Privacy Policy

1. Introduction

Last Updated: 23 July 2023

This Privacy policy describes how INSURA (M) SDN. BHD. (“INSURA”) and its subsidiaries as well as partners collects, stores, processes, discloses and otherwise uses Personal Data of INSURA Members or information provided by you in enrolling under INSURA. Your Personal Data is collected, stored, used, disclosed or otherwise processed only in relation to websites, applications, products, services, content, benefits, events and other experiences under INSURA. In addition, this Privacy Notice also governs other websites, products, services, content, benefits, events and experiences which are owned, facilitated or managed by INSURA and which refer to this Privacy Notice. This Privacy Notice shall only have jurisdiction over the collection, storage, processing, disclosure and usage of Personal Data as provided for in the Personal Data Protection Act 2010. This Privacy Notice also does not apply to any websites, products, services, benefits, content, events or experiences that are not owned or operated by INSURA or are operated or managed by third parties which include but are not limited to our Programme Partners, Panel Insurers and Insurance Agents.

Throughout this Privacy Notice, any reference to we”, “us”, “Company” or “INSURA” refers to INSURA (M) SDN. BHD. and INSURA’s parent company(ies) and subsidiaries. Unless specifically stated or defined otherwise, words and expressions used in this Privacy Notice shall have the meanings attributed to them in the INSURA Terms and Conditions. Whenever used, the expression “Personal Data” shall have the meaning ascribed to it under the Personal Data Protection Act 2010.

Insura public website, including www.insura.com.my , are referred as “Website” and our online software-as-service platform provided by Insura, together with all related services provided by us are collectively referred to as the “Services.”

This Privacy Notice is meant to help you understand how, what and why Personal Data or other information you provide is collected, stored, processed, disclosed and otherwise used by the Company.

By applying for, enrolling as and continuing to be a Member, you expressly consent to the collection, storage, processing, disclosure and use of your Personal Data as described in this Privacy Notice.

2. Information we collect

We collect information when you provide it to us, when you use our Website or Services, and when other sources provide it to us, as further described below.

A. Information You Provide to Us

Account Creation: When you sign up for an account on our Website or Services, we collect personal information that you provide voluntarily, including your full name, email address, phone number, date of birth, and other relevant details.This information is necessary to create and manage your Insura account, enabling you to access various features and benefits.

Subscription Program Enrollment: Any information provided by you and collected by us is consented by you to be given, whether such information is indicated as mandatory to be provided for enrolment or is disclosed voluntarily. Where any information is mandatory to be provided, withholding such information will mean that you do not agree to enroll in INSURA, enjoy a Benefit or have decided to terminate your Membership. If you choose to enroll in our subscription program, we will collect additional information through the enrollment form, which includes the following details:

• Plate No.* (Text Input): Your vehicle’s license plate number is required to associate the subscription with your specific vehicle and ensure accurate identification.
• Model* (Text Input): Providing your vehicle’s model helps us categorize and manage subscription details effectively, tailored to different vehicle models.
• Variants* (Text Input): The variant of your vehicle, such as trim level or special edition, allows us to tailor the program to meet your specific needs and preferences.
• Year Made* (Text Input): Your vehicle’s manufacturing year is essential to ensure eligibility and compatibility with our subscription program and associated services
• Current Insurance Expiry Date (Date Picker): Providing the expiry date of your current insurance allows us to manage the transition smoothly and ensure continuous coverage.
• Current Insurance Premium Paid (A)* (Text Input): This information helps us understand your current insurance coverage and calculate appropriate subscription fees based on your insurance plan.
• Current Roadtax Amount Paid (B)* (Text Input): Providing the amount you paid for your current road tax assists in accurately determining subscription fees and ensuring compliance with legal requirements.

Please note that the fields marked with (*) are mandatory, and providing this information is essential for enrolling in our subscription program.

Payment Information: If you make payments for our Services, we may collect payment details, including credit card information (card number, expiration date, and security code), billing address, and transaction history. Please remember that we do not directly store payment information on our Services. Instead, we use trusted third-party payment providers to securely process your payments. These providers are compliant with industry standards and have robust security measures to safeguard your financial data.

