Maybank2u ID Privacy Notice

Maybank2u ID is the official digital banking application from PT Bank Maybank Indonesia Tbk (hereinafter referred to as “Maybank”), which has been registered to the Financial Services Authority / Otoritas Jasa Keuangan (OJK) and intended for individual Maybank Customers to perform banking transactions independently.

Our commitment to your privacy

This Privacy Notice outlines how Maybank collects, uses, maintains and discloses your personal data in respect of commercial transactions and how Maybank safeguards the personal data.

Your consent is important

When you request information or sign up for our products and services or when you enter into any commercial transactions with the Maybank, you may be required to provide Maybank with your personal data. In doing so, you consent to its use by Maybank in accordance with this Privacy Notice. Your personal data may have otherwise been provided to the Maybank by a third party (for example your spouse, a company in which you are a director, an officer or a shareholder, or a partnership in which you are a partner) for products or services that these third parties have sought from the Maybank on pursuant to commercial transaction entered into with Maybank. In this context, the term "you" or "your" in this Privacy Notice extends to any individual whose personal data has been provided to the Maybank and/or has been collected in other circumstances as described in Section “What types of personal data do we collect?” of this Privacy Notice.

We may collect your sensitive personal data. We will only use your sensitive personal data to provide the service(s) you signed up for. If we collect, use, maintain or disclose your sensitive personal data, we will ask for your explicit consent.

You have the choice, at any time, not to provide your personal data/sensitive personal data or to revoke your consent to Maybank processing of your personal data/sensitive personal data. However, failure to provide such personal data/sensitive personal data or revocation of your consent to process personal data/sensitive personal data provided may result in Maybank being unable to provide you with effective and continuous products and services.

What types of personal data do we collect?

Personal data refers to any information that relates directly or indirectly to an individual, who is identified or identifiable from that information or from that and other information in the possession of Maybank, including any sensitive personal data and expression of opinion, video recordings made through close circuit security surveillance cameras placed for security reasons and audio recordings about the individual.

As part of the prerequisites given from OJK in the process of know-your-customer, Maybank2u ID will ask for customer data including but not limited to ID Card Number, Full Name, Place & Date of Birth, Address, NPWP, information about Work and Financial Data, Telephone or Mobile Number, and customer selfie picture. Those data will be sent and stored in Maybank's banking system (https://m2u.maybank.co.id) and Maybank will guarantee the confidentiality of customer data which will be solely used for the purpose of customer banking transactions. Mobile number information is only for sending transaction codes such as SMS TAC/SMS OTP; and Email Address to activate security features and provide notification of transactions that occur in Maybank2U ID.

The personal data we collect can be either obligatory or voluntary. Obligatory personal data are those that we require in order to provide you with our products and services. If you do not provide us with obligatory personal data, we would not be able to provide you with our products and services. Voluntary personal data are those that are not mandatory in order for us to provide you with our products and services. If you do not provide us with voluntary personal data, you can still sign up for our products and services. Obligatory and voluntary personal data differ for each products and services and will be indicated in the application forms.

How do we collect your personal data?

We obtain your personal data in various ways, such as:

• When you sign up for or use one of the many services we provide or when you register an account at Maybank website; and/or
• When you contact the Maybank through various methods such as application forms, emails and letters, telephone calls and conversations you have with our staff in a branch. If you contact us or we contact you using telephone, we may monitor or record the phone call for quality assurance, training and security purposes; and/or
• From our analysis of your transactions (e.g. payment history, loan, or deposit balances, credit or debit card purchase/payment); and/or
• We may also obtain your personal data when you participate in customer surveys or when you sign up for any of our competitions or promotions; and/or
• When Maybank obtain any data and information from third parties (e.g. credit reference agencies, regulatory and enforcement agencies, employers, joint account holders, guarantors, legal representatives, spouses, parents, guardians, dependents and/or companies/partnership that you hold directorships, shareholdings or partnership in); and/or
• When you enter into any commercial transactions with the Maybank including but not limited to you providing goods and/or services or your professional services; and/or
• From video recordings from close circuit security surveillance cameras and audio recordings; and/or
• From publicly available sources.

Personal data we collect from our websites:

• IP Address
  An IP address is a number that is automatically assigned to your computer when you signed up with an Internet Service Provider. When you visit our website, your IP address is automatically logged in our server. We use your IP address to help diagnose problems with our server, and to administer our website. From your IP address, we may identify the general geographic area from which you are accessing our website. Generally we do not link your IP address to anything that can enable us to identify you unless it is required by law and regulation.

• Information on Cookies
  A cookie is an element of data that a website can send to your browser, which may then store it on your system. We use cookies in some of our pages to store visitors' preferences and record session information. The information that we collect is then used to ensure a more personalised service level for our users. You can adjust settings on your browser so that you will be notified when you receive a cookie. Please refer to your browser documentation to check if cookies have been enabled on your computer or to request not to receive cookies.

What is the purpose of processing your personal data?

We may process your personal data for the following reasons:

• To assess your application for any of our products and services; and/or
• To verify your financial standing through credit reference checks; and/or
• To manage and maintain your account and facility; and/or
• To evaluate your financial needs and to continue performing the contractual obligations entered into between the Maybank and you; and/or
• To respond to your enquiries and complaints and to resolve disputes; and/or
• For internal functions such as evaluating the effectiveness of marketing, market research, statistical analysis and modelling, reporting, audit and risk management; and/or
• To prevent fraud or detect crime or for the purpose of investigation; and/or
• For security reasons in particular personal data collected from close circuit security surveillance cameras.

 
In addition, we may also use your personal data for the fulfilment of any regulatory requirements and for any other reasons connected with providing you the services you require and fulfilment of any commercial transactions entered into by you with the Maybank.

From time to time, we may share your personal data with other entities within Maybank, our agents or subject to your consent, strategic partners with whom we have a relationship with for specific products and services ("Other Entities") as Maybank deems fit and you may receive marketing communication from us or from these other entities about products and services that may be of interest to you. If you no longer wish to receive these marketing communications, please notify us to withdraw your consent and we will stop processing and sharing your personal data with these other entities for the purpose of sending you marketing communications.

You have a choice to withdraw your consent for receiving marketing or promotional materials/communication, you may contact us using the contact details found below. Please note that even if you opt out from receiving marketing or promotional materials, Maybank may still contact you for other purposes in relation to the accounts, facilities or services that you hold or have subscribed to with Maybank.

To whom do we disclose your personal data?

Your personal data held by us shall be kept confidential. However, in order to provide you with effective and continuous products and services and subject at all times to any laws (including regulations, standards, guidelines and/or obligations) applicable to financial institutions, we may need to disclose your personal data to:

• Other Entities within Maybank Group; and/or
• Credit reference agencies when you apply for any of our credit-based products such as personal loan, credit card, mortgage, etc; and/or
• Our agents and service providers with whom we have contractual agreements for some of our functions, services and activities; and/or
• Financial service providers in relation to the products and services that you have with us (e.g. mortgage brokers, insurance companies); and/or
• Strategic partners with whom we have a relationship with for specific products and services if consented to, by you; and/or
• Parties authorised and consented to, by you; and/or
• Enforcement regulatory and governmental agencies as permitted or required by law, authorised by any order of court or to meet obligations to regulatory authorities.

How do we protect your data?

The security of your personal data is our priority. Maybank takes all physical, technical and organisational measures needed to ensure the security and confidentiality of personal data. If we disclose any of your personal data to our authorised agents or service providers, we will require them to appropriately safeguard the personal data provided to them.

How long may we retain your personal data?

We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which it was collected or to comply with legal, regulatory and internal requirements. Afterwards we will destruct or permanently delete your data.

Changes to this Privacy Notice

Please note that we may update this Privacy Notice from time to time. If there are material changes to this Privacy Notice, we will notify you by posting a notice of such changes on our website or by sending you a notification directly. Do periodically review this Privacy Notice to stay informed on how we are protecting your information.

How can you access / correct / update your personal data?

We are committed to ensure that the personal data we hold about you is accurate, complete, not misleading and up-to-date. If there are any changes to your personal data or if you believe that the personal data we have about you is inaccurate, incomplete, misleading or not up-to-date, please contact us so that we may take steps to update your personal data or you may update your personal data through Maybank2u ID app.

You have the right to access your personal data. If you would like to request access to your personal data, please contact us. We may also take steps to verify your identity before fulfilling your request for access to your personal data.

How may you contact us?

If you need to contact us, you may visit any of our branches, call our Call Center at 1500611, or visit us at www.maybank.co.id. For corporate customers, you may contact your relationship manager directly.

We provide the Privacy Notice in both English and Bahasa Indonesia. In case of any inconsistencies between these two, the Bahasa Indonesia version shall prevail. In case there are inconsistencies on how we collect or use your personal data between this Privacy Notice and the terms and conditions of your specific product or service or other contractual documents, the terms and conditions of your specific product or service or other contractual documents shall prevail.

If you have provided the Maybank with personal data of a third party, please ensure that you have obtained the third party's consent in relation to the processing and disclosure of their personal data and that this Privacy Notice is brought to the attention of any such third party.

