Privacy Policy

Who we are

This Privacy Policy is issued by Veydo Technology (legal entity name: VEYDO TECHNOLOGY; company registration no.: 202503080991 (CA0400715-V)) (“Veydo”, “we”, “us”, “our”).

Website: https://www.veydotechnology.com
Primary privacy contact: contact@veydotechnology.com

Plain-English summary: This explains what personal data we collect, why we collect it, how we use it, and what rights you have.

Scope

This Privacy Policy applies to personal data we collect when you: (a) browse or interact with our website and online pages; (b) contact us or submit forms (including enquiries, event sign-ups, or job applications if applicable); (c) receive our marketing communications; or (d) use any online portal or online services we provide.

Client projects: Where we process personal data on behalf of a business client (for example, implementing or operating systems that include client customer/employee data), the client may be the data controller and we may be the data processor. In those cases, the client's privacy notice and our contract terms (including any data processing agreement) may govern how that project data is processed.

Plain-English summary: This Policy covers website visitors and prospects. For client projects, the client's privacy notice and contracts may apply too.

Your key rights

Depending on your relationship with us and applicable law, you may have rights to: (a) request access to your personal data; (b) request correction of inaccurate/incomplete personal data; (c) withdraw consent where we rely on consent; (d) object to certain processing (for example, direct marketing or processing likely to cause damage/distress); and (e) request data portability where applicable and technically feasible.

You can exercise your rights by contacting us using the details in the “Contact and complaints” section below.

Plain-English summary: You can ask what data we have, correct it, stop marketing, withdraw consent, and (in some cases) ask us to transfer your data.

Personal data we collect

Data you provide directly

• Identity and contact data: name, job title, company, email, phone number, address (if provided).

• Enquiry and communications data: messages you send, project briefs, attachments, meeting notes, and communication history.

• Account data (if applicable): username, password (hashed), role, audit logs.

• Billing and transaction data (if applicable): billing contact details, invoice details, payment status, tax identifiers (where required).

• Marketing preferences: opt-in/opt-out records and communication preferences.

Data collected automatically

• Technical data: IP address, approximate location (derived), device/browser type, operating system, referral URLs, and logs.

• Usage data: pages viewed, time spent, clicks, interactions, and error reports.

• Cookies and similar technologies: identifiers stored on your device (see “Cookies” section).

Potentially sensitive personal data

We do not generally seek to collect sensitive personal data (e.g., health data, political opinions, religious beliefs, biometric data). If sensitive personal data is required for a specific engagement (rare), we will tell you and request explicit consent or rely on another lawful basis permitted by law.

Plain-English summary: Mostly we collect business contact details and website usage data. We try not to collect sensitive data unless a project truly needs it.

How we use personal data and our lawful basis

We process personal data for the purposes below. Where required, we obtain consent. We also process personal data where necessary for contract performance or steps requested before entering a contract, to comply with legal obligations, to protect vital interests, or for the administration of justice / functions conferred by law, as applicable.

Purpose

Examples

Typical data

Typical lawful basis

Responding to enquiries and providing proposals

Replying to contact forms; scoping calls; preparing quotations

Identity/contact; communications

Consent; steps requested before contract

Delivering professional services

Consulting; development; cloud/data platform implementation; AI solution delivery

Client contact data; project data

Contract performance; consent (where appropriate)

Website operations and security

Logging, monitoring, fraud prevention, access controls

Technical and usage data

Consent; and/or necessity for service operation and security

Marketing communications

Newsletters, insights, event invites

Identity/contact; marketing preferences

Consent; right to opt out of direct marketing at any time

Compliance and legal

Audits, responding to lawful requests, legal advice, dispute handling

Relevant records

Legal obligation; administration of justice / legal functions

Plain-English summary: We use your data to respond to you, deliver services, keep systems secure, send marketing if you agree, and comply with the law.

