Privacy Policy · KOPIT — PDPA 2010 Compliant

§ 01

Who we are

KOPIT — Koperasi Usahawan Informasi Teknologi Malaysia Berhad — is a registered cooperative under Suruhanjaya Koperasi Malaysia (SKM), headquartered in Malaysia. Cooperative Registration No. [Cooperative Registration No. — to be inserted].

When you visit our website, fill out a contact form, apply for membership, or engage with any of our seven divisions (Bijak AI, Hijau Energy, Rantai Blockchain, Wira Digital, Dana Sejahtera, Angkasa Build, Arif Advisory), you trust us with your personal data. This policy explains exactly what we do with that trust.

This policy complies with Malaysia's Personal Data Protection Act 2010 (PDPA) — specifically Sections 6, 7, 8, 12, and 30, alongside the Cooperative Societies Act 1993.

§ 02

What data we collect

We only collect what we need to operate the cooperative, deliver projects, and respond to inquiries — never more. Here's exactly what we ask for, and why.

CONTACT FORMS

Name, email, phone, organisation, message content. Used to respond to your inquiry.

MEMBER APPLICATIONS

Full name, IC number, address, bank details, employment information. Required by SKM under cooperative law.

ANALYTICS

Anonymous page views, browser type, country. No personal identifiers stored.

NEWSLETTER

Email address only — strict opt-in. Unsubscribe anytime.

For project-specific engagements (e.g. division consulting, infrastructure projects), additional information may be collected under a separate written agreement.

§ 03

How we use your data

Your data is used strictly for the purposes you provided it for, and for legitimate cooperative operations.

①
Responding to inquiries — answering your contact form messages and division inquiries.
②
Membership operations — processing applications, managing dividends, sending statutory notices.
③
Project delivery — coordinating cooperative projects you've engaged with us on.
④
Compliance & governance — meeting our legal obligations under SKM, PDPA, and tax law.
⑤
Improving our services — analyzing anonymised website usage to improve user experience.

We never sell your data. We never share it for marketing purposes. We never use it for purposes you didn't agree to.

§ 04

How we protect your data

KOPIT applies industry-standard technical and organisational safeguards:

①
Encryption in transit — all data submitted via our website uses HTTPS/TLS encryption.
②
Access controls — only authorised KOPIT officers and staff with legitimate need can access member data.
③
Retention limits — data is kept only as long as needed for the purpose collected, or as required by law.
④
Breach notification — in the event of a data breach, affected members will be notified in accordance with PDPA requirements.

§ 05

Your rights under PDPA

Malaysian law gives you specific rights over your personal data. KOPIT respects every one of them.

①
Right of access — request a copy of all data we hold about you.
②
Right to correct — ask us to fix inaccurate or outdated information.
③
Right to withdraw consent — change your mind about how we use your data, anytime.
④
Right to limit processing — restrict how we use your data while a dispute is being resolved.
⑤
Right to lodge a complaint — with the Personal Data Protection Commissioner of Malaysia.

To exercise any of these rights, email dpo@kopit.com.my. We respond within 21 business days as required by PDPA.

§ 06

Cookies & analytics

Our website uses minimal cookies — only what's essential for the site to function (e.g. language preference, session continuity). We may use anonymous analytics in future to understand visitor behaviour, but never personally identify you.

You can disable cookies in your browser settings. Doing so may affect some site functionality but will not prevent you from accessing public information.

If we add full analytics tracking in future, we'll update this section and notify members. No tracking is added silently.

§ 07

When we share data with third parties

We share your data with third parties only in these specific cases:

①
With your explicit consent — for example, when you ask us to refer you to a partner organisation.
②
Legal requirements — when ordered by Malaysian courts, regulators (SKM, BNM, IRB), or law enforcement.
③
Trusted service providers — payment processors, cloud hosting, email delivery — all bound by data processing agreements.
④
Cooperative operations — sharing required for cooperative governance (auditors, legal counsel, insurers) under strict confidentiality.

We do not sell, rent, or trade your personal data to anyone, ever.

§ 08

Children's data

KOPIT's services are not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted information to us, please contact our DPO and we will delete it promptly.

§ 09

Cross-border data transfers

Your personal data is primarily stored and processed in Malaysia. Where we use international cloud services (e.g. for email or website hosting), we ensure those providers offer protection equivalent to PDPA standards.

Any cross-border transfer to a non-PDPA-equivalent jurisdiction will only happen with your explicit consent or under one of the lawful exceptions in PDPA Section 129.

§ 10

Updates to this policy

We may update this Privacy Policy from time to time. When we do:

①
The version number and effective date at the top will change.
②
Material changes will be communicated to members via email and notice on the website.
③
Continued use of our services after the effective date constitutes acceptance.

§ 11

Contact our Data Protection Officer

For any data privacy question, request, or concern, reach out to our DPO directly.

Data Protection Officer

For PDPA requests, data access, corrections, or breach reports.

dpo@kopit.com.my