Security standards employed by us - and what you can do to stay safe online

PT Bank Maybank Indonesia Tbk (hereinafter referred to as “Maybank”) is highly committed to ensuring that all transactions performed through our online financial service are secure, safe and confidential. For this purpose, we enforce privacy protection control systems designed to ensure the highest security standards and confidentiality.

Username and Password

• Information Protection
• Data Confidentiality and Data Integrity
• System Security and Monitoring
• Computer Virus Protection
• Updating Your Browser
• Security Tips

Username and Password

To prevent unauthorised access to our online financial services, every customer is required to select a username and an alphanumeric password, which provides access to their financial information. The username must be between 6 to 20 characters and the alphanumeric password between 8 to 20 characters. The password must include both alphabets and numbers, with special characters # $ & and space as exceptions.
The username and alphanumeric password are case sensitive. For example, if your password is "fuNNySAD2B" and you key in "fuNNySAD2b", you will not be able to login (the "b" must be uppercase).

Here are some tips to ensure the integrity of your username and password:

• Do not choose a password that others can easily guess.
• Do not use simple words, your name, birth date, telephone number or names listed in a standard dictionary.
• Memorise your password and do not write it down.
• Passwords or PINs should be used when accessing an online account to protect your personal information.
• Sharing your password or PIN with another person is the same as giving that individual authority to use your name in a transaction. It should not be disclosed even if requested by an authorised Maybank Officer.
• Change your password frequently.

Information Protection

While we take considerable effort to ensure a safe and secure online experience, we have no control over the device you use to access Maybank2u ID. As an added security feature, we have incorporated an automatic log out function if no activity is detected after a preset time limit.

However, you must ensure you do not provide anyone the opportunity to gain access to your account information:

• Ensure no one has access to your device or records your online activities.
• Always log out Maybank2u ID immediately after completing transactions.
• Do not send any information about your account via e-mail.
• Disable the AutoComplete function on your device to avoid automatic completion of your ID when you type in User ID.

Data Confidentiality and Data Integrity

An SSL certificate offers trust and authentication to your website.

Systems security and monitoring

Maybank has adopted a combination of the following systems security and monitoring measures for online transactions:

• Firewall systems, strong data encryption, anti-virus protection and round-the-clock security surveillance systems to detect and prevent any form of illegitimate activities on our network systems.
• Regular security reviews of our systems by our internal System Auditor as well as external security experts.
• When you have a broadband connected to the Internet (always-on connection), consider installing a personal firewall. At a minimum, power-off your PC when not in use.
• We also take every effort in ensuring collaboration with major vendors/manufacturers to keep abreast of information security technology developments, for possible and future implementation.

Computer Virus Protection

Computer viruses are real and once your computer is infected it can cost you time, loss of information, repair expense, and aggravation. Make sure your computer/device has an anti-virus protection program installed to reduce the risk.

We recommend that you purchase a program that automatically upgrades your virus protection on a recurring basis. If you currently have a virus protection program on your computer without the automatic upgrade feature, make sure you update your virus detection program at least monthly and/or when you hear of a new virus to minimise your risk. You can do this by visiting the Internet site of the company that provides your software.

In addition, we advise you not to open attachments from others unless you are absolutely certain you can trust the source. However, it's best to be cautious. Whoever sent you that attachment may not know that they have carried the virus to you.

Updating your app/browser

• Always update your app/browser when new versions are released because they often include new security features.
• Check your app/browser for built-in safety features that you may or may not elect to use.
• Do not install unnecessary extensions or plugins to the web browser.
• Regularly clear all the cache, cookies and temporary files from the app/browser history.
• It is a good practice to always check the site certificate before login.

Security Tips

Protect Yourself and Your Information Online
10 easy ways to protect yourself:

• Do not share your password with friends, relatives or anyone. Your password and PIN are designed to protect the privacy of your banking information. They will only work if you keep them private.
• Change your password frequently. If you think your password has been compromised, contact us to reset your password.
• Don't use the "remember password" function because this information can be easily accessed by hackers.
• Do not send any information about your account via e-mail.
• Do not provide your account details or passwords in response to an e-mail or by phone. A bank officer will never ask for this information.
• Don't open suspicious e-mail attachments.
• Avoid downloading free programs. These may incorporate hacker-friendly software.
• Always log out of Maybank2u ID immediately after completing transactions.
• Clear your cache (information stored in your computer memory) each time you log out.

If you have queries about any e-mail from Maybank or are suspicious that someone may be trying to get your PIN or account information under false pretenses, contact our Call Center 1500611 immediately.