This policy explains how Handeity Creative Sdn Bhd (“Handeity”, “we”, “us”), registration number 202201024816 (1469327-D), of Level 8, Menara Milenium, 8 Jalan Damanlela, Damansara Heights, 50490 Kuala Lumpur, Malaysia, handles personal data collected through handeity.com and in the course of our services. We process personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
1. Data we collect
We collect personal data in three ways:
- Data you give us — when you submit the enquiry form (name, email address, phone number and your message), email us, call us, message us on WhatsApp, or sign a service agreement.
- Data collected automatically — technical information such as browser type, device class, pages visited and approximate location, gathered through cookies and similar technologies described in our Cookie Policy.
- Data from client projects — where a client engages us to work on systems that contain personal data of their customers, we handle that data as a processor under the client’s instructions.
2. Why we use it
- To respond to enquiries and schedule discovery calls;
- To prepare proposals, deliver contracted services and issue invoices;
- To meet legal, tax and accounting obligations under Malaysian law;
- To understand how visitors use our website so we can improve it;
- To send occasional service updates to existing clients (never cold marketing lists).
We do not sell, rent or trade personal data. Ever.
3. Legal basis and consent
We process data with your consent (for example, when you tick the consent box on our enquiry form), for the performance of a contract, or to comply with legal obligations. You may withdraw consent at any time by writing to [email protected], subject to any data we must retain by law.
4. Who we share data with
Access is limited to Handeity staff who need it for their work. We use a small number of service providers — hosting, email and analytics vendors — who process data on our behalf under contractual safeguards. Some providers store data outside Malaysia; where they do, we choose vendors with recognised security certifications. We disclose data to authorities only when lawfully required.
5. Retention
Enquiry data that does not lead to an engagement is deleted within 24 months. Client and contractual records are retained for seven years to meet statutory requirements, then securely destroyed. Analytics data is retained in aggregate form only.
6. Security
Our website is served over HTTPS. Internal systems use unique credentials, two-factor authentication and least-privilege access. No method of transmission or storage is perfectly secure, but we review our practices regularly and correct weaknesses promptly.
7. Your rights
Under the PDPA you may request access to the personal data we hold about you, ask us to correct it, limit its processing or withdraw consent. Write to [email protected] with the subject “Data Request” and we will respond within 21 days.
8. Children
Our services are aimed at businesses. We do not knowingly collect personal data from anyone under 18; if you believe we hold such data, contact us and we will delete it.
9. Changes to this policy
We update this page when our practices change and adjust the review date above. Material changes affecting existing clients are notified by email.
10. Contact
Handeity Creative Sdn Bhd
Level 8, Menara Milenium, 8 Jalan Damanlela,
Damansara Heights, 50490 Kuala Lumpur, Malaysia
Email: [email protected] · Phone: +60 3-2011 4738