Disclosure of personal data

We may disclose personal data to: (a) our staff and authorised representatives who need it for their work; (b) our service providers (processors) such as hosting providers, email providers, CRM tools, analytics providers, security providers, and payment processors (if used); (c) professional advisers (lawyers, auditors, insurers) where necessary; and (d) authorities where required by law.

We do not sell personal data.

Plain-English summary: We share data only with trusted vendors, advisers, and authorities when necessary—not for sale.

Data processors and contractual controls

Where third parties process personal data for us, we require them to implement appropriate security measures and to process personal data only on our documented instructions. We may require confidentiality commitments, restrictions on sub-processing, and incident/breach notification obligations in our contracts with them.

Plain-English summary: Our vendors must protect personal data and follow our instructions.

Cross-border transfers

Some of our service providers (e.g., cloud hosting, support tools) may process personal data outside Malaysia. Where we transfer personal data outside Malaysia, we will do so only in accordance with applicable law and (where relevant) the conditions for cross-border transfer.

Where required, we will inform you through our notices about cross-border transfers and implement safeguards such as contractual commitments and risk/impact assessment.

Plain-English summary: If data goes outside Malaysia (e.g., via cloud tools), we apply safeguards and follow the legal transfer rules.

Security

We take practical steps to protect personal data against loss, misuse, unauthorised access or disclosure, alteration, or destruction. Security measures may include access controls, authentication, encryption where appropriate, logging and monitoring, network security controls, and staff training.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

Plain-English summary: We use security controls, but no system is 100% risk-free.

Data retention

We retain personal data only as long as necessary for the purposes described in this Policy, unless a longer retention period is required by law. We then delete or anonymise it, or securely store it (with restricted access) until deletion is possible.

Typical examples (to be tailored): (a) Enquiry records: up to 12 months after last interaction; (b) Marketing lists: until you opt out, then suppression records (opt-out logs) for as long as necessary to respect your preferences; (c) Client project data: per contract (often the project term + 2 years), unless the client instructs deletion/return sooner where applicable; (d) Security logs: typically 12 months unless needed for investigations.

Plain-English summary: We keep data only as long as needed, then delete or anonymise it.

Data breach notification

If we become aware of a personal data breach, we will assess the incident and take steps to contain, investigate, and remediate it. Where required, we will notify the relevant regulator and affected individuals.

Plain-English summary: If a serious data breach happens, we investigate quickly and notify authorities and affected people when required.

Cookies and similar technologies

We may use cookies and similar technologies for: (a) essential website functions; (b) remembering preferences; (c) analytics and performance measurement; and (d) marketing effectiveness (where applicable).

You can control cookies through your browser settings and (where implemented) our cookie banner/preferences tool.

Plain-English summary: Cookies help the website work and help us understand usage. You can control cookies through settings.

Marketing communications

If you opt in to marketing, we may send you updates and insights. You can opt out at any time by using the unsubscribe link or contacting us. If you opt out, we may still send non-marketing messages (e.g., service or security notices).

Plain-English summary: We send marketing only if you agree, and you can stop it anytime.

Children's data

Our Website and services are not intended for children. We do not knowingly collect personal data from individuals under 18 without appropriate consent. If you believe a child has provided us personal data, please contact us so we can take appropriate steps.

Plain-English summary: We don't target children. If a child's data is submitted, tell us and we'll address it.

Changes to this Privacy Policy

We may update this Policy from time to time. We will post the updated version on the Website and revise the “Last updated” date. Where required, we will obtain consent again (for example, if we make a material change to how we use personal data).

Contact and complaints

Contact purpose

How to contact

Notes

Privacy enquiries / rights requests

Email: contact@veydotechnology.com

Include your name, contact details, and request type.

Security incident reporting

Email: contact@veydotechnology.com

Use for suspected vulnerabilities or incidents.

If you have a complaint about how we handle personal data, please contact us first so we can try to resolve it. You may also have the right to lodge a complaint with the relevant regulator in Malaysia.

Plain-English summary: Contact us for privacy questions or requests. If needed, you can also complain to the regulator.