This Privacy Policy (“Policy”) describes how we collect, use, disclose, and protect personal data in

accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

We may collect personal data including but not limitedto:

· Full Name

· Contact details (phone number, email address)

· Identification details where required for verification

· Payment and transaction-related information

· System usage data, device data, service activity logs

· Location-based information where relevant to service delivery

We collect personal data through:

· Direct interactions (account registration, service usage, support enquiries)

· Automated technologies (system logs, device data, analytics tools)

· Third-party service providers supporting our operations

Personal data is collected and processed for:

· Providing, operating, and improving our services

· Processing payment, transactions, and billing

· Account creation, authentication, and user support

· Communication regarding service updates, alerts, or notices

· Compliance with statutory, regulatory, audit, and security requirements

· Internal analytics, reporting, and fraud-prevention activities

Personal data may be disclosed to:

· Authorized service providers, operators, and business partners

· Payment gateway providers, banks, and financial institutions

· IT vendors and cloud or technology service providers

· Regulatory bodies, government agencies, or law enforcement when required by law

· Business transferees in the event of corporate restructuring, merger, or acquisition

1.5.1 General Confidentiality Commitment

We are committed to safeguarding the confidentiality of all personal information entrusted to us. All personal data collected is handled in accordance with this Policy and the PDPA.

If a user is unable to communicate essential personal information to the appropriate authorities during an emergency or critical incident, we may, at our sole discretion, disclose necessary details such as name, contact number, or other relevant information to authorised personnel.

If we receive a subpoena, court order, or legally binding request from regulatory authorities, we will disclose the required information in accordance with applicable laws.

We may share aggregated or anonymised information for analytics, reporting, or operational purposes, provided that no individual can be personally identified.

Personal data may be shared with third parties only when the user provides explicit consent (e.g., surveys, studies, or partner programs).

Any third party engaged to process personal data on our behalf is contractually obligated to maintain confidentiality and handle the data only for authorised purposes.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, and operational requirements. Upon expiry of the retention period, personal data will be securely deleted, anonymised, or archived in accordance with applicable regulations.

Personal data may be processed and stored in Malaysia or in other jurisdictions where we or our authorised service providers operate. In such cases, we ensure that reasonable safeguards and data protection measures are applied to maintain the security and integrity of the data.

We implement administrative, technical, and organisational security measures designed to protect personal data against unauthorised access, disclosure, misuse, alteration, loss, or destruction. These measures are consistent with industry standards and regulatory expectations, and include (but are not limited to):

· Access controls and user authentication

· Data encryption and secure transmission protocols

· System monitoring and intrusion detection

· Regular security assessments and vulnerability reviews

· Staff confidentiality obligations and data protection training

While we strive to protect all personal data, no method of electronic storage or transmission is completely secure. Accordingly, we cannot guarantee absolute security; however, we commit to taking reasonable and appropriate measures to safeguard all personal information entrusted to us.

Under the Personal Data Protection Act 2010, you have the right to:

· Request access to your personal data

· Request correction of inaccurate or incomplete data

· Withdraw consent for processing (subject to contractual or legal limitations)

· Request deletion of personal data where legally applicable

Requests relating to your personal data may be submitted using the contact information provided below.

We may update this Privacy Policy due to business, legal, or regulatory changes. We will notify users of significant changes by updating the effective date and posting the revised policy.

STRAITS ALLIANCE TECHNOLOGY SDN. BHD.

Email: marketing@f4stcharge.com