Gambit Legacy Platform Sdn Bhd – Privacy Policy

1. Introduction

Gambit Legacy Platform Sdn Bhd (“GLPSB”) is a company incorporated in Malaysia under the Companies Act 2016. GLPSB is committed to safeguarding the privacy and protection of personal data in accordance with the Personal Data Protection Act 2010 (PDPA).

This Privacy Policy explains how GLPSB collects, uses, stores, and protects personal data obtained from Clients. By accessing or using GLPSB’s services as well as providing personal data to GLPSB, the Client agree to be bound by the terms and conditions of this Privacy Policy.

If the Client do not agree to such terms and conditions, please do not use or access GLPSB’s services provided by GLPSB or provide any personal data to GLPSB.

2. Definitions

Term Definition
Client Refers to any person establishing or administering a wealth and legacy planning arrangement with GLPSB.
Wealth Property All assets, rights, and interests held by GLPSB in place for the Client under a wealth and legacy planning arrangement.
Wealth Account A segregated account administered by GLPSB for the safekeeping and management of Wealth Property.
Wealth Portal The digital interface provided by GLPSB for Clients to view and manage wealth and legacy planning-related information and services.
Gambit Legacy Platform Sdn Bhd (GLPSB) A company incorporated in Malaysia under the Companies Act 2016 of Malaysia.
Gambit Custody Sdn Bhd A licensed Digital Asset Custodian appointed by GLPSB for safekeeping of digital assets forming part of a hybrid trust and/or wealth and legacy planning.
Personal Data Any information whether in written or electronic form that identifies or relates directly or indirectly to a Client, including identity, contact details, financial information, and wealth and legacy planning particulars.
Applicable Laws All laws, statutes, regulations, and guidelines applicable to wealth and legacy planning services in Malaysia, including the PDPA and Anti-Money Laundering, Anti-Terrorism Financing, Anti-Restricted Activity Financing and Proceeds of Unlawful Activities Act 2001 (AML/CFT) requirements.
Confidential Information All non-public information disclosed in connection with wealth and legacy planning services, including Client identity, wealth and legacy planning details, or transaction records.

3. Collection of Personal Data

  • 3.1 GLPSB collects Personal Data directly from Clients during onboarding, wealth and legacy planning setup, or service interactions through the Wealth Portal.
  • 3.2 GLPSB may also receive Personal Data from third parties such as financial institutions, regulators, or delegated service providers (including Gambit Custody Sdn Bhd) as part of wealth and legacy planning administration.
  • 3.3 The data collected includes, but is not limited to, identification details, contact information, bank details, and information relating to wealth and legacy planning beneficiaries.
  • 3.4 The Personal Data GLPSB collect can be either obligatory or voluntary. Obligatory Personal Data are those that GLPSB require in order to provide the Client with GLPSB services. If the Client do not provide GLPSB with obligatory Personal Data, GLPSB would not be able to provide the Client with GLPSB services.
  • Voluntary Personal Data are those that are not mandatory in order for GLPSB to provide the Client with GLPSB services. If the Client do not provide us with voluntary Personal Data, the Client can still sign up for GLPSB services.

4. Purpose of Processing Personal Data

  • 4.1 Personal Data is collected for the following purposes:
    • • To establish and administer wealth and legacy planning arrangements;
    • • To verify Client identity and comply with AML/CFT obligations;
    • • To perform fiduciary duties in accordance with Applicable Laws;
    • • To communicate with Clients regarding wealth and legacy planning matters;
    • • To maintain internal records, audits, and regulatory reporting;
    • • To engage in necessary correspondence with regulators or delegated service providers.

5. Disclosure of Personal Data

  • 5.1 GLPSB may disclose Personal Data to the following parties, on a need-to-know basis:
    • • Regulatory bodies, including SSM and Bank Negara Malaysia, as required by law;
    • • Law enforcement agencies, where legally obligated;
    • • Delegated service providers such as Gambit Custody Sdn Bhd, for hybrid trust and/or wealth and legacy planning safekeeping;
    • • GLPSB’s affiliates and professional advisors assisting in wealth and legacy planning administration;
    • • Auditors, consultants, or technology vendors maintaining GLPSB’s Wealth Portal.
  • 5.2 GLPSB ensures that all third parties handling Personal Data adhere to confidentiality and data protection standards equivalent to GLPSB’s.

6. Retention of Personal Data

  • 6.1 GLPSB retains Personal Data for as long as necessary to fulfill the purpose for which it was collected or as required by Applicable Laws.
  • 6.2 Once data is no longer required, GLPSB ensures secure deletion or anonymization in compliance with PDPA.

7. Security Measures

  • 7.1 GLPSB implements appropriate organizational and technical measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction.
  • 7.2 Measures include encryption, restricted access controls, and continuous monitoring of the Wealth Portal’s infrastructure.
  • 7.3 While GLPSB employs reasonable safeguards, Clients acknowledge that electronic communication and data storage carry inherent risks beyond GLPSB’s control.

8. Client Rights

  • 8.1 Clients have the right to:
    • • Access and request copies of their Personal Data held by GLPSB;
    • • Request corrections of inaccurate or outdated information;
    • • Withdraw, in full or in part, consent for processing (subject to wealth and legacy planning obligations and legal requirements);
    • • Lodge a complaint with the Personal Data Protection Commissioner if dissatisfied with GLPSB’s data handling.

9. International Transfers

  • 9.1 GLPSB does not transfer Personal Data outside Malaysia except where required for wealth and legacy planning administration involving cross-border assets or service providers.
  • 9.2 In such cases, GLPSB ensures equivalent data protection measures are applied.

10. Updates to the Privacy Policy

GLPSB reserves the right to amend this Privacy Policy at any time. Any updates will be published on GLPSB’s Wealth Portal or notified via official communication channels.

11. Contact Information

For inquiries regarding this Privacy Policy or PDPA-related matters, please contact: support@gambit.com.my