Data Retention & Privacy Policy


This Privacy Policy ("Policy") governs our collection, use, and sharing of "Personal Data" (as defined below) and applies to all IT Company Malaysia websites, goods, services, and mobile apps (collectively, "Services"). IT Company Malaysia and its affiliates are referred to as "we" and "us."
This Policy describes what types of Personal Data we gather from you, why we collect it, how we use it, how long we keep it, who we share it with, and what your rights are.
This Policy is applicable for you if you are a current or potential individual client, regardless of your country or place of residence. It does not apply to businesses or organizations (though it may apply to certain people within them). It also doesn't address how you or other users could use or distribute data collected via our Services.

Our Privacy Policy explains how and what information we gather, as well as how and why we utilize it. It also explains how you can gain access to, amend, or otherwise manage the personal data we process.

Please take the time to read our policy thoroughly. You agree to be bound by this Policy by accessing or using our Services, therefore if you do not agree to be bound by its terms, you should not use our Services. You are also verifying that you are of legal age of majority in the jurisdiction where you reside by accepting the Policy. You may not use our Services if you have not achieved the age of majority.

Your privacy is important to IT Company Malaysia. As a result, we only collect and use personal data as necessary to provide you with our world-class IT Solutions, services, and websites (collectively, our "Services"). Your personal data is required for the following purposes:

  • Registering account on our website

  • For purchase of license, products, and other services

This policy applies to personal data that we collect:

  • On our website

  • Email, text messaging, and other electronic messages sent between us and/or through our website (s)

What is Personal Data?

"Personal Data" may not apply to all types of information. The term "Personal Data" refers to information that, alone or in combination with other data components we hold, allows us to identify you as a distinct natural person.
Personal data that we collect may include:

  • A name

  • An identification number

  • Location

  • Email Address

  • Contact Number

  • Billing and Payment Information (For IT Company Malaysia Only, such information is only shared with third party on the purchase of Microsoft License)

  • Other information gathered that might be used to directly or indirectly identify you

You may contact our Data Protection Officer ("DPO") and our dedicated staff that supports this office at if you have any queries regarding our practices or any of your rights stated below. This mailbox is continuously checked and controlled so that we can provide you with a secure experience.

Why we collect personal data?

We gather personal information so that we can offer you with the best possible experience and solution. When you use the internet, a lot of what you consider personal data is acquired directly from you when you:

  • Register for an account or purchase one of our services (for example, billing information such as name, address, and payment information);

  • Enlist the help of our customer service staff (e.g., phone number, case notes);

  • Request newsletters or other information from us (e.g., through email) by filling out contact forms

  • in competitions and surveys, apply for a job, or participate in other activities we encourage that may need personal information

However, when providing our Services to you, we gather extra personal data to ensure required and optimal functioning. These collecting techniques may not be as clear to you, so we wanted to emphasize and explain what they are (since they change from time to time) and how they operate below:

Cookies and other technologies of this nature allows us to track your browsing habits, clicks, purchases, and device type, as well as gather different data, including analytics, about how you use and interact with our Services. These technologies collect data such as metadata, log files, cookie/device IDs, page load time, server response time, and approximate location information when you use and interact with our Services in order to measure website performance and improve our systems, such as optimizing DNS resolution, network routing, and server configurations. Interactions with the Services' features, content, and links (including those from third parties, such as social media plugins), IP address, browser type and settings, date and time the Services were used, and information about browser configuration and plugins. Language choices and cookie data are also collected, as well as information on devices accessing the Services, such as device type, operating system, device settings, application IDs, unique device identifiers, and error data.

Cookies do not generally include Personal Data (information that directly identifies a user), but the information stored in and collected from cookies may be connected to personal information that we maintain about you. This data (together with Social Media Data) is stored in a number of locations throughout our infrastructure, including system log files, back-end databases, and analytics platforms.

How do we make use of personal information?

