Privacy Policy

1. Introduction

Web ASP Sdn. Bhd. (“Web ASP”, “we”, “our”, or “us”) respects your privacy and is committed to protecting the personal data that we collect, use, process, store, and disclose in the course of our business. This Privacy Policy explains how we handle your personal data when you visit our website, access or use our web portal, submit an enquiry, request a quotation, register an account, subscribe to our services, purchase our products, or otherwise interact with us. This Privacy Policy is intended to serve as our personal data protection notice in accordance with the Personal Data Protection Act 2010 [Act 709] of Malaysia, which applies to persons processing personal data in respect of commercial transactions.

2. About Web ASP Sdn. Bhd.

Web ASP Sdn. Bhd. is a communications and technology solutions provider in Malaysia. Our business may include telecommunications services and related solutions such as VoIP, Cloud PBX, IP-PBX, SIP trunking, Bulk SMS, WhatsApp Business solutions, AI communication solutions, and related hardware, support, and implementation services.

3. Types of Personal Data We May Collect

We may collect and process personal data that is reasonably necessary for our business, operational, contractual, support, security, and compliance purposes. Depending on the nature of your interaction with us, such personal data may include:

• Full name
• Company name and company registration details
• NRIC, passport, or identification details where required for verification or compliance purposes
• Contact number and email address
• Billing address and service address
• Job title, department, or business role
• Username, login credentials, and account access information
• Payment, invoicing, and transaction details
• Support requests, complaint records, and communication history
• Service subscription records and account history
• Technical information such as IP address, browser type, device information, login logs, access times, and system activity records
• Personal data contained in documents, forms, emails, tickets, or submissions provided to us
• Voice, messaging, call detail, or service metadata where relevant to the subscribed service and permitted by applicable law

4. How We Collect Personal Data

We may collect your personal data directly from you or indirectly from authorized sources, including when:

• You visit our website or web portal
• You create or register an account
• You submit an enquiry, request a proposal, or contact us
• You subscribe to, order, activate, or renew our products or services
• You fill in any online or offline forms
• You communicate with us by email, telephone, messaging platform, or support channel
• You submit onboarding or verification documents
• You request technical support or customer service assistance
• You make payment or provide billing information
• Your employer, company, or authorized representative provides your details to us as a contact person
• We receive data from business partners, service providers, telecommunications operators, platform providers, or lawful third-party sources in connection with the services requested by you or your organization

5. Purpose of Collection and Processing

We may collect, use, and process your personal data for purposes including:

• To verify your identity or authority to act on behalf of a business entity
• To create, manage, and maintain your customer or user account
• To provide our products and services to you or your organization
• To process orders, service requests, renewals, activations, and provisioning
• To issue invoices, receive payments, and maintain financial records
• To provide technical support, customer support, and account assistance
• To communicate with you regarding your account, service status, support matters, operational notices, billing matters, maintenance windows, or changes to our services
• To improve our website, web portal, products, and services
• To monitor and protect service quality, system reliability, security, and platform integrity
• To detect, prevent, investigate, or respond to fraud, abuse, unauthorized access, or other misuse
• To maintain internal records, audit trails, and business documentation
• To comply with legal obligations, regulatory requirements, lawful requests, court orders, or enforcement actions
• To send service-related updates, company information, promotions, or marketing materials where permitted by law

6. Failure to Provide Personal Data

If you do not provide personal data that is necessary for us to process your request, open or maintain your account, provide support, verify your authority, or deliver our services, we may not be able to proceed with the requested service, access, or transaction.

7. Disclosure of Personal Data

We do not sell your personal data to third parties for their own marketing use. However, we may disclose or transfer your personal data where necessary for legitimate business, operational, legal, or service delivery purposes, including to:

• Our related companies, affiliates, subsidiaries, or associated business entities
• Our employees, authorized personnel, or representatives on a need-to-know basis
• Our vendors, contractors, data processors, hosting providers, cloud providers, support providers, and technology partners
• Telecommunications carriers, network operators, interconnect providers, number providers, platform operators, or service partners where necessary to deliver the subscribed service
• Payment gateways, banks, billing processors, accountants, auditors, consultants, insurers, and legal advisers
• Regulators, government authorities, law enforcement agencies, courts, or tribunals where disclosure is required or authorized by law
• Parties involved in a proposed or actual merger, restructuring, acquisition, business transfer, financing exercise, or disposal of assets, subject to appropriate confidentiality safeguards

Where third parties process personal data on our behalf, we take reasonable steps to require them to keep such data confidential and protected.

