VEXA GLOBAL Enterprise ("we", "us", "our", "Company", "Data User") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your Personal Data in accordance with the Personal Data Protection Act 2010 (PDPA) and other applicable Malaysian laws.
By accessing or using the VEXA GLOBAL, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.
1. Personal Data We Collect
We may collect the following categories of Personal Data:
Identity Data
Full name, NRIC/Passport number, photograph, business registration details (for Agents/Pros).
Contact Data
Email address, phone number, mailing address, office location.
Technical Data
IP address, browser type, device information, operating system, cookies, usage patterns, and analytics data.
Transaction Data
Details of listings posted, inquiries made, subscription/payment information, transaction history.
Communication Data
Messages between you and other users, support tickets, feedback, and complaints.
2. Purpose of Processing
Your Personal Data is processed for the following lawful purposes:
- Service Provision: To provide, maintain, improve, and customize the VEXA GLOBAL.
- Lead Generation: To match and connect you with Agents, Pros, Developers, or customers based on your inquiries.
- Verification & Compliance: To verify professional credentials (REN, SSM, SST) and prevent fraud/abuse.
- Communication: To send transactional updates, security alerts, customer support, and marketing communications (with consent).
- Legal Compliance: To comply with legal obligations under PDPA, BNM, PDRM, MCMC, and other Malaysian authorities.
- Analytics & Improvement: To analyze platform usage, troubleshoot issues, and enhance user experience.
3. Disclosure & Data Transfer
General Rule: We do NOT sell or rent your Personal Data to third parties for marketing purposes.
Your data may be shared with:
Third-Party Professionals
When you explicitly inquire about a property, vehicle, or service, your contact details may be shared with the relevant Agent, Developer, or Service Professional.
Service Providers & Processors
Cloud hosting (Google Firebase), payment processors (Stripe, FPX), analytics (Google Analytics), email services, and customer support tools. These vendors are bound by Data Processing Agreements (DPA) and PDPA compliance requirements.
Legal & Regulatory Authorities
PDRM, BNM, MCMC, DBKL, or other authorities if required by law, court order, or regulatory investigation.
Business Transactions
In case of merger, acquisition, or sale of assets, your data may be transferred as part of the business transaction. We will notify you of any such change.
International Data Transfer
Your Personal Data may be stored and processed on servers located outside Malaysia (e.g., Singapore, USA, or other jurisdictions). By using VEXA, you expressly consent to this transfer. We take reasonable steps to ensure that international transfers comply with PDPA standards.
4. Data Security
We implement comprehensive technical, organizational, and physical safeguards to protect your Personal Data from unauthorized access, alteration, disclosure, or destruction. These include:
- SSL/TLS encryption for data in transit
- Encrypted database storage for sensitive data
- Role-based access controls (RBAC)
- Regular security audits and penetration testing
- Employee confidentiality agreements and training
Disclaimer: While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we maintain industry-standard protections.
6. Data Retention
We retain your Personal Data for as long as necessary to fulfill the purposes stated in this policy or as required by law:
Active Users: Retained while your account is active
Inactive Accounts: Retained for 2 years after account deletion; then securely destroyed
Transaction Records: Retained for 7 years for tax and legal compliance
Analytics Data: Retained for 26 months; then aggregated or deleted
You may request deletion of your Personal Data at any time by contacting our DPO (see section 9), subject to legal retention obligations.
7. Your PDPA Rights
Under the PDPA, you have the following rights:
Right of Access
Request a copy of your Personal Data held by us. We will respond within 30 days.
Right of Correction
Request correction of inaccurate or incomplete data. We will update records promptly.
Right of Deletion
Request deletion of your Personal Data, except where we are legally obliged to retain it.
Right to Withdraw Consent
Withdraw consent for data processing at any time. This may limit your access to certain services.
Right to Opt-Out
Opt-out of marketing communications by clicking the "Unsubscribe" link in emails or contacting our DPO.
Right to Lodge a Complaint
File a complaint with the Personal Data Protection Commissioner if you believe your rights are violated.
To exercise any of these rights, submit a written request to our DPO at the contact details in section 9.
8. Data Breach Notification
In the event of a data breach involving your Personal Data, we will:
- 1.Investigate the breach promptly and assess the risk to your privacy.
- 2.Notify you and the Personal Data Protection Commissioner within 14 days (as required by PDPA).
- 3.Provide information on mitigation steps and remedies available to you.
Note: We maintain cybersecurity insurance and incident response procedures to minimize the impact of any breach.
9. Contact & Data Protection Officer
For privacy inquiries, data subject requests, or to exercise your PDPA rights, please contact:
Organization
VEXA GLOBAL Enterprise
Phone
Mailing Address
VEXA GLOBAL Enterprise
Kuala Lumpur, Malaysia
Response Time: We commit to responding to all data subject requests within 30 days of receipt.
Personal Data Protection Commissioner
Office of the Personal Data Protection Commissioner (PDPC)
Level 2, Plaza Damansara, Damansara Heights, 50490 Kuala Lumpur
Phone: +60 3 3205 5188
Website: www.pdpc.gov.my
Related Documents: