Please read this Personal Data Protection Notice & Consent (“Notice”) carefully before proceeding to register and use this website and its related services (“Platform”). By clicking “I Agree” and continuing with the registration process, you acknowledge that you have read, understood and agree to the collection, use and processing of your personal data as described below. 1. Data user / who we are For purposes of this Notice, references to “we”, “us”, or “our” refer to [Insert Organisation / Company Name], the operator of this Platform, having its principal place of business at [Insert Address]. We are a data user under the Personal Data Protection Act 2010 (“PDPA”). If you have any questions about this Notice, our contact details are provided in Section 9 below. 2. Types of personal data collected In connection with your registration for, and use of, the Platform, we may collect and process various categories of personal data about you, including but not limited to: Identification data: full name, Malaysian IC/NRIC number, date of birth, nationality and other identifiers you choose to provide; Contact information: mailing address, email address, mobile and/or telephone number; Account information: username, password (stored in encrypted form), security questions/answers and other credential-related information; Usage and technical data: IP address, browser type, device information, access time, pages visited, and log data relating to your use of the Platform, for security, troubleshooting and analytics purposes; Other information: any additional information you voluntarily provide to us through forms, surveys, communications or uploads when interacting with the Platform or our support channels. We will generally collect personal data directly from you, but may also receive or confirm certain details from other sources where permitted by law (for example, verification services or public records). 3. Purposes of processing your personal data We may collect, use, store and otherwise process your personal data for one or more of the following purposes: Account registration and administration to create, verify and manage your user account on the Platform; to authenticate your identity and manage logins, passwords and security settings. Provision of services and features to provide you with access to the Platform, its functions and any services or features you request; to process and respond to your enquiries, requests, feedback or complaints. Communications to contact you regarding your account, updates to our terms, notices about the Platform, and relevant service-related information; to send you administrative or security-related communications (for example, password reset notifications or alerts). Security, risk management and compliance to monitor, detect and prevent unauthorised access, fraud, abuse or misuse of the Platform; to maintain logs and records for audit, dispute resolution and incident investigation; to comply with applicable legal, regulatory or governmental requirements, including responding to lawful requests by authorities. Improvement and operations to operate, maintain, test, enhance and improve the Platform, including through analytics, research and service quality assessments (where feasible, using aggregated or anonymised data); to support internal management, reporting and administrative purposes. Your personal data will not be processed for purposes that are incompatible with, or unrelated to, the purposes described above, except where required or permitted by law or with your further consent. 4. Legal basis and nature of provision Where required by the PDPA, we process your personal data on the basis of: your consent as expressed by clicking “I Agree” and providing your data; and/or the processing being necessary for the performance of services you request, for compliance with our legal obligations, or for our legitimate interests (for example, to secure the Platform and manage our relationship with you), balanced against your rights under the PDPA. The provision of certain personal data (such as your name, IC/NRIC number, contact details and credentials) may be necessary to create and maintain your account. If you choose not to provide such data, we may not be able to register you or provide you with full access to the Platform. 5. Disclosure of personal data to third parties We will treat your personal data as confidential and will not disclose it except as reasonably required in connection with the purposes described in Section 3, or as otherwise permitted or required by law. This may include disclosure to: Service providers / data processors: third parties engaged by us to provide services such as hosting, data storage, IT support, email/SMS delivery, security and analytics, subject to appropriate contractual and confidentiality safeguards; Professional advisers: such as lawyers, auditors and consultants who assist us in managing our operations and compliance; Regulators, authorities and law enforcement: where we are required or reasonably consider it necessary to comply with applicable laws, regulations or legal processes; Other parties: in connection with corporate transactions such as a merger, acquisition or restructuring, where your personal data may be transferred subject to continued protection in accordance with this Notice and applicable law. We do not sell your personal data to any third party. 6. Data security We implement reasonable and appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures may include, among others, access controls, encryption, secure storage, monitoring and regular review of security practices. However, while we strive to protect your personal data, no method of transmission or storage is completely secure. You are also responsible for maintaining the confidentiality of your login credentials and for promptly notifying us if you suspect any unauthorised use of your account. 7. Data retention We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, to comply with legal, regulatory and internal policy requirements, and to protect our legitimate interests (for example, record-keeping, dispute resolution or enforcement of our rights). When personal data is no longer required, we will take reasonable steps to securely delete or anonymise it so that you are no longer identifiable from such data, unless we are required or permitted by law to retain it for a longer period. 8. Data breach and incident response In the event of a suspected or actual personal data breach or security incident affecting your personal data, we will: act promptly to contain, assess and investigate the incident; take appropriate remedial and mitigation measures to reduce potential harm; and where appropriate and in accordance with applicable requirements, notify affected individuals and/or relevant authorities within a reasonable timeframe. 9. Your rights and how to contact us Subject to applicable laws and certain exceptions, you may have the right to: request access to your personal data held by us; request correction of personal data that is inaccurate, incomplete or outdated; make queries or complaints regarding our processing of your personal data; and withdraw your consent to our processing of your personal data, in whole or in part (noting that such withdrawal may affect our ability to continue providing you with the Platform or certain services). To exercise any of the above rights or to raise any concerns, please contact: Data Protection Contact / Officer Name: [Insert Name or Role] Email: [Insert Email Address] Telephone: [Insert Telephone Number] Postal Address: [Insert Contact Address] We may require reasonable information to verify your identity before processing your request, and we will respond within a reasonable time frame in accordance with applicable law. 10. Updates to this Notice We may update or amend this Notice from time to time to reflect changes in our practices, legal or regulatory requirements, or other considerations. Any updated version will be posted or made available through the Platform and will be effective from the date of posting or as otherwise notified. Your continued use of the Platform after such changes constitutes your acknowledgement and acceptance of the updated Notice. Acknowledgement and Consent By clicking “I Agree” below and proceeding with registration: You represent that you have read and understood the contents of this Personal Data Protection Notice & Consent; You consent to the collection, use, disclosure and processing of your personal data (including, where applicable, your address, contact details and Malaysian IC/NRIC number) by us for the purposes and in the manner described above; and You understand that you may contact us at any time regarding your rights under the PDPA, including access, correction and withdrawal of consent.