PRIVACY POLICY

Life Insurance Agent Recruitment & Sales Operations

Effective Date: 1st January, 2026

Last Updated:  23rd April. 2026 

Jurisdiction: Malaysia 

Regulatory Compliance: Personal Data Protection Act 2010 (PDPA) and Personal Data Protection (Amendment) Act 2024

1. INTRODUCTION

This Privacy Policy (“Policy”) governs how we collect, use, disclose, and protect personal data from individuals who interact with our life insurance recruitment and sales operations, including through digital platforms, social media, email, WhatsApp, and other communication channels.

We are committed to complying with the Personal Data Protection Act 2010 (PDPA) and its 2024 amendments, which establish the legal framework for data protection in Malaysia. This Policy applies to all personal data we collect, process, and store.

2. WHAT PERSONAL DATA WE COLLECT

We collect personal data in the following categories:

2.1 Contact Information

  • Full name
  • Email address
  • Phone number (mobile and/or landline)
  • WhatsApp contact information
  • Mailing address
  • Business address and location

2.2 Business Information

  • Company name and business type
  • Job title and position
  • Industry sector
  • Years in business
  • Business structure (sole proprietor, partnership, corporation)
  • Employee count
  • Annual business revenue (if voluntarily provided)

2.3 Financial Information

  • Annual income (if voluntarily provided)
  • Existing insurance coverage details
  • Business liabilities and loan information
  • Asset information (if relevant to insurance assessment)

2.4 Communication Data

  • Records of conversations via WhatsApp, Messenger, email, or phone
  • Inquiry details and consultation notes
  • Engagement history with our marketing materials

2.5 Digital Data

  • IP address and device information
  • Facebook/Instagram profile data (if using Lead Ads)
  • Browsing behavior on our website or landing pages
  • Engagement metrics (clicks, views, time spent)

2.6 Sensitive Personal Data (Where Applicable)

  • Health information (if relevant to insurance underwriting)
  • Financial records (for underwriting purposes)

3. HOW WE COLLECT PERSONAL DATA

We collect personal data through the following methods:

3.1 Direct Collection

  • Facebook Lead Ads: When you submit your information through our Facebook or Instagram Lead Generation forms
  • Website Contact Forms: When you fill out inquiry forms on our website or landing pages
  • WhatsApp: When you initiate contact with us via WhatsApp Business
  • Email: When you send us inquiries or subscribe to our communications
  • Phone Calls: When you call us directly
  • In-Person Consultations: When you meet with our agents

3.2 Indirect Collection

  • Third-Party Platforms: Data shared by insurance carriers, brokers, or partners (with your consent or as permitted by law)
  • Publicly Available Information: Information from business directories, LinkedIn, or other public sources (limited to business information only)

3.3 Automated Collection

  • Cookies and Tracking Technologies: We may use cookies, pixels, and similar technologies to track your interaction with our digital platforms
  • Analytics Tools: Google Analytics and Facebook Pixel to measure campaign performance

 

4. LEGAL BASIS FOR DATA COLLECTION & PROCESSING

Under the PDPA, we collect and process your personal data based on the following legal grounds:

4.1 Explicit Consent

We obtain your explicit written or digital consent before collecting sensitive personal data or using your information for marketing purposes. Consent is obtained through:

  • Checkbox confirmation on lead forms
  • Explicit opt-in via email or WhatsApp
  • Verbal confirmation during phone consultations (recorded with your knowledge)

4.2 Contractual Necessity

We process personal data necessary to fulfill our contractual obligations with you, including:

  • Providing insurance consultation services
  • Processing insurance applications
  • Delivering policy documentation

4.3 Legal Obligation

We process personal data as required by law, including:

  • Regulatory requirements from Bank Negara Malaysia (BNM)
  • Insurance Act 1996 requirements
  • Anti-money laundering (AML) and know-your-customer (KYC) obligations

4.4 Legitimate Business Interests

We process personal data for legitimate business purposes, including:

  • Lead generation and sales prospecting
  • Customer relationship management
  • Fraud prevention and risk assessment
  • Business analytics and campaign optimization

 

5. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

5.1 Primary Purposes

  1. Sales & Recruitment: To contact you regarding life insurance products, legacy planning services, and agent recruitment opportunities
  2. Consultation Services: To provide personalized insurance consultations and needs assessments
  3. Policy Administration: To process insurance applications, underwriting, and policy issuance
  4. Customer Service: To respond to inquiries and provide support

