Personal Data Protection Notice

Infocrest Technologies Sdn Bhd

Effective Date: 6 March 2018
Last Reviewed: 25 November 2024

1. Introduction

Infocrest Technologies Sdn. Bhd. (“Infocrest”, “we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data in compliance with the Personal Data Protection Act 2010 (“PDPA”) of Malaysia. This Personal Data Protection Notice (“Notice”) outlines how we collect, use, store, disclose, and safeguard your personal data in connection with our services, including managed IT services, technical support, and other business operations.

This Notice applies to all individuals whose personal data is processed by us, including clients, service users, business partners, contractors, vendors, and visitors to our websites and client portals.

2. Types of Personal Data Collected

Depending on your interaction with us, we may collect and process the following categories of personal data:

• Full name, NRIC/passport number, company name, and job title
• Business contact details such as address, email, and telephone number
• System login credentials, user access logs, and session activity
• Device and network identifiers (e.g., IP address, MAC address)
• Records of communications (emails, support tickets, phone logs, chat transcripts)
• Billing and transaction information
• Any other information provided to us voluntarily for the purposes of engaging our services or enhancing your user experience

We do not collect sensitive personal data unless required for legal purposes or with your explicit consent.

3. Sources of Personal Data

We collect personal data through various means, including but not limited to:

• Direct interactions via emails, forms, calls, or meetings
• Service contracts or onboarding processes
• Use of our websites, applications, and support platforms
• Public sources (e.g., company directories or websites)
• Third parties acting on your behalf or who are involved in delivering our services

4. Purposes for Processing Personal Data

We collect and process your personal data for the following purposes, in line with the PDPA’s General Principle:

1. For Service Delivery
   • To provide, maintain, and improve our managed IT and support services
   • To manage user accounts, service tickets, and system access
   • To facilitate onboarding and system implementation
2. For Security & Compliance
   • To verify user identities and manage access control
   • To monitor, audit, and secure IT infrastructure and data
   • To comply with regulatory requirements or legal obligations
3. For Business Operations
   • To issue invoices, process payments, and manage contracts
   • To communicate service updates, renewals, and relevant promotions
   • To conduct internal training, analysis, or performance reporting

Where required under the Notice and Choice Principle, we will obtain your consent before processing your data for marketing or promotional purposes.

5. Disclosure of Personal Data

In accordance with the Disclosure Principle under PDPA, your personal data may be disclosed to the following parties when necessary:

• Internal departments and employees involved in service delivery
• Third-party vendors or service providers (e.g., cloud service providers, software partners)
• Regulatory and government bodies, when required by law or legal proceedings
• Auditors, legal, or professional advisors, under confidentiality obligations

We ensure that any third party processing your data is subject to strict data protection standards and contractual obligations.

6. Data Security Measures

To comply with the Security Principle, we implement comprehensive technical and organizational measures to ensure the integrity, confidentiality, and availability of your personal data. These include:

• Encryption of data in transit and at rest
• Role-based access control and identity verification
• Network monitoring, firewalls, and intrusion detection systems
• Regular audits, system updates, and staff awareness training

Although we employ industry-standard practices, no system is entirely immune to risk. In the event of a breach, we will take immediate corrective action and notify affected individuals where required by law.

7. Data Retention

In line with the Retention Principle, personal data will be retained only for as long as necessary to fulfil its intended purpose or to comply with legal, regulatory, or contractual obligations. When no longer required, your data will be securely disposed of or anonymised.

8. Your Rights Under PDPA

Subject to the Access and Correction Principle, you have the following rights under the PDPA:

• Right to Access: You may request access to your personal data held by us.
• Right to Correct: You may request that we correct any inaccuracies in your data.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.
• Right to Object: You may object to certain types of data processing that may cause damage or distress.
• Right to Limit Processing: In certain situations, you may request that we limit how your data is processed.

To exercise these rights, please contact our us at the contact details listed in Section 11.

9. Use of Cookies

Our websites and client portals may use cookies and other tracking technologies to:

• Enhance user experience and site functionality
• Remember your preferences or login sessions
• Analyse traffic and improve services

You may control cookie settings via your browser. However, disabling cookies may affect some functionalities of our services.

10. Updates to This Notice

We may update this Notice from time to time in response to changes in legal requirements, technology, or our business practices. The most recent version will be made available on our website and will take effect immediately upon publication.

11. Contact Us

If you have any questions, feedback, or wish to exercise your rights under the PDPA, please contact: