Techpay

Menu
Get in touch
Menu
hamburgerCreated with Sketch Beta.

Privacy and Data Protection Policy

1. Introduction

This Privacy and Data Protection Policy (“Policy”) specifies the Privacy Principles followed by Tpay Platform Private Limited and its employees regarding the collection, use, transfer, storage, and destruction of personal information/personally identifiable information.

 

Throughout this Policy, “Tpay” refers to Tpay Platform Private Limited (also referred to as “we,” “us,” or “our”).

 

Tpay’s commitment to these policy requirements reflects the value it places on complying with existing Data Protection regulations/legislation while simultaneously maintaining the trust of the employees, clients, business partners, and others whose personal or confidential information is shared with us in the course of our business operations.

 

2. Purpose
This Policy aims to facilitate “Privacy-by-Design” principles in the implementation of systems and processes by Tpay.
3. Scope

This policy document applies to Tpay’s a) Information, b) Information Systems, c) Employees, and d) Third-Party Staff.
This Policy applies to the collection, storage, processing, transfer, and use of personal information concerning its clients, business partners, employees, former employees, applicants for employment, and may include other personal information not specifically listed here. Personal information may be collected from individuals through various means, including websites, other ordering channels, and service or employment processes.

4. Privacy and Data Protection Policy Requirements
The collection, storage, processing, transfer, and use of personal information by Tpay for its business operations shall be governed by the following security controls:
4.1 Fair and Lawful Processing of Personal Information

The following security controls shall apply to the fair and lawful processing of personal information:

 

  • Notice: Provide timely and appropriate notice to Data Subjects (refers to any information relating to an identified or identifiable natural person) about its data processing practices as required by applicable laws and regulations or as necessary from time to time.
  • Choice: Do not use or provide personal information to third parties without giving the Data Subject(s) an opportunity to choose whether their information can be disclosed for such use unless otherwise permitted or required by law or regulation.
  • Consent: Process personal information only with an individual’s consent, which may be express or implied, depending on the sensitivity of the personal information and the individual’s reasonable expectations, unless otherwise permitted or required by law or regulation.
4.2 Limitations on Collection, Use, and Disclosure of Personal Information
The following security controls shall apply to purpose limitation on the collection, use, and disclosure of personal information:

Purpose:

  • Collect personal information only for specific and legitimate business purposes.
  • The information collected will be relevant, adequate, and not excessive for the purposes for which it is collected.
  • Process personal information in a manner consistent with the purposes for which it was collected unless otherwise permitted or required by law or regulation, or the individual has subsequently consented to the new use of their personal information.
  • Personal information collected from data subjects in the course of business will not be sold, rented, or leased.

Data Minimization:

  • Take all legally required and commercially reasonable steps to ensure that personal information processed by Tpay is adequate, relevant, and limited to what is necessary for the purposes for which the information is processed.

Onward Transfer:

  • Take appropriate measures, by contract or otherwise, to provide adequate protection for personal information that is disclosed to a third party or transferred to or accessed from another country (including internal transfers and transfers between business units and/or third parties).
4.3 Management of Personal Information
The following security controls shall apply to managing personal information:

Accuracy/Integrity:

  • Take all legally required and commercially reasonable steps to ensure that personal information:
  • is reliable for its intended use, accurate, complete, and, where necessary, kept up to date; and
  • that is inaccurate or outdated is promptly either erased or rectified.

Access: Maintain processes to give Data Subjects reasonable access to their personal information and, as appropriate, the ability to correct, delete, or update inaccurate or incomplete information.

Security: Take all legally required and commercially reasonable measures proportional to the associated risk to protect personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction. Ensure appropriate levels of protection for information considered to be sensitive personal information.

Retention: Keep personal information in a form that permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal information is processed. Personal information may be stored for longer periods and will be processed solely for archiving purposes in the public interest, or for scientific, historical, or statistical purposes, and subject to the implementation of appropriate safeguards.

