NOTICE CONCERNING YOUR PERSONAL

We are committed to protecting the privacy of the investors in conducting our unit trust management business. “Personal Data” is information that identifies and relates to you or other individuals (such as your joint account holder). In this form, we describe to you how we handle your Personal Data that we collect through this Fund Master Form (the “Fund Master Form”) and through other means (for example, from your written instructions, telephone calls, e-mails and other communications or correspondences with us, as well as from our unit trust agents, financial planners, business partners, other unit trust management companies, or other third parties involved in our business dealings with you). “YOU” IN THIS NOTICE REFERS TO YOU AS PRINCIPAL HOLDER AND/OR YOUR JOINT ACCOUNT HOLDER, IF APPLICABLE.

1. About this Notice :
   1. This “Notice Concerning Your Personal Data” (“Notice”) is issued pursuant to Section 7 of Malaysian Personal Data Protection Act 2010 (“Act”) under the “Notice and Choice Principle”. Please refer to Section 2 of this Notice for definition of Personal Data.
   2. This Notice is available in both the national and English languages. You may request to be issued a free copy of the Notice in either or both languages by sending an email to our Customer Service at phillipmutual@phillipcapital.com.my, calling our Customer Service Hotline at 03-2783 0200, or writing to “Customer Service, Phillip Mutual Berhad” at B-18-6, Block B Level 18 Unit 6, Megan Avenue II, No. 12, Jalan Yap Kwan Seng, 50450 Kuala Lumpur. This Notice is also available on our website "phillipmutual.com" and “eunittrust.com.my”
   3. PLEASE NOTE THAT THE ACT IS ONLY APPLICABLE IN RESPECT OF DATA PROVIDED BY INDIVIDUAL APPLICANT(S) (i.e. INDIVIDUAL DATA SUBJECTS) ONLY AND NOT APPLICABLE TO CORPORATE APPLICANTS.


2. What is Your Personal Data (Definition of Personal Data):
   1. Your Personal Data means any information given by you (“the Data Subject”) that relates directly or indirectly to you in our business dealings with you, which is:-
      being processed wholly or partly using electronic medium (e.g. computer) or any equipment operating automatically; or manually;
      being recorded by us with the intention that it should wholly or partly be processed by means of such equipment referred to above,
      being recorded as part of relevant filing system or with the intention that it should form part of our filing system
   2. Personal Data also includes “sensitive” personal data (“Sensitive Personal Data”), defined as any personal data consisting of information as to your physical or mental health or conditions, your political opinions, your religious beliefs or other beliefs of a similar nature, the commission or alleged commission by you of any offence, or any other sensitive personal data as determined under the Act.
   3. Description of the Personal Data collected from you is set out in Section 8 below.
   4. SENSITIVE PERSONAL DATA STATEMENT: In general, we will never ask for any of your Sensitive Personal Data as it is not relevant to our business dealings with you. If it becomes necessary to ask for such Sensitive Personal Data, we will only process the same after receiving your express written consent.


3. The purposes for which your Personal Data is being or collected and further processed: We collect and process your Personal Data for the following purposes:
   1. To solicit contributions to Units in the Unit Trust Fund(s).
   2. To aid us to make decisions on whether and how to provide our products and services to you
   3. To enter into business transaction with you.
   4. To deliver the necessary notices, services and/or products in accordance with our agreement with you.
   5. To execute business process and operations such as client relationship management,
   6. To aid in our planning in connection with our service and products.
   7. To communicate with you as part of our client-business relationship.
   8. To send you important information regarding changes to our policies, other terms and conditions and other administrative information.
   9. To assess your eligibility for suitable investment plans, and process your funds and other payments.
   10. To improve the quality of our training and security (for example, with respect to recorded or monitored phone calls to our Customer Service contact numbers).
   11. To prevent, detect and investigate crime, including fraud and money laundering, and analyze and manage other commercial risks.
   12. To carry out market research and analysis, including satisfaction surveys, where applicable.
   13. To provide marketing information to you (including information about other products and services offered by companies within our PhillipCapital Malaysia Group and selected third-party partners) in accordance with preferences you have expressed.
   14. To personalize your experience on our website by presenting information to you via our website.
   15. To allow you to participate in contests, prize draws and similar promotions, and to administer these activities. Some of these activities have additional terms and conditions, which could contain additional information about how we use and disclose your Personal Data, which you must read carefully.
   16. To manage our IT infrastructure and business operations.
   17. To comply with internal policies and procedures such as for auditing; finance and accounting; IT systems; data and website hosting; business continuity; and records, document and print management.
   18. To resolve complaints, and handle requests for data access or correction.
   19. To comply with applicable Malaysian laws and regulatory obligations (such as those relating to anti-money laundering and anti-terrorism)
   20. To comply with legal process; and respond to requests from public regulatory and governmental authorities.
   21. To establish and defend the legal rights privacy, safety or property of our company and/or related companies, and pursue available remedies or limit our damages.


