Personal Data Protection Policy (PDPA)

TSR Tech Services Sdn. Bhd. (1313892-U)

Version 1.0 | Effective Date: 20th July 2023

TSR Tech Services Sdn Bhd ("TSR", "we", "our" or "us") is committed to ensuring that your personal data is protected in accordance with the Personal Data Protection Act 2010 ("PDPA") of Malaysia. This Policy outlines how TSR, as a provider of IT and digital solutions, collects, processes, uses, discloses, and protects personal data in the course of our operations and service delivery.

---

1. Types of Personal Data Collected

• Full name, NRIC or passport number
• Contact details: email address, mobile/telephone number, physical address
• Company details and registration information (for corporate clients)
• Job title, department, or role
• Payment-related information such as bank account details, invoices
• IP address, browser type, device ID, cookies, and usage logs
• Images or voice recordings (e.g., from support calls, online meetings)
• Location data for users of our digital solutions
• Biometric data where applicable (facial recognition, fingerprints)

We do not knowingly collect or process personal data of individuals under 18 without verified parental or guardian consent.

2. Collection Methods

Personal data may be collected:

• Through our website, forms, or apps
• When you register for our products, services, or software
• When you engage with our support, training, or sales teams
• From cookies or tracking tools on our website
• From third-party sources (business partners, public sources, regulatory authorities)
• When you attend events, meetings, or use biometric access tools provided by TSR

For corporate clients, we may also collect employee personal data on their behalf, in accordance with contractual obligations.

3. Purpose of Data Processing

Your personal data may be used for the following purposes:

• To deliver and maintain software, hardware, and IT services
• To create and manage user accounts
• To authenticate users and provide secure access
• To manage customer relationships and respond to enquiries
• To generate invoices and process transactions
• To carry out technical support, product updates, or service improvements
• To administer surveys, contests, events, or feedback activities
• For marketing communications (with explicit consent)
• For internal administrative, auditing, and compliance purposes
• For fraud prevention, dispute resolution, and legal proceedings
• To comply with obligations under the PDPA and other Malaysian laws

4. Disclosure of Personal Data

Subject to the PDPA, we may disclose your personal data to:

• Subsidiaries or affiliated companies of TSR
• Service providers, including cloud storage, hosting, analytics, and cybersecurity vendors
• Government authorities or enforcement agencies (as required by law)
• Professional advisers such as auditors, consultants, and legal representatives
• Relevant parties during business mergers, transfers, or acquisitions
• Third-party technology partners involved in delivering our services

TSR ensures that all third parties receiving your data are bound by confidentiality agreements and data protection standards.

5. Use of Email and Mobile for Authentication

We employ Single Sign-On (SSO) systems using registered email addresses and mobile numbers to secure platform access. Data stored for authentication purposes is protected with encryption, multi-factor authentication (MFA), and role-based access control.

6. Accuracy of Personal Data

You are responsible for ensuring the accuracy and completeness of your personal data. TSR will take reasonable steps to verify and update the data in our possession. Please notify us of any changes via the contact details provided.

7. Access, Correction, and Data Portability

Under Sections 30–35 of the PDPA, you have the right to:

• Request access to your personal data
• Request correction of inaccurate or incomplete data
• Request that TSR transmit your data to another data controller (subject to technical feasibility)

To submit such requests, contact our Data Protection Officer in writing. We reserve the right to impose a reasonable administrative fee for processing access requests.

8. Withdrawal of Consent

You may withdraw consent to the collection, processing, or disclosure of your personal data at any time by submitting a request to the Data Protection Officer. TSR will inform you of any implications of such withdrawal, including impacts on our ability to deliver services.

Please note that withdrawal does not affect our right to retain and use the data where permitted or required by law.

9. Data Security

TSR applies strict security measures to protect personal data, including:

• SSL encryption, firewalls, and intrusion detection systems
• Access logging and monitoring
• Internal security policies and employee confidentiality agreements
• Regular security audits and incident response plans

10. Retention of Personal Data

We retain personal data:

• For as long as necessary to fulfill the stated purpose
• As required under legal, regulatory, or contractual obligations

Upon termination of the business relationship, all personal data will be securely deleted in accordance with our data retention schedule, unless a longer retention period is required by law. For full details, please refer to our Data Retention Policy.

11. Transfers Outside Malaysia

Where cross-border data transfers are required, TSR ensures that:

• Transfers are to jurisdictions with comparable data protection laws
• Contractual obligations and appropriate technical safeguards are in place

12. Data Breach Notification

In the event of a data breach resulting in unauthorized access, disclosure, or loss, TSR will:

• Assess and contain the breach
• Notify affected individuals and the regulatory authority (if required) within the prescribed time frame
• Take corrective and preventive actions

13. Cookies and Tracking

TSR uses cookies, web beacons, and similar tools to:

• Improve website functionality and performance
• Personalize content and user experience
• Analyze website traffic and visitor behaviour

You may disable cookies through your browser settings, although some features may not function optimally.

14. Third-Party Websites

Our website or platforms may contain links to third-party websites. TSR is not responsible for the privacy practices of such websites. Users are advised to review the privacy policies of external sites before providing personal data.

15. Contact Us

Data Protection Officer
TSR Tech Services Sdn Bhd (1313892-U)
Email: privacy@tsrtechservices.com
Phone: +60 112 112 7899
Website: www.tsrtechservices.com

16. Policy Updates

We may revise this policy from time to time to reflect changes in the law, business practices, or technology. Updated versions will be published at www.tsrtechservices.com. Your continued use of our services constitutes acceptance of such changes.

17. Language

This policy is published in English and may be translated. In the event of inconsistencies, the English version shall prevail.