Privacy Notice

1. Data Controller & Contact

OPG Capital Holdings Sdn Bhd (202101043135)

Registered Address: 31-10-11, The CEO, Lebuh Nipah 5, 11950, Bayan Lepas, Penang, Malaysia

Email: opgcapital3@gmail.com (Office hours: 9:00 AM – 5:00 PM, Mon–Fri)

2. What Data We Collect

• Identification & KYC: name, NRIC/Passport, DOB, address, contact details, selfies/liveness data, biometric checks (where permitted), occupation, employer.
• Financial & Credit: income, bank details (masked where possible), repayment history, credit reports/scores from registered credit reporting agencies (e.g., CTOS/Experian), lawful public data sources.
• Transaction & Usage: loan applications, approvals, repayments, device data, IP address, cookies, analytics, support interactions.
• Sensitive Data: processed only where required/permitted by law (e.g., AML/CFT screening).

3. How We Collect Data

• Directly from you (forms, e-KYC, communications);
• Automatically via cookies/SDKs;
• From third parties (credit bureaus, identity verification providers, payment providers) with your consent or as permitted by law.

4. Why We Process Your Data (Purposes)

• Provide Services: onboarding, identity verification, underwriting, loan servicing, collections.
• Compliance: AML/CFT screening, sanctions checks, regulatory reporting, KPKT obligations.
• Operations: fraud prevention, security, troubleshooting, analytics, service improvement.
• Communications: service notices, repayment reminders, regulatory updates.
• Marketing (optional): with your consent; you may opt out at any time.

5. Legal Bases (PDPA Principles)

We process personal data in line with PDPA principles of Notice & Choice, Disclosure,Security, Retention, Data Integrity, and Access & Correction. Where consent is required, we will obtain it. Certain processing is necessary for contract performance, legal obligations, or our legitimate interests (e.g., fraud prevention).

6. Disclosures (Who We Share With)

• Service providers (KYC/AML, hosting, payments, messaging) under confidentiality and PDPA obligations;
• Credit reporting agencies (e.g., CTOS/Experian) for credit checks and reporting;
• Regulators and law enforcement (e.g., KPKT) where legally required;
• Advisers and auditors for compliance/governance;
• Successors in a corporate transaction, as permitted by law.

We do not sell personal data.

7. Cross-Border Transfers

Where data is transferred outside Malaysia, we use appropriate safeguards to ensure a PDPA-compliant level of protection (e.g., contractual clauses).

8. Data Security

We apply administrative, technical, and physical safeguards proportionate to the sensitivity of the data, including encryption in transit, access controls, and monitoring. No method is 100% secure; we continually improve protections.

9. Retention

We retain data as required by law (Moneylenders Act, AMLA) and for legitimate business needs (records, audits). Data is securely disposed of when no longer required.

10. Your Rights

Subject to PDPA and lawful exceptions, you may:

• Access your personal data;
• Request correction of inaccurate/incomplete data;
• Withdraw consent (where applicable); withdrawal may affect our ability to provide Services;
• Object to or restrict certain processing where provided by law.

Requests: opgcapital3@gmail.com.

11. Cookies & Tracking

We use cookies for session management, analytics, security, and—if you consent—marketing. You can manage cookies in your browser. Some features may not function without essential cookies.

12. Children's Data

Our Services are not intended for individuals under 18. We do not knowingly collect such data.

13. Updates

We may update this Notice and will post the revised version with a new "Last updated" date.