Privacy Policy

1. Introduction

Datalune is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you engage with our services, visit our website, or communicate with our team.

We operate in accordance with the Malaysian Personal Data Protection Act 2010 (PDPA) and maintain high standards for data protection across all our operations. This policy applies to all personal data we collect through our website, consultation services, workshops, and partnership engagements.

For questions about this Privacy Policy or our data protection practices, please contact us at [email protected].

2. Information We Collect

We collect and process the following types of personal information:

2.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, and organisational affiliation when you submit enquiries through our website or contact forms.
• Professional Information: Job title, role, department, and professional background when engaging in consultation services or workshop participation.
• Communication Content: Messages, questions, and feedback you provide through email, phone, or other communication channels.
• Service-Related Information: Details about your organisation's data infrastructure, educational programmes, or business processes shared during health checks, workshops, or partnership engagements.

2.2 Information Collected Automatically

• Technical Information: IP address, browser type, device information, operating system, and referring website when you visit our website.
• Usage Data: Pages visited, time spent on pages, links clicked, and other website interaction data collected through cookies and similar technologies.
• Location Information: General geographic location inferred from IP address.

2.3 Third-Party Information

We may receive information about you from third-party sources such as professional references, organisational contacts, or publicly available professional profiles when relevant to service delivery.

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

• Responding to enquiries and providing information about our services
• Delivering data quality assessments, workshops, and partnership engagements
• Communicating about service schedules, deliverables, and progress
• Providing post-engagement support and documentation

3.2 Business Operations

• Managing client relationships and maintaining engagement records
• Processing payments and maintaining financial records
• Improving our services based on feedback and engagement outcomes
• Training and quality assurance purposes

3.3 Communication

• Sending service-related notifications and updates
• Providing information about new services or offerings (with consent)
• Sharing industry insights and educational content relevant to AI integration (with consent)

3.4 Legal and Compliance

• Complying with legal obligations and regulatory requirements
• Protecting our legal rights and interests
• Preventing fraud and maintaining security

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to deliver services you have requested or contracted for.
• Consent: Processing based on your explicit consent for specific purposes, such as marketing communications.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving services and maintaining client relationships, balanced against your privacy rights.
• Legal Obligation: Processing required to comply with Malaysian legal requirements and regulatory obligations.

5. Data Retention

We retain your personal information for the following periods:

• Client Records: Maintained for seven years after engagement completion for business record purposes and potential legal requirements.
• Communication Records: Retained for three years from last contact unless ongoing engagement requires longer retention.
• Marketing Consent: Maintained until consent is withdrawn or for three years of inactivity.
• Website Analytics: Aggregated and anonymised data retained indefinitely; identifiable data deleted after 26 months.

When retention periods expire, we securely delete or anonymise personal information. We may retain certain information longer when required by law or for legitimate purposes such as ongoing disputes or investigations.

6. Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

6.1 Service Providers

Third-party service providers who assist with business operations, such as email hosting, website analytics, payment processing, and professional services. These providers are contractually obligated to protect your information and use it only for specified purposes.

6.2 Professional Advisers

Legal, accounting, or other professional advisers when necessary for business operations or legal compliance.

6.3 Legal Requirements

Government authorities, regulators, or other parties when required by law, legal process, or to protect rights, property, or safety.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to this Privacy Policy.

7. Data Security

We implement appropriate technical and organisational security measures to protect your personal information:

• Encryption: Data transmission is encrypted using industry-standard TLS/SSL protocols.
• Access Controls: Personal information access is restricted to authorised personnel who require it for legitimate business purposes.
• Secure Storage: Personal data is stored on secure servers with appropriate access authentication and monitoring.
• Regular Reviews: Security practices are regularly reviewed and updated to address evolving threats.
• Incident Response: Procedures are in place to detect, respond to, and report security breaches in accordance with legal requirements.

While we implement robust security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but commit to maintaining appropriate protections and promptly addressing any security incidents.

8. Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance user experience and collect usage data. For detailed information about cookies, their purposes, and how to manage them, please refer to our Cookie Policy.

Essential cookies necessary for website functionality are used automatically. Optional cookies for analytics and preferences require your consent, which you can manage through our cookie preferences interface.

9. Your Rights

Under the Malaysian Personal Data Protection Act 2010, you have the following rights:

9.1 Right to Access

You may request access to the personal information we hold about you. We will provide this information within the timeframe required by law, subject to verification of your identity.

9.2 Right to Correction

You may request correction of inaccurate or incomplete personal information. We will make reasonable efforts to correct the information promptly.

9.3 Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing prior to withdrawal.

9.4 Right to Data Portability

You may request that we transfer your personal information to another organisation in a structured, commonly used format where technically feasible.

9.5 Right to Object

You may object to processing of your personal information for direct marketing purposes or where processing is based on legitimate interests.

9.6 Right to Complaint

You have the right to lodge a complaint with the Personal Data Protection Department of Malaysia if you believe your rights have been violated.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the timeframe required by law.

10. International Data Transfers

Your personal information is primarily stored and processed in Malaysia. In some cases, we may transfer data to service providers located outside Malaysia. When we do so, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you become aware that a minor has provided us with personal information, please contact us immediately so we can delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a new "Last Updated" date.

Continued use of our services after policy changes constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact: