Privacy Policy
Cerdik Labs is committed to handling your personal data with care and transparency. This policy describes how we collect, use, store, and protect information you share with us when engaging with our services, website, or communications.
We operate in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. If you have any questions about how your data is handled, we encourage you to reach out — our contact details appear at the end of this document.
1. Data Controller
The data controller responsible for your personal information is:
Cerdik Labs
88 Persiaran Gurney, 10250 George Town, Penang, Malaysia
Email: [email protected]
Phone: +60 3-9284 6751
2. Information We Collect
We collect personal data only when there is a clear reason to do so. The categories we may collect include:
Identity and Contact Information
Full name, job title, organisation name, email address, and telephone number — provided when you submit an enquiry or engage our services.
Communication Data
Messages you send via our contact form, email correspondence, and any feedback you provide about our services.
Usage and Analytics Data
Anonymous browsing behaviour on our website, including pages visited, session duration, and referral source — collected via analytics cookies with your consent.
Cookie Data
Technical information stored on your device to manage session functionality and, where consented, to understand how visitors interact with our site. See our Cookie Policy for full details.
3. Legal Basis for Processing
Under the PDPA 2010, we process personal data on one or more of the following bases:
- Consent: When you voluntarily submit your information through our website forms or opt in to communications.
- Contractual necessity: When processing is required to deliver services you have engaged us for.
- Legitimate interests: When processing is reasonably necessary to manage our business operations, provided your interests are not overridden.
- Legal obligation: When we are required to process data to comply with applicable Malaysian law or regulation.
4. How We Use Your Information
We use personal data for the following purposes:
Responding to enquiries
To respond to messages you send through our contact form or email.
Service delivery
To deliver consulting, training, and technical services you have engaged.
Service communications
Relevant updates, session scheduling, and delivery materials.
Website improvement
Anonymous analytics to understand how visitors use our site and improve content.
Legal compliance
To fulfil obligations under Malaysian law, including record-keeping requirements.
Relevant updates (optional)
Occasional thought leadership or news — only with your explicit consent and easy opt-out.
5. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law:
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 2 years from last contact |
| Client service records | 7 years (statutory requirement) |
| Analytics data (anonymised) | 26 months (standard analytics cycle) |
| Marketing consent records | Until consent is withdrawn |
| Cookie preferences | 12 months from consent |
After the retention period, data is securely deleted or anonymised so it can no longer be attributed to any individual.
6. Data Sharing and Third Parties
We do not sell or rent your personal data. We may share data with trusted service providers who assist in delivering our services, subject to appropriate data processing agreements. These include:
- Cloud infrastructure providers — for hosting and secure data storage, operating under data processing agreements.
- Analytics platforms — anonymised website usage data to understand site performance (e.g. Google Analytics).
- Email service providers — for delivering communications you have requested or consented to.
We may also disclose data where required by Malaysian law, court order, or regulatory authority.
7. Data Security
We take the security of your personal data seriously and have implemented reasonable technical and organisational measures to protect it from unauthorised access, loss, or disclosure:
- TLS/SSL encryption for all data transmitted via our website.
- Access controls limiting data access to authorised personnel only.
- Regular reviews of data handling practices and security posture.
- In the event of a data breach affecting your rights, we will notify you and relevant authorities as required under Malaysian law.
8. Cookies
Our website uses cookies to manage essential site functions and, with your consent, to understand how visitors use our site. You can manage your cookie preferences at any time. For full details, please read our Cookie Policy.
9. Your Rights
Under the PDPA 2010 and applicable data protection principles, you have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data where there is no longer a lawful basis for retention.
Right to Object
Object to processing where we rely on legitimate interests as the legal basis.
Right to Data Portability
Receive your data in a structured, machine-readable format where technically feasible.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent, without affecting prior processing.
To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days. You also have the right to lodge a complaint with the Department of Personal Data Protection Malaysia if you believe your data has been mishandled.
10. Children's Privacy
Our services are intended for business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected].
11. External Links
Our website may include links to third-party websites, tools, or resources. Cerdik Labs is not responsible for the privacy practices of those external sites and encourages you to review their respective privacy policies before providing any personal information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will revise the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website following any changes constitutes acceptance of the revised policy.
13. Contact for Privacy Matters
For any questions, concerns, or requests related to your personal data, please reach out to us:
Cerdik Labs
88 Persiaran Gurney, 10250 George Town, Penang, Malaysia
+60 3-9284 6751