T
Thoughtium Contact Us
Legal

Privacy Policy

Last Updated: 28 March 2026  ·  Effective: 28 March 2026

1. Introduction

Thoughtium ("we", "us", "our") is committed to handling personal data responsibly and in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). This Privacy Policy explains what data we collect, how we use it, and the rights you have regarding your personal information.

This policy applies to all visitors to our website at thoughtiumi.info and to individuals who contact us or engage our services. If you have questions about this policy, contact us at [email protected].

2. Data We Collect

We collect personal data in the following ways:

  • Contact form submissions — name, email address, phone number (optional), and message content.
  • Email and telephone enquiries — contact details you provide when reaching out to us directly.
  • Project engagements — business contact information, project data, and related materials shared during an engagement.
  • Website analytics — usage data collected through analytics tools (page views, sessions, referral sources) where consent is given.
  • Cookies — see our Cookie Policy for details.

We collect only the personal data necessary for the purpose stated at the time of collection. We do not collect sensitive personal data unless expressly required and consented to.

3. Legal Basis for Processing

We process personal data on the following legal bases under Malaysia's PDPA 2010:

  • Consent — for marketing communications and optional analytics. You may withdraw consent at any time.
  • Contractual necessity — to fulfil service engagements you have entered into with us.
  • Legitimate interests — to respond to enquiries, maintain records, and improve our services, where these interests are not overridden by your rights.
  • Legal obligation — where processing is required by applicable law or regulation.

4. How We Use Your Data

  • To respond to enquiries submitted via the contact form or email.
  • To scope, deliver, and support service engagements.
  • To send project-related communications.
  • To improve our website and services through aggregated, anonymised analytics.
  • To comply with legal obligations applicable to our business.

We do not use your personal data for unsolicited marketing communications unless you have expressly opted in. We do not sell or rent personal data to third parties.

5. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

  • Contact enquiries — retained for up to 12 months, or until the matter is resolved.
  • Engagement data — retained for the duration of the engagement and deleted within 30 days of project delivery, unless otherwise agreed in writing.
  • Financial and contractual records — retained for 7 years as required under Malaysian commercial law.
  • Analytics data — retained in aggregated form; session-level data is not retained beyond 26 months.

6. Data Security

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, and destruction. These include:

  • Encryption of data in transit using TLS.
  • Access controls limiting data access to personnel with a legitimate need.
  • Mutual non-disclosure agreements with clients before any project data is shared.
  • Secure deletion of project data after delivery unless retention is agreed.

In the event of a data breach that poses a risk to individuals, we will notify affected parties and relevant authorities in accordance with applicable obligations.

7. Cookies

Our website uses cookies to understand usage patterns and improve your experience. We use essential cookies (always active), and optional analytics and preference cookies that require your consent. See our Cookie Policy for a full description of cookies used and how to manage your preferences.

8. Third-Party Services

We may use third-party services that process data on our behalf, including web analytics providers and cloud infrastructure services. These providers act as data processors under our instruction and are bound by appropriate data protection obligations. We do not share personal data with third parties for their own marketing purposes.

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies directly.

9. Your Rights

Under Malaysia's PDPA 2010 and applicable data protection principles, you have the following rights:

  • Right of access — to request a copy of personal data we hold about you.
  • Right of correction — to request correction of inaccurate or incomplete data.
  • Right to withdraw consent — where processing is based on consent, you may withdraw at any time without affecting prior processing.
  • Right to prevent processing — to request that we stop processing your data for specified purposes, subject to legal requirements.
  • Right to erasure — to request deletion of personal data where no legitimate basis for retention exists.

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.

10. Children's Privacy

Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted personal data to us, please contact us at [email protected] so we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Material changes will be indicated by an updated "Last Updated" date at the top of this page. We encourage you to review this policy from time to time.

12. Contact Information

For privacy-related enquiries, requests, or complaints, contact us at:

  • Email: [email protected]
  • Address: Thoughtium, 27 Jalan Dewan Sultan Sulaiman, 50300 Kuala Lumpur, Malaysia
  • Phone: +60 3-2539 8174

If you are not satisfied with our response, you may lodge a complaint with Malaysia's Department of Personal Data Protection (JPDP) at pdp.gov.my.