Privacy Policy

Taqyid attaches great importance to the protection of your personal data. This policy explains how we collect, use and protect your information in accordance with the EU General Data Protection Regulation (GDPR) and the Malaysian Personal Data Protection Act 2010 (PDPA), as amended in 2024–2025.

1. Data controller

The data controller is Taqyid, contactable at contact@taqyid.com. A Data Protection Officer (DPO) is appointed to oversee compliance with GDPR and PDPA.

2. Data we collect

We collect only the data necessary when you register for the beta:

• Full name
• Professional email address
• Company name
• Your role in the company
• Browsing and usage data (anonymised analytics cookies)

We do not intentionally collect sensitive personal data (such as racial or ethnic origin, religious beliefs, biometric data, health data, or political opinions).

3. Purposes of processing

Your data is used to:

• Manage your registration to the private beta
• Provide and administer access to the platform
• Communicate with you about the service
• Improve our services, features and user experience
• Produce anonymised usage and performance statistics

4. Legal basis

The processing of your data is based on:

• Your consent when registering for the beta
• Taqyid's legitimate interest in operating, securing and improving the service
• Performance of a contract for the provision and administration of the service
• Compliance with legal obligations under GDPR and PDPA where applicable

5. Data retention period

Your data is retained for the following periods:

• Beta registrations: 3 years after the last interaction
• Active customers: contract duration + 5 years (for legal and accounting obligations)
• Analytics cookies: maximum 13 months

6. Data recipients

Your data may be shared with:

• Taqyid internal team: authorised staff only, on a need-to-know basis
• Technical providers: hosting, email delivery and analytics service providers

All processors are contractually required to comply with confidentiality, security, and data protection obligations aligned with GDPR and PDPA. Your data is not sold to third parties and is not used for behavioural advertising.

7. Your rights (GDPR & PDPA)

Under GDPR and, where applicable, PDPA, you have the following rights:

• Right of access: obtain confirmation and a copy of your personal data
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request deletion of your data where legally permitted
• Right to restriction: request limitation of processing in certain cases
• Right to data portability: receive your data in a structured, commonly used and machine-readable format and have it transmitted to another controller where technically feasible, in line with PDPA requirements
• Right to object: object to certain types of processing based on legitimate interest
• Right to withdraw consent: withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

To exercise these rights, please contact our DPO at: dpo@taqyid.com.

We aim to respond to requests within a maximum of 21 days, in line with GDPR and PDPA expectations.

You also have the right to lodge a complaint with your competent data protection authority (for example, an EU supervisory authority) and/or the Personal Data Protection Department of Malaysia (PDPD).

8. Data security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration or disclosure, including:

• TLS/SSL encryption for data in transit
• Secure hosting compliant with GDPR and PDPA requirements
• Strict internal access control and role-based permissions
• Regular encrypted backups
• Periodic security reviews and monitoring

9. Cookies

We use cookies to operate the platform and improve your experience. You can disable non-essential cookies in your browser settings or via the consent banner. Types of cookies used:

• Essential cookies: necessary for the website and platform to function properly
• Analytics cookies: anonymised usage statistics, activated only with your consent

10. International transfers

Some of our service providers may process data outside your country of residence and outside the EU. In such cases, we implement appropriate safeguards (such as Standard Contractual Clauses and equivalent contractual protections) to ensure a level of protection consistent with GDPR and PDPA requirements.

11. Data breach notification

In the event of a personal data breach that is likely to result in a significant risk to your rights and freedoms, Taqyid will notify the competent data protection authority within 72 hours of becoming aware of the breach and will inform affected individuals without undue delay, in accordance with GDPR and PDPA obligations.

12. Changes to this policy

This policy may be updated from time to time. The date of the last update is shown at the top of this page. We will inform you in advance of any material changes that impact the way your data is processed.