We are firm believers in collecting as little personal data as possible and limiting its use and purpose to (1) those for which we have received permission, (2) those required or permitted for legal compliance or other lawful purposes, or (3) those for which we may be required or permitted for legal compliance or other lawful purposes. These are some of the applications:

Providing you with services by delivering, upgrading, updating, and enhancing them. We gather a variety of personal information about you based on your purchase, use, and/or interactions with our Services. Personal information collected by IT Company Malaysia is used for the following purposes:

  • Improve and optimize our services' operation and performance (again, including our websites and mobile applications)

  • Diagnose any issues with the Services, as well as any security or compliance concerns, mistakes, or essential improvements

  • Fraud and misuse of our Services and systems must be detected and prevented

  • Compile statistics on how the Services are used in aggregate

  • Recognize and analyze how you use our Services, as well as which goods and services are most important to you

Disclaimer: Much of the information gathered is aggregated or statistical information about how people use our services, and it is not connected to any personal information.

Sharing data with trusted third parties. IT Company Malaysia may share personal data of their clients with our corporate family's associated companies, third parties with whom we have collaborated or partnered to allow you to integrate their services into our own Services, and trusted third-party service providers as needed to execute services on our behalf, such as:

  • Emailing you or sending you a survey are examples of ways we communicate with you.

  • Customer relationship management

  • Compliance, risk management, and security

Note: Personal data is only shared with our trusted official partners. Such as, Microsoft, Google etc. For any required licensing or rights allocation purposes.

These third parties (and any subcontractors they may be allowed to use) have agreed not to disclose, use, or keep your personal information for any reason other than to provide Services.

Affiliation Data: Regarding the selling of Services through our website, we have agreements with numerous wholesalers, distributors, and affiliates ("resellers") (s). D/omain name registration is an example of such a service. You may be compelled to give Personal Data to such third parties when purchasing such services or communicating with them. In this situation, your rights to such data will be governed by the third party's privacy policies.

We may also acquire and process information in each of the categories specified in this Policy in connection with the development and length of our agreements with resellers. We might be able to get some of this information straight from the resellers. Our legal basis and legitimate interest in acquiring and processing such data is our entering into and performing any agreement we may have with the reseller, as well as the supply of Services they may have requested (or that you may have ordered through such reseller)

Collection of personal data with communication. IT Company Malaysia firmly believe in client’s consent regarding collecting their information. We may contact you directly or through a third-party service provider about items or services you've subscribed to or purchased from us, such as transactional or service-related messages. The following are examples of possible contacts:

  • Via Email

  • Automated text messages

  • SMS messages

  • Telephone calls

If we collect personal data from you as part of a co-branded offer, it will be clear who is collecting the data and whose privacy policies apply at the time of collection. It will also explain any choices you have about the use and/or sharing of your personal data with a co-branded partner, as well as how to use those choices.

Legal, regulatory, and law enforcement requests. To enforce and comply with the law, we work with government and law enforcement agencies, as well as private parties. We will share any personal data about you to government or law enforcement agencies, as well as private parties, as we deem necessary or appropriate to respond to claims and legal proceedings in our sole discretion.

Its purpose is to defend our property and rights, or the property and rights of a third party, to safeguard the public's or anyone's safety, or to prevent or halt unlawful or unethical behavior.

We will take reasonable measures to tell you if we are legally compelled to share your personal data to third parties, to the extent that we are legally authorized to do so. When you register a domain name with us, we will also disclose your personal data to the extent necessary to comply with ICANN, registrar, or ccTLD laws, regulations, and policies.

Privacy Legislation

IT Company Malaysia will comply with the Privacy Amendment (Private Sector) Act 2000 and the National Privacy Principles in respect of the storage and handling of information.

GOVERNING LAW IT Company Malaysia Services and Solutions are governed by the laws of the State. These Terms and Conditions constitute the whole agreement between IT Company Malaysia and the User and neither party shall be bound by any undertakings, representations, warranties, promises or the like not recorded herein.

