You arrive at Banting Work Hub, tap the fingerprint pad and the door clicks open — fast, simple, familiar. Fingerprint access is one of the easiest conveniences a coworking space can offer, but fingerprints are also permanent identifiers: you can change a password, you can’t change the pattern of ridges on a finger. That trade‑off is why you should set up access deliberately and know exactly how your biometric data is collected, who holds it, and what legal rights you can exercise. This guide (written for Banting Work Hub members and prospective members) gives you five practical setup steps, explains how Malaysian law treats biometric data after the 2024 PDPA amendments and the JPDP guidelines of April 2026, and lists the exact contact routes to request access, correction, or removal.

Why Banting uses fingerprint access — benefits and trade‑offs

Fingerprint readers speed entry, reduce lost‑card problems, and keep a simple audit log of who entered and when. For a small hub like Banting Work Hub — open 9:00 AM–6:00 PM (closed Sundays) — a fingerprint door system reduces front‑desk load and helps enforce operating hours and payment suspensions if required. Banting’s published Terms & Conditions and Privacy Policy specifically name a fingerprint system and state that biometric access is managed through a third‑party platform (Tuya App). That means the hub delegates template storage/verification to that vendor rather than keeping raw biometric data on site. Banting — Terms, Banting — Privacy Policy.

Practical trade‑offs: faster entry and fewer cards, but fingerprint data requires stronger technical and contractual safeguards than ordinary contact details.

On the security side, international guidance recommends protecting biometric templates (not storing raw images), using template‑protection schemes, and offering revocation/fallback options (PIN or admin reset). NIST’s digital identity guidance highlights template protection as a best practice for biometric systems. NIST SP 800‑63B.

Warning: biometric identifiers are effectively permanent. If a biometric template is leaked and it can be reversed or replayed, the harm is long‑lasting compared with a compromised password.

How to set up your fingerprint access in five quick, safe steps

The list below is the single‑page routine you can follow the first time you register at Banting. Each step includes the action you take and the question to ask the hub staff.

1. Confirm membership and availability.

   Make sure you have an active membership or valid daily‑pass option (note: Banting’s Terms state memberships carry a minimum six‑month commitment and access may be suspended for late payment). If you’re using a Daily Pass, confirm walk‑in availability or WhatsApp ahead. Terms & Conditions (effective 1 Jan 2026).

2. Read the privacy notice and sign consent for fingerprint use.

   Ask to see Banting’s written explanation of fingerprint processing (where the data goes, who controls it, retention period, and how to request deletion). By policy, Banting processes fingerprint access via a third‑party provider and does not internally store raw biometric templates — confirm the provider name and ask for their privacy link. Banting — Privacy Policy.

3. Register your fingerprint with the staff (or follow the device flow).

   Follow the device prompts. If registration is done with a staff device, ask to see the confirmation that your template was accepted and how to test it. Keep a short video or photo of the confirmation screen (consent evidence) if you want a record.

4. Verify fallback and revocation options.

   Ask: what happens if the fingerprint reader fails, I lose membership, or I want my template removed? Ask staff to confirm the removal process and the expected delay (ask for email confirmation). Banting’s policy says removal and other rights can be exercised via listed contact channels. Use admin@bantingworkhub.com or WhatsApp 011‑1075 1375 to request removal or raise an access issue. Banting — Privacy Policy.

5. Test entry and keep a record of the date you registered.

   Use the reader once while staff watches; confirm the logs show your access (if you need proof later). Note the registration date — it’s the start of any retention period and useful if you submit a future access/deletion request.

Tip: if you’re uncomfortable registering onsite, ask if the hub can temporarily provide keypad/PIN access while the privacy questions are clarified.

How Malaysia’s PDPA now treats biometric data — what changed in 2024–2026

Important legal context: the Personal Data Protection (Amendment) Act 2024 (Akta A1727) expanded definitions and introduced new obligations that directly affect biometric processing. The amendment explicitly broadened definitions to cover categories such as biometric personal data and strengthened obligations for breach notification and data‑subject rights. The Office of the Personal Data Protection Commissioner (JPDP) has also published practical guidelines — including Data Protection Impact Assessment (DPIA) and Data Protection by Design (DPbD) — to help organisations assess high‑risk processing such as biometric systems. These guidelines were issued in the second tranche on 30 April 2026. Akta A1727 (PDF), JPDP — Data Protection By Design.

For small businesses and hubs that use third‑party biometric vendors, two practical implications follow from the JPDP guidance: (1) perform a DPIA when biometric processing creates a high‑risk profile (JPDP gives tests and thresholds in the DPIA guideline), and (2) embed privacy‑by‑design controls — encryption, retention limits, template protection, and contractual guarantees with vendors. Legal advisors and legal notices in Malaysia now expect DPIA records for such systems. See summaries by legal firms and local news coverage of the April 30, 2026 JPDP releases. Rajah & Tann summary (30 Apr 2026), The Star — JPDP guidelines (30 Apr 2026).

Your practical rights at Banting: access, correction, deletion, and complaints

Under the PDPA regime (as amended) and Banting’s stated Privacy Policy, you have these practical rights:

• Access: You may request confirmation of whether Banting holds your fingerprint access record and ask for a copy of the non‑sensitive access log (time stamps). The hub’s Privacy Policy lists contact channels for such requests. Banting — Privacy Policy.
• Correction: If your account details are wrong (name, membership status), request correction following the process in the hub’s policy.
• Deletion/withdrawal of consent: Ask the hub to remove your template. Because Banting delegates biometric processing to a third party, removal may require the hub to instruct that vendor; request written confirmation of deletion and a date. Banting’s Privacy Policy affirms these rights and indicates data is retained only as necessary. Banting — Privacy Policy.
• Complaint and breach reporting: Where you suspect misuse or a breach, you can file a complaint with Banting and, if unresolved, escalate to JPDP. After the 2024 amendment, significant breaches are subject to mandatory notification rules (see JPDP guidelines). JPDP — official site.

How to make a request today: email admin@bantingworkhub.com or WhatsApp 011‑1075‑1375 and ask for the specific action (access / correction / deletion). Keep copies of your request and any reply — under JPDP guidance, controllers should respond within a reasonable time and, for DPIA/breach matters, record the steps taken. Banting — Privacy Policy.

Before you register: a short checklist to avoid surprises

• Confirm your contract length and whether early termination affects access (Banting typically has a six‑month minimum). Terms & Conditions.
• Ask whether the hub or the third‑party can provide a deletion certificate when your template is removed.
• Request the name and privacy link of the fingerprint platform (Banting’s Terms mention Tuya App — verify the vendor policy directly).
• Check fallback methods (PIN, staff unlock) in case of device failure or lost membership.
• Record the date of registration and the staff member who handled it (use this when you request later actions).

Common mistakes members make with biometric access — and how to avoid them

• Assuming deletion means all copies are gone. Ask for a deletion confirmation and the vendor’s retention policy.
• Handing the account to friends. Fingerprint access is non‑transferable — sharing access breaches the hub’s Terms.
• Not keeping proof of consent or registration date. Always capture a short confirmation (photo of the confirmation screen or an emailed receipt).
• Failing to ask about the vendor’s security controls (template protection, encryption, breach history). Request those details before you register if you have privacy concerns.

“Fingerprint access is a convenience — treat it like a permanent key. Ask how it’s stored, how to get it removed, and keep simple records.” — Banting Work Hub (member guidance)

If you want Banting to remove your fingerprint: send a written deletion request to admin@bantingworkhub.com and request a written confirmation of removal. If the hub needs vendor action, ask for the expected completion date.

Further reading: Banting Work Hub — Terms & Conditions (Fingerprint access; effective 1 Jan 2026)

Further reading: Banting Work Hub — Privacy Policy (Fingerprint access; vendor processing)

Further reading: Akta A1727 — Personal Data Protection (Amendment) Act 2024 (PDF)

Further reading: JPDP — Data Protection By Design Guideline (April 2026)

Further reading: NIST SP 800‑63B — Digital Identity Guidelines (biometric template protection)