Privacy Policy
Last Updated: July 2026
1. Introduction
MajesticDuit ("we", "us", "our", or the "Company") operates the MajesticDuit digital lending platform. We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you access or use our mobile application, website, or any related services (collectively, the "Platform").
This policy is prepared in accordance with the Personal Data Protection Act 2010 (Act 709) ("PDPA") of Malaysia. By using our Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.
In this policy, "personal data" has the meaning ascribed to it under the PDPA, which includes any information relating to a data subject who is identified or identifiable from that information alone or in combination with other information. If you do not agree with the terms of this Privacy Policy, please do not access or use our Platform.
2. Information We Collect
We collect personal data that you voluntarily provide to us when you register for an account, apply for a loan, or interact with our Platform. The categories of personal data we may collect include:
2.1 Personal Identification Information
We collect your full legal name as per your MyKad or passport, your National Registration Identity Card (NRIC/IC) number, date of birth, gender, nationality, and a photograph or scanned copy of your identification document for identity verification purposes. This information is mandatory for account creation and loan application processing under Malaysian financial regulations.
2.2 Contact Information
We collect your email address, mobile phone number, and residential or mailing address. Your phone number is essential for two-factor authentication, SMS notifications regarding your loan application status, repayment reminders, and important account security alerts. Your email address is used for formal correspondence, electronic statements, and policy updates.
2.3 Financial Information
To assess your loan eligibility and determine appropriate loan terms, we collect details about your monthly or annual income, employment status and history, employer name and address, occupation, length of employment, and your bank account information (including bank name and account number) for disbursement and repayment purposes. We may also request details about your existing financial obligations and credit commitments.
2.4 Device and Technical Information
When you access our Platform, we automatically collect certain technical information, including your Internet Protocol (IP) address, browser type and version, operating system, device type and model, unique device identifiers, screen resolution, language preferences, and information about how you navigate and interact with our Platform. This data is collected to ensure the security of our systems, troubleshoot technical issues, and improve your user experience.
2.5 Credit and Repayment Information
We collect information related to your credit history, including credit reports obtained from licensed credit reporting agencies such as Bank Negara Malaysia's Central Credit Reference Information System (CCRIS), CTOS, and other authorized credit bureaus. We also maintain records of your loan repayment history, including payment dates, amounts paid, any late or missed payments, and the current status of all loans held through our Platform.
3. How We Use Your Information
We process your personal data for the following purposes, which are permitted under the PDPA:
- a Processing Loan Applications: Evaluating, verifying, and processing your loan applications, including conducting creditworthiness assessments, determining loan eligibility, calculating appropriate loan amounts and interest rates, and making lending decisions.
- b Identity Verification: Verifying your identity, age, and nationality to ensure that you are eligible to use our services and to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements under Malaysian law.
- c Account Communication: Communicating with you about your account, including loan application status updates, approval notifications, disbursement confirmations, repayment schedules, payment reminders, and any changes to our services or terms.
- d Service Improvement: Analysing usage patterns and feedback to improve our Platform, develop new features, enhance user experience, and personalise content and service offerings to better meet your needs.
- e Legal Compliance: Complying with applicable laws, regulations, court orders, subpoenas, government directives, and regulatory requirements, including those imposed by Bank Negara Malaysia, the Securities Commission, and other relevant authorities.
- f Fraud Prevention and Security: Detecting, preventing, and investigating fraudulent activities, unauthorised access, identity theft, money laundering, and other illegal or prohibited activities, as well as maintaining the security and integrity of our Platform and systems.
4. Information Sharing and Disclosure
We take the confidentiality of your personal data seriously. We do not sell, rent, or trade your personal data to any third parties for their marketing purposes. However, we may share your personal data in the following circumstances:
4.1 Credit Bureaus and Reporting Agencies
We may share your credit and repayment information with licensed credit reporting agencies, including CCRIS (Bank Negara Malaysia), CTOS Data Systems, and Experian. This information is shared to contribute to your credit profile, verify information you have provided, and assess your creditworthiness. Your repayment performance with us may positively or negatively impact your overall credit score.
4.2 Payment Processors and Financial Institutions
We may share necessary financial information with licensed payment processors, banking partners, and financial institutions to facilitate loan disbursements, process repayments, and manage electronic fund transfers. All such partners are bound by strict confidentiality obligations and data protection agreements.
4.3 Law Enforcement and Regulatory Authorities
We may disclose your personal data to law enforcement agencies, regulatory authorities (including Bank Negara Malaysia, the Ministry of Housing and Local Government, and the Securities Commission), courts, or other government bodies when required by law, regulation, legal process, or governmental request. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
4.4 Service Providers
We may engage third-party service providers to perform functions on our behalf, including cloud hosting providers, data analytics services, customer support services, and audit firms. These service providers are contractually obligated to process your personal data only in accordance with our instructions and to maintain appropriate security measures. They are prohibited from using your personal data for their own purposes.
5. Data Security
We implement industry-standard technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- 256-bit SSL/TLS Encryption: All data transmitted between your device and our servers is encrypted using industry-leading SSL/TLS protocols, ensuring that your information is protected during transmission.
- Secure Server Infrastructure: Your data is stored on secure servers hosted in certified data centres with physical security controls, fire suppression systems, and redundant power supplies.
- Access Controls: We enforce strict role-based access controls, ensuring that only authorised personnel who require access to your personal data for legitimate business purposes can view or process it. All access is logged and monitored.
- Regular Security Audits: We conduct periodic vulnerability assessments, penetration testing, and security audits performed by independent third-party security firms to identify and address potential weaknesses in our systems.
- Data Encryption at Rest: Sensitive personal data, including identification numbers and financial information, is encrypted at rest using AES-256 encryption to provide an additional layer of protection.
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you acknowledge that you provide your personal data at your own risk. In the event of a data breach that may affect you, we will notify you and the relevant authorities in accordance with the requirements of the PDPA.
6. Data Retention
We retain your personal data for as long as your account remains active with us, or as needed to provide you with our services. Upon the closure or deactivation of your account, we will retain your personal data for a period of seven (7) years from the date of account closure, in compliance with the regulatory requirements under Malaysian financial laws and the PDPA.
This retention period is necessary for regulatory reporting, audit purposes, resolution of disputes, and compliance with anti-money laundering and counter-terrorism financing (AML/CFT) regulations. After the applicable retention period has elapsed, your personal data will be securely deleted or anonymised in accordance with our data disposal procedures.
Certain categories of data, such as anonymised and aggregated statistical data that cannot reasonably be used to identify you, may be retained indefinitely for analytical and research purposes.
7. Your Rights Under the PDPA
Under the Personal Data Protection Act 2010, you have the following rights regarding your personal data:
7.1 Right of Access
You have the right to request access to the personal data we hold about you. You may submit a written request to our Data Protection Officer, and we will provide you with a copy of your personal data within twenty-one (21) days of receiving your request, subject to any exemptions under the PDPA. A reasonable fee may be charged for processing your request.
7.2 Right to Correct Personal Data
You have the right to request the correction of any personal data that is inaccurate, incomplete, misleading, or not up to date. We will take reasonable steps to correct such data promptly upon receiving your written notification and supporting documentation. You may update certain information directly through the Platform's account settings.
7.3 Right to Withdraw Consent
You may withdraw your consent for the processing of your personal data at any time by contacting us in writing. Please note that withdrawal of consent does not affect the lawfulness of any processing carried out prior to the withdrawal. In some cases, withdrawal of consent may result in the termination of your account and our inability to provide certain services to you.
7.4 Right to Request Data Deletion
You may request the deletion of your personal data, subject to legal and regulatory requirements. We may not be able to accommodate deletion requests where retention of data is required by law, necessary for the completion of a transaction you have requested, required for regulatory compliance and audit purposes, or necessary for the establishment, exercise, or defence of legal claims. We will inform you of the reasons if we are unable to fulfil your deletion request.
8. Cookies and Tracking Technologies
Our Platform uses cookies, web beacons, pixels, and similar tracking technologies to enhance your browsing experience and collect information about how you interact with our services. The types of cookies we use include:
- Essential Cookies: These cookies are strictly necessary for the operation of our Platform, enabling core functionalities such as session management, security features, and authentication. They cannot be disabled as the Platform would not function properly without them.
- Analytical Cookies: These cookies help us understand how visitors interact with our Platform by collecting anonymous statistical data about page views, navigation patterns, and feature usage. This information allows us to improve our Platform's performance and usability.
- Functional Cookies: These cookies remember your preferences and choices (such as language settings and display preferences) to provide a more personalised experience on subsequent visits.
You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies through their settings menus. Please note that disabling certain cookies may affect the functionality of our Platform. For more information about managing cookies, you may visit www.allaboutcookies.org.
We may also use third-party analytics services such as Google Analytics to collect and analyse usage data. These third-party services may use their own cookies to gather information about your interactions with our Platform. The information generated is typically transmitted to and stored on servers operated by these third parties.
9. Third-Party Links and Services
Our Platform may contain links to third-party websites, applications, or services that are not operated or controlled by MajesticDuit. These include links to credit bureau websites, government portals, payment processing partners, and social media platforms.
This Privacy Policy does not apply to those third-party websites or services. We are not responsible for the privacy practices, content, or policies of any third-party websites. We encourage you to review the privacy policies of any third-party sites you visit through links on our Platform. The inclusion of any link on our Platform does not imply our endorsement of the linked site or its operators.
10. Children's Privacy
Our Platform and services are not intended for, and may not be used by, persons under the age of eighteen (18) years. By using our Platform, you represent and warrant that you are at least 18 years old and have the legal capacity to enter into a binding agreement.
We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a person under the age of 18, we will take immediate steps to delete such information from our systems. If you believe that a minor has provided us with personal data, please contact us immediately at the email address provided below.
11. Changes to This Privacy Policy
We reserve the right to update, amend, or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this policy, we will notify you by posting the updated policy on our Platform with a revised "Last Updated" date.
For significant changes that may affect your rights, we will additionally send you an email notification to the address associated with your account or display a prominent notice within the Platform. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of the Platform after any changes to this policy constitutes your acceptance of the revised terms.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us using the following details:
MAJESTIC SALUTE SDN. BHD.
We aim to respond to all privacy-related enquiries within fourteen (14) business days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia.