This notice is prepared in accordance with the Personal Data Protection Act 2010 (Act 709), as amended by the Personal Data Protection (Amendment) Act 2024 (collectively, ‘PDPA’). This notice applies to investors whose personal data is processed before and after this notice is issued by Areca.
We, Areca Capital Sdn Bhd (“Areca” or “the Company”) including its subsidiaries and related companies, as a data controller under the PDPA, are committed to protecting your personal data. This notice explained how Areca processes your data from the point we collect, use, share, dispose of and the security measure that we established to ensure your personal data is well protected.
We are committed to ensuring that all personal data, including any sensitive personal data, is kept confidential and processed only with your explicit consent or as otherwise permitted by law. Such data will not be disclosed except in the circumstances listed below:
a) With your consent;
b) Whereby disclosure is necessary for purpose of preventing or detecting crime or for investigation;
c) Required or authorized by or under any law or by the order of a court;
d) Where we acted in the reasonable belief that we had in law the right to disclose the personal data to the other person;
e) Where we acted in the reasonable belief that we would have had your consent if you had known of the disclosing of the data and the circumstances of such disclosure;
f) The disclosure was justified as being in the public interest in circumstances as determined by the Minister or
g) Required by any regulatory bodies approved by the Securities Commission Malaysia.
For the purpose of this Notice, “you” refers to a data subject (including a data subject under the age of 18) who has given or will give Areca consent to the processing of his or her personal data. The term “data subject”, “personal data”, “sensitive personal data” and “processing” shall have the same meanings as defined under the PDPA.
Areca may amend this notice from time to time. Therefore, you are advised to read this notice carefully each time you wish to provide your personal data to Areca. If you have any questions regarding our personal data protection and privacy notice, please contact us via the contact information below.
We collect all your personal data including but not limited to the following:
a) Name, date of birth, identification card number, house address, marital status, nationality, phone number, email address, occupation and employer’s details, income information, net worth including assets and liabilities and bank account number;
b) Personal data in relation to your family members;
c) Any biometric identifiers (such as facial image or fingerprint) where required for verification purposes; and
d) Any other relevant information which we may require in order to effectively serve and provide you with our products and services.
Unless otherwise stated, all your confidential information or personal data requested by us is mandatory. If you do not provide your personal data as requested or do not allow us to process your personal data accordingly, this will result in our inability to provide you with products and services as requested including our inability to inform you of any relevant information for which Areca shall not be liable.
We collect and obtain personal data in a lawful and fair manner from you or other sources through the following:
a) Any information provided, shared or supplied by you directly to us or Areca’s staff;
b) Official registration form (either printed or electronic) available on the website (www.arecacapital.com) or provided by Areca’s staff;
c) Any enquires, phone calls, emails or correspondence we receive from you; and
d) Any “contact us” form submitted by you via our website (www.arecacapital.com)
We collect your personal data for the following reasons but not limited to :
a) To process your application for the delivery of our products and services and the marketing of such products and/or services, whether present or future, to you, which may include subscribing, redeeming, switching, or transferring units in investments;
b) For client profiling and conducting of marketing activities in connection with our services and related products;
c) To comply with any legal or regulatory requirements relating to our provision of services and products and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular, and/or code applicable to us, including the requirements of anti-money laundering checks;
d) For the organization of seminars, talks or events hosted by Areca or our partners;
e) For those purposes specifically provided for in any particular service or product offered by us;
f) To provide ancillary administrative and management services in connection with your investment, including attending to your enquiries and generally enabling resolution of your concern or complaint;
g) To assess your eligibility for a suitable investment plan, and to process your funds and other payments;
h) To prevent, detect and investigate crime, including fraud and money laundering, analyse and manage other commercial risks;
i) For our internal record-keeping;
j) To communicate and interact with you as part of our customer-business relationship; and/or
k) Any other matters consistent with our business transaction and commercial practices with you as customer of Areca.
We shall keep and process your personal data in a secured manner. We endeavour to implement the appropriate administrative and security safeguards and procedures to prevent the unauthorized or unlawful processing of your personal data and the accidental loss or destruction of or the unauthorised access of your personal data. We also maintain internal procedures to detect, manage, and report any personal data breach in compliance with the PDPA.
As a part of providing, you with our products and services, we may, if deemed necessary, disclose your personal data to the following persons:
a) Our directors, officers and dealer’s representatives for purposes relating to your application and use of our products and services;
b) The custodians and trustees of the funds and investment portfolios under our management, including custodian banks and trustees’ delegates;
c) Our related, associated or affiliated companies;
d) Persons authorised by you;
e) Regulatory bodies such as Bank Negara Malaysia, Securities Commission Malaysia, Bursa Malaysia Securities Berhad, Federation of Investment Managers Malaysia and/or other regulatory bodies governing our products and our activities;
f) Any third-party service provider, agent or vendor who has been appointed by us to provide services to us, subject to sufficient security controls over the information;
g) Our auditors, consultants, accountants, legal advisors or other advisors; and
h) Any other person to whom such disclosure is required by law or regulatory requirement or pursuant to a court order.
Please take notice that your personal data will be disclosed for any of the aforementioned reason or any other reason, to the relevant parties notwithstanding that any such persons may be outside of Malaysia.
We take these measures to protect you:
a) Physical and logical security control policies maintained to safeguard the confidentiality of your personal data;
b) All access to personal records is restricted to authorised personnel only and strictly limited to a need-to-know basis;
c) By ensuring your personal data is kept as required by PDPA;
d) By ensuring our staff not to misuse your personal data; and
e) Only authorised third-party service providers and vendors are allowed to access and operate the systems.
Nevertheless, you are solely responsible to ensure the security of your password to your account and not to disclose it to another party to reduce the risk of data breaches.
In the event of a personal data breach that is likely to result in significant harm, Areca will notify the Personal Data Protection Commissioner and, where applicable, affected individuals in accordance with the PDPA and the Guideline on Data Breach Notification 2025.
We will retain your personal data for seven (7) years or as long as you become our customer. If you are no longer our customer, we will permanently delete your personal data.
Under the PDPA, you have the following rights in relation to your personal data:
You have the right to request access to the details of or a copy of your personal data which we may hold in our possession. A small fee may be charged upon your request.
You also have the right to request us to amend or correct your personal data if your personal data is incorrect or incomplete, by way of notice in writing or email to us.
You may request that we stop contacting or sending you the marketing or promotional materials or advertisement, if you do not wish to receive any marketing or promotion information from us.
You may also withdraw your consent for us to process your personal data. However, please take notice that your withdrawal of consent for us to process your personal data may result in us to be unable to serve you effectively with our services and products including but not limited to inability to keep you apprised on any relevant information which Areca shall not be held liable (if any).
Additionally, you may request us to transmit your personal data to another data controller of your choice directly by giving a notice in writing by way of electronic means to us, provided that the data portability is technically feasible and compatible with the data format.
Any queries, concerns or complaints in relation to this notice or any other matter concerning your personal data can be made to the following department:
Attention to: Investor Care Department/Marketing Support
Mailing Address: 107, Block B, Pusat Dagangan Phileo Damansara 1, No. 9, Jalan 16/11 Off Jalan Damansara, 46350 Petaling Jaya, Selangor, Malaysia.
Telephone No.: +603-7956 3111
Fax No.: +603-7955 4111
Email Address: invest@arecacapital.com
