Privacy Policy

1. Introduction

Prismata is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and protect information in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

By using our services or providing your personal data to us, you consent to the collection, use, and processing of your personal data as described in this policy.

For questions or concerns regarding this Privacy Policy or our data practices, please contact us at [email protected]

2. Data Collection

2.1 Personal Data We Collect

We collect personal data that you provide directly to us, including:

• Name and contact information (email address, phone number, business address)
• Company name and position
• Information provided in inquiries or service requests
• Communication preferences
• Billing and payment information for contracted services

2.2 Automatically Collected Data

When you visit our website, we may automatically collect:

• IP address and browser information
• Device type and operating system
• Pages visited and time spent on our website
• Referring website addresses
• Cookie data (see our Cookie Policy for details)

2.3 Legal Basis for Processing

We process personal data based on:

• Consent: You have given clear consent for processing your personal data for specific purposes
• Contract: Processing is necessary for performing our contractual obligations to you
• Legal obligation: Processing is necessary to comply with Malaysian law
• Legitimate interests: Processing is necessary for our legitimate business interests, provided this does not override your rights

3. Data Usage

3.1 How We Use Your Data

We use personal data for the following purposes:

• Providing and delivering our AI integration services
• Responding to inquiries and communicating with you
• Processing service agreements and billing
• Improving our services and website functionality
• Sending relevant information about our services (with your consent)
• Complying with legal and regulatory requirements
• Maintaining security and preventing fraud

3.2 Data Sharing

We may share personal data with:

• Service providers: Third-party vendors who assist in delivering our services (cloud hosting, payment processing, analytics)
• Legal authorities: When required by law or to protect our legal rights
• Business transfers: In connection with any merger, acquisition, or sale of assets

We do not sell or rent your personal data to third parties for marketing purposes. All third-party service providers are contractually obligated to maintain appropriate data protection measures.

3.3 Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Typical retention periods include:

• Client data: Duration of service relationship plus 7 years
• Inquiry data: 2 years from last contact
• Financial records: 7 years as required by Malaysian tax law
• Website analytics: 26 months

4. Data Protection Measures

4.1 Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit and at rest
• Secure server infrastructure with regular security updates
• Access controls limiting data access to authorized personnel only
• Regular security assessments and penetration testing
• Employee training on data protection practices
• Incident response procedures for data breaches

4.2 Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and relevant authorities in accordance with PDPA requirements. Notification will include the nature of the breach, potential consequences, and measures being taken to address it.

5. Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website usage. Cookies are small text files stored on your device when you visit our website.

Types of Cookies We Use:

• Essential cookies: Required for website functionality and cannot be disabled
• Analytics cookies: Help us understand how visitors interact with our website
• Marketing cookies: Used to deliver relevant advertisements (with your consent)
• Preference cookies: Remember your settings and preferences

For detailed information about our cookie practices and how to manage your preferences, please see our Cookie Policy.

6. Your Rights

Under the Personal Data Protection Act 2010, you have the following rights regarding your personal data:

6.1 Right to Access

You have the right to request access to the personal data we hold about you. We will provide a copy of your personal data in a commonly used electronic format.

6.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data. We will update your information promptly upon verification.

6.3 Right to Erasure

You may request deletion of your personal data where there is no compelling reason for its continued processing, subject to legal retention requirements.

6.4 Right to Data Portability

You may request to receive your personal data in a structured, commonly used, machine-readable format for transfer to another service provider.

6.5 Right to Object

You may object to processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.

6.6 Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing conducted before withdrawal.

6.7 Right to Lodge a Complaint

You have the right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia if you believe your rights have been violated.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

7. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

This Privacy Policy applies only to personal data collected by Prismata through our website and services.

8. Children's Privacy

Our services are intended for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.

If we become aware that we have collected personal data from a minor without appropriate parental consent, we will take steps to delete that information promptly.

9. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this policy indicates when it was last revised.

Material changes to this policy will be communicated through email notification to registered users or by prominent notice on our website. We encourage you to review this policy periodically.

Continued use of our services after policy changes indicates acceptance of the updated terms.