4. How we collect your Personal Data (Source of your Personal Data):
   
   We collect your Personal Data from various sources such as from the internet and social media, from publicly available information, from forms submitted by you, and through telephone calls, telephone recordings, camera and security footage (CCTV), your communication and correspondences with us (via electronic or written media), from our unit trust agents, financial planners, business partners, other unit trust management companies, or other third parties involved in our business dealings with you.


5. Your right to access your Personal Data and make correction requests, raise questions and concerns:
   1. You shall be given access to your Personal Data held by us and you shall be able to correct that Personal Data where the Personal Data is inaccurate, incomplete, misleading or not up-to-date, except where compliance with a request to such access or correction is refused under the Act.
   2. Your Personal Data shall be processed by us or by a third party (“Service Provider”) on our behalf.
   3. You may, upon payment of a prescribed fee, make a request in writing to us, for (1) information of your Personal Data that is being processed by or on our behalf, and (2) for a copy of your Personal Data to be provided to you in a legible format.
   4. If you found your Personal Data to be inaccurate, incomplete, misleading or not up-to-date, you have the right to access, correct, object to the use of, or request deletion or suppression of your Personal Data. Please contact us as set out in Section 7 below with any such requests or if you have any questions or concerns about how we process Personal Data.
   5. We will ensure compliance with your request not later than twenty-one (21) days from the date of receipt of such request, subject to Section 5.5 below.
   6. Please note that some Personal Data may be exempt from access, correction, objection, deletion or suppression rights in accordance with the Act. We will notify you when certain circumstances arise as permitted under the Act where we may refuse to comply with your request not later than twenty-one (21) days from the date of receipt of your request.


6. Sharing of Your Personal Data (the class of third parties to whom we disclose or may disclose your Personal Data):
   1. We may make your Personal Data available to:
      1. Our group companies
         For a list of PMB or PhillipCapital group of companies that may have access to and use of your Personal Data, please refer to: https://www.phillipcapital.com.my. PMB is responsible for the management and security of jointly used Personal Data. Access to Personal Data within PMB is restricted to those individuals who have a need to access the information for our business purposes.
      2. Other marketing and distribution parties
         In the course of marketing and distribution of unit trust funds, we may make Personal Data available to third parties such as other financial planners; service providers; regulators and employees and other intermediaries and agents; appointed representatives; distributors; affinity marketing partners; and financial institutions, securities firms and other business partners.
      3. Our service providers
         External third-party service providers, such as medical professionals, accountants, auditors, experts, lawyers and other outside professional advisors; call center service providers; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; banks and financial institutions that service our accounts; third-party back office service providers and administrators; document and records management providers; construction consultants; engineers; examiners; administrators of justice; translators; and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
      4. Governmental authorities and third parties involved in court action
         We may also share Personal Data with governmental or other public authorities (including, but not limited to, workers’ compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside Malaysia; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside Malaysia; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of PhilipCapital Malaysia Group of companies; (f) to protect our rights, privacy, safety or property, and/or that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.
      5. Other Third Parties
         We may share Personal Data with payees; emergency providers (fire, police and medical emergency services); retailers; medical networks, organizations and providers; travel carriers; credit bureaus; credit reporting agencies; and other people involved in an incident that is the subject of a dispute; as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganization, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business, assets or stock.
         
         Personal Data may also be shared by you, on message boards, chat, profile pages and blogs, and other services on our website to which you are able to post information and materials. Please note that any information you post or disclose through website services will become public information, and may be available to visitors to the website and to the general public. We urge you to be very careful when deciding to disclose your Personal Data, or any other information, on our website.
   2. We shall ensure that there is a procedure, policy, process or control when vendors, contractors, suppliers or any third party are allowed to have access to your Personal Data in the course of data maintenance.


7. Who to contact about your Personal Data (for any inquiries or complaints in respect of your Personal Data):
   
   If you have any questions about our use of your Personal Data you can e-mail to our Customer Service at phillipmutual@phillipcapital.com.my, or call our Customer Service Hotline at 03-2783 0200, or write to “Customer Service”, Phillip Mutual Berhad at B-18-6, Block B Level 18 Unit 6, Megan Avenue II, No. 12, Jalan Yap Kwan Seng, 50450 Kuala Lumpur.


