BeONE Mobile Sdn Bhd
Effective Date: 1 February 2026
Last Updated: 20 April 2026
1. Introduction
This Privacy Notice explains how we collect, use, disclose, store and protect personal data when you use our products, services, applications or portals in Malaysia. It is issued in line with the Personal Data Protection Act 2010 (PDPA 2010). It applies to prospective, active and former customers of our prepaid, postpaid, value-added and roaming services.
2. Categories of Personal Data
We may process different categories of personal data depending on the services you use. These include, without limitation:
(a) Identity and eKYC data such as full name, NRIC/passport number, nationality, date of birth, gender and a customer image captured for electronic verification, together with SIM registration records.
(b) Contact and account information including billing and delivery addresses, email address, phone numbers, account
identifiers and authentication or login logs.
(c) Service and network usage metadata such as SIM/IMSI/IMEI numbers, IP/MAC addresses, numbers called or received, SMS/MMS metadata, data session timestamps, duration, cell IDs and usage counters. We do not store call audio or SMS content except where we are legally required to support lawful interception.
(d) Payment and credit information including masked payment instrument details, transaction references, payment channel or status, and credit checks where applicable.
(e) Value-added and marketing information such as language preferences, opt-in or opt-out choices, and entries for loyalty, contests or campaigns.
(f) Support and dispute records including enquiries or complaints, recordings of calls with customer care and related
correspondence.
(g) Cookies and analytics data derived from your device or browser to manage sessions, enhance security and improve our services.
3. How We Collect Personal Data
We collect personal data in several ways to enable and support our services:
a) Directly from you, for example when you complete eKYC and SIM registration, request mobile number portability, submit forms in our applications or contact customer care.
b) Automatically from your use of our services, networks, systems and applications, including through cookies or similar
technologies.
c) From third parties such as payment processors, credit reporting agencies where lawful, marketing partners with your
consent, and our host network partners needed to deliver the service.
d) From public sources or regulators where permitted by law.
4. Purposes of Processing
We process personal data for the following purposes, each necessary to deliver a safe and compliant mobile service:
a) To provide, activate and manage services, including number assignment or porting, network access (voice, SMS, data), roaming and value-added features.
b) To bill and process payments, issue invoices, manage refunds, perform credit assessments where applicable, and prevent fraud or abuse.
c) To meet legal and regulatory obligations, including eKYC and SIM registration, supporting lawful interception, retaining data as required, and facilitating emergency services.
d) To operate and support our services, including troubleshooting, monitoring quality, handling complaints and sending service notifications.
e) To protect security and integrity of our networks, systems and users, including preventing spam and security incidents.
f) To communicate service updates, offers and promotions—only where permitted and subject to your marketing preferences and opt-out choices.
g) To analyse usage and improve coverage, capacity and features, as well as for forecasting and product development.
h) To manage contractual defaults, service continuity arrangements, termination or exit scenarios, including facilitating
communications with Subscribers and host network operators where required;
i) to support the transfer, migration or continuation of Subscriber services following termination, expiry or acquisition of Subscriber contracts by a host network operator or successor service provider.
5. Legal Basis and Consent
We process personal data based on one or more of the following: your consent (for example, direct marketing and certain cookies), the need to perform a contract with you, compliance with legal obligations, and our legitimate interests such as network security and service improvement balanced against your rights. Where any disclosure involves communications or direct marketing activities carried out by a third party, such processing shall only be undertaken where the requisite consent has been obtained from Subscribers or where otherwise permitted under the Personal Data Protection Act 2010.
6. Your Choices and Rights
You control how your personal data is used for non-essential purposes and you have rights to access and correct your data:
a) You may opt out of receiving marketing communications at any time through our self-care channels or by contacting
customer care. Your opt-out will not affect essential service messages.
b) You may request that we limit or temporarily suspend certain processing activities; doing so may affect the availability of some services.
c) If you are under 18, please obtain consent from a parent or legal guardian before using our services.
7. Disclosures of Personal Data
We disclose personal data only on a need-to-know basis and with appropriate safeguards:
a) To host network and technical partners to route traffic, enable roaming and deliver service functionality.
b) To vendors and processors that provide functions such as IT, billing, payment, collections, logistics, marketing where
permitted, analytics, fraud management and customer support under written data-protection terms.
c) To regulators and law enforcement agencies where required by law or for crime and fraud prevention.
d) To credit reporting agencies where allowed and necessary for credit evaluation.
e) To business partners for co-branded offerings or campaigns but only with your consent.
f) To parties involved in corporate transactions, under confidentiality obligations.
g) Where the Company is in default of its payment or material contractual obligations to its host network operator or mobile network partner, the Company may disclose relevant Subscriber Personal Data to such host network operator for purposes including assessing and managing service continuity, complying with regulatory or contractual obligations, facilitating communications with Subscribers, and such other purposes as may be contractually required or permitted, subject to applicable laws and consents obtained from Subscribers.
h) In the event of termination or expiry of the Company’s services or applicable agreements, the Company may disclose or transfer Subscriber Personal Data to the host network operator or a successor service provider for purposes including facilitating number portability, continuation or cessation of services, account migration, compliance with regulatory requirements, and the orderly transition or handover of Subscribers, including where Subscribers do not make an election within prescribed timelines.
i) Where Subscriber contracts, accounts or services are acquired or taken over by a host network operator or its related
entities, the Company may transfer or disclose Subscriber Personal Data that is associated with such Subscriber contracts to the acquiring party for purposes of effecting the transfer, administering the continued provision of services, and complying with legal, regulatory or contractual requirements.
8. International Transfers
Where personal data is transferred outside Malaysia, we implement appropriate contractual and technical safeguards and obtain consent where PDPA requires it.
9. Security Measures
We apply organisational, technical and physical measures proportionate to the sensitivity of the data, including access controls, encryption where applicable, segregation of duties and logging or monitoring. We further require our processors to meet equivalent standards.
10. Retention
We retain personal data only for as long as necessary to fulfil the purposes described above and to satisfy legal, regulatory, tax, accounting and reporting requirements. Afterwards, records are securely deleted or irreversibly anonymised.
11. Data Accuracy
We take reasonable steps to ensure that personal data is accurate and up to date. Please keep your profile information current and notify us of any changes. Your personal data will be processed in accordance with our Privacy Notice, which forms part of these Terms and Conditions, and may include disclosure to host network operators and relevant partners for purposes relating to service provision, service continuity, regulatory compliance, contractual default, termination, or transfer of subscriber services.
12. Calling Number Display (CND)
Our services may display the caller’s number to recipients, including internationally, unless you enable available blocking options on your device or plan, subject to technical feasibility and applicable regulations.
13. Updates to this Notice
We may update this Notice from time to time and will revise the effective date accordingly. Continued use of our services after the effective date constitutes acceptance of any updates.
14. Contact Us
Data Protection Officer for BE ONE MOBILE SDN BHD (Registration No. 202501055602 (1657008-W)) with the address:
Unit 15-C, Level 15, Top Glove Tower, No. 16, Persiaran Setia Dagang, Bandar Setia Alam, 40170 Shah Alam, Selangor.
Email: dpo@beone.com.my
Phone: 03-33453148