Privacy Statement
1. Introduction
Bank Negara Malaysia (“BNM”) takes your right to privacy seriously and commits to protecting your personally identifiable information (“personal data”) in line with the Personal Data Protection Act 2010 and other applicable laws. This Privacy Statement sets out BNM’s approach in handling personal data.
This Privacy Statement applies to personal data collected by BNM but does not apply to personal data collected by other entities including those owned or controlled by or affiliated to BNM, individuals that are not employees or agents of BNM, or websites that are not under BNM’s control.
BNM may amend this Privacy Statement from time to time. As such, you are expected to read this Privacy Statement each time you wish to provide your personal data to BNM. Substantial amendments to this policy will be announced on this website.
Where we collect personal data directly from you, we may provide additional personal data protection notices that sets out in more detail how your personal data will be used.
2. Purposes and legal basis for processing of personal data
As a central bank, BNM may need to process your personal data to perform our statutory functions and exercise powers under the law as well as for other related purposes including but not limited to -
- procurement or provision of goods or services, specifically –
- to assess suitability of service provider and their personnel; and
- to enforce the rights and obligations in the contract including making payments and maintaining the list of personnel who carry out the rights and obligations of the service provider;
- scholarships, recruitment, appointments and employment;
- ensuring security of our premises and systems;
- ensuring the safety and well-being of our employees and visitors; and
- engagement with the public and stakeholders;
- including members of public on BNM’s mailing list upon request;
- audit or legal purposes.
The legal basis we rely on for processing of your personal data may be:
- your consent;
- performance of contract or in order to enter into a contract with you or your employer;
- compliance with BNM’s legal obligations;
- protection of your vital interests as well as the vital interests of other individuals;
- BNM’s performance of statutory duties; or
- BNM’s legitimate interests.
3. Types of Personal Data collected and processed by BNM
The types of personal data which BNM may need to process include but are not limited to –
- the name, address, contact details, identification number and passport number;
- occupation, designation and employer;
- details of professional experience and educational qualification;
- sensitive or special categories of personal data such as religion, racial or ethnic origin, biometric data, data concerning health and commission or alleged commission of criminal offences;
- information relating to disciplinary proceedings; and
- details of shareholdings, business interests and positions.
BNM will only collect and process personal data to the extent that such personal data is necessary for the relevant purpose.
4. How Personal Data is collected by BNM
BNM may collect personal data directly from you where it is necessary, reasonable or practical to do so. When we collect your personal data, we will inform you how we may use or disclose your personal data unless it is apparent at the point of collection. In some cases, it may be necessary, reasonable or practical for BNM to collect your personal data from other persons, with or without your knowledge or involvement as part of our statutory functions, in exercise of our legal rights and for other purposes such as recruitment or procurement.
For visitors to BNM’s premises, BNM may collect personal data prior to entry for identity verification and security purposes. BNM also operates CCTVs at exterior perimeters and within our premises which may collect photo videos or voice recordings of individuals for safety of the visitors and Bank’s employees, crime prevention and crime detection.
5. Protection of personal data
BNM ensures the security of your personal data by taking appropriate security measures to preserve confidentiality of your personal data.
In some instances, it is necessary for us to process sensitive or special categories of personal data such as religion, racial or ethnic origin, biometric data and data concerning health as well as criminal data as part of our functions as described above. In such case, we will apply additional care as required by law.
If we disclose any of your personal data to any entities (whether within or outside of Malaysia), we will ensure such entities appropriately safeguard the personal data provided to them.
6. Disclosure of Personal Data to Third Parties
Efforts will be made to prevent your data being made available to third parties. However, we may share personal data with third parties if -
- it is provided for in this Privacy Statement;
- your consent is obtained;
- a service provided requires interaction with a third party, or is provided by a third party on our behalf;
- it is pursuant to legal action or law enforcement; or
- it is to perform our statutory functions and exercise powers under the law.