8. Your Personal Data that we collect (Description of the Personal Data collected from you):
   The Personal Data collected about you may include:
   
   General identification and contact information
   Your name; address; e-mail and telephone details; gender; race, nationality status; identification
   card number; date of birth; passwords; educational background; photos; employment history, skills
   and experience; professional licenses and affiliations and relationship to the joint account holder (if
   applicable).
   
   Identification numbers issued by government bodies or agencies
   National registration identification number; passport number; tax identification number; military; identification number; or driver’s or other license number.
   
   Financial information and account details
   Payment card number; bank account number and account details; credit history and credit score; assets; income; and other financial information.
   
   Other sensitive information
   In rare cases, we may receive sensitive information about your religious beliefs, political opinions, family medical history or genetic information (for example, if you apply for insurance through a third-party marketing partner that is a trade, religious or political organization). In addition, we may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud. We may also obtain sensitive information if you voluntarily provide it to us (for example, if you express preferences regarding medical treatment based on your religious beliefs).
   
   Telephone recordings
   Recordings of telephone calls to our representatives and customer service call centers.
   
   Information enabling us to provide products and services
   Location and identification of your property to send your statement (for example, property address); your status as director or partner; and other ownership or management interest in an organization.
   
   Marketing preferences and customer feedback
   You may let us know your marketing preferences, enter a contest or prize draw or other sales promotion, or respond to a voluntary customer satisfaction survey.
   


9. The choices and means available for limiting the processing of Personal Data, including Personal Data relating to other persons who may be identified from that personal data:
   If you wish to limit the processing of your Personal Data, including Personal Data relating to other persons who may be identified from that personal data, you may contact us at the address set out in Section 7 above.


10. Whether it is obligatory or voluntary for you to supply your Personal Data
    It is obligatory for you to supply your Personal Data to us to enable us to use it as described in Section 3 above. Your failure to provide your Personal Data may cause us to be unable to provide you any of the services described herein.


11. Withdrawal of consent
    You may by notice in writing withdraw your consent to the processing of your Personal Data. We shall, upon receiving your notice, cease the processing of the Personal Data, whereupon our relationship may be terminated.
    


12. Your right to prevent processing of Personal Data likely to cause damage or distress
    
    1. Subject to Section 12.2, you may at any time by notice in writing to us, require us, at the end of such period as is reasonable in the circumstances, to, in respect of any of your Personal Data, either
       (a) cease the processing of or processing for a specified purpose or in a specified manner; or
       (b) not begin the processing of or processing for a specified purpose or in a specified manner,
       
       if, based on reasons to be stated by you,
       (a) the processing of that Personal Data or the processing of personal data for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to you or to another person; and
       (b)the damage or distress is or would be unwarranted.
       
    
    
    2. Section 12.1 shall not apply where:
       (a) you have given your consent;
       (b) the processing of Personal Data is necessary ;
       
       1. for the performance of a contract to which you are a party;
       2. for the taking of steps at your request with a view to entering a contract;
       3. for compliance with any legal obligation to which we are the subject, other than an obligation imposed by contract; or
       4. in order to protect the vital interests of the data subject; or
       (c) in such other cases as may be prescribed under the Act.


13. Disclosure of your Personal Data
    
    1. Subject to Section 13.1 below, no personal data shall, without your consent, be disclosed:
       1. for any purpose other than (i) the purpose for which the Personal Data was to be disclosed at the time of collection, or (ii) a purpose directly related to the aforementioned purpose , or
       2. to any party other than a third party of the class of third parties as specified in Section 6 above.
    2. Notwithstanding Section 13.1 , your Personal Data may be disclosed by us for any purpose other than the purpose for which the Personal Data was to be disclosed at the time of its collection or any other purpose directly related to that purpose, only under the following circumstances:
       1. you have given your consent to the disclosure;
       2. the disclosure —
          i. is necessary for the purpose of preventing or detecting a crime, or for the purpose of investigations;
          or ii. was required or authorized by or under any law or by the order of a court;
       3. We have acted in the reasonable belief that we had in law the right to disclose the personal data to the other person;
       4. We have acted in the reasonable belief that we would have had your consent if you had known of the disclosing of the Personal Data and the circumstances of such disclosure; or the disclosure was justified as being in the public interest in circumstances as determined by the Government.


