Purpose of notice
1. This notice is issued pursuant to the requirements under the Personal Data Protection Act 2010 (PDPA) to all individuals who are vendors/providers of goods/services or the individual employees of the vendors/providers of goods/services –
(i) engaged by Bank Negara Malaysia (BNM); or,
(ii) who submits any RFI/tender/proposal to BNM for such purpose, (referred to as “vendors”).

Processing of personal data
2. During the course of its dealings with you, BNM processes personal data of the vendors which include, but is not limited to, your name, IC number, address and other contact details.

Purpose of processing personal data
3. The personal data is collected for, amongst others, the following purposes:
(a)  assessing your suitability to be awarded the contract for which you have applied;
(b)  enforcing the rights and obligations in the contracts, including but not limited to, 
making payments for the goods/services and maintaining the list of key personnel who will be responsible to carry out the rights and obligations of the vendors under the contracts;
(c)  providing access to BNM’s premises; and
(d)  complying with any legal or regulatory requirements, including but not limited to, 
compliance with the withholding tax requirements, or as permitted by law or authorised by any order of court.

Disclosure of personal data
4. The personal data held by us shall be kept confidential. However, in order to exercise our rights and obligations under the contracts or to evaluate your RFI/tender/proposal to BNM, we may disclose your personal data to:
•   Departments within BNM;
•   Financial institutions;
•   Other parties authorised by you;
•   Regulatory and governmental agencies as permitted or required by law, authorised by any order of court or to meet obligations to regulatory authorities. 

 
Protection of personal data 

5. The security of your personal data is ensured by BNM as we shall take all physical, technical and organisational measures needed to ensure the security and confidentiality of your personal data. If we disclose any of your personal data to any entities, we will require them to appropriately safeguard the personal data provided to them. 



Retention of personal data 

6. It is BNM’s policy to destroy personal data of the vendors within 7 years after the contract has been awarded or after the conclusion of the contract, whichever is applicable. 


Access of personal data
7. Under the PDPA, you have the right to access your personal data to ensure that the personal data we hold about you is accurate, complete, not misleading and up-to-date. If you wish to exercise such rights and request access to your personal data, please contact us by completing our “Personal Data Access/Correction Request Form” (as attached) and forwarding it to mifc@bnm.gov.my.