiries and to resolve disputes.

Where necessary to protect our legal rights and interest, or the interests of others, we also use personal data in relation to legal claims, compliance, audit, risk management and regulatory functions. We may also use personal data in connection with the acquisition, merger or sale of a business.

How we share personal data

We share personal data with:

• any person that works for us or for one of our group companies;
• any entity that forms part of the RMBex group of companies, including where relevant the RMBex operating entity in the country or region in which you live;
• financial and other institutions we partner with to provide our products and services;
• companies and organisations that provide services to us, including in relation to technical infrastructure, marketing and analytics, and web and app development;
• companies and organisations that assist us with identity verification, background screening, due diligence and processing or otherwise fulfilling transactions that you have requested;
• our professional advisers, consultants and other similar services.
• We will otherwise treat your personal data as private and confidential and will not share it with other parties except:
• where you have given permission;
• where we believe it is reasonably necessary to comply with any law, regulation, legal process or governmental request, to enforce our Terms of use or other agreements, or to protect the rights, property, or safety of us, our customers or others;
• where we may transfer rights and obligations pursuant to our agreement with you.

How we share personal data

RMBex places great importance on ensuring the security of your personal data. We regularly review and implement up-to-date technical and organisational security measures when processing your personal data. Employees of RMBex are trained to handle personal data securely and with the utmost respect, failing which they may be subject to disciplinary action.

Global company

The personal data we collect may be transferred to, stored and processed outside of the jurisdiction in which you reside, and the laws of those countries may differ from the laws applicable in your own country. For example, data collected in the European Economic Area (EEA) may be transferred to, stored and processed at a destination(s) outside of the EEA. Any processing of such data will be undertaken by our staff, or the staff of our third-party service providers, whose roles will include verifying your identity, processing payment details, and providing customer support. By accepting this Privacy policy, and then submitting your personal data, you agree to the transfer, storing or processing of it outside of your jurisdiction.

Additional matters relating to personal data

Retention of personal data

RMBex will retain your personal data, in compliance with this Privacy policy and the Terms of use, for the duration of your relationship with us, and afterwards for such period as may be necessary for our legitimate business purposes (including compliance with our legal obligations, preventing fraud, resolving disputes and enforcing agreements), to protect the interests of RMBex and its customers, and as required by Malaysia’s Personal Data Protection Act 2010 and other laws.

Incomplete personal data

Where indicated (for example in application forms or account opening forms), it is obligatory to provide your personal data to us to enable us to process your application for our products or services. Should you decline to provide such personal data, we may not be able to process your application/request or provide you with our products or services.

Your right to access, update, or remove your personal data

Most of the data RMBex collects, and the ways in which we use it, are necessary for us to provide and improve the services we provide to you, or to comply with our obligations. In certain situations, we give you the ability to choose how we use your data.

Depending on the country in which you live, you may have certain rights under data protection law, including the right to object to the processing of your personal data or to request that we:

• provide you with a copy of your personal data (including in a format that can be shared with a new provider); or
• correct, delete, or restrict the processing of your personal data.

Please submit a support ticket if you would like to exercise any of the above rights. These rights are limited in some situations, such as where we are legally required to process your data, and may limit your ability to use our products and services.

Data breaches

We will notify you and the relevant supervisory authority as soon as we become aware of any data breach that is likely to result in a risk to your rights and freedoms.

Credit and debit card data

We do not store your full credit and debit card data. This data is securely transferred and stored off-site by an authorised payment vendor in compliance with Payment Card Industry Data Security Standards (PCI DSS). This information is not accessible to RMBex or RMBex’s employees or any agent acting for or on behalf of RMBex.

Revisions to this Privacy policy

We may amend this Privacy policy from time to time. You should visit the website regularly to check when this Privacy policy was last updated and to review the current policy. We will do our best to notify you of any substantive amendments to the Privacy policy and any such notice will be posted on our application or our website, or sent by email to the address associated with your RMBex Account (see Electronic Communications).

Contacting RMBex in relation to personal data

Should you have any query in relation to this Privacy policy or how we handle your personal data, please contact us by submitting a support ticket.