Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your data in accordance with Malaysian law.

1. Introduction

This Privacy Policy explains how Arfiaa Media (Company Registration No: 202403214484 (RA0115686-D)) collects, uses, and protects your personal information in accordance with:

  • Personal Data Protection Act 2010 (PDPA)
  • Communications and Multimedia Act 1998
  • Consumer Protection Act 1999
  • Electronic Commerce Act 2006
  • Malaysian Communications and Multimedia Commission Act 1998

2. Seven Personal Data Protection Principles

In accordance with the PDPA 2010, we adhere to the following principles:

2.1 General Principle

We only process your personal data with your consent and for lawful purposes.

2.2 Notice and Choice Principle

We inform you through this policy about how we process your personal data and your rights.

2.3 Disclosure Principle

We only disclose your personal data for the purposes you have consented to or as required by law.

2.4 Security Principle

We implement appropriate security measures to protect your personal data.

2.5 Retention Principle

We only retain your personal data for as long as necessary to fulfill the purpose(s) for which it was collected.

2.6 Data Integrity Principle

We take reasonable steps to ensure your personal data is accurate, complete, and up-to-date.

2.7 Access Principle

You have the right to access and correct your personal data.

3. Information We Collect

3.1 Personal Data (As defined by PDPA)

We collect and process the following categories of personal data:

  • Name and identification details
  • Contact information (address, email, phone number)
  • Business information
  • Financial information for payment processing
  • Project requirements and preferences
  • Communications history

3.2 Sensitive Personal Data

As defined by Section 4 of the PDPA, we do not collect sensitive personal data such as:

  • Physical or mental health information
  • Political opinions
  • Religious beliefs
  • Commission of offenses
  • Other sensitive personal data as defined by the PDPA

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Performance of a contract
  • Legal obligations
  • Legitimate interests
  • Your consent

5. Data Protection Measures

In compliance with the Security Principle of PDPA, we implement:

  • Administrative security measures
    • Staff training on data protection
    • Access control policies
    • Data protection procedures
  • Technical security measures
    • Encryption of data in transit and at rest
    • Firewalls and security monitoring
    • Regular security assessments
  • Physical security measures
    • Secure access to premises
    • Locked storage for physical documents
    • Clean desk policy

6. Your Rights Under PDPA

You have the following rights regarding your personal data:

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to withdraw consent
  • Right to prevent processing likely to cause damage or distress
  • Right to prevent processing for direct marketing

6.1 Exercising Your Rights

To exercise your rights:

  • Submit a written request to our Data Protection Officer
  • Provide proof of identity
  • Allow up to 21 days for response (as per PDPA requirements)

7. Data Retention

In accordance with the Retention Principle:

  • Active client data: Retained throughout the business relationship
  • Former client data: 7 years after relationship ends
  • Marketing data: 2 years from last interaction
  • Job applicant data: 1 year from application

8. Cross-Border Data Transfers

For international data transfers, we ensure:

  • Compliance with Section 129(1) of the PDPA
  • Adequate level of protection in recipient country
  • Contractual safeguards with data recipients
  • Data transfer impact assessments

9. Data Breach Notification

In the event of a data breach, we will:

  • Notify affected individuals within 72 hours
  • Report to relevant authorities as required
  • Implement remedial measures
  • Conduct post-breach assessment

10. Direct Marketing

For direct marketing communications:

  • We obtain explicit consent
  • Provide clear opt-out mechanisms
  • Honor opt-out requests within 14 days
  • Maintain marketing preference records

11. Cookies and Tracking

Our cookie usage complies with Malaysian guidelines:

  • Clear notice of cookie usage
  • Purpose of each cookie type
  • Option to reject non-essential cookies
  • Regular cookie audit and updates

12. Changes to Privacy Policy

When updating this policy, we will:

  • Notify users of significant changes
  • Obtain fresh consent where required
  • Maintain policy version history
  • Allow 30 days notice for material changes

13. Data Protection Officer

Our Data Protection Officer can be contacted at:

  • Email: dpo@arfiaa-media.com
  • Phone: [Your Phone Number]
  • Address: Shah Alam, Malaysia
  • Registration No: 202403214484 (RA0115686-D)

14. Complaints and Inquiries

For privacy-related complaints:

  1. Contact our Data Protection Officer
  2. If unresolved, file a complaint with the Personal Data Protection Commissioner
  3. Seek legal remedies under PDPA Section 129
[Previous script and style sections remain unchanged...]