4.4 Accountability, Compliance, Exception, and Violations
The following security controls shall apply to accountability and enforcement of this policy and data protection regulations and legislation that govern the collection, use, and disclosure of personal information:
  • Accountability: The Director is responsible for and shall demonstrate compliance with this Policy’s requirements. The Director shall, as needed, designate individuals within the organization to be accountable for compliance with privacy and data protection laws and related policies.
  • Data Subject Access Requests, Complaints, and Dispute Resolution: The Director shall provide points of contact and communication channels to raise access requests, initiate data protection and privacy-related complaints, or pursue dispute resolution, including a fair process to investigate and resolve requests and complaints, and to communicate the progress and status of requests or complaints to Data Subjects.
  • Education and Awareness: Tpay shall, as needed, make available training and programs to educate and raise awareness among employees regarding legal, regulatory, and contractual responsibilities concerning the processing of personal information.
  • Compliance: The Director is charged with implementing and enforcing this policy, promulgating additional privacy-related policies as may be required, and providing strategically coordinated privacy-related compliance functions as the Data Protection Officer when required. All covered under this policy shall ensure compliance and adherence to this Policy and the controls stipulated therein. Any violation of the Policy may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties, up to and including termination of employment.
  • Exception: Exceptions to this policy must be approved by the Director.
  • Violations: Any employee who knowingly violates or attempts to violate this policy shall be subject to disciplinary action, up to and including separation from Tpay, subject to applicable local employment laws and regulations. Where illegal activities or attempts to bypass security controls are suspected, Tpay may report such events to the applicable local authorities. Exceptions to this policy must be approved by the Director.
5. Waivers
At the time of creating this Policy, there are no authorized waivers or exceptions. All waiver and exception requests should be submitted to the Director, who will provide a decision and, where necessary, instruct updates to the policy documentation.
6. Grievance Redressal & Contact Information

Any grievances, complaints, queries, or comments concerning this Policy should be sent to Tpay in writing to the following contact email ID. Grievances and related queries shall be redressed as expeditiously as possible. The contact information is: contact@techpay.ai

Privacy and Data Protection Policy (Malaysia)

1. Introduction

This Privacy Policy applies to TECHPAYAI SDN BHD (Company No. 202501047647 (1649055-K)) and its affiliates (“TechPay AI”, “we”, “our”, “us”) and governs the collection, use, and disclosure of personal data in connection with our services, website (www.techpay.ai), and any other online or offline interaction with you (“you”, “your”).This policy is designed to comply with the PDPA and other applicable laws in Malaysia
2. Scope
This Privacy Policy covers personal data collected from:
  • Visitors to our website and applications;
  • Customers, users, and prospective customers (including individuals representing corporate clients);
  • Persons who request information, engage in transactions, subscribe to newsletters, or otherwise engage with us.
  • The policy does not apply to personal data collected by third-party websites to which our services may link or by our business partners under separate policies.

3. What is “Personal Data”

For the purposes of this policy and under the PDPA, “personal data” means any information that relates directly or indirectly to an individual who is identified or identifiable. This may include, but is not limited to, name, email address, telephone number, national identity number, IP address, location data, and other demographic or usage data.

4. Information We Collect

a) Information you provide We may ask you to provide personal data when you:
  • Use our website or application;
  • Request quotes, services or support;
  • Register an account;
  • Subscribe to newsletters or marketing communications;
  • Participate in surveys, webinars or promotional offers;
  • Contact us through forms, email or phone.
Such personal data may include your name, email address, billing/shipping address, telephone number, user ID, password, job title, company information, demographics (such as age, gender, interests), payment information (where applicable), national identity number (where required) and any other information you choose to provide

b) Information we collect automatically
When you visit our websites or use our services we may automatically collect usage and behavioural data, such as:
  • IP address, device identifiers, browser type and language;
  • Access times, referring URL, pages viewed, links clicked;
  • Location data and other similar technical information;
  • Cookies and tracking technologies.
c) Information we obtain from third-party sources
We may supplement the personal data we collect from you with information from third parties such as business partners, public databases, social media platforms or marketing providers, in order to enhance our understanding of your preferences and deliver tailored services and communications.

5. How We Use Personal Data

We may use your personal data for the following purposes:

  • To deliver products, services and support you request;
  • To process transactions and manage accounts;
  • To send you communications relating to your transactions, services you use, updates, newsletters, promotional offers (where you have consented) and other information about our business;
  • To enable you to participate in features of our website and services (such as live chat, account management, downloads);
  • To personalise, analyse and improve our website, services, marketing campaigns, content, and user experience;
  • To profile interests (where permitted) and target advertising, subject to applicable consent and law;
  • To enforce our terms of service, prevent fraud or illegal activities, ensure security and integrity of our business and systems;
  • To fulfil legal or regulatory obligations or exercise legal rights.

 

6. Legal Basis for Processing

Under the PDPA and as applicable in Malaysia, the legal basis for processing your personal data will depend on the context and may include:

  • Your consent (where required);
  • Performance of a contract with you or taking steps at your request prior to entering a contract;
  • Compliance with legal obligations;
  • Legitimate interests of TechPay AI or our partners, provided your rights and freedoms are not overridden by those interests.

7. Retention of Your Data

We will retain your personal data for as long as necessary to fulfil the purposes described above, unless a longer retention period is required or permitted by law. Once the data is no longer needed, we will securely destroy or anonymise it.

8. International Transfers

If we transfer your personal data outside Malaysia (for example to service providers or affiliates), we will ensure appropriate safeguards are in place, such as contractual protections, to protect your data consistent with the level of protection under Malaysian law.

9. How We May Share Your Personal Data

We may share your personal data with:

  • Our subsidiaries, affiliates and business partners for the purposes described above;
  • Service providers who perform functions on our behalf (e.g., payment processors, analytics providers, marketing, IT services) and who are contractually obligated to protect your data;
  • Sales and marketing chain participants (resellers, distributors, agents) if relevant to the product/service you use;
  • Legal or regulatory authorities if required by law or in connection with legal claims, fraud prevention or acquisition/sale transactions.

We will not sell or rent your personal data for third-party marketing purposes without your consent.

10. Your Rights

Under the PDPA you may have the following rights (subject to applicable conditions):

  • Access: Request details of the personal data we hold about you and a copy thereof;
  • Rectification: Request correction of inaccurate or incomplete personal data;
  • Erasure: Request deletion of your personal data, where applicable;
  • Restriction: Request limitation of processing of your personal data;
  • Objection: Object to our processing of your personal data (including for marketing profiling) where legitimate interests are the basis;
  • Data portability: Where technically feasible and applicable, request transfer of your personal data to another controller;
  • Withdraw consent: Where processing is based on your consent, you may withdraw it (without affecting processing prior to withdrawal).

To exercise these rights, please contact us (see Section 13). Please note we may refuse or charge a reasonable fee in line with applicable law if requests are manifestly unfounded or excessive.

11. Selection of Communication Preferences & Opt-Out

You can choose not to receive marketing communications from us by following the “unsubscribe” link in any marketing email, or by contacting us. Even if you opt-out of marketing, we may still send you service-related messages (e.g., about your account, transactions). You may also opt-out of profiling for marketing purposes.

12. How We Secure Your Personal Data

We take appropriate technical and organisational measures to protect your personal data from unauthorised or accidental access, loss, destruction, alteration or disclosure. These measures include encryption of sensitive data, limiting access to authorised personnel, physical access controls, contractual safeguards with our service providers, regular security assessments and internal processes. While we strive to ensure high security, no system is completely secure and we cannot guarantee absolute security.

13. Children’s Personal Data

We do not knowingly collect personal data from children (as defined under applicable laws) through our website or services without parental or guardian consent. If we become aware that we have inadvertently collected personal data from a child without proper consent, we will take steps to delete it.

14. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website to gather usage information, personalise content, remember your preferences and display targeted advertising (where permitted). You may disable or block cookies via your browser settings; however, note that some features of our website may not function correctly if cookies are disabled.

15. Links to Third-Party Websites and Services

Our services may contain links to third-party websites, applications or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to read the privacy policy of every site you visit.

16. Changes to This Privacy Policy

We may periodically update this Privacy Policy. If we make material changes, we will update the “Effective Date” at the top of this policy and/or provide additional notice as required by law. Please review this policy periodically for updates.

17. Contacting Us

If you have questions or wish to exercise your rights under this policy, you may contact us at:

TECHPAYAI SDN BHD

Address: LOT 3A01A, LEVEL 3A, GLO DAMANSARA SHOPPING MALL 699, JLN DAMANSARA, TAMAN TUN DR ISMAIL, 60000 KUALA LUMPUR W.P. KUALA LUMPUR MALAYSIA

Email: Contact@techpay.ai

We will endeavour to respond to all queries within a reasonable timeframe.

18. Jurisdiction & Governing Law

This Policy and our handling of personal data shall be governed by the laws of Malaysia, including the PDPA. Any disputes arising out of this policy shall be subject to the exclusive jurisdiction of the courts of Malaysia.