The Personal Data Protection Act 2010 (“PDPA 2010”) establishes certain rights to be afforded to the Data Subjects such as right of access and right to correct personal data.
The right of access to personal data and the details about it are provided under Sections 30 to 33 of the PDPA 2010. These sections give effect and reinforce the Access Principle provided under Section 12 of the PDPA 2010. Section 30(1) of the PDPA 2010 provides that an individual is entitled to be informed by the Data User whether personal data of which that individual is the Data Subject is being processed by or on behalf of the Data User. An individual is entitled to be informed whether any personal data of him/her is being processed and to be given a copy of the information comprising the data.
The right to correct personal data and the rules to be observed are provided under Sections 34 to 37 of the PDPA 2010. Section 34(1) of the PDPA states that where a copy of the personal data has been supplied by the Data User in compliance with the Data Access Request under Section 30 and the requestor considers that the personal data is inaccurate; or the Data Subject knows that his/her personal data being held by the Data User is inaccurate, the requestor or the Data Subject may make a data correction request in writing to the Data User that the Data User makes the necessary correction to that personal data.
If you are a customer and you wish to lodge a data access and/or correction request, please log in to your account on Touch 'n Go Portal. The forms could be found under Account Information -> Data Subject’s Rights.
If you are a Relevant Person* and you wish to lodge a data access and/or correction request, please reach out via email to Data Governance Office of Touch ‘n Go Sdn Bhd via this email address: dgo@touchngo.com.my
*Relevant Person is a parent/ legal guardian/ legal representative of the Data Subject (who is below the age of 18); a person appointed by the court to manage the Data Subject’s affairs; or a person/ entity that acting under the Data Subject’s authorisation/ power of attorney to make the request on behalf of the Data Subject.