Privacy Policy

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account Information

• Full name
• Email address
• Phone number (optional)
• Password (encrypted)
• Organization affiliation

3.2 Meeting Participant Data

• Unit number or membership identifier
• Share units or voting rights allocation
• Attendance records and timestamps
• Voting records and preferences
• Proxy assignments and delegations
• Nomination submissions

3.3 Identity Verification Data

For verification purposes, users may voluntarily provide their Malaysian Identity Card (NRIC) number. This sensitive personal data is:

• Stored securely with encryption
• Used solely for identity verification during meetings
• Never shared with third parties except as required by law
• Subject to enhanced security measures as required under PDPA

3.4 Technical Data

• IP address
• Browser type and version
• Device information
• Login timestamps
• Platform usage patterns

3.5 Payment Information

Payment card details are processed directly by our payment processor, Stripe, Inc. We do not store complete credit card numbers on our servers. We only retain transaction references and billing information necessary for accounting purposes.

4. How We Collect Your Data

We collect personal data through the following methods:

• Direct submission: When you register an account, create an organization, set up meetings, or participate in AGM activities
• Bulk import: When organization administrators import participant data via CSV or Excel files
• Automated collection: Through cookies and similar technologies when you use our Platform
• Third-party services: From integrated services such as Zoom for video conferencing
• Pre-registration: When participants pre-register for upcoming meetings

5. Purpose of Processing

We process your personal data for the following purposes:

5.1 Service Delivery

• Creating and managing user accounts
• Facilitating AGM registration and attendance
• Processing votes and maintaining voting records
• Managing proxy assignments
• Generating meeting reports and minutes
• Calculating quorum and vote tallies

5.2 Communication

• Sending meeting notifications and reminders
• Providing account verification emails
• Delivering service updates and announcements
• Responding to support inquiries

5.3 Payment Processing

• Processing subscription and meeting fees
• Issuing invoices and receipts
• Managing refunds where applicable

5.4 Legal & Compliance

• Complying with legal obligations
• Maintaining records as required by Malaysian law
• Responding to lawful requests from authorities
• Protecting our legal rights and interests

5.5 Service Improvement

• Analyzing usage patterns to improve our Platform
• Troubleshooting technical issues
• Developing new features and services

6. Legal Basis for Processing

Under the PDPA, we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for specific processing purposes
• Contract: Processing is necessary for the performance of our service agreement with you
• Legal obligation: Processing is necessary to comply with Malaysian laws and regulations
• Legitimate interests: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights

7. Data Sharing & Third Parties

We may share your personal data with the following categories of recipients:

7.1 Service Providers

We engage trusted third-party service providers to support our Platform operations:

7.2 Organization Administrators

If you participate in a meeting organized through our Platform, the organization administrator may access your participant data including attendance records, voting history, and proxy assignments for that specific meeting.

7.3 Legal Requirements

We may disclose your personal data when required by law, court order, or government authority, or when necessary to protect our rights, property, or safety.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest
• Access controls: Role-based access with authentication requirements
• Password security: Passwords are hashed using industry-standard algorithms
• Infrastructure security: Hosted on enterprise-grade cloud infrastructure with security certifications
• Regular audits: Periodic security assessments and vulnerability testing
• Incident response: Documented procedures for handling security breaches

While we strive to protect your personal data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

9. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

After the retention period expires, we will securely delete or anonymize your personal data unless retention is required by law.

10. Your Rights Under PDPA

Under the Personal Data Protection Act 2010, you have the following rights:

• Right of Access: You may request access to your personal data held by us and obtain a copy of such data.
• Right to Correction: You may request correction of any inaccurate, incomplete, or outdated personal data.
• Right to Withdraw Consent: You may withdraw your consent to processing at any time, subject to legal obligations and contractual restrictions.
• Right to Prevent Processing: You may request that we stop processing your personal data for direct marketing purposes.
• Right to Data Portability: Upon request, we will provide your personal data in a structured, commonly used format.

To exercise any of these rights, please contact our Data Protection Officer using the details provided below. We will respond to your request within 21 days as required by PDPA.

11. Cookies & Tracking

Our Platform uses cookies and similar technologies to enhance your experience:

• Essential cookies: Required for Platform functionality, authentication, and security
• Session cookies: Maintain your session state during use
• Preference cookies: Remember your settings and preferences

We do not use third-party advertising or tracking cookies. You may configure your browser to reject cookies, but this may affect Platform functionality.

12. Children's Privacy

Our Platform is intended for users aged 16 years and above. We do not knowingly collect personal data from individuals under 16 years of age. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information.

13. International Data Transfers

Some of our service providers operate outside Malaysia. When we transfer your personal data internationally, we ensure appropriate safeguards are in place:

• Transfers are made to countries with adequate data protection laws
• Contractual obligations require recipients to protect your data
• We comply with Section 129 of the PDPA regarding cross-border data transfers

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our Platform and updating the "Last updated" date. We encourage you to review this policy periodically. Your continued use of our Platform after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact our Data Protection Officer:

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commissioner of Malaysia.