14. Security
    
    1. We shall, when processing your Personal Data, take practical steps to protect your Personal Data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction having considered: (a) to the nature of the Personal Data and the harm that would result from such loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction; (b) to the place or location where the Personal Data is stored; (c) to any security measures incorporated into any equipment in which the Personal Data is stored; (d) to the measures taken for ensuring the reliability, integrity and competence of personnel having access to the Personal Data; and (e) to the measures taken for ensuring the secure transfer of the Personal Data.
    2. Where processing of your Personal Data is carried out by a data processor on our behalf, we shall, for the purpose of protecting your Personal Data as set out in Section 14.1 ensure that the data processor (a)give sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and (b) take reasonable steps to ensure compliance with those measures.
    3. We will take appropriate technical, physical, legal and organizational measures, which are consistent with applicable privacy and data security laws. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have with us has been compromised), please immediately notify us. (See the “Who to Contact About Your Personal Data” section above.)
    4. When we provide Personal Data to a service provider, the service provider will be selected carefully and required to use appropriate measures to protect the confidentiality and security of the Personal Data.
    5. We shall ensure that your Personal Data is being held securely, either in electronic form, on paper or in any other medium.
    6. Our responsibility to train our employees, Unit Trust Consultant and Financial Adviser Representative: Since we are responsible for the processing of your Personal Data processed by our employees, we strive to ensure our employees, Unit Trust Consultant and Financial Adviser Representative are aware of their responsibilities when processing of the your Personal Data and Sensitive Personal Data (where applicable) to ensure the reliability, integrity and competence of the employees having access to your Personal Data. Our employees, Unit Trust Consultant and Financial Adviser Representative will be required to undergo training to understand their duties and responsibilities under the Personal Data Protection Act 2010 at least once. We shall restrict access to your Personal Data to those employees, in the strict need to know only


15. Retention of Personal Data
    
    1. Your Personal Data processed for the purposes here shall not be kept longer than is necessary for the fulfilment of that purpose. We shall take all reasonable steps to ensure that all Personal Data is destroyed or permanently deleted if it is no longer required for the purpose for which it was to be processed.
    2. We take reasonable steps to ensure that the Personal Data we process is reliable for its intended use and as accurate and complete as is necessary to carry out the purposes described in this Notice.
    3. We shall keep and maintain a record of any application, notice, request or any other information relating to your Personal Data that has been or is being processed by us or any third Party. For this purpose, we will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
    4. Additionally, we have developed a Document Retention Policy to specify the retention period of your Personal Data and when to dispose any document containing your Personal Data when we no longer require to process it or when you refuse to give your consent pursuant to this Notice. Your Personal Data shall not be kept longer than is necessary for the fulfillment of this purpose and the permanent deletion or destruction of your Personal Data is necessary as soon as there is no more need for this purpose. Similarly, we shall have a policy for Dealing with Data Protection Issues.
    5. We shall keep and maintain a record of any application, notice, request or any other information relating to your Personal Data that has been or is being processed by us as required by Section 108 of the Capital Markets and Services Act 2007 for a period of not less than seven (7) years.


16. Data Integrity:
    We shall take reasonable steps to ensure that the Personal Data is accurate, complete, not misleading and kept up-to-date by having regard to the purpose, including any directly related purpose, for which the Personal Data was collected and further processed.
    


17. Repeated collection of personal data in same circumstances:
    1. Where we have complied with requirement to give this Notice pursuant to the Section 7 of the Act in respect of the collection of Personal Data from you, referred to as the “first collection”; and, where on any subsequent occasion again we collect Personal Data from you, referred to as the “subsequent collection”, we are not required to comply with Section 7 of the Act if (A) to comply in respect of that subsequent collection would be to repeat, in the same circumstances, what was done to comply in respect of the first collection; and (B) not more than twelve (12) months have elapsed between the first collection and the subsequent collection.
    2. For the avoidance of doubt, it is declared that subsection (1) shall not operate to prevent a subsequent collection from becoming a first collection if we have complied with the provisions of the Notice pursuant to Section 7 of the Act.


18. Personal Data of other individuals:
    If you provide Personal Data to us regarding other individuals, you undertake:
    1. to inform the individual about the content of this Privacy and Personal Data Policy; and
    2. to obtain any legally-required consent for the collection, use, disclosure, and transfer (including cross-border transfer) of Personal Data about the individual in accordance with this Privacy and Personal Data Policy.