BNM may disclose your personal data to third parties including but not limited to:
- financial institutions;
- other parties authorised by you;
- regulatory and governmental agencies as permitted or required by law, authorised by any order of court or to meet obligations to regulatory authorities;
- other central banks;
- third party service providers;
- past or future employers of BNM’s employees or prospective employees, within and outside of Malaysia.
Where BNM appoints a third party service provider to process personal data on behalf of BNM, BNM will instruct such third party service provider to only process such personal data for the specific purposes as required by BNM.
If we disclose any of your personal data to any person, we will require such person to appropriately safeguard the personal data provided to them.
7. Cross Border Transfers of Personal Data
BNM may transfer your personal data outside of Malaysia (including jurisdictions which does not have any law substantially similar to the PDPA or provide equivalent level of protection afforded under the PDPA) to the parties set out in paragraph 6 where the transfer is necessary for any of the purposes set out in paragraph 2, the transfer is permitted under the law or the transfer is authorised by you.
8. Retention of personal data
It is BNM’s policy to retain personal data for as long as it is necessary for the purpose such personal data was collected, other purposes that are not incompatible with the original purpose and as required by law. Where the personal data is no longer necessary, such personal data will be disposed unless the law requires it to be archived in the public interest
9. Data Subject's rights
You may have certain rights under applicable data protection laws. For example:
- Right to Access
You may have the right to request confirmation as to whether your personal data is being processed by BNM, and to access a copy of the personal data we hold about you to ensure it is accurate, complete, not misleading, and up-to-date.
- Right to Correct
You may have the right to request BNM to correct or complete any personal data you believe is inaccurate, out of date or incomplete.
- Rights of Data Portability
Provided it is technically feasible, and the data format is compatible, you may have the right to request BNM to transmit your personal data to third party.
- Withdrawal of Consent / Cessation of Processing
In circumstances where BNM relies on your consent to process your personal data, you may have the right to withdraw your consent for or request for us to cease any of our processing of your personal data, or request for the erasure of your personal data from BNM’s systems and records. However, such withdrawal or request may result in BNM being unable to assess any information / application submitted by you or continue to engage you on certain matters.
If you do not wish to receive any marketing information or promotions on BNM’s future events, you may request us to exclude you from our marketing communications. This would not affect the dealings, arrangement or contract we have with you.
We aim to address your request as soon as practical and may request for additional information and verification of your identity in order to respond to your request. Where the data protection law applicable to BNM’s processing of your personal data does not provide for a right or sets out limitations and exemptions which BNM may rely on, we have the right to deny your request or allow such request at our discretion.
10. Contact information
If you wish to exercise your data subject rights, please complete and submit the “Data Subject Request Form” to BNM’s officer who collected your personal data.
If you have any questions about this website, you may address them via https://bnmlink.bnm.gov.my.
BNM has appointed a Data Protection Officer, who is supported by the Data Protection Team. The Data Protection Officer acts as a point of contact for individuals relating to enquiries or concerns on BNM’s processing of personal data. You may contact BNM’s Data Protection Officer at:
Data Protection Office
Legal Department
Bank Negara Malaysia
Jalan Dato’ Onn
50480 Kuala Lumpur
Email: [email protected]
11. Other information
When you visit this website, details about your visit may be recorded by BNM and our third-party service, Google Analytics, including through the setting and usage of cookies.
This website may display content of, and provide links to, our advertising partners, content partners, third party social media and third-party video websites such as Facebook, X, Instagram, Pinterest and Youtube. The practices on handling information and cookies by third parties are governed by the privacy statements of such other third party and you are expected to refer to their privacy statements. BNM does not collect or use any information stored in cookies that may be set by any third party from their websites and such third parties do not have access to cookies set by BNM’s website.
You are able to manage or delete cookies directly from your browser history (cache). For instructions on how to manage or delete cookies, please check the support website for your browser. To opt out from being tracked by Google Analytics for all websites, visit https://tools.google.com/dlpage/gaoptout.
Last Update: 14 July 2025
