PrivacyNotice
Your privacy matters - How we protect and manage your personal data
Introduction
Aeon-Credit Services (M) Sdn Bhd ("Aeon-Credit Services," "we," "us," or "our") is committed to protecting your personal data and respecting your privacy rights.
This Privacy Notice explains how we collect, use, disclose, process, and protect your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and other applicable laws.
By providing your personal data to us, applying for our services, or using our website, you consent to the collection, use, disclosure, and processing of your personal data as described in this Privacy Notice.
Last Updated: 20 April 2026
Personal Data We Collect
We may collect the following types of personal data from you
Identity & Contact Information
- •Full name as per NRIC/Passport
- •NRIC number or Passport number
- •Date of birth and age
- •Gender and marital status
- •Residential and mailing addresses
- •Phone numbers (mobile & home)
- •Email addresses
Financial Information
- •Income details and employment status
- •Bank account information
- •Credit history and CTOS/CCRIS reports
- •Existing loan and debt obligations
- •Assets and liabilities information
- •Payment and transaction records
Application & Service Data
- •Loan application details
- •Product preferences and needs
- •Communications with us (calls, emails, chats)
- •Feedback, complaints, and enquiries
- •Survey responses and marketing preferences
Technical & Usage Data
- •IP address and device information
- •Browser type and version
- •Pages visited and time spent
- •Cookies and tracking data
- •Referring website and search terms
How We Use Your Personal Data
We process your personal data for the following legitimate purposes
Loan Application Processing
To assess your loan application, verify your identity, conduct credit checks, evaluate creditworthiness, and make lending decisions.
Service Delivery & Account Management
To provide loan services, manage your account, process payments, send statements, handle repayments, and administer your loan facility.
Communication & Customer Service
To respond to enquiries, provide customer support, send service-related notifications, payment reminders, and important account updates.
Credit Reporting & Risk Management
To report your credit information to CTOS and CCRIS, assess credit risk, prevent fraud, and manage bad debts and defaults.
Legal & Regulatory Compliance
To comply with laws and regulations including Money Lenders Act 1951, BNM guidelines, anti-money laundering requirements, and court orders.
Marketing & Product Development
With your consent, to send you promotional materials, offers for other products, conduct surveys, and improve our services (you may opt-out anytime).
Internal Operations & Analytics
To conduct research, data analysis, audits, security monitoring, system maintenance, and business planning.
Debt Collection & Legal Action
To recover outstanding debts, engage collection agencies, pursue legal remedies, and enforce loan agreements in case of default.
Disclosure of Your Personal Data
We may disclose your personal data to the following third parties when necessary
Credit Reporting Agencies
Examples
CTOS Data Systems Sdn Bhd, Bank Negara Malaysia CCRIS
Purpose
Credit assessment, reporting payment history, fraud prevention
Service Providers & Vendors
Examples
IT service providers, data centers, payment processors, mail services
Purpose
Operational support, system maintenance, payment processing
Related Companies & Business Partners
Examples
Affiliate companies, co-branding partners, insurance providers
Purpose
Loan processing, product offerings, cross-selling with consent
Debt Collection Agencies
Examples
Licensed debt collectors, legal recovery agents
Purpose
Recovering overdue payments and managing defaults
Legal & Professional Advisers
Examples
Lawyers, auditors, accountants, consultants
Purpose
Legal advice, audit, compliance, professional services
Government & Regulatory Authorities
Examples
Bank Negara Malaysia, Ministry of Housing, LHDN, Courts, Police
Purpose
Regulatory compliance, legal obligations, investigations
Important: We require all third parties to maintain the confidentiality and security of your personal data and process it only for specified purposes in compliance with PDPA and contractual obligations.
Your Rights Under PDPA
You have the following rights regarding your personal data
Right to Access
Request a copy of your personal data we hold and how it is being used.
Right to Correction
Request correction of inaccurate, incomplete, or outdated personal data.
Right to Withdraw Consent
Withdraw consent for marketing communications or optional data processing.
Right to Data Portability
Request your data in a structured, commonly used format where applicable.
Right to Limit Processing
Request limitation on how we use your data for specific purposes.
Right to Complain
Lodge a complaint with us or the Personal Data Protection Commissioner.
Limitations on Your Rights
Certain rights may be limited where we have legal or regulatory obligations to retain data, where data is needed for legal claims, debt collection, or where deletion would impair our ability to fulfill contractual obligations. We will notify you if any limitations apply to your request.
Data Security
We implement appropriate technical and organizational security measures to protect your personal data:
- ✓Encrypted data transmission (SSL/TLS)
- ✓Secure servers and firewalls
- ✓Access controls and authentication
- ✓Regular security audits and monitoring
- ✓Employee confidentiality agreements
- ✓Incident response procedures
Data Retention
We retain your personal data only as long as necessary:
- Active Loan Accounts: Throughout the loan tenure plus 7 years after full settlement (as required by law)
- Rejected Applications: Up to 2 years for record-keeping purposes
- Marketing Data: Until you withdraw consent or 3 years of inactivity
- Legal/Regulatory Records: As required by applicable laws and regulations
After retention periods expire, data is securely deleted or anonymized.
Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content.
Types of cookies we use:
- Essential Cookies: Required for website functionality (cannot be disabled)
- Performance Cookies: Help us understand how visitors use our site (Google Analytics)
- Functional Cookies: Remember your preferences and settings
- Marketing Cookies: Track your browsing to show relevant ads (with consent)
You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.
Contact Us About Your Data
For privacy-related enquiries, data access requests, or complaints
Data Protection Officer
privacy@aeoncredit.com.my
Phone
1-300-88-2366
Postal Address
Aeon-Credit Services (M) Sdn Bhd
[Company Address]
[City, State, Postcode]
Personal Data Protection Commissioner
If you're unsatisfied with our response to your privacy complaint, you may contact:
Department of Personal Data Protection
Ministry of Communications and Digital
Level 5, Menara MCMC, Jalan Impact,
Cyber 6, 63000 Cyberjaya, Selangor
Website: www.pdp.gov.my
Changes to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.
Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Privacy Notice periodically. Continued use of our services after changes constitutes acceptance of the updated Privacy Notice.