Communication: When you contact our customer support or communicate with us through email or other means, we may collect the content of your communication and any additional information you choose to provide. This helps us address your inquiries, resolve issues, and provide personalized assistance.

B. Information Collected Automatically

Device Information: To improve our Services and understand user preferences, we may collect device information, such as your IP address, device type, operating system, and browser type. This information allows us to optimize our Website and Services for different devices and browsers.

Usage Information: We gather usage data to analyze user behavior and preferences. This includes information about the pages you visit, links you click, and interactions with our Services. By understanding how our users engage with our platform, we can enhance user experience and tailor our offerings to better suit your needs.

Cookies and Similar Technologies: We may use various proprietary and third-party technologies to collect and store information such as cookies and similar technologies. Such technologies and their attendant programs or software may be stored on your personal mobile device or computer. We make no representations with regards to technologies which are not owned by us; however, we will, where practicable, employ industry best practices and technologies. We also make no representations as to the security and confidentiality of the computers, servers, networks or systems of Programme Partners, Panel Insurers or Insurance Agents and shall not be held liable in the event of any breach of your Personal Data originating from the computers, servers, networks or systems of the Programme Partners and Panel Insurers or Insurance Agents.

C. Information from Other Sources

In some cases, we may receive information about you from other sources, such as our trusted partners or social media platforms. This information may include demographic data or interests and is used to supplement the data we collect. Combining data from multiple sources helps us improve our services and provide you with relevant and personalized content.

3. How we use your information

Our primary purpose in collecting personal information is to facilitate your safe, smooth and efficient enjoyment of Benefits. Among others, information provided by you will be used by us to, directly or indirectly:

• process your application for enrolment;
• generate your Member Account and Membership Account Number;
• record the number and details of INSURApoints earned by you;
• communicate with you via telephone, e-mail messages social network communications and/or (where applicable) electronic data messages such as short message service or other online message services;
• facilitate the provision of Benefits;
• facilitate the redemption of INSURApoints; and
• determine and collect any amounts due in relation to your Membership or enjoyment of Benefits;
• facilitate access or use of the INSURA Website and other INSURA Online Channels (as applicable);
• carry out investigations and resolve disputes related to your Membership;
• ensure compliance of the INSURA Terms and Conditions;
• suspend or terminate your Membership;
• update your Member Account records and status;
• monitor trends, volume and other such spending patterns and information of Members;
• conduct market research and statistical analysis including consumer behavioural analysis;
• identify and (where possible) prevent fraud and other illegal activities;
• market and promote products or services of Programme Partners, Panel Insurers and Insurance Agents (unless you decline to receive such materials);
• reply to your enquiries via telephone, email, letters, faxes, message services or social networks.

We may combine and consolidate or provide aggregate, statistical, demographic or trending information data from your interactions with us and information collected by us and disclose the same to Programme Partners, Panel Insurers and/or Insurance Agents in order to market, advertise and/or personalise services or products offered to you by our Programme Partners or Panel Insurers and ‘push’ such marketing content to you via your mobile device unless you have chosen to not to receive such ‘push’ notifications. In such cases, the data provided will be statistical and not disclose your identifiable information.

Unless provided for in this Privacy Notice or permitted under the Personal Data Protection Act 2010, Programme Partners, Panel Insurers or other third parties will not be provided with access to your Personal Data without your express consent. Your consent will also be obtained before your Personal Data is used for any purpose other than those set out or contemplated under this Privacy Notice.

4. Privacy Control

Once logged in to the INSURA app or (where available) other INSURA Online Channels, you may set your personal preferences which may include, among others, whether you wish to receive automatic notifications, allow storage of cookies and other privacy and security options. If you choose to block cookies associated with INSURA you should be aware that blocking such cookies may result in the impairment of the overall Member experience and certain INSURA app and (where available) other INSURA Online Channel functionalities. Among others, your language of preference may not be automatically displayed upon logging in. You should be aware that when you make changes deletions or changes to your personal

information, the deletions or changes made may not be immediately updated and replaced on our servers and residual copies of the deleted or changed information may reside on our backup systems. You can request that we delete such residual information by contacting us via email.