19. International transfer of Personal Data:
    
    1. Due to the global nature of our business, for the purposes set out above we may only transfer Personal Data to parties located in other countries when it is necessary (including the United States and other countries that have a different data protection regime than is found in the country where you are based). For example, we may transfer Personal Data in order to process international wire transfer for payment settlement. We may transfer information internationally to our group companies, service providers, business partners and governmental or public authorities.
    2. If we do so, we shall ensure that your Personal Data transferred out of Malaysia is secure and protected.


20. Use of Fund Master Form by minors:
    
    1. This Fund Master Form is not directed to individuals under the age of 18 and we request that these individuals do not provide Personal Data through this Fund Master Form.
    2. You are not allowed to provide any Personal Data to us regarding the other individuals who are minors (“said minors”), through this Form, unless you are the parent/legal guardian of the said minors. If you are, you agree to (i) to inform the individual about the content of this Privacy and Personal Data Policy; and give consent on their behalf by executing a Parent/Guardian Consent form, allowing for the collection, use, disclosure, and transfer (including cross-border transfer) of Personal Data of the said minors.


21. Solicitation of Direct Marketing:
    
    1. We invite you to be in our mailing list for the purposes of Direct Marketing from us. “Direct Marketing” means the communication from us by whatever means of any advertising or marketing material from us which is directed to you. Alternatively, we may cease or not to begin processing your Personal Data for purposes of direct marketing. THEREFORE, IF YOU DO NOT WISH TO BE INCLUDED IN OUR FUTURE UNIT TRUST PRODUCTS CAMPAIGN, NEW UNIT TRUST PRODUCTS LAUNCHES AND EVENTS INCLUDING PROMOTIONAL EVENTS WITH BUSINESS PARTNERS IN OUR SERVICE PLATFORM, PLEASE INITIALS HERE [___________]
    2. Notwithstanding the foregoing, you may at any time by notice in writing to us requesting us at the end of such period as is reasonable in the circumstances to cease or not to begin processing your Personal Data for the above purposes. If you are dissatisfied with our failure to comply with your notice, whether in whole or in part, you may submit an application to the Commissioner of Personal Data Protection Board, to require us to comply with the Notice.


22. Your marketing preferences:
    
    1. We will provide you with regular opportunities to tell us your marketing preferences, including in our communications to you. You can also contact us by e-mail at phillipmutual@phillipcapital.com.my, or call us at our Customer Service Hotline: 03- 2783 0200, or write to Customer Service, Phillip Mutual Berhad at B-18-6, Block B Level 18 Unit 6, Megan Avenue II, No. 12, Jalan Yap Kwan Seng, 50450 Kuala Lumpur to tell us your marketing preferences and to opt-out.
    2. If you no longer want to receive marketing-related e-mails from us on a going-forward basis, you may opt-out of receiving these marketing-related emails by clicking on the link to “unsubscribe” provided in each e-mail or by contacting us at the above addresses.
    3. We aim to comply with your opt-out request(s) within a reasonable time period. Please note that if you opt-out as described above, we will not be able to remove your Personal Data from the databases of third parties with whom we have already shared your Personal Data (i.e., to those to whom we have already provided your Personal Data as of the date on which we respond to your opt-out request). Please also note that if you do opt-out of receiving marketing communications from us, we may still send you other important administrative communications from which you cannot opt-out.


23. International transfer of Personal Data:
    
    1. We shall not transfer any of your Personal Data to a place outside Malaysia unless to such place as specified pursuant to the Act.
    2. Notwithstanding Section 23.1, we may transfer your Personal Data to a place outside Malaysia, for example to our group companies, service providers, business partners and governmental or public authorities, under the following circumstances:
       1. Where you have given your consent to the transfer;
       2. the transfer is necessary for the performance of a contract between you and us;
       3. the transfer is necessary for the conclusion or performance of a contract between us and a third party which:
          1. is entered into at your request;
          2. is in your interests.
       4. the transfer is for the purpose of any legal proceedings or for the purpose of obtaining legal advice or for establishing, exercising or defending legal rights;
       5. we have reasonable grounds for believing that in all circumstances of the case—
          1. the transfer is for the avoidance or mitigation of adverse action against you;
          2. it is not practicable to obtain your consent in writing to that transfer; and
          3. if it was practicable to obtain such consent, you would have given his consent.
       6. We have taken all reasonable precautions and exercised all due diligence to ensure that the Personal Data will not in that place be processed in any manner which, if that place is Malaysia, would be a contravention of this Act;
       7. the transfer is necessary in order to protect your vital interests ;
       8. the transfer is necessary as being in the public interest in circumstances as determined under the Act.
    3. Due to the global nature of our business, it may become necessary to transfer your Personal Data outside of Malaysia.