Privacy Policy

This policy demonstrate how AWERAY PTE. LTD. (address: 73 Upper Paya Lebar Road #07-02J Centro Bianco Singapore, post code: 534818) (“we”, “our”, “us” or “the company”) collects, uses, and shares your personal data when you use our website and our services (collectively, the “services”). We take the protection of your privacy and personal information very seriously. We process your personal information strictly in compliance with this Privacy Policy (“Policy”) and with the applicable data privacy laws and regulations in your jurisdictions. As we provide services globally, specific provisions applicable to certain jurisdictions are included in Appendix .

This Policy does not apply to products or services that are accessed through our website and our services that are provided to you by third parties, such as third-party websites displayed in our products or services. It is important to note that when you use a third-party product or service, your personal data protection shall apply to that third party's privacy policy.

Please read this Policy carefully to get a clear understanding of our processing of your personal data. If you have questions relating to the processing of personal information, you can contact us through the contact details listed in this Policy.

TABLE OF CONTENTS
1.COLLECTION AND USE OF PERSONAL DATA
2.TRANSFER OF PERSONAL DATA
3.RETENTION OF PERSONAL DATA
4.CROSS-BORDER TRANSFER OF PERSONAL DATA
5.RIGHTS REGARDING PERSONAL INFORMATION
6.NEWSLETTER
7.PROTECTION OF PERSONAL DATA
8.MINOR’S PERSONAL DATA
9.COOKIES AND OTHER TECHNOLOGIES
10.CHANGES TO THIS POLICY
11.HOW TO CONTACT US

APPENDIX. SPECIFIC PROVISION FOR DIFFERENT JURISDICTIONS
1.EUROPE
2.THE UNITED STATES
3.SOUTH KOREA
4.SINGAPORE
5.INDONESIA
6.VIETNAM
7.THAILAND
8.MALAYSIA

1.Collection and Use of Personal Data

We will only process your personal information for the purpose of providing features when you use our services. You will only be required to provide personal information that is absolutely essential, while you can provide other personal information on a voluntary basis. We will indicate whether input fields are mandatory or optional and explain the impact or consequences when you do not provide the information. We will collect your information through means such as your active provision, system collection, and data received from third parties. We will inform you concerning the specific details in the relevant section of this Policy.

1.1Registration and Login You can register to use certain features on our website. During the registration process, you are required to provide the requested information, including your username, email address, and password. Additionally, you have the option to log in to our website using a third - party platform account, such as a Google, Apple, or Facebook account. In such cases, we will collect your third - party platform ID and email address. As part of the registration process, we will request your consent to use the aforementioned data. We use your personal data to assist you in completing user registration and to provide you with products or services.

The legal basis for processing the registration data is your consent, as well as the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract. If you do not provide the aforementioned information, we will be unable to create an account for you.

A user account will be created for you when you register. We will retain the data in the user account for as long as an active user relationship exists. If no further activity is detected over an extended period, the status of the user relationship will be set to inactive. You have the right to request that we delete your user account at any time on the condition that there are no violations or other circumstances on your part that may impede the cancellation of the account.

1.2Account Settings You can set your account in the Aweray platform. During this process, we will collect your profile picture, and email address. We use your personal data to help you to complete account settings.

The legal basis for processing account data is your consent. Should you not agree to such processing, please refrain from setting up your account. However, this will not affect your ability to use the basic functions of the account.

The account data is only saved for as long as an active user relationship exists, after which it is deleted or anonymized.

1.3Supply products or services

We offer you a variety of products and services, including products such as AweSun, AweSeed, and AweShell, etc. These products provide services to individual and corporate customers through forms such as PC terminals, App mobile applications, and clients, so as to achieve services such as remote computer control, network formation across different locations, and domain name resolution.

When you use the above-mentioned products or services, we will collect your personal data according to the circumstances, including IP addresses, user process information, network information, etc. This data will be used for providing the basic functions of the products, verifying the login devices, and assessing the network environment. In addition, when you use our services through the App, we will request to obtain your device permissions at appropriate times, including storage permissions, camera permissions, device information permissions, etc. These permissions are used for corresponding business purposes, such as storing logs, scanning codes to log in to the client, and ensuring security. It should be specifically noted that if you use the AweSun product, we provide you with functions such as setting up a list of sensitive processes and adding functions for monitoring process settings. If software with a high level of confidentiality is running during remote control, AweSun will remind the user or interrupt the remote control. We will continuously take measures to protect your data privacy.

