Privacy Policy

The data controller responsible for your personal data is:

Cortexia
6 Jalan SS 15/4, Subang Jaya, 47500 Selangor, Malaysia
Email: [email protected]
Phone: +60 3-7852 4136

We may collect the following categories of personal data:

• Identification data: name, email address, phone number — collected when you submit our contact form or enter into a project engagement.
• Communication data: correspondence, project briefs, and messages exchanged during an engagement.
• Usage data: pages visited, browser type, referring URL, and session duration — collected via analytics cookies where consent is given.
• Technical data: IP address, device type — collected automatically by our hosting infrastructure for security logging purposes.

We do not collect sensitive personal data (such as biometric or health data) through this website. Client image data provided during project engagements is handled under separate non-disclosure and data processing agreements.

Under the PDPA and applicable principles, we process your personal data on the following bases:

• Consent: when you submit our contact form or accept analytics cookies.
• Contractual necessity: when processing is required to fulfil or manage a service engagement with you.
• Legitimate interest: for security logging, fraud prevention, and improving our services, where these interests are not overridden by your rights.
• Legal obligation: where we are required by Malaysian law to retain certain records.

Personal data we collect is used for the following purposes:

• Responding to enquiries submitted via our contact form.
• Scoping, managing, and delivering project engagements.
• Sending project-related communications, updates, and documentation.
• Improving the usability of our website using aggregated, anonymised analytics data.
• Maintaining security logs for our hosting infrastructure.
• Complying with applicable legal and regulatory obligations.

We do not sell personal data to third parties. We do not use personal data for unsolicited marketing without your explicit consent.

We may share your personal data with the following categories of third parties, strictly as needed:

• Cloud infrastructure providers: for hosting and data storage (governed by their data processing agreements).
• Analytics services: where you have consented to analytics cookies, aggregated session data may be processed by providers such as Google Analytics.
• Legal and regulatory authorities: where disclosure is required by Malaysian law or a valid legal process.

All third-party processors are required to handle personal data in accordance with applicable data protection requirements.

We retain personal data for as long as is necessary for the purposes described in this policy:

• Contact form enquiries: up to 24 months from the date of submission, unless an ongoing engagement is initiated.
• Project engagement records: up to 7 years from project close, in line with standard Malaysian business record retention practice.
• Analytics data: retained in aggregated form; session-level data is not retained beyond 14 months.
• Security logs: up to 12 months.

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:

• HTTPS encryption for all data transmitted through our website.
• Access controls limiting data access to staff with a legitimate need.
• Non-disclosure agreements with all third parties who process client data on our behalf.
• Periodic review of data handling practices.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable law.

Our website uses cookies to support basic functionality and, where you have consented, to collect analytics data. For a full explanation of the cookies we use and how to manage your preferences, please see our Cookie Policy.

Under the PDPA and applicable data protection principles, you have the following rights in relation to your personal data:

• Right of access: to request a copy of personal data we hold about you.
• Right of correction: to request that inaccurate or incomplete data be corrected.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to object: to object to processing based on legitimate interest where your rights and freedoms override those interests.
• Right to complain: to lodge a complaint with the Personal Data Protection Commissioner of Malaysia if you believe your rights have been violated.

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days.

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

Our services are intended for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that such data has been collected, we will delete it promptly.

We may update this Privacy Policy from time to time. When changes are made, the "Last Updated" date at the top of this page will be revised. Continued use of our website after changes are published constitutes acceptance of the updated policy. For material changes, we will make reasonable efforts to notify affected individuals directly.

For any questions, requests, or concerns relating to this Privacy Policy or our handling of personal data, please contact:

Cortexia — Data Privacy
6 Jalan SS 15/4, Subang Jaya, 47500 Selangor, Malaysia
Email: [email protected]