Note: The Children’s Online Privacy Protection Act [COPPA] requires web sites to obtain verifiable parental consent if they collect age identifying information or a birth date from a child under the age of 13. If the Company does not wish to obtain verifiable parental consent, it must bump-out any user that indicates an age under 13.

    To correct this issue please do the following: The Company has three options for dealing with the collection of age identifying information:

  • Option 1: Do not collect age identifying information. The Children’s Online Privacy Protection Act [COPPA] does not require general audience Web sites to screen the age of its users. If the Company must collect age identifying information, the user must be given the opportunity to input their correct age, in essence, to “tell the truth”.

  • Option 2: Implement an under age 13 bump-out mechanism. If a user indicates they are under the age of 13, then the Web site needs to bump that user to an error page informing the user that the Web site is not able to accept their registration at this time. The bump-out message needs to be generic (i.e. “sorry we are not able to accept your registration at this time”) and cannot indicate that age is a factor of registration. Also the registration form itself cannot indicate that age is factor of registration (i.e. “you must be at least 13 to register”).

  • Option 3: If the Company must inform the user that age is a factor of registration (i.e. “you must be at least 13 to register”) within the error message, then a session cookie needs to be set to prevent the user from going back and changing their age. For more information around TRUSTe’s requirements around the collection of age identifying information, visit general audience Web sites.

NOTICE: IT Company Malaysia reserves the right to revise its policies at any time.

Information Sharing

IT Company Malaysia may transmit your Personal Data between jurisdictions in general. However, we shall do so in accordance with the European Data Protection Directive 95/46/EC ("GDPR") and other relevant legislation governing the protection of personal information during cross-jurisdictional transfers. This implies that, subject to certain restrictions, we may transmit your data to the United States, the European Union, or other countries. If you are a European resident, we will make every effort to confirm that either the European Commission has determined that the receiving jurisdiction provides adequate protection of Personal Data, or that different acceptable safeguards, like the utilization of relevant commonplace information protection clauses adopted or approved by the European Commission.

Note: Please be aware that if you use a technology that masks your location, such as a VPN, or if you use our Services from a place other than where you live, you may not get our request for permission because we were unable to identify you as being in a jurisdiction that requires your consent.

Privacy for Website Analytics

Data on how our website is used is gathered by our supplier, Google Analytics (s). We will not share your name, phone number, email address, or payment card information with Google Analytics. We give a random number to your use so that Google Analytics can identify you as a unique user of our website(s), but Google Analytics does not link that number to any personally identifiable information about you. We understand that you may want to minimize or remove the information that Google Analytics gathers about your usage of our website (s). There is an “Opt-out" option in Google Analytics.

Special Rights for Residents in Europe

If you live in the European Union, you may have extra rights under the General Data Protection Regulation 2016/679 of the European Union ("GDPR"). We have not included a full description of the GDPR in this Policy since it is a complicated regulatory framework. We recommend that you read the appropriate regulatory authority's rule and guidelines for a complete understanding of your rights.
The GDPR gives you the following rights: access, correction, erasure, limitation or objection to processing, portability, withdrawal of consent, and the right to file a complaint with a regulatory body. These rights are not absolute, and there are limitations. For instance, we may refuse to comply with a request to delete or change information if we can show compelling valid grounds that outweigh your interests, the change would violate any law or regulation, or if reliability is required to exercise the right to freedom of expression and information, comply with a legal requirement, address security concerns, or prevent or investigate attacks.
You have the right to receive a copy of your Personal Data in a structured, commonly used, and machine-readable format from us if the legal basis for our processing your Personal Data is your consent, the necessity to comply with your requests, or the performance of a contract we have with you, and we are automatically processing your Personal Data.

California Privacy Rights

Residents of California have specific privacy rights under the California Consumer Privacy Act (CCPA). The CCPA grants California consumers the right to know what personal information is being collected about them, the right to access their personal information, the right to request deletion of their personal information, and the right to opt-out of the sale of their personal information to third parties. California residents also have the right to non-discrimination for exercising their privacy rights under the CCPA. Please contact us at to make such a request. “California Privacy Rights Inquiry” is the subject of this inquiry.

