Privacy Policy

Last updated: 1 January 2025

1. Introduction

DD GOLD Sdn Bhd ("DD GOLD", "we", "us", or "our") is committed to protecting your personal data and privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital gold trading platform, including our website, mobile application, and related services (collectively, the "Platform").

This policy is in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and other applicable data protection regulations.

2. Information We Collect

2.1 Personal Data You Provide

When you register for an account and use our Platform, we collect the following personal data:

  • Identity Information: Full name, Malaysian IC number or passport number, date of birth, nationality
  • Contact Information: Email address, phone number, residential address
  • Financial Information: Bank account details, transaction history, wallet balance
  • KYC Documentation: Photographs of identity documents, selfie verification images
  • Account Credentials: Email/phone for login, encrypted password

2.2 Automatically Collected Information

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: Pages visited, features used, time and date of access, session duration
  • Location Data: General geographic location based on IP address
  • Log Data: IP address, browser type, access times, referral URLs

2.3 Information from Third Parties

  • Payment Providers: Transaction confirmation and payment status from Billplz and other payment partners
  • KYC Verification Partners: Identity verification results
  • Regulatory Bodies: Information required for compliance checks

3. How We Use Your Information

We use your personal data for the following purposes:

  • Account Management: To create, verify, and manage your DD GOLD account
  • Transaction Processing: To process gold purchases, sales, marketplace trades, buybacks, and wallet transactions
  • KYC/AML Compliance: To verify your identity and comply with Anti-Money Laundering and Counter-Terrorism Financing regulations
  • Incentive Calculations: To calculate and distribute transaction-linked incentives and reward points automatically
  • Customer Support: To respond to your enquiries and resolve issues
  • Platform Improvement: To analyse usage patterns, improve features, and enhance user experience
  • Communications: To send transactional notifications, account alerts, and, with your consent, promotional communications
  • Security: To detect and prevent fraud, unauthorised access, and other illegal activities
  • Legal Compliance: To comply with applicable laws, regulations, and regulatory requirements

4. Information Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Payment processors (Billplz), cloud hosting providers, KYC verification services, and customer support tools that help us operate the Platform
  • Regulatory Authorities: Bank Negara Malaysia and other regulatory bodies when required by law or regulation
  • Law Enforcement: When required by valid legal process, court order, or government regulation
  • Marketplace Participants: Limited transaction-related information (not personal identity) to facilitate peer-to-peer trades
  • Professional Advisors: Auditors, lawyers, and accountants when necessary for business operations

5. Data Security

We implement industry-standard security measures to protect your personal data:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Multi-factor authentication for account access
  • Regular security audits and penetration testing
  • Strict access controls and role-based permissions for staff
  • Secure, encrypted storage for KYC documentation
  • Append-only ledger systems to prevent data tampering
  • Automated monitoring for suspicious activities

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal data for as long as necessary to:

  • Maintain your active account and provide services
  • Comply with legal and regulatory requirements (minimum 7 years for financial records as required by Malaysian law)
  • Resolve disputes and enforce our agreements
  • Fulfil audit and reporting obligations

Transaction records in our append-only ledgers are retained indefinitely as part of our regulatory compliance obligations.

7. Your Rights Under the PDPA

Under the Personal Data Protection Act 2010 (PDPA) of Malaysia, you have the following rights:

  • Right of Access: You may request access to your personal data held by us
  • Right of Correction: You may request correction of inaccurate, incomplete, or outdated personal data
  • Right to Withdraw Consent: You may withdraw consent for processing of personal data where consent was the basis for processing. Withdrawal may affect our ability to provide certain services
  • Right to Prevent Processing for Direct Marketing: You may opt out of receiving marketing communications at any time
  • Right to Complain: You may lodge a complaint with the Personal Data Protection Commissioner if you believe your rights have been violated

To exercise any of these rights, please contact our Data Protection Officer at privacy@ddgold.my.

8. Cookie Policy

We use cookies and similar tracking technologies to enhance your experience on our Platform:

  • Essential Cookies: Required for the Platform to function properly (authentication, security, session management)
  • Analytics Cookies: Help us understand how users interact with our Platform to improve our services
  • Preference Cookies: Remember your settings and preferences for a personalised experience

You can control cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality.

9. Children's Privacy

Our Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly.

10. International Data Transfers

Your personal data may be stored and processed in Malaysia or transferred to other countries where our service providers operate. In such cases, we ensure that appropriate safeguards are in place to protect your data in accordance with the PDPA and applicable regulations. We will only transfer data outside Malaysia when the receiving country provides an adequate level of data protection or when appropriate contractual safeguards are in place.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our Platform and, where appropriate, sending you a notification. Your continued use of the Platform after such changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights under the PDPA, please contact our Data Protection Officer:

Data Protection Officer
DD GOLD Sdn Bhd
Level 15, Menara DD GOLD
Jalan Sultan Ismail
50250 Kuala Lumpur, Malaysia

Email: privacy@ddgold.my
Phone: +60 3-2345 6789

Notice Under the Personal Data Protection Act 2010

This Privacy Policy serves as DD GOLD's written notice to you under Section 7 of the PDPA. By registering for an account and using our Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, processing, and use of your personal data as described herein. You may withdraw your consent at any time by contacting our Data Protection Officer, subject to legal and contractual restrictions.

Terms of ServiceContact Us