5.2 Marketing & Communication

  1. Direct Marketing: To send you promotional materials, product updates, and special offers via email, SMS, WhatsApp, or phone
  2. Campaign Optimization: To analyze which marketing messages resonate with you and improve our campaigns
  3. Lead Nurturing: To send follow-up communications and educational content about insurance planning

5.3 Business Operations

  1. Compliance & Regulatory: To comply with legal and regulatory obligations (BNM, Insurance Commissioner, AML/KYC requirements)
  2. Fraud Prevention: To detect and prevent fraudulent activities
  3. Data Analytics: To understand market trends and improve our products and services
  4. Quality Assurance: To monitor and improve the quality of our services

5.4 Third-Party Sharing

We may share your personal data with:

  • Insurance Carriers: To process insurance applications and underwriting
  • Insurance Brokers & Partners: To facilitate insurance placement (only with your consent)
  • Regulatory Authorities: As required by law (BNM, Insurance Commissioner, etc.)
  • Service Providers: Third-party vendors who assist us in providing services (e.g., payment processors, CRM platforms, email service providers)
  • Legal Advisors: To obtain legal counsel regarding your case or inquiry

We do NOT sell your personal data to third parties for marketing purposes.

 

6. CONSENT & OPT-OUT MECHANISMS

6.1 How We Obtain Consent

  • Explicit Opt-In: You must actively agree to receive marketing communications
  • Clear Language: Our consent forms use plain language explaining what you’re consenting to
  • Separate Consent: Consent for different purposes (e.g., sales calls vs. email marketing) is requested separately

6.2 How to Withdraw Consent

You may withdraw your consent at any time by:

  • Clicking the “Unsubscribe” link in any email communication
  • Replying “STOP” to SMS or WhatsApp messages
  • Sending an email to: [INSERT YOUR EMAIL] with the subject “Withdraw Consent”
  • Calling us at: [INSERT YOUR PHONE NUMBER]

6.3 Consequences of Withdrawal

If you withdraw consent for marketing communications, we will stop sending promotional materials. However, we may still contact you for:

  • Service-related updates (e.g., policy renewals, claims processing)
  • Legal and regulatory requirements
  • Responses to your direct inquiries

 

7. DATA RETENTION & DELETION

7.1 Retention Periods

We retain personal data for the following periods:

Data Type

Retention Period

Reason

Lead Information

3 years

Regulatory requirement & sales follow-up

Customer Records

7 years

Insurance Act 1996 & regulatory compliance

Policy Documents

7 years (minimum)

Legal & regulatory requirement

Marketing Preferences

Until withdrawal

To honor your communication preferences

Financial Records

7 years

Tax & regulatory compliance

Compliance Records

7 years

AML/KYC regulatory requirement

7.2 Data Deletion

Upon expiration of the retention period, we will securely delete or anonymize your personal data, unless:

  • We are required to retain it by law
  • You have an active policy or ongoing relationship with us
  • The data is needed for legal or regulatory purposes

7.3 Your Right to Deletion

You may request deletion of your personal data at any time, except where:

  • Retention is required by law
  • Data is necessary for ongoing services
  • Data is needed for legal claims or disputes

 

8. DATA SECURITY & PROTECTION

8.1 Security Measures

We implement the following security measures to protect your personal data:

  • Encryption: All sensitive data is encrypted in transit (SSL/TLS) and at rest
  • Access Controls: Only authorized personnel have access to personal data
  • Firewalls & Intrusion Detection: We use firewalls and monitoring systems to prevent unauthorized access
  • Regular Audits: We conduct regular security audits and vulnerability assessments
  • Employee Training: All staff handling personal data receive data protection training
  • Secure Storage: Personal data is stored on secure servers with restricted access

8.2 Data Breach Notification

In the event of a data breach affecting your personal data, we will:

  • Notify you within 30 days of discovery (as required by PDPA Amendment Act 2024)
  • Provide details of the breach and steps we’re taking to address it
  • Advise you of measures you can take to protect yourself
  • Report the breach to the Department of Personal Data Protection (if required)

8.3 Limitations

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security of your personal data.