Canada Privacy Rights

Residents of Canada may have additional privacy rights under applicable Canadian laws, such as the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA governs how private-sector organizations collect, use, and disclose personal information in the course of commercial activities. Under PIPEDA, individuals have the right to access their personal information held by an organization, request corrections to their personal information, and file complaints with the Office of the Privacy Commissioner of Canada regarding the handling of their personal information. Please contact us at to make such a request. “Canada Privacy Rights Inquiry” is the subject of this inquiry.

Malaysia Privacy Rights

Residents of Malaysia may have additional privacy rights under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). The Privacy Act and APPs regulate the handling of personal information by Australian government agencies and some private sector organizations. Individuals have the right to access their personal information held by an organization, request corrections to their personal information, and make complaints to the Office of the Australian Information Commissioner (OAIC) regarding breaches of privacy. Please contact us at to make such a request. “Malaysia Privacy Rights Inquiry” is the subject of this inquiry.

New Zealand Privacy Rights

Residents of New Zealand may have additional privacy rights under the Privacy Act 2020. The Privacy Act regulates the collection, use, and disclosure of personal information by New Zealand agencies and organizations. Under the Privacy Act, individuals have the right to access their personal information, request corrections to their personal information, and make complaints to the Privacy Commissioner regarding breaches of privacy. Please contact us at to make such a request. “New Zealand Privacy Rights Inquiry” is the subject of this inquiry.

United Kingdom Privacy Rights

Residents of the United Kingdom may have additional privacy rights under the Data Protection Act 2018 (DPA) and the UK GDPR, which incorporates the GDPR into UK law post-Brexit. The DPA and UK GDPR regulate the processing of personal data in the UK. Individuals have the right to access their personal data, request corrections to their personal data, and request erasure of their personal data in certain circumstances. They also have the right to restrict or object to the processing of their personal data and the right to data portability. Individuals can lodge complaints regarding the handling of their personal data with the Information Commissioner's Office (ICO), the UK's independent authority for data protection. Please contact us at to make such a request. “UK Privacy Rights Inquiry” is the subject of this inquiry.

Changes to our Privacy Statement

At any moment, IT Company Malaysia has the right to change this Privacy Policy. If we make modifications to our Privacy Policy, we will post them here and in any other locations we consider appropriate so that you are aware of what information is collected, how IT Company Malaysia use it, and under what conditions and circumstances, if any, we release it. If we make significant changes to our Privacy Policy, we will tell you here, by email, or by a notice on our home page at least thirty (30) days before the changes take effect.

Data Retention Policy

We shall not keep your Personal Information for any longer than is required for the purposes for which it was collected and/or processed. We shall preserve your Personal Data for a minimum of ten (10) years from the latest day in which you engaged with us about the purpose for which the Personal Data was acquired and processed, depending on its nature. For example, we will keep Account Data for 6 years, User Content Data for 4 years, Customer Contact Data for 4 years, and Sales Data for 10 years. Personal data that does not fall into one of the categories will be kept for as long as it is required by law, or for as long as it is necessary for the stated purpose. We may not be able to define the time periods for which your Personal Data will be kept in some instances. In such circumstances, we will establish a retention period depending on the applicable statute of limitations for any claim you may have against each other arising from your contact with our website(s) and/or the order or delivery of any products or services. Also, to address security concerns, such as preventing or investigating attacks and/or fraud, preserving accurate records, and properly administering our website(s) and company. We use widely established standards to preserve and secure the personal data we collect, including encryption where applicable, both during transmission and once received and stored. We only keep personal data for as long as it's needed to offer the Services you've requested, and afterwards for a number of valid legal or commercial reasons. Retention periods might be one of them:

  • Law, contract, or other similar requirements that apply to our business operations;

  • In order to protect, resolve, defend, or enforce our legal/contractual rights; or

  • Maintaining appropriate and accurate company and financial records is required