Sign inGet started
Kapital

Get in Touch

Email Us

opgcapital3@gmail.com

Back to Home

PDPA Policy

Last updated: 28 October 2025

This PDPA Policy describes how CreditXpress implements governance and controls to comply with the Personal Data Protection Act 2010 (PDPA).

1. Governance & Accountability

  • Management-level responsibility for data protection and compliance oversight.
  • Role-appropriate PDPA training for staff.
  • Policies, procedures, and records of processing activities maintained and reviewed.

2. Notice & Choice

  • Clear Privacy Notices at points of data collection explaining purposes, categories, and disclosures.
  • Explicit consent where required, with records of consent and mechanisms for withdrawal and marketing opt-out.

3. Purpose Limitation

  • Data collected only for specified, lawful purposes related to onboarding, underwriting, servicing, compliance, and platform operations.
  • Further processing for compatible purposes (e.g., fraud prevention, security improvements) is assessed and documented.

4. Data Minimisation & Accuracy

  • Collect only what is necessary.
  • Maintain accuracy via user self-service updates and verification with trusted sources.

5. Security Safeguards

  • Layered controls: access management, encryption in transit, network hardening, logging/monitoring, backup and recovery, vendor due diligence.
  • Security incidents handled under an incident response process, with notifications where required by law.

6. Retention & Disposal

  • Retention periods set with reference to legal requirements (Moneylenders Act, AMLA) and business needs.
  • Secure disposal methods for both physical and electronic records.

7. Data Subject Rights

  • Processes for access/correction requests within statutory timelines;
  • Consent withdrawal and marketing opt-out;
  • Identity verification and secure response delivery.

Requests: opgcapital3@gmail.com (Office hours: 9:00 AM – 5:00 PM, Mon–Fri)

8. Third Parties & Cross-Border Transfers

  • Vendor due diligence and PDPA-compliant contracts.
  • Cross-border transfers safeguarded to ensure PDPA-comparable protection.

9. Credit Reporting & AML/CFT

  • Credit assessment/reporting and AML/CFT screening conducted under the Credit Reporting Agencies Act 2010 and AMLA 2001.
  • Adverse information may be reported to credit reporting agencies as permitted by law and the Loan Agreement.

10. Governance Reviews

Periodic reviews and audits; updates to reflect regulatory changes or guidance from Malaysian authorities (including KPKT).

11. Contact & Complaints

Questions or complaints: opgcapital3@gmail.com. If unresolved, you may seek recourse under Malaysian law and with relevant authorities.