 

9. YOUR RIGHTS UNDER THE PDPA

9.1 Right of Access

You have the right to request access to your personal data held by us. To exercise this right:

  • Submit a written request to: [email protected]
  • Include your full name and contact details
  • We will respond within 14 days with a copy of your data

9.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal data. To exercise this right:

  • Notify us of the inaccurate information
  • Provide corrected information
  • We will update our records within 14 days

9.3 Right to Data Portability (New – PDPA Amendment 2024)

You have the right to request your personal data in a portable format (e.g., CSV, PDF). To exercise this right:

  • Submit a written request specifying the format
  • We will provide the data within 30 days

9.4 Right to Restrict Processing

You may request that we restrict the processing of your personal data in certain circumstances. To exercise this right:

  • Submit a written request explaining the reason for restriction
  • We will acknowledge receipt and advise on processing restrictions

9.5 Right to Object

You have the right to object to certain types of processing, including:

  • Direct marketing communications
  • Automated decision-making
  • Processing based on legitimate business interests

 

10. CROSS-BORDER DATA TRANSFERS

10.1 International Transfers

If we transfer your personal data outside Malaysia, we ensure:

  • The destination country provides an adequate level of data protection (as determined by the PDPA Commissioner)
  • Contractual safeguards are in place (e.g., Data Processing Agreements)
  • You are notified of the transfer and the destination country

10.2 Approved Destinations

We may transfer data to countries that have been approved by the PDPA Commissioner as providing adequate protection. Currently, these include:

  • Singapore
  • Hong Kong
  • European Union (GDPR-compliant countries)

10.3 Your Consent for Transfers

For transfers to non-approved countries, we will obtain your explicit consent before proceeding.

11. THIRD-PARTY LINKS & SERVICES

Our website or communications may contain links to third-party websites, social media platforms, or services. This Privacy Policy does not apply to third-party platforms. When you click on external links, you are subject to their privacy policies.

We recommend reviewing the privacy policies of:

  • Facebook, Instagram, and other social media platforms
  • Third-party insurance carriers
  • Payment processors and service providers

12. CHILDREN’S PRIVACY

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor, we will delete it immediately.

 

13. AUTOMATED DECISION-MAKING & PROFILING

13.1 Automated Decisions

We may use automated systems to:

  • Score leads based on likelihood of conversion
  • Segment audiences for targeted marketing
  • Assess insurance risk (underwriting)

13.2 Your Rights

You have the right to:

  • Request human review of automated decisions
  • Obtain an explanation of how automated decisions were made
  • Challenge or appeal automated decisions

To exercise these rights, contact us at: [email protected]

 

14. COOKIES & TRACKING TECHNOLOGIES

14.1 What Are Cookies?

Cookies are small files stored on your device that track your browsing behavior. We use cookies for:

  • Analytics: To understand how you interact with our website
  • Advertising: To show you relevant ads (Facebook Pixel, Google Ads)
  • Functionality: To remember your preferences

14.2 Cookie Types

  • Essential Cookies: Required for website functionality (cannot be disabled)
  • Analytics Cookies: Help us understand user behavior (can be disabled)
  • Marketing Cookies: Used for targeted advertising (can be disabled)

14.3 Managing Cookies

You can control cookies through your browser settings:

  • Chrome: Settings → Privacy and Security → Cookies and other site data
  • Firefox: Preferences → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data

14.4 Opt-Out Options

 

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Notify you via email or prominent notice on our website
  • Obtain your consent if required by law
  • Provide at least 30 days’ notice before changes take effect

Your continued use of our services after changes are posted constitutes your acceptance of the updated Privacy Policy.

 

16. CONTACT US

If you have questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer (DPO)

Name: Chong Ah Nam

Email: [email protected]

Phone: +6012 8833 207

Address: Fourth Floor, Wisma Prudential, Jalan Abell, 93100 Kuching Malaysia

Complaints to Regulatory Authority

If you believe your personal data rights have been violated, you may lodge a complaint with the Department of Personal Data Protection (PDPC):

Department of Personal Data Protection Address: Level 2, Block B, Menara Digitalk, 286 Jalan Maarof, 59000 Kuala Lumpur Phone: +603-2772 7622 Email: [email protected] Website: www.pdpc.gov.my

 

17. ACKNOWLEDGMENT & CONSENT

By providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, use, and disclosure of your personal data as described herein.

If you do not agree with this Privacy Policy, please do not provide your personal data to us.

 

Document Version: 1.0 Prepared for: Life Insurance Agent Recruitment & Sales Operations Jurisdiction: Malaysia Compliance Standard: PDPA 2010 & PDPA Amendment Act 2024 Recommended Review Date: Annually or upon significant regulatory changes