8. Cross-Border Transfer of Personal Data

In the course of providing our services, your personal data may be transferred to, stored in, or accessed from locations outside Malaysia, including where our technology platforms, service providers, or infrastructure partners operate. Where cross-border transfer takes place, we will take reasonable steps to ensure that appropriate safeguards are implemented to protect your personal data in a manner consistent with applicable legal and regulatory requirements.

9. Security of Personal Data

We are committed to taking practical and reasonable steps to protect your personal data from loss, misuse, unauthorized access, unauthorized disclosure, alteration, or destruction. Such measures may include, where applicable:

• Account authentication and password controls
• Restricted user access and role-based permissions
• Firewall, network, and system security controls
• Access logging, monitoring, and audit trails
• Secure hosting and portal controls
• Internal approval or review processes for access to certain data
• Vendor and personnel confidentiality obligations
• Technical and organizational controls designed to reduce common security risks

However, no transmission over the Internet and no method of electronic storage is completely secure. Accordingly, while we strive to protect your personal data, we cannot guarantee absolute security.

10. Data Accuracy

We take reasonable steps to ensure that the personal data we process is accurate, complete, not misleading, and kept up to date where necessary for the purpose for which it was collected. You are responsible for informing us if your personal data changes or if any information you have provided is inaccurate or incomplete.

11. Retention of Personal Data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and processed, including for contractual, support, business, audit, accounting, dispute resolution, security, and legal or regulatory purposes. When personal data is no longer required, we may securely delete, destroy, anonymize, or archive it in accordance with our internal retention practices and applicable legal requirements.

12. Your Rights

Subject to the PDPA and other applicable laws, you may have the right to:

• Request access to your personal data held by us
• Request correction of inaccurate, incomplete, misleading, or outdated personal data
• Request clarification on how your personal data is being processed
• Withdraw consent in circumstances where processing is based on consent, subject to legal, contractual, and operational limitations
• Limit or object to certain processing in circumstances permitted by law

We may require reasonable proof of identity and sufficient information to process any request. We may also charge any fee permitted by law or decline a request to the extent allowed under applicable legal provisions.

13. Marketing Communications

Where permitted by law, we may use your contact details to send you information about our services, promotions, updates, events, service enhancements, or other offerings that may be relevant to you or your business. If you no longer wish to receive marketing communications from us, you may contact us to opt out. However, we may still send essential non-marketing communications relating to your account, billing, security, support, contractual matters, or the services you use.

14. Cookies, Analytics, and Portal Technologies

Our website and web portal may use cookies, session tools, analytics services, and similar technologies to:

• Remember login sessions and user preferences
• Improve website functionality and portal usability
• Monitor traffic and performance
• Identify errors, diagnose issues, and improve service quality
• Support platform security and prevent unauthorized activity

You may choose to disable certain cookies through your browser settings, but doing so may affect website or portal functionality.

15. Third-Party Websites and Services

Our website or portal may contain links to third-party websites, software, payment gateways, embedded services, or platforms. We do not control and are not responsible for the privacy practices, content, or security of such third-party services. You should review their separate terms and privacy policies before submitting any personal data to them.

16. Personal Data Submitted on Behalf of Others

If you provide us with personal data relating to another individual, you represent and warrant that you have the necessary authority, consent, or legal basis to do so and to permit us to process that personal data in accordance with this Privacy Policy.

17. Changes to This Privacy Policy

We may amend, revise, or update this Privacy Policy from time to time to reflect changes in law, regulation, technology, operational practices, or business needs. The updated version will be posted on our website or portal and will take effect upon posting unless otherwise stated.

18. Contact Us

If you have any questions, requests, or concerns regarding this Privacy Policy or the handling of your personal data, you may contact us at: