1. Who We Are
This Privacy Policy is issued by The Malaysian DotCom Sdn Bhd (Company No. 738717-A / 200601018964), doing business as TheMalaysian.com, a company incorporated in Malaysia and registered at Suite B-5-8, Plaza Mont Kiara, No 2, Jalan Kiara, Mont Kiara 50480, Kuala Lumpur, Malaysia.
For the purposes of the Personal Data Protection Act 2010 (PDPA) as amended by the Personal Data Protection (Amendment) Act 2024, The Malaysian DotCom Sdn Bhd is the data controller — meaning we determine how and why your personal data is processed.
This policy applies to all visitors, enquirers, customers and users of our website at themalaysian.com, our services (web design, web hosting, content maintenance, AI automation, outsourcing and white label services), and any communications you have with us by phone, email or other means.
Plain language summary: TheMalaysian.com is responsible for your data. We collect it to provide our services. We do not sell it. We protect it. And we will always tell you what we are doing with it.
2. What Personal Data We Collect
We only collect personal data that is necessary for the purposes set out in this policy. Depending on how you interact with us, this may include:
| Category | Examples | How collected |
|---|---|---|
| Identity data | Full name, company name, job title | Contact forms, quote requests, email |
| Contact data | Email address, phone number, mailing address | Contact forms, quote requests, WhatsApp, phone calls |
| Billing data | Invoice details, payment records | Order placement, billing system |
| Technical data | IP address, browser type, device type, pages visited, time on site | Automatically via cookies and Google Analytics |
| Communications data | Content of emails, WhatsApp messages, support tickets, call notes | When you contact us directly |
| Business content data | Company profile, logo, photos, product descriptions provided for website build | Provided by you as part of service delivery |
We do not collect sensitive personal data as defined under the PDPA (health data, biometric data, political opinions, religious beliefs) unless you specifically and voluntarily provide it in the course of our communications, in which case it will be treated with heightened protection and not shared with any third party.
We do not collect credit card numbers or payment card details directly. All payment processing is handled by licensed third-party payment processors. We retain only payment confirmation records for billing and accounting purposes.
3. Why We Collect Your Data
We collect and process your personal data for the following purposes:
- Service delivery — To build, launch and maintain your website, hosting account, email setup or AI automation workflow
- Quotation and pre-sales — To respond to your enquiry and provide you with an accurate quote
- Billing and account management — To issue invoices, process renewals and manage your account
- Customer support — To respond to support requests, troubleshoot issues and provide technical assistance
- Communication — To send you service-related notifications including renewal reminders, scheduled maintenance notices and important updates
- Legal compliance — To comply with applicable Malaysian laws, regulatory obligations and lawful requests from authorities
- Service improvement — To understand how our website is used and improve the experience for all visitors, using anonymised analytics data
Marketing communications: We will only contact you for marketing or promotional purposes if you have given us your explicit consent to do so. You may withdraw this consent at any time by contacting us at contact@themalaysian.com.
4. How We Use Your Data
Your personal data is used only for the purposes for which it was collected. We will not use it for purposes that are incompatible with those stated in this policy without first notifying you and, where required by law, obtaining your consent.
We process your data on the following legal bases under the PDPA:
- Consent — Where you have given us clear consent to process your data for a specific purpose (e.g. marketing communications)
- Contract — Where processing is necessary to perform the services you have purchased from us
- Legal obligation — Where we are required to process your data to comply with Malaysian law
- Legitimate interest — Where processing is necessary for our legitimate business interests (e.g. fraud prevention, service security) and does not override your fundamental rights
5. AI Automation Services — Data Processing Notice
For clients who purchase AI Automation services from TheMalaysian.com, the following additional provisions apply.
Your customers' data
When we set up automated workflows on your behalf — such as WhatsApp lead capture, automated replies, CRM integration or appointment booking — those workflows may process personal data belonging to your customers (e.g. their names, phone numbers, enquiry content).
In this context:
- You, the client, are the data controller in relation to your customers' personal data
- TheMalaysian.com acts as a data processor — we process your customers' data only on your instructions and only to deliver the automation service
- You are responsible for ensuring that your use of automated messaging complies with the PDPA and applicable Malaysian laws, including obtaining any necessary consent from your customers to receive automated communications
- We will not use your customers' data for any purpose other than delivering the automation service to you
Third-party automation platforms
AI automation workflows may be delivered using third-party platforms such as WhatsApp Business API, n8n, Make.com or similar services. By engaging our AI automation services, you acknowledge that data processed by these workflows may pass through such platforms. We will always inform you of the specific platforms used in your workflow before implementation.
Important: The uptime and availability of AI automation workflows may be affected by the availability of third-party platforms (including WhatsApp Business API) which are outside TheMalaysian.com's control. Please refer to our Service Level Agreement for details.
No guarantee of business outcomes
AI automation improves response times and reduces manual workload. TheMalaysian.com does not guarantee specific business outcomes including increased revenue, sales conversions or bookings as a result of automation services.
6. Sharing & Disclosure of Your Data
We will never sell your personal data to any third party. We will never disclose your personal data, customer lists or account information to any third party without your authorisation, except as described below.
We may share your personal data with the following categories of third parties, strictly on a need-to-know basis:
Service providers
Trusted third-party providers who assist us in delivering our services, including hosting infrastructure providers, billing system operators, domain registrars, email system providers and payment processors. These providers are contractually required to handle your data securely and only for the purpose of delivering the service.
Professional advisors
Lawyers, accountants or auditors where necessary for legal, financial or regulatory compliance, under strict confidentiality obligations.
Legal and regulatory requirements
Where we are required by law, court order or lawful request from a Malaysian government authority or regulatory body to disclose your data, we will do so. Where legally permissible, we will notify you before disclosure.
Business transfer
In the event of a merger, acquisition or sale of all or part of our business, your personal data may be transferred to the acquiring entity. We will notify affected customers before any such transfer takes effect.
We do not share your personal data with advertising networks, data brokers, or any third party for their own marketing purposes.
7. Cookies & Analytics
Our website uses cookies — small text files stored on your device — to help us understand how visitors use our site and to improve your experience.
Cookies we use
| Type | Purpose | Can be disabled? |
|---|---|---|
| Essential | Necessary for the site to function (e.g. form submissions, session management) | No — required for the site to work |
| Analytics | Google Analytics — anonymised data on page visits, traffic sources, device types. No personally identifiable information is shared with Google. | Yes — disable in your browser settings or via Google Analytics Opt-out |
We do not use advertising cookies, social media tracking cookies, or any cookies that track your behaviour across other websites.
You can control or delete cookies through your browser settings. Disabling analytics cookies will not affect your ability to use our website or services.
8. Data Security
The security of your personal data is our priority. We take all reasonable physical, technical and organisational measures to protect your data from unauthorised access, loss, alteration, disclosure or misuse.
Our security measures include:
- SSL/TLS encryption on all data transmitted between your browser and our servers
- Access controls limiting data access to authorised personnel only
- Regular security monitoring of our hosting infrastructure
- Secure handling and disposal of physical documents containing personal data
Data breach notification
In the event of a personal data breach that poses a risk of significant harm to you, we will comply with our obligations under the Personal Data Protection (Amendment) Act 2024:
- We will notify the Department of Personal Data Protection (JPDP) within 72 hours of becoming aware of the breach
- We will notify affected individuals within 7 days of the breach being confirmed
- Our notification to you will include the nature of the breach, the data affected, and the steps we are taking to address it
Important: While we take every reasonable precaution, no method of internet transmission or electronic storage is completely secure. We cannot guarantee absolute security of data transmitted over the internet.
9. Your Rights Under the PDPA
Under Malaysia's Personal Data Protection Act 2010 (as amended 2024), you have the following rights in relation to your personal data held by TheMalaysian.com:
Right of Access
You may request a copy of the personal data we hold about you and information about how it is being processed.
Right of Correction
You may request that we correct any personal data that is inaccurate, incomplete or out of date.
Right to Withdraw Consent
Where processing is based on your consent (e.g. marketing communications), you may withdraw that consent at any time.
Right to Limit Processing
You may request that we stop processing your data for certain purposes, such as direct marketing.
Right to Data Portability
Under the 2024 PDPA amendments (effective June 2025), you may request your personal data in a machine-readable format to transfer to another service provider.
Right to Information
You have the right to know what personal data we hold about you and the purposes for which it is processed.
To exercise any of these rights, please contact us at contact@themalaysian.com. We will respond to your request within 21 days. We may ask you to verify your identity before processing your request.
There is no charge for exercising your rights in most cases. Where a request is manifestly unfounded or excessive, we reserve the right to charge a reasonable administrative fee.
10. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by Malaysian law.
| Data type | Retention period | Reason |
|---|---|---|
| Customer account & billing records | 7 years from last transaction | Companies Act 2016 and tax law requirements |
| Active service data | Duration of service + 90 days | Service delivery and dispute resolution window |
| Enquiry / pre-sales data | 2 years from last contact | Legitimate interest in following up on business enquiries |
| Support communications | 3 years from ticket closure | Service quality and dispute resolution |
| Website analytics (cookies) | Up to 26 months (Google Analytics default) | Service improvement — anonymised data only |
Once the applicable retention period has passed, your data will be securely deleted or anonymised so that it can no longer be associated with you.
11. Third-Party Services
Our website and services interact with the following categories of third-party services. Each has its own privacy policy which we encourage you to review:
- Google Analytics — Website traffic analysis (anonymised). Google Privacy Policy
- Payment gateways (Billplz, iPay88, GHL, Stripe, others) — For eCommerce clients. Payments are processed directly by your chosen gateway. We do not store card details.
- WhatsApp Business API — For AI automation clients. Messages are processed via Meta's infrastructure. WhatsApp Privacy Policy
- Automation platforms (n8n, Make.com or similar) — For AI automation workflow delivery. Specific platforms used will be disclosed at the time of service engagement.
- Domain registrars — Your .com name registration details are shared with the domain registrar and, as required by ICANN policy, may appear in public WHOIS records unless domain privacy is applied.
Links to third-party websites on our site are provided for your convenience. We are not responsible for the privacy practices of those websites. Please review their privacy policies independently.
12. Cross-Border Data Transfers
Some of the third-party service providers we use (such as Google Analytics, WhatsApp Business API, and certain automation platforms) may process or store your personal data outside of Malaysia.
Where such transfers occur, we take steps to ensure that your personal data receives an adequate level of protection, consistent with the requirements of the Personal Data Protection (Amendment) Act 2024 and the Cross-Border Personal Data Transfer Guidelines issued by the Department of Personal Data Protection.
By using our services and providing your personal data, you acknowledge and agree to such transfers where they are necessary for us to deliver the services you have requested.
13. Children's Privacy
Our services are intended for businesses and individuals aged 18 and above. We do not knowingly collect personal data from persons under the age of 18. If you believe we have inadvertently collected personal data from a minor, please contact us immediately at contact@themalaysian.com and we will take immediate steps to delete it.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services or applicable law, including updates to the PDPA and its subsidiary legislation.
When we make changes, we will update the "Last updated" date at the top of this page. For material changes that significantly affect how we process your personal data, we will notify active clients by email at least 14 days before the changes take effect.
Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you should discontinue use of our services and contact us to discuss your options.
15. Contact Us & Data Requests
If you have any questions about this Privacy Policy, wish to exercise your data rights, or wish to make a complaint about how we have handled your personal data, please contact us:
Personal Data Enquiries
The Malaysian DotCom Sdn Bhd
Suite B-5-8, Plaza Mont Kiara
No 2, Jalan Kiara, Mont Kiara 50480
Kuala Lumpur, Malaysia
Email: contact@themalaysian.com
Phone: 03 6094 4001 (Mon–Fri, 9am–5pm)
We will acknowledge your request within 3 business days and provide a full response within 21 days. If we require more time due to the complexity of your request, we will notify you of the extended timeline.
If you are dissatisfied with our response
If you are not satisfied with how we have handled your personal data or responded to your request, you may lodge a complaint with the Department of Personal Data Protection (JPDP):
- Website: www.pdp.gov.my
- Email: aduan@pdp.gov.my
- Phone: 03-8911 5000