Privacy Notice in respect of the IOSCO Administrative Arrangement
This privacy notice explains how the Securities Commission Malaysia (“SC”) handles personal data received through international transfers from the European Economic Area (“EEA”) securities regulators. The SC is a signatory to the IOSCO Administrative Arrangement that sets out the safeguards for the transfer of personal data between EEA and non-EEA securities regulators.

1. Collection and Processing of Personal Data by the SC
The SC collects and processes personal data in the performance of its functions under Section 15 of the Securities Commission Malaysia Act 1993, including by way of international transfers under the IOSCO Multilateral Memorandum of Understanding Concerning Consultation and Cooperation and the Exchange of Information (“IOSCO MMoU”)
(https://www.iosco.org/library/pubdocs/pdf/IOSCOPD386.pdf).

With regard to personal data received through international transfers from the EEA securities regulators, the SC is a signatory to the Administrative Arrangement for the Transfer of Personal Data between EEA and non-EEA Securities Regulators (“Administrative Arrangement”). As a signatory to the Administrative Arrangement, the SC has committed to handle personal data received from EEA securities regulators in accordance with the safeguards set out in the Administrative Arrangement.

2. Transfer of Personal Data by the SC
The SC may transfer personal data to a foreign supervisory authority as provided under section 150 of the Securities Commission Malaysia Act 1993. Where desirable and necessary, personal data may be transferred by the SC, such as where the transfer is requested by the foreign supervisory authority for assistance in its investigation conducted for the enforcement or administration of its laws and regulations under an information sharing arrangement, such as the IOSCO MMoU.

3. Rights of a Data Subject
An individual whose personal data has been transferred from EEA securities regulators to the SC (“data subject”) has the right to request access to his or her personal data, subject to certain exemptions. A data subject may also request that his or her personal data be corrected if the individual believes that it contains an error or omission. 

The SC will handle the personal data received from EEA securities regulators in accordance with the safeguards set out in the Administrative Arrangement. However, given the often sensitive nature of the SC’s work, and the risk of prejudice to the discharge of our regulatory functions, in some cases the data subject’s safeguards might be restricted, such as the SC’s obligation not to disclose confidential information pursuant to professional secrecy or other legal obligations, or to prevent prejudice or harm to its supervisory or enforcement functions.

Questions or concerns
If you have any questions or concerns about the collection, use, processing, protection, disclosure, or transfer of your personal data by the SC, you may contact:

International Affairs Department
Securities Commission Malaysia
[email protected]

Complaints
If you wish to make a complaint with respect to how your personal data is handled, you may contact:

Office of the General Counsel
Securities Commission Malaysia
[email protected]

GET IN TOUCH
HOTLINE: +603-6204 8000
related sites
© Copyright Securities Commission Malaysia   |   Contact Us   |  Disclaimer  |  The site is best viewed using Internet Explorer 11 and Google Chrome with mimimum resolution of 1280x1024
Ooops!
Generic Popup