The legal basis for processing network information is the intention to fulfill or initiate a contractual relationship between you and us, and perform obligations under the contract.

The aforementioned information is only saved for the duration of the account's existence or the shortest time required, after which it is deleted or anonymized.

1.4Payment Services If you wish to purchase membership, hardware products, and other premium features or versions, you can use third-party payment functions for payment, with payment service providers including PayPal, Stripe, and Google Pay. We will collect your payment information, such as the payment amount, order ID, and payment status, to verify the payment result and further determine whether to provide you with the corresponding purchased services. The above-mentioned payment information will be transmitted to the third-party payment service providers for purposes such as initiating payments, processing Apple subscriptions/renewals/changes, etc.

The legal basis for processing payment data is your consent, as well as the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract. If you do not provide the aforementioned information, we will be unable to offer you the products or services you plan to purchase.

Further information on the processing of data by PayPal, Stripe, and Google Pay, as well as your rights and options for privacy, can be found at: https://policies.google.com/privacy?hl=en, https://stripe.com/privacy, and https://www.paypal.com/us/legalhub/paypal/privacy-full.

1.5Customer Services You may contact us by the email address and phone number provided on the Website. When you contact us by email or phone, you may provide personal information, including contact name, contact phone number, contact email, company name, position, and products you are interested in. We use the information to respond to your questions and service requests, to improve our Services, and to fulfill other purposes.

The legal basis for processing inquiry data is your consent, as well as the necessity to provide you with customer service. If you do not agree to this processing, we will be unable to offer you the customer services.

The information collected for customer services is only saved for the duration of the account's existence or the shortest time required, after which it is deleted or anonymized.

1.6Operation Stability Every time you use our services, we keep record of your web log, your operating information of browsing, purchasing and other activities. Operating information we collect including IP address, user agent, operating system, login time, system name, system version, system language, device product name, and device model.

We use these operating data to audit user in the login process, identify and resolve errors, assess the stability of our website across different browsers and operating systems, and make necessary adjustments or enhancements to our website.

The legal basis for processing operating information is the necessity to provide you with customer service, as well as the pursue of our legitimate interest. Ensuring the secure and stable operation of our products and protecting them from attacks by malicious actors, such as those involved in the dark and gray industries, represents our legitimate and justifiable interests. We confirm that this legitimate interest is beneficial to users and will not have a negative impact on their personal rights and interests.

Your operating data will only be saved for the time during which we used and the subsequent 3 months, or the storage period as stipulated by relevant laws and regulations, after which they are deleted or anonymized.

2.Transfer of Personal Data

We may transfer your personal information to the following categories of recipients. Further, we does not share personal data with third parties for their own marketing purposes.

•Our Affiliates We may transfer your personal information to our affiliates because they could provide assistance in operation, development and improvement of our services. Our affiliates take organizational and technical measures to safeguard your personal information and never use your personal information in contraction to this Policy.

•Our Business Partners We employ business partners to perform functions on our behalf. Examples include the Cloud service provider, the data analysis provider, the web monitoring service provider, the sales& marketing service provider, and the customer services provider. These business partners may have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information in accordance with this Policy and as permitted by applicable data protection laws.

•Public Authorities We may transfer personal information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose personal information (i) in response to a law enforcement or public agency’s request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of end users; (iii) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability.

We will not transfer the data to third parties without your explicit consent, in particular not for advertising and marketing purposes. Your personal information shall only be transferred if you have given your consent to do so, or if we are entitled or obliged to do so due to legal regulations and/or official or judicial orders. This may especially involve the provision of information for law enforcement purposes, for averting danger, or for enforcing intellectual property rights.

During transmission, we have implemented technical measures such as https encryption transmission protocol, etc. to ensure the data security during the transmission process.

We only use your personal information to provide the services you request. If we cooperated with external service providers in the provision of services, they shall also only access the data for the purpose of providing services. We use technical and organizational measures to ensure compliance with the data protection regulations and also ask for compliance on the part of our external service providers in this respect.

We does not sell your personal data including as “sale” is defined in California. We also does not “share” your personal data as that term is defined in California.

3.Retention of Personal Data

Your personal data we collect will remain on the server located in Singapore. These information and materials may be sent to, accessed, stored, and displayed in your country, region, or location where we collect information and materials.

We always delete your personal data as soon as the reason for storing it no longer applies. The data may remain stored beyond this period if this is provided for due to legal requirements to which we are subject, for example in respect of legal retention or documentation obligations. In such an event, we delete your personal data once the requirements cease to apply.

We attach great importance to information security and have established a dedicated technical team to establish systems and procedures that comply with data security technology standards. In addition, we also strive to protect your personal data from being accessed, used, or disclosed by unauthorized access through multiple measures such as access control and security incident handling. But please understand that the rapid development of Internet technology and possible malicious attacks may make the 100% information security impossible, and certain security issues beyond our control may occur.. In the event of such scenarios, we will do our utmost to dispose of security incidents in a timely manner. As one of the preventive measures in advance, we also remind you to strengthen the security of your accounts and information by using more complicated passwords and change it regularly, carefully disclose your personal sensitive information, and pay attention to the settings of device permissions when replacing devices. We will also remind you of new security attacks and precautions in the form of occasional notifications, therefore you shall pay close attention to these notifications.

4.Cross-Border Transfer of Personal Data

You acknowledge and agree that we may access and process personal data on a global basis as necessary to provide the products and services, and in particular that personal data may be transferred to and processed by us in Chinese Mainland, Singapore and other jurisdictions where our affiliates and business partners have operations.

Wherever personal data is transferred outside its country of origin, each party will ensure such transfers are made in compliance with the requirements of applicable data protection laws and regulations.

5.Rights Regarding Personal Information

Subject to possible restrictions under applicable laws, as a data subject, you have the right to knowedge, access, rectification, correction, erasure, restriction of processing, objection to a decision based solely on automated processing, data portability and not to be discriminated with regard to your personal data. In addition, you can withdraw your consent and object to our processing of your personal data on the basis of our legitimate interests. You can also lodge a complaint with a supervisory authority.

We are doing everything possible to ensure that you can successfully exercise your rights in accordance with applicable laws and regulations. When you need to exercise your rights, we may ask you verification question in order to protect your personal data. If you have any questions regarding this Policy or you have a problem exercising your rights, you may send your request in writing to the email address provided in this Policy.

We reserve the right to charge you a reasonable fee for the processing of any data access or correction request where requests are manifestly unfounded or excessive, in particular because of their repetitive character.

Please notice, the types of rights regarding personal information vary across jurisdictions due to differences in applicable laws and regulations. For more detailed information about the specific rights and applicable response times, please refer to the Appendix.

6.Newsletter

When you register for our e-newsletter, your email address will be used for our promotional purposes until you unsubscribe. You will regularly receive information via email in this regard on current topics as well as emails for specific events and special promotions. The emails may be personalized and individualized based on the information saved about you.

We use the double-opt-in process when you register for our newsletter, assuming you have not given us your consent in writing. This means that we will only send you a newsletter via email if you have explicitly confirmed to us in advance that we should activate the newsletter mailing. We will then send you a notification email and ask you to confirm by clicking a link in this email that you would like to receive our newsletter. We record the opening of the newsletter and any links that it may contain. In addition, we process the following data in relation to the use of the newsletter: the email program you are using, your browser’s operating system, the time of access, and your abbreviated IP address. The legal basis for processing your data is your consent.

If you do not wish to receive this information, we will also provide you with the method to cancel such an information subscription with an unsubscribe link contained in every newsletter. But you will not be able to cancel the subscription of the information that is related to the system service and is not a promotion advertisement. For example, a notification sent to you due to the service suspension caused by system maintenance.

7.Protection of Personal Data

We implement appropriate technical and organizational measures to prevent unauthorized access, to maintain information accuracy and to ensure the correct use of the information we hold. Upon becoming aware of an information breach, we will notify you and the regulatory authorities in accordance with the timescales and scope required by applicable laws and regulations.

We have implemented a system access control policy. The system access privileges are in compliance with the principle of least privilege, ensuring that users can only access the functions and data within their authorized scope. User information is stored in the system database, and the query permissions are managed in a hierarchical manner based on user roles. An internal approval and authorization process has been established, and the operation logs of employees are recorded for auditing purposes.

Additionally, our corporate values, ethical standards, policies and practices are committed to the protections of users. In general, our business practices limit the use and disclosure of such information only to authorized persons, processes and transactions. However, apart from regular controls, absolute protection against all risks is not possible.

No data transmission over the internet or any wireless network can be guaranteed to be perfectly secure. As a result, while we use appropriate technical and organizational measures to protect the information we hold for you, we cannot guarantee the security of any information you transmit over the internet.

8.Minor’s Personal Data

We attach great importance to the protection of information about Minors. We do not actively provide services to minors. If you are under the age of adults as specified by laws in your jurisdiction and you indeed need to use our products or services according to your requirements, we encourage you to ask your guardian to read this Privacy Policy carefully, and use our products or services, or provide us with your personal data with the consent of your guardian.

If it can be proved that a minor has provided us with personal information without parental or guardian consent, the parent or guardian should contact us to remove the information. You may send your request for erasure in writing to our email address as listed in this Policy.

9.Cookies and Other Technologies

This section explains how we use cookies and similar technologies (we refer to them collectively as “cookies”) to recognize you when you use our website. It explains what these technologies are and why we use them, as well as your rights to control them.

Cookies are small text files stored on your device, which save specific settings and data for exchange with the website via your device. A cookie generally contains the name of the domain from which the cookie file was sent as well as information on the age of the cookie and an alphanumeric identifier.

We use different cookies to evaluate the performance of the website to improve your browsing experience, to personalize content and ads, to analyze our traffic and to continually improve services to you. It should be noted that the strictly necessary cookies placed on the website are necessary for the website to function and cannot be switched off in our systems. You can disable the storage of all other cookies and manually delete previously saved cookies via the website settings. And you can choose to accept or refuse the use of all other cookies at any time. If you choose to reject the use of those cookies, you will still be able to use the website while without them, but the website may not function as you expect it to and this could lead to a poor experience on the website for you. For more information about cookies, please review our Cookie Notice.

10.Changes to this Policy

We may update this Policy from time to time in response to changing legal, technical or business developments.

When we update our Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make and as required by applicable laws, such as by posting an amended Policy on the Aweray platform.

The up-to-date version of the Privacy Policy can be accessed directly via our website at all times. We recommend that you familiarize yourself regularly with any changes to this Policy.

11.How to Contact us

We have appointed a data protection team to support us in relation to data privacy issues and with whom you can also make contact directly. Our data protection team is available to you to deal with queries relating to our processing of personal data or to provide other information on data privacy issues. We will respond to your requests as required by the applicable law and regulation in your jurisdiction.

Data Privacy Team Contact ·Phone: Individual Business： Please call 400-601-0000 (Service available from 9:00 to 18:00, Monday to Saturday) Business and Enterprise Business： Please call 400-008-5211 (Service available from 9:00 to 18:00, Monday to Saturday) ·E-mail: contactus@aweray.com

If you believe that our processing of your personal information does not comply with this Policy or the applicable data protection regulations, you have the right to lodge a complaint with a regulatory authority.

Appendix. Specific Provision for Different Jurisdictions

1.Europe

1.1Identity
In the Context with the provision of our services in Europe, we are bound by the General Data Protection Regulation (GDPR). We constitute “controller” under the GDPR.

1.2Rights under GDPR
(1)Right of access: you have the right to obtain from the us confirmation as to whether or not your personal data are being processed; you can also request a copy of your personal information that are undergoing processing.
(2)Right to rectification: you have the right to obtain from us without undue delay the rectification of inaccurate or incomplete personal data.
(3)Right to erasure (‘right to be forgotten’): you have the right to obtain from us the erasure of personal data if the following circumstances occur:
•the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
•when you withdraws consent on which the processing is based, and there is no other legal ground for the processing;
•when you objects to the processing, and there are no overriding legitimate grounds for the processing; •the personal data have been unlawfully processed;
•the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
•the personal data have been collected in relation to the offer of information society services for children under the age of 14.
(4)Right to restriction of processing: you have the right to obtain from us the restriction of processing where one of the following applies:
•the accuracy of the personal data is contested, for a period enabling us to verify the accuracy of the personal data;
•the processing is unlawful and you opposes the erasure of the personal data and requests the restriction of their use instead;
•we no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
•you have objected to processing, pending the verification whether the legitimate grounds of us override those of yours.
(5)Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller provided that (a) the processing is based on consent; and (b) the processing is carried out by automated means.
(6)Right to object: you have the right to object to data processing based on specific reasons, including: (a) processing based on legitimate interests; (b) processing based on public interest or official authority; (c) when personal data is used for direct marketing, you can object at any time; (d) for scientific, historical research, or statistical purposes, unless it involves public interest.
(7)Right not to be subject to automated decision-making (including profiling): you have the right not to be subject to decisions based solely on automated processing, especially when the decision has legal consequences or significantly affects the data subject.
(8)Right to complaint: If you are of the opinion that our processing of your personal data by us is not in compliance with this Policy or the applicable data protection regulations, you have the right to make a complaint to a regulatory authority.
We will respond to your requests within one month or two months (if the request is complex or you have made a number of requests).

2.The United States

2.1Identity
This part is intended to assist California customers to be informed of their rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in the first instance. As we provide a single form of services, this part also apply to customer in other region in the United State. Under the CCPA and CPRA, We constitute the “business”.

2.2California Privacy Rights
California consumers have a right to knowledge, access, correction, and deletion of their personal information under the CCPA and CPRA. California consumers also have a right to opt out of the sale or sharing of their personal information by a business, and a right not to be discriminated against for exercising their California privacy rights.
We do not sell or share the personal information of California consumers as those terms are defined under California law, and do not discriminate in response to privacy rights requests. We also do not use or disclose sensitive personal information for any purposes that would require a user to exercise a right to limit according to California law.
We will respond to the consumers’ requests within 45 days.

2.3Do Not Track
We do not track our customers over time and across third-party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.

3.South Korea

3.1Identity
In the Context with the provision of our services in South Korea, we are bound by the Personal Information Protection Act (PIPA). We constitute “controller” under the PIPA.

3.2Rights under PIPA
(1)Right to be informed: you have the right to obtain detailed information on the processing of your personal information.
(2)Right of access: you may request to access your personal information.
(3)Right to transfer: you may also request us to provide a copy of your personal information and to transfer it. You may request the transfer to yourself or to an institution specifically managing personal information. The transfer request may be withdrawn.
(4)Right to rectification and erasure: you may request us to rectify or erase your personal information. However, erasure is not allowed if the personal information is required to be collected under laws or regulations.
(5)Right to suspend processing: you may request us to suspend the processing of your personal information, and you have the right to withdraw your consent.
(6)Right to object to automated decision-making: If the processing of your personal information through fully automated systems (including artificial intelligence) has a significant impact on your rights or obligations, you have the right to object to the relevant decision. Additionally, you may request us to explain the automated decision that has already been made.
(7)Right to claim compensation: If you have suffered damage due to the violation of this law by us, you have the right to claim compensation for such damage from us.

4.Singapore

4.1Identity In the Context with the provision of our services in Singapore, we are bound by the Personal Data Protection Act 2012 (PDPA). We constitute “organization” under the PDPA.

4.2Measures to Ensure the Accuracy To ensure the accuracy of the personal data we collect and hold, you agree not to submit any information to us which is inaccurate or misleading, and you agree to inform us of any inaccuracies or changes to such information. We reserve the right at our sole discretion to require further documentation to verify any information provided by you.

4.3Rights under PDPA (1)Right of access: you have the right to be informed about the personal data we held, and the use and disclosure of such data in the year preceding your request for access. We will respond to your request for access as soon as reasonably possible. (2)Right to rectification: you have the right to correct inaccuracies and to complete incomplete personal data about you. We will respond to your request for rectification as soon as practicable.

5.Indonesia

5.1Identity In the Context with the provision of our services in Indonesia, we are bound by the Law No. 27 of 2022 on Personal Data Protection (PDPL). We constitute “controller” under the PDPL.

5.2Rights under PDPL
(1)Right to be informed: you have the right to request the information regarding the purpose of processing, and our responsibilities.
(2)Right to completion and rectification: you have the right to request the completion of inaccurate personal data or the rectification of errors.
(3)Right of access and right to obtain a copy: you have the right to access their personal data and obtain a copy of it.
(4)Right to erasure: you have the right to request the termination of processing, deletion, and/or destruction of your personal data.
(5)Right to withdraw consent: you have the right to withdraw consent to the processing of your personal data that has been granted to us.
(6)Right to object to automated decision-making: you have the right to object to decisions made solely based on automated processing.
(7)Right to delay or restrict processing: you have the right to delay or restrict the processing of your personal data based on the purpose of the processing of personal data.
(8)Right to complain and claim compensation: you have the right to file a lawsuit against violations in the processing of your personal data and to obtain compensation in accordance with relevant laws and regulations.
(9)Right to data portability: you have the right to obtain and/or use your personal data from us in a format that is structured, commonly used, and machine-readable. You also have the right to transfer your personal data to another data controller, provided that the systems used can communicate securely.

