As at 7 February 2024



Welcome to XOX Wallet, the digital financial platform designed to provide a seamless and secure experience for managing your financial transactions. 

This Privacy Notice (“Privacy Notice”) is owned and operated by XOX Com Sdn Bhd (Company Registration No. 201101023519 (951655-H)) (which is a part of the XOX Group) (referred to as “XOX”, “we”, “us” or “our”). At XOX Com Sdn Bhd, we value your privacy and strive to protect your personal data and privacy in compliance with the requirements of the Personal Data Protection Act 2010 (referred to as “PDPA 2010”). 

In aligning with that goal, we have developed this Privacy Notice to explain how we may collect, use, retrieve, delete and therefore processing your personal data, and the choices that you have with respect to your personal data. This Privacy Notice describes our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

This Privacy Notice notifies you on how we collect, use, retrieve, delete and therefore process your Personal Data, whether directly or indirectly and includes sensitive personal data. 


Interpretation and Definitions


The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.



For the purposes of this Privacy Notice:

Account means a unique account created for You to access our Service or parts of our Service.

Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

Application refers to XOX Wallet, the software program provided by the Company.

Children is any individual who is under the birthday age of 18 years and below. 

Company (referred to as either "the Company", "We", “we”, "Us", “us”, "Our" or “our” in this Privacy Notice) refers to XOX Com Sdn Bhd, a company with Registration No. 201101023519 (951655-H)

Country refers to Malaysia.

Device means any device that can access the Service such as a mobile phone, or a digital tablet.

Personal Data is any information that relates to an identified or identifiable individual. The terms “Personal Data”, “Sensitive Personal Data” and “Third Party” whenever referred herein shall have the same meaning ascribed to in the PDPA 2010.

Service refers to the XOX e-Wallet Application.

Services refers to the XOX e-Wallet Application and other applications that are developed or is under the control of the Company.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

User refers to an individual who has successfully created or registered an Account with us. 

Usage Data refers to data collected automatically, either generated using the Service or from the Service infrastructure itself (for example, the duration of a page visit).

You, you, Your or your means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.



A.    Applicability and Scope of this Privacy Notice
B.    Children’s Privacy
C.    Collection of Your Personal Data
D.    How We Use Your Personal Data
E.    Usage Data, Cookies and Similar Technologies and XOX’s Website
F.    Consequences of Providing Incomplete Personal Data
G.    Calling Number Display (CND) and Disclosure of Your Personal Data
H.    Your Personal Data Integrity
I.    Security Measures to Protect Your Personal Data
J.    Retention of Your Personal Data
K.    Your Rights
L.    Contact Us
M.    Links to Other Websites
N.    Amendments, Changes and Updates to this Privacy Notice
O.    Language
P.    Deletion of Your Personal Data and Account Deletion Requirement
Q.    Acceptance

[A] Applicability and Scope of this Privacy Notice


This Privacy Notice applies to you when you interact with us in the course of a prospective or ongoing business relationship, or when you browse, use, access, register for an account on, perform any transactions on our websites (whose domain names include but are not limited to, platforms and other applications that are developed or is under the control of XOX (“Services”).

This Privacy Notice applies to all XOX operations, business units, affiliates or subsidiaries. To the extent any operations or business unit of XOX already has a personal data protection and/or privacy notice in place; this Privacy Notice shall supersede and replace any such notice.

This Privacy Notice is not applicable to XOX’s employees, third party service providers and job applicants who are subject to a separate privacy notice.


[B] Children's Privacy

Our Service does not address anyone under the age of 18. We do not offer our Services to, or intentionally or knowingly collect any personal data directly from, individuals under the age of 18 years old. If your birthday age is under 18 years old, you are not permitted to use our Services or submit your personal data to our Services. If you are under 18 years old and submitted any of your personal data, we will not use or process your personal data.

We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

If you are under 18 years, it is solely your responsibility to ensure that you have obtained the consent of your parents or legal guardian before subscribing and using our services and/or products. Any information given to XOX from you as a minor will be processed accordingly to this Privacy Notice.


[C] Collection of Your Personal Data


Personal data in this Privacy Notice means any information in our possession that relates directly or indirectly to an individual to the extent that the individual can be identified from that and from other information in our possession. The terms “Personal Data”, “Sensitive Personal Data” and “Third Party” whenever referred herein shall have the same meaning ascribed to in the PDPA 2010. The personal data that we collect may also include Sensitive Personal Data. For this purpose, “Sensitive Personal Data” comprises information as to your physical or mental health or condition, political opinions, religious beliefs or other beliefs of a similar nature, commission or alleged commission of any offence or any other Personal Data determined by law, which means any personal data consisting of information as your physical or mental health or condition, your political opinions, religious beliefs or other beliefs of a similar nature, the commission or alleged commission of any offence by yourself, or any other personal data as the law may determine.


Personal data

For the purposes of this Privacy Notice, the personal data that may be collected and processed by us during your business relationship and dealings with us includes:

i.    personal identification and contact information such as your full name, title, date of birth, nationality, telephone or mobile contact number (e.g., home, office or mobile), gender, place of residence (and/or proof of residence), mailing address, e-mail address, details of government-issued identification document (e.g., National Registration Identity Card (“NRIC”) or Passport number), your Contact List including your device information;
ii.    identity verification or biometric identification information such as your photograph, your selfie or digital image of you and any information identifying you that you provide us when creating your account together with the evidence of yourself with your identification documentation; 
iii.    information required by tax, financial and Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (“AMLA”) laws such as information required for politically exposed person (PEP) declaration and US Foreign Account Tax Compliance Act (FATCA) declaration;
iv.    employment information such as your employment status, occupation type, name of employer or nature of self-employment, nature of industry of employment;
v.    financial information such as your source of income, source of wealth, source of funds, estimated net worth, income level, bank account information, tax documents, or other proof of income or net worth;
vi.    personal interest information may include your interest and preferences;
vii.    traffic data such as number of calls, SMS and other communication made to you and received by you as well as date, duration, time and cost of such communications and the amount of data received or sent by you;
viii.    record of calls, e-mails or correspondences made by you to our customer service officers for any queries;
ix.    wallet profile such as wallet type, annual anticipated wallet transaction amount;
x.    transaction information such as the purpose of transaction, the transaction data that is recorded on your account that is registered with us and information on the recipient of any transaction conducted using your account with us and the status of the products and/or services you have acquired from us or subscribed to;
xi.    information obtained from third parties such as your credit information, online identifiers relating to fraud prevention, suspected criminal activity, sanction information or other personal information about you provided by a service provider appointed to help us provide our services;
xii.    technical information or metadata such as cookies, geolocation information, browser name and version information, IP address information, device fingerprint data, authentication data and click-stream data;
xiii.    information relating to your activities, habits, preferences and interests arising from your use of our Services including your views or opinions made known to us via feedback or surveys;
xiv.    information from your correspondence such as information provided to us when engaging with our customer support and/or responses to surveys; and
xv.    any other personal data you provide to us or collected by us during your business relationship and dealings with us.


Specific purpose and use of your personal data collected:

For the provision of our Service and to meet regulatory obligations, we collect various types of personally identifiable information. Each category serves specific purposes and usage, as outlined below:


  • Purpose: For account identification, personalization, and user interaction.

  • Usage: Essential for creating a personalized experience, ensuring secure login, and facilitating effective communication.


2.National Registration Identity Card (“NRIC”):

  • Purpose: To fulfil regulatory identity verification mandates.

  • Usage: Critical for the Know Your Customer (KYC) process, confirming the identity of You to prevent fraud and comply with legal standards.



  • Purpose: To determine service eligibility and customization based on geographical and legal criteria.

  • Usage: Enables us to offer services tailored to your location and comply with country-specific regulations.


4.Email Address

  • Purpose: Main channel for communication, updates, and user verification.

  • Usage: Key for sending account notifications, promotional content (with consent), and enhancing account security through email verification.