Certain information and privacy preferences may only be updated by the Company upon request and are not capable of being personally and automatically updated by you. Requests from you that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or would be extremely impractical may be rejected by the Company.

Nothing in this Privacy policy shall limit or prevent the exercise of your rights to privacy control as provided for under the Personal Data Protection Act 2012.

5. Sharing and disclosure of information

Personal Data and other information provided by Members will be shared if such disclosure is required to comply with the requirements of any law or pursuant to the direction of a governmental authority or court of competent jurisdiction.

Your personal information may, as permitted by law, be shared with companies, organisations or individuals if, in good faith, we believe that access, use, preservation or disclosure of such information is reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property or safety of the Company, Members or the public.

We may also share your personal information, within or outside Malaysia, with:

Third-parties under contract with us who assist in fulfilling our business operations and/or perform

functions on our behalf such as service providers who provide marketing assistance, payment gateways, channels or processors, fraud investigators, and customer service providers. Such third parties will only have access to your personal information on a needs basis only for them to perform their functions.

Identified third parties whom you have been explicitly notified of in relation to a certain Benefit and have explicitly agreed or consented to.

Other business entities whom we plan to merge with or are in the process of acquiring or being acquired.

6. Withdrawal of Consent

You may withdraw your consent to the collection of your Personal Data and/or information at any time by notifying us in accordance with the Terms and Conditions. In such an event and depending on the information denied to be provided to us, your Membership in the Programme may be terminated.

7. Indemnity

You expressly agree that you will hold the Company harmless against any loss or damage, direct or indirect, suffered as a result of the collection, storage, use or processing of your Personal Data or information you provide in accordance with the terms of this Privacy Notice. You shall not institute any legal actions or claims against the Company in respect of such loss or damage arising from any such disclosures. You shall indemnify the Company for any costs incurred in defending any actions brought by you including for any legal fees or expenses incurred by the Company.

8. Members Account Protection

Your username and password are essential to the privacy and security of your information and your Member Account. By enrolling and continuing Membership, you agree that you shall not disclose your username or password to any other person, including via emails purporting to have been sent by the Company or its employees. Subject to the results of investigations, actions taken under your Member Account are assumed to be lawfully made and legally binding. You are especially advised to be extra careful when using shared computers.

9. Data Security

Your Personal Data and information are stored on our servers in a secure location in Malaysia. We treat information on our servers as assets that must be protected and use industry standard encryption tools, complex passwords and physical security measures to protect all data stored against unauthorised access.

Periodically we also review our data collection, storage and processing practices to emulate industry best practice methods with regards to security and preventing unauthorized access.

Access to data stored is restricted to our employees, contractors and agents who require such access to perform their duties or any other obligations under INSURA. Such employees, if not permanent, are required to issue confidentiality undertakings to the Company and accept liability for any data breaches committed by them.

Notwithstanding and despite our security measures, it is impossible to guarantee that our systems and servers are 100% secure against third party unlawful intrusions whether such access is gained unlawfully via direct access to data stored on our servers or intercepted in communications or transmissions involving you and the INSURA Website and (where applicable) other INSURA Online Channels. Although we will comply with industry standard security protocols, we do not promise, nor should you expect, that the confidentiality of information provided by you under the Programme is guaranteed.

10. Disclosure by Third Parties

Subject to the sharing of information expressly set out in this Privacy Notice, information you disclose to Programme Partners or Panel Insurers will be governed by the different privacy policies of such third parties. We have no control over these other privacy policies and you should therefore review their contents before agreeing to any disclosures or your Personal Data or information.

11. Changes to Privacy Notice

We reserve the right to modify, amend or change this Privacy Notice at any time without the need to obtain your prior and express consent. Updated Privacy Notice(s) shall be posted on the INSURA Website. It is your responsibility to carry out periodical checks for updated versions of this Privacy Notice and ensure you agree with any updates before continuing as a Member.

No provision of this Privacy Notice shall prevent, restrict or limit disclosures which are permitted under the Personal Data Protection Act 2010.