Privacy Policy

01.

Introduction

Reform Digital (“we,” “us,” or “our”) values your privacy. As a Data Controller under the Personal Data Protection (Amendment) Act 2024, we are responsible for the personal data we collect from you through our website and digital marketing activities.

This policy explains how we collect, use, and protect your information when you visit our website or submit an inquiry via our contact form.

02.

Information We Collect

We collect personal data that you voluntarily provide and data that is automatically collected via tracking technologies:

Voluntary Data (Contact Form): When you fill out our inquiry form, we collect your Name, Email Address, Phone Number, and any details included in your message.
Technical Data (Cookies & Tracking): As a performance marketing agency, we utilize cookies, pixels, and analytics tools (e.g., Google Analytics, Meta Pixel) to track user behavior, IP addresses, and browser data. This allows us to optimize our high-impact marketing campaigns.
Sensitive Personal Data: We generally do not collect “sensitive personal data” (such as health data or political opinions). However, please note that the 2024 Amendments now classify biometric data (e.g., facial recognition used in some verification tools) as sensitive data. We will not collect this without your explicit written consent.

03.

How We Use Your Data

We process your personal data for the following “lawful purposes”:

To Respond to Inquiries: To answer your questions, provide quotations, or discuss potential collaborations based on your form submission.
Performance Marketing: To analyze website traffic and deliver targeted advertising campaigns (systematic monitoring).
Legal Compliance: To comply with tax obligations and regulatory requirements.

04.

Data Protection Officer (DPO)

Because our “high impact performance marketing” involves the regular and systematic monitoring of data subjects (via tracking and analytics), we have appointed a Data Protection Officer (DPO) as required by the PDPA Amendment Act 2024.

Contact Our DPO:

Name/Designation: [Insert Name or “The Data Protection Officer”]
Email: [e.g., dpo@reformdigital.com]
Address: [Insert Office Address]
* Note: Our DPO is resident in Malaysia as required by law.

05.

Disclosure and Cross-Border Transfers

Third-Party Processors: We share data with trusted Data Processors (e.g., cloud hosting providers, CRM software, email marketing platforms). Under the 2024 Amendments, we ensure these processors are contractually bound to maintain strict security measures.
International Transfers: Your data may be stored on servers located outside Malaysia (e.g., Singapore, USA). We ensure such transfers comply with Section 129 of the PDPA, transferring data only to jurisdictions with “substantially similar” data protection laws or where adequate safeguards are in place.

06.

Data Security and Retention

We implement practical technical and organizational security measures (e.g., encryption, access controls) to protect your data from loss, misuse, or unauthorized access. We retain your data only for as long as necessary to fulfill the purposes outlined above or as required by tax laws.

07.

Data Breach Notification

In the event of a personal data breach (e.g., a hack or leak), we are now legally obligated to:

Notify the Personal Data Protection Commissioner as soon as practicable.
Notify you (the data subject) without unnecessary delay if the breach is likely to cause you significant harm.

08.

Your Rights

Under the PDPA, you have the right to:

Access & Correct: Request a copy of your data or correct inaccurate information.
Withdraw Consent: Stop us from using your data for marketing purposes.
Data Portability (New): Effective June 2025, you have the right to request that we transmit your personal data directly to another Data Controller in a technically feasible format.