5.Contact Number

  • Purpose: To supplement communication and strengthen account security.

  • Usage: Utilized for critical communications, enabling two-factor authentication, and ensuring account recovery options.


6.Birth Date

  • Purpose: To ensure compliance with age-specific legal requirements and offer appropriate services.

  • Usage: Verifies age to restrict or grant access to certain services and comply with legal age requirements.


7.Correspondence Address

  • Purpose: For direct mailing purposes and to meet certain regulatory obligations.

  • Usage: Necessary for dispatching physical documents, legal notices, and fulfilling specific legal and regulatory requirements.



  • Purpose: To gain insights into the user's professional occupational background for customized services.

  • Usage: Helps in offering personalized services and understanding user demographics for compliance purposes.



  • Purpose: To classify You for targeted service offerings.

  • Usage: Facilitates the delivery of industry-relevant promotions and services while ensuring regulatory compliance.


10.Transaction Purpose

  • Purpose: To understand the reason behind our business dealing and financial transactions for security and compliance.

  • Usage: Critical for identifying, monitoring and preventing fraudulent activities, complying with anti-money laundering and anti-financing of terrorism  regulations and laws , and ensuring the integrity of transactions.


11.Bank Information (Optional):

  • Purpose: To enable direct financial transactions from the Your bank account.

  • Usage: Supports seamless financial operations, such as fund transfers and account reload, subject to Your approval.


12. Internet Protocol (IP) Address

  • Purpose: To collect and manage IP addresses as part of the service of providing internet session management 

  • Usage: Register IP address log and security purposes.


13. Calling Number Display (CND)

  • Purpose: Our Calling Number Display facility (CND) forms part of the ordinary telephony service that you purchase from XOX.

  • Usage: CND lets persons who receive phone calls identify who is calling them by displaying the caller’s number Unless you have chosen to block your (home or mobile) phone number, or have a silent line, CND will usually cause your phone number to be displayed (or logged) – locally and sometimes internationally – on a receiving caller’s phone. In other words, CND will enable the disclosure of your phone number to receiving callers (and to other network operators) locally and internationally, unless you take the above measures.


Sensitive Personal Data

XOX does not process any Sensitive Personal Data in its ordinary course of business.

If the need arises, XOX will obtain explicit consent from you before or when it processes Sensitive Personal Data.

XOX may process Personal Data or Sensitive Personal Data without the customer’s consent only in limited circumstances as permitted by law.


We may collect and receive your personal data in a variety of ways, for instance:


  • directly from you, when you choose to give it to us such as when your use our Services or when you register for an account to use our Services, when you take part in any activities or events organized by us, or when you communicate with us by email, chat, telephone, social media channels or any other means; and

  • indirectly, when we obtain information from third parties such as identity verification services, credit reporting agencies, regulatory and enforcement agencies, public databases or sources, third parties that are connected to you (e.g., other customers that are related to you), and from such other sources to which you have given your consent to disclose your personal data.


[D] How We Use Your Personal Data

XOX will use, process, record, hold, store, share and disclose (“process”) your Personal Data with your consent.

Continuance use of XOX’s services and/or products shall be tantamount to your consent for XOX to process your Personal Data.

XOX will record and maintain a record of consent by your continued use of our services as appearing on our active customer database.



Processing of your personal data

We will process your personal data in accordance with the PDPA, its applicable regulations, code of practice, guidelines and/or orders, considering the latest amendments to the foregoing, this Privacy Notice and any privacy terms contained in your agreement(s) or terms with us.

XOX may collect your Personal Data when you:

i.    subscribe or register for one of our Services or when you receive one of XOX’s Services;
ii.    contact XOX for any reason;
iii.    participate in any of XOX’s campaign or lucky draw;
iv.    interact with XOX through various channels including social media;
v.    information is publicly available; or
vi.    have given other organizations your consent to share or disclose information about you.


We may ‘process’ your personal data by collecting, recording, holding, storing, deleting, using and/or disclosing it for the following purposes:

i.             to process, facilitate, administer and/or provide you with our Services;

ii.            to provide, manage and maintain your account with us;

iii.           to issue your Services’ status and statement;

iv.           to monitor the usage of our Services;

v.            to carry out, manage and/or maintain your relationship with us, your commercial transactions and dealings with us;

vi.           to manage Your Account: to manage Your registration as a user of the Service. The personal data You provide can give You access to different functionalities of the Service that are available to You as a registered user of our Services;

vii.          to process your instructions, payments, including providing billing to you, maintaining financial records, administering your account, assessing or verifying your bank account information and facilitating payments of any amount due to us;

viii.         for the performance of a contract of providing our Services : the development, compliance and undertaking of the purchase contract for the products, items, or services You have purchased or of any other contract with us through the Services;

ix.           for the profiling your service preferences;

x.            to contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation;

xi.           to provide you with service support, management and optimization, customer support and other related services, including responding to your inquiries, concerns or complaints;

xii.          to improve our products and services, and to develop new products and services;

xiii.         to notify you about benefits and changes to the features of our products and services;

xiv.         to provide you with general and/or personalized advertising and marketing materials;

xv.          to respond to your enquiries and to resolve disputes;

xvi.         to carry out profiling based on your usage, activity or preferences, including by analysing how you use our Services on a personalized or aggregated basis in order to gather information on demography, interests, and behaviours so that we can better understand you and can tailor our Services in accordance with your preferences;

xvii.        to provide You with news, special offers and general information about other goods, services, and events which we offer that are like those that you have already purchased or enquired about unless You have opted not to receive such information from us;

xviii.       to administer, attend and manage your requests and to us;

xix.         to interact with and send you information, promotions and updates including marketing and advertising materials in relation to our Services and those of organizations selected by the Company;

xx.          for other purposes; we may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing, and your experience;

xxi.         to conduct market research or surveys, internal marketing analysis, product analysis, customer profiling activities, analysis of customer patterns, behaviours and choices, planning and statistical analysis, including preparation of reports of such analysis and the use of the results of such analysis for various purposes including for the research, development and marketing of our and/or our selected third parties’ products and/or services;

xxii.        to promote our products and/or services, or promote products and/or services of third parties which we think may be of interest to you, including to personalize our products and/or services for you, including directing certain marketing communications, campaigns or promotions to make them more relevant to you or to analyse request and usage patterns so that we may improve our products and/or services or for any related market research purposes, either internally or through third parties;

xxiii.       to contact you to discuss our services and/or products (and any changes to them);

xxiv.       to send you newsletters, seasonal greetings and offers;

xxv.        to obtain your credit information and verify your credit history with data obtained from credit reporting agencies or any other source deemed appropriate under any applicable law, regulation, guidelines, regulatory requirement or directive in relation to your transaction with us;

xxvi.       to verify your identity in accordance with Know Your Customer (“KYC”), Anti-Money Laundering (“AML”) and Counter-Terrorist Financing (“CFT”) regulations and Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 requirements;

xxvii.      to perform sanctions screening on you in compliance with all required sanctions screening processes imposed by, for example, the United Nations, European Union, UK Treasury and US Office of Foreign Assets Control (“OFAC”) and to take measures to prevent transacting with individuals, companies and countries appearing on these sanctions lists;

xxviii.     for the compliance with any legal and/or regulatory obligations to which the Company is subject, in addition to any obligation imposed under XOX’s contract with the customer;

xxix.       to act as XOX’s payment channels including and without limitation, financial institutions for purposes of maintaining financial records, assessing or verifying credit and facilitating payments of any amount due to the Company;

xxx.        to promote any of our new or existing products and/or services; or products, services and special offers of third parties whose products and services we think may be of interest to you;

xxxi.       for the exercise of any functions conferred on any person by or under any law;

xxxii.      to fulfill any legal obligations or requirements imposed by law or by any government and regulatory authorities (e.g., the Bank Negara Malaysia (“BNM”));

xxxiii.     for business transfers. We may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred;

xxxiv.     for fraud prevention and security purposes;

xxxv.      for internal administrative purposes; and

xxxvi.     any other purposes that are necessary or related to your relationship with us. 

(Collectively referred to as “Purposes”).


Please note that we may also anonymise or aggregate your personal data by excluding information (such as your name) that make the data personally identifiable to you ("Anonymous Information"). As Anonymous Information is no longer considered personal data for the purpose of the PDPA, our processing of Anonymous Information is not subject to the requirements as stated in this Privacy Notice.


[E] Usage Data, Cookies and Similar Technologies and XOX’s Website


Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.


Information Collected while Using the Application

While using Our Application, in order to provide features of Our Application, We may collect, with Your prior permission:

1.Information Regarding Your Device Location:

  • Purpose: To provide location-based services, enhance security, and offer personalized content. 

  • Usage: 

  • Location-based Services: Enable features such as finding nearby merchants or ATMs and offering location-specific promotions or discounts.

  • Security: Improve fraud prevention measures by detecting unusual transactions that do not match your typical geographic pattern.

  • Customization: Tailor the app experience based on your location to comply with regional regulations and offer relevant services.


2.Information from Your Device's Phone or Contact Book (Contacts List):

  • Purpose: To simplify transactions and communication within the app.

  • Usage:

  • Transaction Ease: Allow you to easily send money to or request money from contacts without needing to manually enter their details.

  • Social Features: Enable app features that involve sharing or referrals among friends and family found in your contacts list.

  • Verification: Assist in verifying the identity of contacts for secure transactions.

3.Pictures and Other Information from Your Device's Camera and Photo Library:

  • Purpose: To facilitate various app functionalities that require image processing.

  • Usage:

  • Profile Customization: Allow you to personalize your profile within the app with a picture.

  • Document Upload: Enable the upload of necessary documents directly through the app for KYC verification, adding payment methods, or reporting issues.

  • Receipt Capture: Support features that require capturing receipts or other documents for transactions, reimbursements, or record-keeping purposes.

You can enable or disable access to this information at any time, through Your Device settings. We are committed to handling all personal data responsibly, with the utmost respect for your privacy and in strict adherence to applicable data protection laws and guidelines set forth by the Commissioner of Data Protection Malaysia as well as Bank Negara Malaysia


Cookies and other similar technologies


When you access our websites, we use cookies and other similar technologies that automatically collect information from your device or web browser when you access or interact with our websites. Example information that may be collected through such technologies include your IP address information, language preference, and your device or web browser identification information.

Our websites may transmit to your computer a “cookie” to allow XOX’s server to identify and interact more effectively with you. You may configure and personalize its current browser to refuse, reject or delete such cookies.

The information collected is used to distinguish you from other users, to provide a better experience when you browse our website, and to improve the website’s performance and usefulness.


If you prefer that we do not collect your information using cookies and other similar technologies, you can set your web browser or device to refuse to accept cookies, delete our cookies after visiting our website or browse our website using your web browser’s anonymous usage settings.


XOX’S Website

Notwithstanding our offers its products and services via its various platform, with XOX’s website being one, when you visit XOX’s websites the web servers generally record anonymous information such as the time, date and URL of the request. This information assists us to improve the structure of its websites and monitor their performance. From time-to-time we may also use third parties to analyse this anonymous information.

As mandatory in the usage of the XOX’s websites, we may require standard information such as a User or Customer’s login identification, password, Personal Data for verification purposes, contact details and identification numbers. This information is necessary for XOX to provide the services you applied for. You are required to maintain the secrecy of your login identification and password to access the XOX home page.


[F] Consequences of Providing Incomplete Personal Data


It is necessary for us to collect and process your personal data. If you do not provide us with your personal data, we will not be able to effectively provide our Services to you or process your personal data for any of the Purposes, if at all.


[G] Calling Number Display (CND), Transfer and Disclosure of Your Personal Data

Calling Number Display (CND)

  • Purpose: Our Calling Number Display facility (CND) forms part of the ordinary telephony service that you purchase from XOX.

  • Usage: CND lets persons who receive phone calls identify who is calling them by displaying the caller’s number. 


Unless you have chosen to block your (home or mobile) phone number, or have a silent line, CND will usually cause your phone number to be displayed (or logged) – locally and sometimes internationally – on a receiving caller’s phone. In other words, CND will enable the disclosure of your phone number to receiving callers (and to other network operators) locally and internationally, unless you take the above measures.


We may transfer your personal data to third parties both in Malaysia and overseas providing outsourced data storage or data processing services for us. XOX and its service providers are based in Malaysia. However, we may transfer your personal data to third party service providers outside of Malaysia. While we endeavour that such place has similar personal data provisions to Malaysia, you should also know that such third-party service providers may have data privacy laws that are different from Malaysia.



We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.

  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.

  • With our subsidiaries, Affiliates and our parent company, XOX Berhad: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Notice. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.

  • With our business partners: We may share Your information with Our business partners to offer You certain products, services, or promotions. XOX may from time to time, contact you on behalf of external business partners about goods, offers or services that may be of interest to you.

  • With our service providers or third parties nominated by XOX either solely or jointly with other service providers, for purposes of establishing and maintaining a common database of customers or processing data as an outsourced entity both within and outside Malaysia;

  • With companies and organizations that act as our agents or contractors for the purposes of recovering any amount due to the Company;

  • With regulatory bodies or other government authorities in compliance with requirements under the law or towards the detection or prevention of crime and/or fraud;

  • With any government agency for notification requirements; and/or for the purpose for which the personal data is processed where you have consented to disclosure.

  • With any party involved in or related to a legal proceeding, for purposes of the proceedings to protect XOX’s vital interests for the administration of justice;

  • With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.

  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.


We will not disclose any of your personal data to any third party without your consent, except to the following categories of persons (whether within or outside Malaysia):

i.             credit reporting agencies;

ii.            entities within our group of companies (including our subsidiaries, related and/or associated companies);

iii.           our professional advisers, vendors, suppliers, agents, contractors, third party service providers, companies providing services relating to marketing and consultancy to us, business partners, insurance companies, investors, banks, financial institutions, in connection with any of the Purposes above;

iv.           successor(s) in title to us;

v.            any governmental agencies, regulatory authorities and/or statutory bodies;

vi.           assignees, transferees or any other parties involved in any corporate exercise (e.g., proposed or actual mergers and/or acquisitions, joint venture, restructuring, transfer, funding exercise, asset sale or any other matter of such nature which relates to XOX); 

and where necessary, to any party who undertakes to keep your personal data confidential in carrying out the Purposes mentioned above or to persons whom we are compelled or required under the law to make such disclosure to.


Specific Business Transaction

If the Company is involved in a specific business transaction such as merger, acquisition or asset sale, Your personal data may be transferred. We will provide a notice before your personal data is being transferred and becomes subject to a different Privacy Notice.

Complying to Law Enforcement Order

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by Order from a law enforcement officer, or in response to valid requests by law enforcement, regulatory enforcement or public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation.

  • Protect and defend the rights or property of the Company.

  • Prevent or investigate possible wrongdoing in connection with the Service.

  • Protect the personal safety of Users of the Service or the public.

  • Protect against legal liability.

Save in accordance with this Privacy Notice and except as permitted or required under any enactment, law, statute, or code of conduct, we will not use or disclose your Personal Data without prior written consent from you.


[H] Your Personal Data Integrity

You confirm that all personal data provided by you is accurate and complete, and that none of it is misleading or out of date. You will promptly update us in the event of any change to your personal data.

We strive to maintain complete, current, and accurate information about our customers. Any inaccurate information that is brought to our attention will be corrected as quickly as possible after notification.

You can also request to us to amend, correct or update your Personal Data that is inaccurate or outdated.

Procedures will be maintained to ensure that any reported inaccuracies are promptly and effectively handled, and that your information remains as accurate, current and complete as possible. The Personal Data correction / update form may be requested be email to [email protected]


[I] Security Measures to Protect Your Personal Data


The security of your personal data is very important to us. As such, we are responsible for taking prudent steps to safeguard the confidentiality and security of all personal data, including appropriate procedural, organizational and technical steps to protect your personal data from loss, misuse, accidental or unlawful destruction, unauthorized access or disclosure, or accidental loss or alteration.

These steps consider the sensitivity of the information we collect, process and store, and the current state of technology. Several safeguards, as appropriate to the sensitivity of the information, to protect your personal data against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification is practiced by XOX such as password-protecting files containing your personal data, file encryption during data transfer or masking your personal data where necessary to prevent unauthorised disclosure.

We are responsible for taking prudent steps to safeguard the confidentiality and security of all personal data, including appropriate procedural, organizational and technical steps to protect personal data from accidental or unlawful destruction or accidental loss, alteration or disclosure. These steps include entering into written agreements with subcontractors who process Personal Data in accordance with XOX’s instructions and incorporating XOX’s own data protection standards as a minimum.

The security of Your Personal Data is important to Us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.


[J] Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

We will retain your personal data, in compliance with this Privacy Notice for the duration of your relationship with us, and afterwards for such period as may be necessary for our business purposes, to protect our interests and that of our customers, as required by law and as per the PDPA permits.

We will retain your Personal Data for as long as there exists a purpose for which it was collected and processed. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will also retain your Personal Data for up to 7 years to comply with any legal, regulatory or XOX’s internal requirements. 

Upon termination of service or account closure, Customer account data will be archived for two (2) years for reasons above mentioned. Once the purpose for which your Personal Data is collected is no longer necessary to be retained, XOX will take all reasonable steps to destroy or permanently delete both physical and electronic copies containing your Personal Data.


[K] Your Rights and Interest-Based Advertising


You have the following rights under the PDPA in respect of your personal data that is held by us:

i.             the right to request for access to and for a copy of your personal data ;

ii.            the right to request to update or correct your personal data; and

iii.           the right to request us to limit the processing and use of your personal data (for example, requesting us to stop sending you any marketing and promotional materials or contacting you for marketing purposes).

You will be given the opportunity to ‘opt-out’ of having your Personal Data used for purposes not directly related to the Services or XOX’s Websites at the point where XOX asks for information. 

Interest-Based Advertising

XOX collects anonymous information about your web browsing activity from your internet-enabled device and use that information to associate your browser with one or more pre-defined interest categories. This enables XOX to provide ads to you that are tailored to your interests.

You may configure and personalize your current browser to refuse, reject or delete collection of information for internet-based advertising.

If you do not wish to receive our promotional updates, you may opt-out of receiving these communications by contacting XOX at the contact numbers listed below. But please note that should you decide to “opt-out”, we may not be able to provide you with certain services and your subscription to or application for certain services may be declined, denied, or refused by XOX.

At any time, you may request for XOX to suspend or limit any processing of your personal data if you have concerns of the legitimacy of such processing activity. During the temporary suspension period, certain provision of XOX’s services may be affected; or

You may request for XOX to cease altogether any processing activities of your Personal Data for any purpose.

XOX is obliged to disclose your cell phone number to other network operators to enable the use of the services. Should you refuse to permit such disclosure, XOX may not be able to continue providing you with certain services.

At any point of time, you can request from XOX a copy of your Personal Data that XOX holds about you for a prescribed fee pursuant to the Personal Data Protection Code Of Practice – For Licensees under The Communications And Multimedia Act 1998.

However, please note that your abovementioned rights under the PDPA is subject to our right to rely on any statutory exemptions and/or exceptions to collect, use and disclose your personal data.

If you wish to exercise any of the above rights, please submit your request in writing to the contact details in Section [L] below.


[L] Contact Us

If you have provided your personal data prior to this Privacy Notice, you may contact us to know what type of personal data that has been processed and the purpose for the processing.

If you have any query, concern, or complaint in relation to this Privacy Notice or how we handle your personal data, please contact us as per below:

Telephone (8am to 10pm, including Saturdays, Sundays & State/Public Holidays):
From XOX Mobile 12273 / From Malaysia 1300 888 010
From abroad +603 7800 0033

E-mail (Monday to Friday 9am to 6pm, office operation hours only):
[email protected] 

Attn. Manager, Call Centre Support
Address (Monday to Friday 9:00 a.m. to 6:00 p.m., office operation hours only for physical attendance):
Lot 17.1, 17th Floor, Menara Lien Hoe, No. 8,
Persiaran Tropicana, Tropicana Golf & Country Resort,
47410 Petaling Jaya, Selangor Darul Ehsan, Malaysia.

[M] Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, you will be directed to that third party's site. 

However, given the nature of communications and information processing technology, XOX cannot guarantee that information during transmission through the Internet or while stored on our systems or otherwise in our care will be safe from intrusion by others. When you click a link to a third-party site, you will be leaving our site, and we don’t control or endorse what is on third-party sites.

We strongly advise You to review the Privacy Notice of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.


[N] Amendments, Changes and Updates to this Privacy Notice

We may amend, change or update Our Privacy Notice from time to time. We will notify You of any changes by posting the new Privacy Notice on this page.

You are advised to review this Privacy Notice periodically for any changes. Changes to this Privacy Notice are effective when they are posted on this page.

The Company reserves the right to change, amend, remove, or add to its privacy policy and/or this Privacy Notice (or any portion of thereof). 

We reserve the right to update and amend this Privacy Notice from time to time. We will notify you of any amendments to this Privacy Notice via announcements on our website or other appropriate means. The Company will endeavour to announce such changes prior to the change taking effect but nevertheless any such announcement will be made available through its webpage

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Notice

By continuing to use our services on or after the effective date of such change, you will be deemed to have agreed and accepted these changes. If we amend this Privacy Notice, the amendment will only apply to personal data collected after we have posted the revised Privacy Notice. In the event of a conflict, the English version of the Privacy Notice shall prevail over any other version.


[O] Language


This Privacy Notice is issued in both English and Bahasa Malaysia pursuant to the requirements prescribed by Section 7(3) of the PDPA. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail.


[P] Deletion of Your Personal Data and Account Deletion Requirement


Deletion of Your Personal Data


You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing into Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note, however, that We need to retain certain of your information since we have a legal obligation or lawful basis to do so.


Account Deletion Requirement

Our Service app allows you to create an Account with us from within your app. It also allows you to request for your account to be deleted. Within our app, you have a readily discoverable option to initiate app account deletion from within your app and outside of your app (for example, by visiting our website). A link to this web resource must be entered in the designated URL form field within Play Console.


When you delete our app Account based on your request, we must also delete your data associated with that app account. Temporary account deactivation, disabling, or “freezing” the app account does not qualify as account deletion. We do need to retain certain data for legitimate reasons and regulatory requirement such as security, fraud prevention, or regulatory compliance, therefore we are clearly informing you about your data retention practices that is within this Privacy Notice).


[Q] Acceptance


By using our Services or by providing your personal data to us, you agree that you have read and understood this Privacy Notice and you consent to us processing your personal data in accordance with this Privacy Notice. You confirm that all personal data provided by you is accurate and complete, and that none of it is misleading or out of date. You will promptly update us in the event of any change to your personal data.


To the extent that you have provided (or will provide) personal data about your directors, shareholders, employees, representatives, agents (if you are a corporate entity/an organisation) and/or other individuals, you confirm that you have explained (or will explain) to them that their personal data will be provided to, and processed by, us and you represent and warrant that you have obtained their consent to the processing (including disclosure and transfer) of their personal data in accordance with this Privacy Notice.

Effective Date

This Privacy Notice is effective as of 7 February, 2024.

We therefore use Your personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Notice.

By using this site, you agree to our Privacy Notice.