6.Vietnam

6.1Identity In the Context with the provision of our services in Vietnam, we are bound by the Decree No. 13/2023/ND-CP on the Protection of Personal Data (PDPD). We constitute “controller” under the PDPD.

6.2Rights under PDPD
(1)Right to be informed: you have the right to be informed about the processing of your personal data.
(2)Right to decide (right to consent and right to withdraw consent): you have the right to give consent to the processing to withdraw consent.
(3)Right of access: you have the right to access personal data in order to view, modify, or request rectification.
(4)Right to erasure: you have the right to delete or request the deletion of personal data.
(5)Right to restrict processing: you have the right to request the restriction of processing of your personal data.
The restriction of processing of personal data will be implemented within 72 hours after receiving the request from you.
(6)Right to data portability: you have the right to request us to provide you with their personal data.
(7)Right to object to processing: you have the right to object to the processing of your personal data, in order to prevent or limit the disclosure of personal data or the use of personal data for advertising and marketing purposes. We will respond to your request within 72 hours after receiving it.
(8)Right to complain, report, and litigate: you have the right to file complaints, reports, and lawsuits in accordance with legal provisions.
(9)Right to compensation for damages: When personal data protection regulations are violated and cause damage to the data subject, you have the right to claim compensation in accordance with legal provisions.
(10)Right to self-protection: you have the right to exercise right to self-protection or to request that competent authorities and organizations implement measures for the protection of your civil rights.

7.Thailand

7.1Identity In the Context with the provision of our services in Thailand, we are bound by the Personal Data Protection Act, B.E. 2562 (2019) (PDPA). We constitute “controller” under the PDPA.

7.2Rights under PDPA
(1)Right to withdraw consent: you may withdraw consent at any time.
(2)Right of access and right to obtain a copy: you have the right to access the personal data processed by us and to obtain a copy of the personal data.
(3)Right to receive and transfer: you have the right to obtain personal data from us and to request us to send or transfer your personal data to another controller.
(4)Right to object: you may, at any time, object to the collection, use, and disclosure of personal data by us in specific circumstances.
(5)to erasure, destruction, and anonymization: you have the right to request the us to delete, destroy, or anonymize personal data in specific circumstances.
(6)Right to restrict processing: you have the right to restrict the processing of your personal data. (7)Right to rectification and completion: you have the right to request that the personal data held by us be accurate, up-to-date, complete, and not misleading.
(8)Right to lodge a complaint: you have the right to lodge a complaint against us or other processor for the unlawful processing of personal data.

For requests to exercise the right of access and the right to obtain a copy, a response should be provided without undue delay and no later than 30 days after receiving the request. For requests to exercise the right to object, the objection will immediately become effective.

8.Malaysia

8.1Identity
In the Context with the provision of our services in Malaysia, we are bound by the Akta Perlindungan Data Peribadi 2010 (PDPA). We constitute “controller” under the PDPA.

8.2Rights under PDPA
(1)Right to be informed, right of access, and right to obtain a copy: you have the right to be informed whether your personal data is being processed. You can submit a written request to access their personal data.
(2)Right to rectification: you may request the rectification of inaccurate, incomplete, misleading, or outdated personal data.
(3)Right to data portability (effective from June 1, 2025): you have the right to request in writing to transmit personal data directly to another designated data controller in electronic form.
(4)Right to withdraw consent: you may withdraw consent to the processing of personal data in writing.
(5)Right to restrict processing that may cause damage or distress: Except in cases of exception, if the processing of personal data or the processing of personal data for a specific purpose or in a specific manner is causing or is likely to cause significant damage or significant distress to you or another person, and such damage or distress is not warranted, you may at any time request in writing us to cease or refrain from commencing the processing of personal data for the specific purpose or in the specific manner within a reasonable period.
(6)Right to object to processing for direct marketing purposes: you may request in writing us to cease using their personal data for direct marketing.