Privacy Policy
Last Updated: 28 January 2026
Qynnex ("we", "our", or "us") is committed to protecting the privacy of individuals who interact with our services. This Privacy Policy outlines how we collect, process, store, and safeguard personal data when you use our website, engage our artificial intelligence consulting services, or communicate with our team.
We operate under the laws of Malaysia, including the Personal Data Protection Act 2010 (PDPA). By using our website or services, you acknowledge that you have read and understood this policy. If you have any questions, please reach out to us at [email protected].
1. Data We Collect
We may collect the following categories of personal data depending on how you interact with Qynnex:
Information you provide directly
When you fill in our contact form or send us an email, we collect your name, email address, phone number (if supplied), and the content of your message. If you engage us for a project, we may also collect company name, billing address, and project-related documentation.
Information collected through technology
When you browse our website, our servers and analytics tools may collect your IP address, browser type, operating system, pages visited, time spent on each page, and referring URL. This data is gathered through cookies and similar tracking technologies as described in our Cookie Policy.
Information from third parties
In certain cases, we may receive information about you from business partners, referral sources, or publicly available directories — only to the extent necessary for the service you have requested.
2. How We Use Your Data
Qynnex processes personal data for the following purposes:
Service delivery — to respond to your enquiry, prepare proposals, deliver consulting engagements, and provide ongoing support.
Communication — to send you project updates, respond to questions, and share relevant information about our services when you have opted in.
Website improvement — to understand how visitors navigate our site, identify areas for improvement, and ensure our content remains relevant.
Legal compliance — to fulfil our obligations under Malaysian law, respond to lawful requests from authorities, and protect our legal rights.
Security — to detect, prevent, and address fraud, unauthorised access, and other potential threats to our website and systems.
3. Legal Basis for Processing
Under the PDPA 2010, we process personal data on the following grounds:
Consent — where you have given us clear consent to process your data for a specific purpose, such as receiving communications or submitting a contact form.
Contractual necessity — where processing is required to perform a contract with you or to take steps at your request before entering into a contract.
Legitimate interest — where processing is necessary for our legitimate business interests, provided such interests are not overridden by your rights and freedoms.
Legal obligation — where we are required to process your data to comply with applicable law or regulation.
4. Data Sharing and Third Parties
Qynnex does not sell, rent, or trade your personal information. We may share data with the following categories of recipients, strictly on a need-to-know basis:
Service providers
Third-party companies that assist us with hosting, analytics (such as Google Analytics), email delivery, and payment processing. These providers are contractually bound to handle your data securely and only for the purposes we specify.
Professional advisors
Accountants, auditors, and legal counsel who may require access to certain information in the course of providing their professional services to Qynnex.
Regulatory authorities
Government bodies and law enforcement agencies when disclosure is required by law, regulatory obligation, or court order.
5. Data Retention
We retain personal data only as long as necessary for the purpose for which it was collected or as required by law. Our general retention periods are as follows:
Contact form submissions — retained for up to 24 months from the date of the enquiry, after which they are securely deleted unless a business relationship has been established.
Client project data — retained for 7 years from the completion of the engagement, in line with Malaysian record-keeping requirements.
Website analytics data — aggregated and anonymised data may be retained indefinitely. Identifiable analytics data is retained for a maximum of 26 months.
6. Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, alteration, or destruction. These measures include:
Encryption
Data transmitted between your browser and our servers is encrypted using TLS/SSL protocols.
Access Controls
Only authorised personnel with a legitimate business need can access personal data, and all access is logged.
Secure Hosting
Our website and data systems are hosted in facilities that maintain ISO 27001 certification and conduct regular security audits.
Breach Notification
In the event of a data breach, we will notify affected individuals and the relevant authorities within the timeframes prescribed by law.
7. Cookies
Our website uses cookies and similar technologies to enhance your browsing experience, analyse site traffic, and assist with marketing efforts. Cookies are small text files placed on your device when you visit a website.
For detailed information about the types of cookies we use, their purpose, and how to manage your preferences, please refer to our Cookie Policy.
8. Your Rights
Under the Personal Data Protection Act 2010, you have the following rights regarding your personal data:
Right of Access
You may request a copy of the personal data we hold about you. We will respond within 21 days of receiving your written request along with any applicable fee as permitted by law.
Right to Correction
If you believe any data we hold about you is inaccurate or incomplete, you may request that we correct or update it.
Right to Withdraw Consent
Where we process your data based on consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing carried out before your withdrawal.
Right to Restrict Processing
You may request that we limit the processing of your personal data in certain circumstances, such as where you contest the accuracy of your data.
Right to Lodge a Complaint
If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia.
To exercise any of these rights, please contact us at [email protected]. We will process your request promptly and in accordance with applicable law.
9. Third-Party Links
Our website may contain links to external sites that are not operated by Qynnex. We have no control over the content or privacy practices of these sites and accept no responsibility for them. We encourage you to review the privacy policies of any third-party website you visit through links on our site.
10. Children's Privacy
Our services are designed for businesses and professionals aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently gathered data from a minor, we will take steps to delete it without undue delay.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information.
12. Contact Us
If you have questions, concerns, or wish to exercise your data rights, please contact our data protection team: