1. Introduction

Welcome to TEH TARIK Digital. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree with the terms, please do not use our services.

2. Information We Collect

We may collect various types of information from and about users of our services, including:

• Personal Identifiable Information (PII): Such as your name, email address, phone number, and postal address when you register for an account, subscribe to our newsletter, or contact us.
• Usage Data: Information about how you access and use our services, including your IP address, browser type, operating system, pages viewed, and the dates and times of your visits.
• Device Information: Information about the device you use to access our services, including hardware model, operating system and version, unique device identifiers, and mobile network information.
• Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track the activity on our service and hold certain information.

3. How We Use Your Information

We use the information we collect for various purposes, including to:

• Provide, operate, and maintain our services.
• Improve, personalize, and expand our services.
• Understand and analyze how you use our services.
• Develop new products, services, features, and functionality.
• Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the service, and for marketing and promotional purposes.
• Process your transactions and manage your accounts.
• Send you emails.
• Find and prevent fraud.

4. Legal Basis for Processing (EEA, UK, and similar jurisdictions)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a legal basis for data processing, we process your personal information only when we have a valid legal basis, such as:

• Consent: You have given us explicit consent to process your data for a specific purpose (e.g., marketing emails).
• Contract: Processing is necessary for the performance of a contract with you (e.g., providing our services).
• Legal Obligation: Processing is required to comply with the law (e.g., tax or fraud reporting).
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving our services, preventing fraud), provided your fundamental rights do not override those interests.

5. Data Sharing and Disclosure

We may share your information with third parties in the following situations:

• With Your Consent: We may share your information when you give us explicit consent to do so.
• Service Providers: We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, and customer service.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or a government agency request).
• Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Aggregated or Anonymized Data: We may share aggregated or anonymized information that cannot reasonably be used to identify you.

6. International Data Transfers

Our services may be hosted and operated in countries outside your own, including Malaysia and other jurisdictions where our service providers are located. When we transfer your personal information across borders, we take appropriate safeguards to protect your data, such as using standard contractual clauses approved by relevant authorities, ensuring the receiving country has adequate data protection laws, or obtaining your explicit consent when required. By using our services, you acknowledge that your information may be transferred to, stored, and processed in countries that may have different data protection laws than your country of residence.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account information: Retained for as long as your account is active, plus a reasonable period afterward (e.g., 6 months) in case of reactivation.
• Usage data: Retained for up to 12 months for analytics and service improvement.
• Marketing communications data: Retained until you unsubscribe or request deletion.
• Transaction records: Retained for as long as required by applicable tax and commercial laws (typically 7 years in Malaysia).

When we no longer need your personal information, we will securely delete or anonymize it.

8. Data Security

We implement reasonable security measures designed to protect your personal information from unauthorized access, use, alteration, and disclosure. These include encryption, access controls, regular security assessments, and secure hosting environments. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and any applicable supervisory authority (e.g., the Malaysian Personal Data Protection Commissioner or relevant EU authority) without undue delay, and where feasible, within 72 hours of becoming aware of the breach, as required by laws such as the GDPR. Notification may be made by email, a prominent notice on our website, or other direct communication.

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Rectification: Correct inaccurate or incomplete information.
• Erasure (Right to be forgotten): Request deletion of your personal information, subject to legal exceptions.
• Restriction: Request that we limit how we use your data.
• Data Portability: Receive your data in a structured, machine-readable format and transfer it to another controller.
• Objection: Object to processing based on legitimate interests or direct marketing.
• Withdraw Consent: Withdraw any consent you previously gave, without affecting the lawfulness of processing before withdrawal.
• Lodge a Complaint: File a complaint with a data protection authority (e.g., the Malaysian Personal Data Protection Department or your local EU supervisory authority).

To exercise any of these rights, please contact us using the details in Section 15. We will respond within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request.

For California residents (CCPA/CPRA): You also have the right to know what personal information we collect, use, disclose, and sell; opt out of the sale or sharing of your personal information (we do not currently sell your data, but you can opt out of any future sale by contacting us); limit the use of sensitive personal information; and non-discrimination for exercising your rights. To opt out of any potential future sale or sharing, please email privacy@tehtarik.digital with "CCPA Opt-Out" in the subject line.

11. Children's Privacy

Our services are not directed to children under the age of 16 (or the age of digital consent in your country, which may be 13 in some jurisdictions). We do not knowingly collect personal information from children under this age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from a child without verified parental consent, we will delete that information promptly.

12. Third-Party Analytics, Advertising, and Tracking Technologies

We use cookies and similar tracking technologies to collect usage data. In addition to first-party cookies, we may use third-party services that set their own cookies or tracking pixels, including:

• Google Analytics: To analyze website traffic and user behavior. Google’s privacy policy is available at https://policies.google.com/privacy. You can opt out using Google’s Opt-out Browser Add-on.
• Facebook Pixel / Meta (if used): For advertising measurement and audience building.
• Other marketing or analytics tools that we may add from time to time.

You can control cookies through your browser settings. Most browsers accept cookies by default, but you can set your browser to reject cookies or notify you when a cookie is placed. Note that disabling cookies may affect the functionality of our services.

Do Not Track (DNT): Our website does not currently respond to DNT signals because no universal standard has been adopted. However, you can use browser settings to block tracking technologies as described above.

Your Advertising Choices: You can opt out of interest-based advertising from many providers by visiting the Network Advertising Initiative or the Digital Advertising Alliance.

13. Your Choices (Specific Actions)

You have the following specific choices regarding your personal information:

• Opt-Out of Marketing Communications: You can opt-out of receiving promotional emails from us by following the unsubscribe instructions provided in those communications. Even after opting out, we may still send you non-promotional messages, such as account updates or transaction confirmations.
• Cookies: As noted in Section 12, you can manage cookies through your browser.
• Access and Update Your Information: You may review, update, or delete your account information by logging into your account settings or by contacting us directly.
• Disable Account: You may request that we deactivate your account by emailing us.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top. For significant changes, we may also provide a more prominent notice (e.g., email notification). You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

15. Contact Us (Including Data Protection Officer)

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@tehtarik.digital
• Address: 1-21-01, SunTech @ Penang CyberCity, Lintang Mayang Pasir 3, Bayan Baru, 11950 Bayan Lepas, Pulau Pinang, Malaysia
• Phone: +604-44 20 891

Data Protection Officer (DPO): Our appointed DPO can be reached at dpo@tehtarik.digital or via our postal address marked "FAO: DPO".

For GDPR-related inquiries (EEA/UK users): If you are in the European Union or United Kingdom, you may also contact our EU representative (if required) by emailing gdpr@tehtarik.digital – please check this address for updates.

For Malaysian PDPA complaints: You may lodge a complaint with the Malaysian Personal Data Protection Department at https://www.pdp.gov.my.