Privacy Policy

Last Updated: 10 April 2025  ·  Effective Date: 10 April 2025

Synthrex ("we", "us", "our") is committed to handling your personal data with care and transparency. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it. It applies to visitors of our website at synthrexe.site and parties who engage with our services.

Our practices are consistent with Malaysia's Personal Data Protection Act 2010 (PDPA). If you have questions about this policy or your data, contact us at [email protected].

1. Who We Are

The data controller for personal data processed in connection with this website and our services is:

Synthrex
51 Jalan Semantan, Damansara Heights, 50490 Kuala Lumpur, Wilayah Persekutuan
Email: [email protected]
Phone: +60 3-2051 8473

2. Data We Collect

Information you provide directly

• Your name and contact details (email address, phone number) when you submit our contact form
• The content of messages you send to us
• Business-related context you share during scoping conversations or engagements

Information collected automatically

• IP address and browser type when you visit our website
• Pages visited and time spent on the site (via analytics cookies, if consented)
• Referral source (how you arrived at our website)

We do not collect payment card information directly — any billing is handled through separate, secure channels agreed with clients.

3. How We Use Your Data

• To respond to enquiries and communicate about potential or ongoing engagements
• To send service-related communications (scope documents, updates, invoices)
• To improve our website based on usage patterns (analytics, with consent)
• To comply with legal and regulatory obligations
• To manage our business relationship with you over time

We do not use your personal data for automated profiling or decisions that affect you legally. We do not sell or share your data with third parties for their own marketing purposes.

4. Legal Basis for Processing

Under Malaysia's PDPA, we process your personal data on the following bases:

• Consent: When you submit our contact form or accept analytics cookies
• Contractual necessity: When processing is required to fulfil a service engagement
• Legitimate interests: To manage and improve our business operations, where not overridden by your rights
• Legal obligation: Where processing is required by law

5. Data Retention

We retain personal data for as long as is necessary to fulfil the purpose for which it was collected, or as required by law:

• Enquiry and contact form data: up to 24 months from last contact
• Client engagement data: up to 7 years from engagement close (for accounting and legal compliance)
• Analytics data: up to 26 months from collection

After retention periods expire, data is securely deleted or anonymised.

6. Third-Party Services

We use a limited number of third-party services that may process data on our behalf:

• Analytics: To understand website usage (only with your consent to analytics cookies)
• Email services: For sending and receiving business communications
• Cloud storage: For secure storage of engagement documents and correspondence

All third-party processors are required to handle data in accordance with applicable privacy law and our instructions. We do not use advertising networks or tracking for marketing retargeting.

7. Cookies

We use cookies on our website. Essential cookies are necessary for the site to function and cannot be disabled. Optional cookies (analytics and preferences) are only set with your explicit consent. For full details, see our Cookie Policy.

8. Data Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, or loss:

• Encrypted data transfer (HTTPS/TLS)
• Access controls restricted to named individuals
• Regular review of data handling practices
• Incident response procedures for any potential breach

If we become aware of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by law.

9. Your Rights

Under Malaysia's PDPA and applicable privacy law, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data (subject to legal retention requirements)
• Object to processing based on legitimate interests
• Withdraw consent where processing is based on consent
• Lodge a complaint with Malaysia's Department of Personal Data Protection

To exercise any of these rights, contact [email protected]. We will respond within 21 days.

10. International Transfers

Where personal data is transferred outside Malaysia (for example, via cloud services with overseas infrastructure), we ensure that appropriate safeguards are in place consistent with the PDPA's requirements for cross-border transfers.

11. Children's Privacy

Our services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data to us, please contact us and we will remove it promptly.

12. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date at the top of this page. Continued use of our website after changes are posted constitutes acceptance of the updated policy.

14. Contact

For any privacy-related questions or requests:

Synthrex
51 Jalan Semantan, Damansara Heights, 50490 Kuala Lumpur
Email: [email protected]
Phone: +60 3-2051 8473