MDAC - Malaysia Digital Arrival CardMalaysia Digital Arrival Card

Privacy Policy

Your privacy and data security are our top priorities. Learn how we protect your personal information throughout the MDAC application process.

Last Updated: January 2025

Introduction to Our Privacy Commitment

DigitalArrivalCard.com.my ("we," "our," or "us") operates as an authorized service provider for Malaysia Digital Arrival Card (MDAC) applications. We are committed to protecting the privacy and security of all personal information entrusted to us by travelers applying for entry into Malaysia. This Privacy Policy explains in detail how we collect, use, store, share, and protect your personal data in compliance with Malaysian Personal Data Protection Act 2010 (PDPA), international data protection standards, and immigration requirements.

By using our website and services to apply for the Malaysia Digital Arrival Card, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. We encourage you to review this policy carefully and contact us if you have any questions or concerns about how your personal information is handled. Your continued use of our services constitutes acceptance of this Privacy Policy and any updates we may make from time to time.

Information We Collect

Personal Identification Information

When you submit a Malaysia Digital Arrival Card application through our portal, we collect comprehensive personal identification information required by Malaysian immigration authorities. This information is essential for processing your entry clearance and cannot be omitted from the application process.

Personal data collected includes:

  • • Full legal name as shown on your passport
  • • Passport number, issue date, and expiry date
  • • Nationality and country of passport issuance
  • • Date of birth, place of birth, and gender
  • • Current residential address in your home country
  • • Email address and phone number with country code
  • • Emergency contact person details
  • • Occupation and employer information (when applicable)
  • • Passport biographical page digital copy (when required)

Travel and Accommodation Information

We collect detailed information about your travel plans to Malaysia, which is required by Malaysian Immigration Department for security screening and entry authorization purposes. This data helps immigration officers verify your travel purpose and intended duration of stay.

Travel information collected includes:

  • • Planned arrival date and departure date from Malaysia
  • • Flight number, airline name, and departure city
  • • Port of entry (airport, land border, or seaport)
  • • Complete accommodation address in Malaysia
  • • Hotel name and booking confirmation (when applicable)
  • • Purpose of visit to Malaysia
  • • Previous travel history to Malaysia (when relevant)
  • • Visa information if you hold a Malaysian visa

Technical and Usage Information

Like most websites, we automatically collect certain technical information when you visit and use our platform. This data helps us improve our services, detect fraudulent activities, ensure security, and provide you with a better user experience. Most of this information is collected through cookies and similar technologies.

Technical data collected includes:

  • • IP address and geolocation data
  • • Browser type, version, and language settings
  • • Device information (type, operating system, screen resolution)
  • • Pages visited, time spent on each page, and navigation patterns
  • • Referring website and search terms used to find us
  • • Date and time of your visits and interactions
  • • Cookies and similar tracking technologies data

Payment and Financial Information

When you pay for our MDAC application service, we collect payment information necessary to process your transaction securely. However, we do not store complete credit card details on our servers. All payment processing is handled by PCI-DSS compliant third-party payment processors who specialize in secure financial transactions.

Payment information collected includes:

  • • Name as it appears on credit/debit card
  • • Billing address associated with payment method
  • • Transaction amount and currency
  • • Payment confirmation and receipt number
  • • Last four digits of credit card (for reference only)
  • • Payment method type (credit card, debit card, online banking)

How We Use Your Information

We use the personal information collected from you exclusively for legitimate purposes related to processing your Malaysia Digital Arrival Card application and providing our services. We are committed to data minimization principles, meaning we only collect and use information that is necessary for the specified purposes outlined below.

Primary Service Purposes

  • • Processing and submitting your MDAC application to Malaysian immigration authorities
  • • Verifying the accuracy and completeness of information provided in your application form
  • • Communicating with you about your application status, approvals, or any issues requiring attention
  • • Sending you the approved MDAC confirmation and reference number via email and WhatsApp
  • • Providing customer support and responding to your inquiries
  • • Processing payments and issuing receipts for our services
  • • Maintaining records as required by Malaysian law and immigration regulations for audit purposes

Service Improvement and Analytics

  • • Analyzing user behavior to improve website functionality and user experience
  • • Identifying and fixing technical issues or system errors
  • • Conducting statistical analysis to understand application trends and optimize our processes
  • • Testing new features and services before public release
  • • Monitoring service performance and response times

Security and Fraud Prevention

  • • Detecting and preventing fraudulent applications or identity theft
  • • Verifying user identity and preventing unauthorized access
  • • Monitoring for suspicious activities or security threats
  • • Complying with anti-money laundering regulations
  • • Protecting our platform, users, and services from cyber attacks

Legal Compliance and Obligations

  • • Complying with Malaysian Personal Data Protection Act 2010 and other applicable laws
  • • Responding to legal requests from government agencies or law enforcement
  • • Cooperating with Malaysian Immigration Department investigations when required
  • • Maintaining audit trails for regulatory compliance
  • • Defending against legal claims or protecting our legal rights

Marketing Communications (With Consent)

  • • Sending you travel tips and information about Malaysia (only if you opt-in to receive such communications)
  • • Notifying you about important updates to MDAC requirements or procedures
  • • Informing you about related immigration services you may find useful
  • • You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in our emails

Important Note:

We will never sell, rent, or trade your personal information to third parties for their marketing purposes. Your data is used solely for the purposes described in this policy and as required to facilitate your MDAC application with Malaysian immigration authorities.

Information Sharing and Disclosure

We understand the sensitivity of the personal information you provide to us. We are committed to protecting your privacy and limiting disclosure of your data to only those parties who absolutely need it to process your MDAC application or as required by law. We never sell or rent your personal information to third parties for commercial purposes.

Malaysian Immigration Department and Government Agencies

Your MDAC application data is transmitted securely to the Malaysian Immigration Department (Jabatan Imigresen Malaysia) as part of the official application process. This is the primary purpose of collecting your information. Malaysian immigration authorities use this data to screen travelers, process entry clearances, maintain border security, and enforce immigration laws. We may also share information with other Malaysian government agencies when required by law or for national security purposes.

Payment Processors and Financial Institutions

When you make a payment for our MDAC service, your payment information is shared with our third-party payment processors who handle the transaction securely. These payment processors are PCI-DSS compliant and use industry-standard encryption to protect your financial data. We do not store complete credit card information on our servers. Payment processors may share transaction status and confirmation details with us, but not your complete card numbers or sensitive financial data.

Service Providers and Business Partners

We may share limited personal information with trusted third-party service providers who assist us in operating our website, conducting our business, or servicing you. This includes web hosting companies, email service providers, customer support platforms, data analytics services, and IT security firms. These service providers are contractually obligated to keep your information confidential and use it only for the specific services they provide to us. They are prohibited from using your data for their own purposes.

Legal Requirements and Law Enforcement

We may disclose your personal information when we believe in good faith that such disclosure is necessary to: (1) comply with legal obligations, court orders, or government requests; (2) enforce our Terms and Conditions or other policies; (3) protect the rights, property, or safety of our company, our users, or the public; (4) detect, prevent, or address fraud, security, or technical issues; (5) cooperate with law enforcement investigations. We will make reasonable efforts to notify you of such requests unless prohibited by law.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the successor entity. In such cases, we will provide notice before your personal information is transferred and becomes subject to a different privacy policy. The successor entity will be required to honor the privacy commitments made in this policy.

Your Control:

We will never share your personal information for third-party marketing purposes without your explicit consent. You have the right to know who has accessed your data and for what purpose. If you have concerns about data sharing, please contact our Data Protection Officer.

Data Security Measures

Protecting your personal information is of paramount importance to us. We have implemented comprehensive technical, administrative, and physical security measures designed to safeguard your data from unauthorized access, disclosure, alteration, or destruction. Our security infrastructure is regularly updated to address evolving threats and maintain the highest standards of data protection.

Technical Security

  • • 256-bit SSL/TLS encryption for all data transmissions
  • • Encrypted data storage using AES-256 encryption
  • • Firewalls and intrusion detection/prevention systems
  • • Regular security audits and penetration testing
  • • Secure backup systems with redundancy
  • • DDoS protection and traffic filtering

Access Controls

  • • Role-based access control (RBAC) systems
  • • Multi-factor authentication for staff access
  • • Strict need-to-know access policies
  • • Regular access audits and reviews
  • • Immediate access revocation for terminated personnel
  • • Audit trails for all data access

Organizational Security

  • • Mandatory security training for all employees
  • • Confidentiality agreements with staff and contractors
  • • Clear data handling policies and procedures
  • • Incident response and breach notification protocols
  • • Regular security awareness programs
  • • Background checks for employees with data access

Physical Security

  • • Secure data centers with 24/7 monitoring
  • • Restricted physical access to server facilities
  • • Video surveillance of sensitive areas
  • • Environmental controls (fire suppression, climate control)
  • • Secure disposal of physical documents and hardware
  • • Redundant power and network connectivity

Important Security Notice:

While we employ industry-leading security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability and will notify you promptly in the unlikely event of a data breach affecting your personal information.

Your Privacy Rights

Under the Malaysian Personal Data Protection Act 2010 (PDPA) and other applicable data protection laws, you have specific rights regarding your personal information. We respect these rights and have established procedures to help you exercise them. Below are your key privacy rights and how to exercise them:

Right to Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your data in a commonly used electronic format within 21 days of your verified request.

Right to Correction

If you believe any information we hold about you is inaccurate or incomplete, you have the right to request correction. We will update or correct your data promptly upon verification of the correction request.

Right to Withdraw Consent

Where we process your data based on consent (such as marketing communications), you have the right to withdraw that consent at any time. However, this will not affect processing that occurred before withdrawal.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another service provider where technically feasible.

Right to Complain

If you believe we have mishandled your personal information, you have the right to lodge a complaint with us and with the Personal Data Protection Commissioner of Malaysia. We take all complaints seriously and will investigate promptly.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at:

Email: privacy@digitalarrivalcard.com.my

We will respond to your request within 21 days and may require verification of your identity before processing your request to ensure data security.

Data Retention Period

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our data retention practices are designed to balance your privacy rights with our legal and operational requirements.

Retention Periods:

  • MDAC Applications:We retain MDAC application data for 5 years after your travel date as required by Malaysian immigration regulations for audit and compliance purposes.
  • Payment Records:Financial transaction records are retained for 7 years to comply with Malaysian tax laws and accounting requirements.
  • Communication Records:Customer support communications are retained for 3 years to maintain service quality and resolve potential disputes.
  • Technical Logs:Server logs and analytics data are retained for 12 months for security monitoring and service improvement.
  • Marketing Data:If you opt-in to marketing communications, we retain your contact information until you unsubscribe or request deletion.

After the applicable retention period expires, we securely delete or anonymize your personal information in accordance with our data disposal procedures. In some cases, we may retain anonymized data for statistical and analytical purposes, but such data cannot be used to identify you personally.

Contact Our Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please don't hesitate to contact our Data Protection Officer. We are committed to addressing your privacy concerns promptly and transparently.

Data Protection Officer Contact Details:

Email: privacy@digitalarrivalcard.com.my

Website: www.digitalarrivalcard.com.my

Response Time: We aim to respond to all privacy inquiries within 48 hours during business days

You may also file a complaint with the Personal Data Protection Commissioner of Malaysia if you believe we have not adequately addressed your privacy concerns. Contact details for the Commissioner can be found at www.pdp.gov.my.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (if you have provided your email address) or by posting a prominent notice on our website at least 30 days before the changes take effect. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. The "Last Updated" date at the top of this page indicates when the policy was last revised. Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.