Malaysia’s Personal Data Protection Act 2010 (PDPA) Compliance
QCODE.MY is committed to protecting the personal data of our users and ensuring transparency in our data processing practices. This Agreement is designed to ensure compliance with Malaysia’s Personal Data Protection Act 2010 (PDPA 2010) as amended by the Personal Data Protection (Amendment) Act 2024 (PDPA 2024) and outlines how QCODE.MY ("Data Processor") processes and secures your data. By using QCODE.MY platform, you ("Client" or "Data Controller") agree to the terms outlined in this Data Processing Agreement ("Agreement").
1. Definitions and Interpretation
1.1 "Act" refers to the Personal Data Protection Act 2010 (PDPA) as enforced in Malaysia, including any subsidiary legislation.
1.2 "Personal Data" means any information as defined under Section 4 of the Act, relating to an identified or identifiable individual.
1.3 "Processing" means any operation or activity performed on Personal Data, including collection, recording, organizing, storing, using, transferring or deleting the data.
1.4 "Data Processor" refers to iMOOLAH NETWORK, including its subsidiary QCODE.MY SaaS (software-as-a-service) platform.
1.4 "Data Subject" refers to the individual to whom the Personal Data belongs.
1.5 "Services" refers to the services provided by iMOOLAH NETWORK, including QCODE.MY offering leads forms for processing data, data analysis tools and other related functionalities.
2. Data Processor
QCODE.MY platform acts as a Data Processor, processing personal data on behalf of Data Controllers. We process data strictly according to the documented instructions of the Data Controller and do not determine the purposes or means of the processing.
3. Personal Data Collected
Data Processor collects the following types of personal data:
**Contact Information: Email addresses and names provided during registration or support requests.
**QR Code Data: Data embedded within the QR codes generated by users, which may include personal or sensitive information depending on the user's application.
**Usage Data: Information on how users interact with our website, including IP addresses, browser type and pages visited.
**Other Data: Any other personal data provided to us by the Data Controller for processing.
4. Purpose and Scope of Processing
4.1 Data Processor agrees to process Personal Data solely for the purpose of providing the Services outlined and in compliance with the PDPA.
4.2 Processing activities shall be limited to only those explicitly required to fulfill the obligations outlined in this Agreement.
5. Obligations of Data Controller
5.1 Data Controller determines the purpose and legal basis for the collection and processing of Personal Data.
5.2 Data Controller shall ensure that:
**Personal Data is processed in compliance with the PDPA.
**Proper and valid consent has been obtained from Data Subjects before their Personal Data is collected.
**Accurate information about the processing, retention, use and disclosure of Personal Data is provided to Data Subjects.
**Accurate and lawful instructions are provided to the Data Processor regarding the processing of Personal Data.
5.3 Data Controller retains full responsibility for the accuracy, quality and legality of Personal Data provided to the Processor.
6. Obligations of Data Processor
6.1 Data Processor shall:
**Process Personal Data strictly according to Data Controller's instructions and for no other purpose.
**Apply measures to ensure the confidentiality, integrity, availability and resilience of Personal Data processed.
6.2 Data Processor acknowledges that it must comply with the provisions of the PDPA, particularly Section 9 of the Security Principle and other relevant principles.
6.3 Data Processor shall assist Data Controller in enabling the rights of Data Subjects under the PDPA.
7. Security Measures
7.1 Data Processor shall implement and maintain appropriate technical and organizational measures to protect Personal Data against unauthorized or accidental loss, destruction or access, including:
**Encryption for transferring sensitive information.
**Secure data storage mechanisms.
**Role-based access control for employees accessing Personal Data.
**Regular penetration testing and vulnerability assessments.
7.2 Data Processor shall report any data breaches affecting Personal Data to Data Controller within 72 hours of discovery.
8. Subprocessors
8.1 Data Controller authorizes Data Processor to use subprocessors for the performance of the Services, provided that:
**Data Processor notifies Data Controller of any intended changes concerning subprocessors.
**Each subprocessor enters into a written agreement with Data Processor, binding it to terms equivalent to this Agreement in terms of data processing and security requirements.
9. Data Retention and Deletion
9.1 Personal Data shall not be retained for longer than necessary to fulfil the purposes outlined in this Agreement.
9.2 Once the Services have been terminated or upon request by Data Controller, Data Processor shall:
**Thoroughly delete or anonymize all Personal Data from its systems.
10. Cross-Border Data Transfers
10.1 Data Processor shall not transfer Personal Data outside Malaysia unless:
**The transfer complies with Section 129 of the Act.
**Data Controller provides explicit written consent for the transfer.
11. Assistance with Data Subject Rights
11.1 Data Processor shall assist Data Controller in responding to requests received from Data Subjects related to their rights under the PDPA, including requests for:
**Access to their Personal Data.
**Correction or deletion of their Personal Data.
12. Indemnification
12.1 Each Party agrees to indemnify and hold the other harmless against any direct claims, penalties or damages arising from its failure to comply with the terms of this Agreement and the provisions of the PDPA.
13. Limitation of Liability
13.1 Data Processor's liability arising under this Agreement shall be limited to total fees received for the Services.
13.2 Data Processor shall not be held liable for issues arising from Data Controller-provided unlawful instructions or Data Controller's failure to obtain proper consent from Data Subjects.
14. Governing Law
14.1 This Agreement shall be governed and construed in accordance with the laws of Malaysia, as outlined in the PDPA.
14.2 In the event of a dispute, the Parties agree to attempt resolution through negotiation before resorting to legal remedies.
15. Termination
15.1 This Agreement shall terminate automatically upon the expiry of the Services Agreement between Data Controller and Data Processor.
15.2 Either Party may terminate this Agreement with 30 days online notice.
16. Miscellaneous
16.1 This Agreement constitutes the entire agreement between the Parties regarding the processing of Personal Data and supersedes any prior discussions or agreements.
16.2 Any amendments must be mutually agreed in writing.
16.3 Notices between Parties should occur in the manner as defined by email.
17. Consent
By using QCODE.MY platform, you consent to the collection and processing of your personal data as described in this Data Processing Agreement. If you do not agree with any part of this Agreement, you should immediately stop using the Services.
18. Agreement to Terms
By using QCODE.MY platform, you acknowledge and agree to the terms of this Data Processing Agreement. If you do not agree with any part of this Agreement, you should immediately stop using the Services.
More Verification
For any questions or concerns regarding Legal Policies & Disclaimers, please click the buttons here ->