This Privacy Policy and Personal Data Protection Notice (“Notice”) outlines how Axaipay (“we”, “us”, or “our”) collects, uses, stores, discloses, and protects your Personal Data/Personal Information.
This Notice is issued in compliance with:
-
The Malaysian Personal Data Protection Act 2010 (PDPA);
-
The Singapore Personal Data Protection Act 2012 (PDPA); and
-
The Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
By interacting with us, using our payment gateway, or registering an account, you acknowledge that you have read, understood, and consent to the processing and transfer of your data as described below.
Definition of Personal Data / Personal Information
“Personal Data” or “Personal Information” means any information or an opinion about an identified individual, or an individual who is reasonably identifiable. This includes, but is not limited to:
-
Name, Date of Birth, and Company Name;
-
Email address, Contact number, and Billing/Mailing/Shipping Address;
-
Identification card number or Passport number;
-
Bank Account Information, credit, and debit card information;
-
Device identifiers, IP addresses, cookies, and technical transaction metadata.
Where practical and legally permissible, you have the option of dealing with us anonymously or using a pseudonym (e.g., browsing our public website). However, identifying information is strictly required to provision payment services and execute financial transactions.
Collection of Data
We collect data directly from you or from authorized third-party sources:
-
Directly: When you complete registration forms, execute a sale or purchase transaction via our e-commerce services, or interact with our Support Team.
-
Automatically: Via cookies, analytics tools, and automated background transaction logging during your use of our gateway.
-
Third Parties & Public Sources: From social media platforms you interact with, public registers, or business partners.
Purposes of Processing
Axaipay processes your data for necessary business operations, including:
-
Service Delivery: Website registration, processing payments, settlement, payouts, handling orders, and providing receipts.
-
Customer Support & Security: Providing dispute resolution, handling chargebacks/refunds, recovering debt, and detecting/preventing fraud or illegal activities.
-
Improvement & Analytics: Measuring, improving, and customizing our financial services.
-
Legal Compliance: Fulfilling anti-money laundering (AML), tax, logistical, financial, and regulatory back-office functions.
Marketing Consent: With your explicit opt-in consent (where required by law), we may use your data to send alerts, newsletters, promotional materials, or event invitations. You may withdraw this consent at any time via the “unsubscribe” link in our emails.
Automated Decision-Making (ADM) Disclosure: We may use automated systems or computer programs to evaluate transaction risks, detect fraud, or perform credit checks. If an automated decision significantly impacts your access to our services, you have the right to request a human review of the decision.
Disclosure and Cross-Border Data Transfers
To fulfil the purposes above, your data may be shared with:
-
Our holding companies, affiliates, and subsidiaries;
-
Merchants from whom you are purchasing goods/services;
-
Third-party service providers, banking partners, acquirers, payment network operators and card schemes;
-
Our professional advisors (auditors, lawyers, consultants, insurers).
International Data Transfers
Axaipay operates across multiple jurisdictions. We may transfer your personal data to places outside your home country (including Malaysia, Singapore, and Australia).
-
Singapore Compliance (Transfer Limitation Obligation): We ensure that any overseas recipient is bound by legally enforceable obligations or contractual clauses to provide a standard of protection to the personal data that is comparable to the protection under Singapore’s PDPA.
-
Australia Compliance (APP 8): Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the Australian Privacy Principles, or we ensure they are subject to a law or binding scheme that provides substantially similar protection.
Security and Retention
Axaipay protects your Personal Data against unauthorized access, loss, misuse, or modification.
-
Security Measures: All internet communication between you and Axaipay is secured using Secure Socket Layer (SSL) technology with high-security 256-bit encryption. Axaipay complies strictly with the Payment Card Industry Data Security Standard (PCI DSS). Data is stored securely in physical offices or encrypted servers operated by us or our cloud vendors.
-
Your Responsibility: You must never share your account login credentials. Axaipay is not liable for unauthorized data access resulting from compromised credentials on your end.
-
Retention: We retain your personal data only for as long as necessary to fulfil the operational purposes outlined in this policy or to comply with statutory financial/tax reporting retention periods. When no longer required, data is permanently deleted or de-identified.
Your Rights (Access, Correction, and Erasure)
Depending on your jurisdiction, you possess specific statutory rights regarding your data:
-
Access & Correction: You have the right to request access to the personal data we hold about you and to request corrections if it is out-of-date, inaccurate, or incomplete.
-
Consent Withdrawal & Deletion: You may withdraw your consent for data processing or request the erasure/destruction of your personal data, subject to our overriding legal or regulatory retention obligations (e.g., financial record-keeping laws).
To exercise any of these rights, or to lodge a complaint regarding a privacy breach, please contact our designated Privacy/Compliance Officer:
-
Attn: Compliance Officer
-
Email: compliance@axaipay.com
We will respond to access, correction, or complaint requests within the statutory timelines prescribed by local laws (e.g., 21 days in Malaysia, 30 days in Singapore/Australia). If you are unsatisfied with our response, you have the right to escalate your complaint to your local regulator (MCMC/JPDP in Malaysia, PDPC in Singapore, or the OAIC in Australia).
Third-Party Links
Our website may link to third-party sites. Axaipay has no control over, and assumes no responsibility for, the independent privacy practices, terms, or content of these external websites.
Policy Updates
Axaipay reserves the right to modify this Notice at any time. Any updates will be published transparently on our website. If changes significantly alter how we handle previously collected, personally identifiable information, we will actively notify you via email, offering you the option to opt out or decline the modified usage.