Last updated: 26 May 2026. This Notice should be read together with our Terms & Disclaimer.
This is a starter Personal Data Notice. It must be reviewed by a lawyer admitted in Malaysia before being relied on for formal compliance, and updated whenever our processing practices change.
1. Identity of the Data User
The data user is Ace Direction Sdn Bhd (the "Company", "we", "us"), a Malaysian-incorporated cybersecurity consultancy. Enquiries about this Notice can be sent to [email protected].
2. Personal Data We Collect
When you submit our contact form, contact us directly, or otherwise interact with this website, we may collect:
- Identification data: full name, role or job title
- Contact data: work email address, company name, country, phone or WhatsApp number (if provided)
- Enquiry content: the message you send and your preferred contact method
- Technical data: IP address, browser type, device type, pages visited, and Cloudflare Turnstile verification tokens (used to confirm you are not an automated bot)
3. Purposes of Processing
- To respond to your enquiry
- To provide and improve our services
- To comply with applicable laws and regulatory obligations
- To protect our legal rights and prevent fraud or abuse of this website
- To verify that form submissions originate from a human (via Cloudflare Turnstile)
4. Disclosure of Personal Data
We may disclose your personal data to the following classes of third parties:
- Cloudflare, Inc. โ provides website hosting (Cloudflare Pages), the contact-form endpoint (Cloudflare Pages Functions), bot protection (Cloudflare Turnstile), and inbound email routing (Cloudflare Email Routing). Cloudflare processes data on its global edge network, including locations outside Malaysia.
- Resend, Inc. โ transactional email service provider used to deliver your enquiry to our mailbox. Resend processes data on cloud infrastructure based in the United States.
- Our professional advisers โ legal, accounting, and insurance professionals, where necessary
- Government authorities or regulators โ where required by Malaysian law
5. Cross-Border Data Transfer
Some of the processors named above store and process data outside Malaysia (primarily in the United States and other regions). By submitting personal data to us, you consent to this cross-border transfer, which is subject to contractual and technical safeguards consistent with the PDPA cross-border transfer provisions.
[Review by lawyer โ confirm whether explicit user consent for cross-border transfer is required as a separate checkbox, and update the form accordingly.]
6. Retention Period
We retain enquiry data for 24 months after our last interaction with you, unless you have engaged us for services (in which case retention is governed by the relevant engagement letter) or the law requires a longer period. After the retention period, your personal data is deleted or irreversibly anonymised.
7. Your Rights as a Data Subject
Under the PDPA, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete personal data
- Withdraw consent to our processing at any time
- Limit the processing of your personal data
- Make a complaint to the Personal Data Protection Commissioner of Malaysia
To exercise any of these rights, contact us at [email protected].
8. Cookies and Similar Technologies
This website uses minimal essential cookies necessary for the site to function and for security checks. We do not currently set analytics or marketing cookies. If that changes, this Notice will be updated and you will be asked to consent before any non-essential cookies are set.
9. Security Reports
If you believe you have found a security issue with this website, please contact [email protected]. See also our security.txt.
10. Changes to this Notice
We may update this Notice from time to time. The current version is dated above; previous versions are available on request. Material changes will be highlighted on this page.
11. Contact
Questions about this Notice or our processing of your personal data: [email protected].