Privacy Notice

Updated as at March 26, 2024.

We do not sell your data to third-parties. All data collected will be accessed strictly within the purview of im*PACT platform to enhance our services to you.

The use of your data shall be guided by the principle that personal, identifying data shall never be divulged to any party except when expressly permitted by you.

Your privacy is extremely important to us. To better protect you, we provide this privacy notice (“Privacy Notice”) outlining how we collect, use, and store your Personal Data (as defined hereunder) in accordance with the laws of Malaysia including but not limited to PDPA (as defined hereunder) and also with the law of other countries.

Please read this Privacy Notice carefully to understand how we process the Personal Data we may collect from you and the categories of Personal Data we process in connection with your use of our Services including but not limited to our website available at www.imstar.io (“Website”) as well as for our software-as-a-service offering known as im*PACT (“Service”, “Services”).

By subscribing to our Services, using our Services, or creating/registering an account with us, you consent to the practices described in this Privacy Notice. By providing your Personal Data to us, you hereby consent and agree to the provisions of this Privacy Notice and the processing of your Personal Data as described in this Privacy Notice.

Please note that Mykongsi (the “Company”) reserves the right to amend this Privacy Notice from time to time. You are advised to periodically review the latest version of this Privacy Notice, as the version of our Privacy Notice which is currently displayed on our Services takes precedence over all previous versions of our Privacy Notice.

If you do not agree to our use of your Personal Data in line with this policy, please do not use the im*PACT services.

1. General

1.1 Governing Law. During the use of our Services, the Company will collect and use your Personal Data for the Purposes as set out in paragraph 3.2 below in accordance with laws of Malaysia (including the Personal Data Protection Act 2010 (“PDPA”)), this Privacy Notice and/or any privacy terms in any agreement(s) that you may have or will enter into with the Company.

1.2 Third-party Consent. In the event you may need to provide us with Personal Data relating to third parties (for example about your co-workers, spouse or children or where you are the designated person in charge (from an organisation or company) for dealing with us, where you are acquiring and are responsible for Services that they will use), you confirm that you have (i) obtained their consent or otherwise are entitled to provide their Personal Data to us and for us to process accordingly, and (ii) informed them to read this Privacy Notice available in our Services web-site.

1.3 Definitions. For the purposes of this Privacy Notice, please note that:
• “Mykongsi Sdn Bhd”, “the Company” “us”, “our” or “we” shall mean Mykongsi Sdn Bhd (Company No. 202101039178/1439478-A.
• “PDPA” shall mean Personal Data Protection Act 2010 (Act 709) and all subsidiary legislation, regulations, and/or orders made thereunder and as may be supplemented/amended from time to time and any guidelines and/or directives issued by any relevant authority.
• “Personal Data” shall mean any information related to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• “Processing” shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “Services” shall mean the Website, the Applications, products, services, software, amenities and/or facilities provided by us.

2. What Data Do We Collect?

The types of Personal Data We May Collect Are:

• Identification details: the service generally accepts anonymised identification, except for cases where financial-related transactions require specific data such as address, card numbers, names, and other contact numbers;

Note: individual identification & payment instrument data are never stored on our servers, as these are managed by distinct providers who are certified for the PCI DSS data security standard for processing financial transactions.

Please be aware that within the confines of the workspace e.g. a company, members will know the identity of the pseudonyms by way of interactions over time.

• Contact information via the communication channel you have used to contact us or have chosen to provide us with, such as your email address or a social media single-sign-on account, including the contents of the communication such as feedbacks, complaints, questions and comments;
• Profile Details: IDs assigned by us, such as user account ID, profile picture and other relevant information;
• Psychometric/behavioral data like Johari Window, and a simplified DISC for the assessment of strengths and enhancing team dynamics;
• Individual performance statistics;
• The status of Services that you have purchased/acquired/subscribed/registered from the Company;
• How you use the Services provided by us including the information you provide when you apply for any of our Services;
• Location details: Information that the Service from obtain from your device, upon your permission, when you are required to check-in to the app from your location;
• Devices details: the information of your mobile device or any device that has downloaded our Application such as device model, unique device identifier (such as IMEI, Android ID / IDFA /OPENUDID /GUID/ IMSI information), device MAC address, operating system type and model, screen resolution, telecommunication operator, software installation list, software version number, system language, biometric information and location tracking and GPS information of your mobile device and any other relevant information;
• Information you will provide when you interact with our Products and/or Services such as information related to the availability, use of, or access to Services and features, including calendar entries, contact numbers, information requests, service activation requests, usage data and any other relevant information;
• Transaction data such as details about your projects, tasks, milestones, risk logs;
• Business data such as orders and payments and other details of Products and/or Services related to you (if applicable);
• Payment related information such as payment method, card details, bank account details, credit card details, payment details and any other relevant information (such data may also be collected directly by our related corporations and/or third-party payment service providers) (if applicable);
• Personal Data which we may optionally obtain from Credit Reference Agencies and Fraud Prevention Agencies, including public (for example, defaults) and shared credit history, financial situation and financial history (if applicable); and/or
• Any other information where permitted by law and which we deem relevant to establish your personal identification and background, your financial standing and creditworthiness (wherever required and if applicable).

In order for us to deal with your inquiries, open and operate an account/facility for you and/or to generally provide you with our Products and/or Services, we may need to and/or may be required to collect, record, hold, use, disclose and store Personal Data about you.

3. Sources We Collect From

We may obtain this information from yourself and from a variety of sources, including but not limited to:

• through your relationship with us, for example information provided by you while registering an account with the Company (if applicable), when using our Services, when taking part in the Company’s customer surveys, competitions and promotions.
• through your verbal and written communications with us and/or our authorised agents.
• through any videos collected by us and/or our authorised agents.
• from third parties connected with you subject to your prior consent.
• from an analysis of the way you use and manage your account(s)/facility(ies) with us, from the transactions you make and from the payments which are made to/from your account(s)/facility(ies) (if applicable).
• from any interactions with the Company’s community platforms including but not limited to notice board, social media, the Company’s social media accounts such as Facebook, Instagram, Twitter, LinkedIn, WeChat Official Account, online forums, chat applications, and our shared internet access.
• from such other sources such as obtaining your Personal Data from public or commercial sources, including from third-party websites or Third-Party Resources where permitted by law, and/or
• from such other sources in respect of which you have given your consent to disclose such information relating to you and/or where not otherwise restricted.

4. How do we collect your data

We may obtain this information from yourself and from a variety of sources, including but not limited to:

• Personal Data may be collected from using our Services, where we may collect and temporarily store certain information about your visit for use of site management and security purposes. We collect and analyse this information because it helps us to better design the Services to suit your needs. We may also automatically collect certain information about the web content as follows:
• The internet domain name from which you access Services;
• The internet protocol (“IP”) address (a unique number for each computer connected to the internet) from which you access Services;
• The type of browser used to access our Services;
• The operating system used to access our Services;
• The date and time you access our Services;
• The Universal Resource Locators (“URLs”) or address of the pages you visit;
• Your username, if it was used to log in to the Products and/or Services; and
• If you visited this Website from another website, the URL of the forwarding site.

5. What do we use the data for?

The Personal Data will be collected and processed for, inter alia, the following purposes (collectively the “Purposes”):

• to provide you with the Services and any other purpose relating to our provision and/or your usage of said Services;
• to assess your application(s) for our Services;
• to manage our business and your relationship with us;
• to improve/develop our Services and to develop new Services;
• to notify you about benefits and changes to the features of Services; 
• to conduct marketing, offers, competitions and promotions;
• to respond to your enquiries and complaints;
• to improve the quality, efficiency and utilization of the Company’s Services; 
• to update, consolidate and improve the accuracy of our records;
• to produce data, reports and statistics which have been anonymised or aggregated in a manner that does not identify you as an individual;
• to conduct research for analytical purposes including but not limited to data mining and analysis of your interactions with us;
• to meet the disclosure requirements of any law binding on the Company;
• for audit, compliance and risk management purposes; 
• to protect or enforce our rights to recover any debt owing to us;
• to conduct any legal proceedings or in relation to any legal action;
• to prevent any unlawful act;
• to carry out any action that is required or permitted by any law, regulations and/or guidelines or comply with our legal obligations, including those under the data protection laws of Malaysia and other countries;
• to respond to any of your message(s) and/or feedback(s);
• to send you information on third party’s services and/or products which may be of interest to you;
• to assess for cyber security purposes in particular to prevent security and virus threat or issues; and/or
• to achieve any other purpose that is required or permitted by law which is, in our estimation, necessary and/or reasonable in the circumstances.

Where you have indicated your consent to receive marketing or promotional updates from the Company, you may opt-out from receiving such marketing or promotional material at any time through the “unsubscribe” option as may be provided in our marketing or promotional channels or you may contact us via the Contact Information provided in this Privacy Notice.

The Personal Data provided by you will generally be kept in a secure manner and we will exercise reasonable endeavours to implement security measures to prevent and limit any unauthorised processing of your Personal Data.

Any Personal Data which is no longer required for the Purposes will be destroyed and deleted from our record and system.

6. When do we disclose your data?

Save as set out in this section , we will generally treat your Personal Data as private and confidential and will not disclose your information to anyone. Nevertheless, you hereby acknowledge, consent and authorise us to disclose, release, disseminate and transfer the Personal Data in any of the following situations (or the parties) stipulated below:

• where you have given permission.
• where we are required or permitted to do so by law.
• where required or authorised by any order of court, tribunal or relevant authority, whether governmental or quasi-governmental with jurisdiction over the Company.
• where we are required to meet our obligations to any relevant regulatory authority.
• to any other companies, organisations, third-party service providers, strategic partners and/or authorised partners to:
• carry out services on our behalf which is ancillary and/or required for purposes of providing our Services to you; or
• help us provide services to you such as to provide customer-service, marketing, infrastructure and information-technology services, personalize our service and make it work better; or
• process payment transactions; or
• carry out fraud and credit checks, and collect debts and protect our rights and defend us and our property; or
• analyse and improve the information we hold (including about your interactions with the Services provided by us and/or our related corporations and strategic partners); or
• carry out any of the Purposes as set out in this Privacy Notice.
• our agents, employees, contractors, sub-contractors, service providers, suppliers, consultants, auditors, accountants, lawyers or advisers solely in the provision of the services to you; and/or
• to any other party where required by law to whom disclosure is, in our estimation, necessary and/or reasonable in the circumstances.

We reserve the right to transfer the hosting and processing of your data to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of the Company or any of its Corporate Affiliates, or that portion of the Company or any of its Corporate Affiliates to which the Service relates, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding, provided that the third party agrees to adhere to the terms of this Privacy Notice.

7. Transfer of Personal Data outside of Malaysia

The Company may from time to time require the transfer of Personal Data to and from other related corporations or third parties, which may be located outside Malaysia. Therefore, you hereby expressly consent to us transferring your Personal Data to places outside Malaysia including if the transfer is to our facilities that are located outside Malaysia or if any of our strategic partners who are involved in providing part of our Services or outsourced data storage or data processing services for and on behalf of us is located outside Malaysia or has servers and/or related equipment outside Malaysia or if you use the Services from a country other than Malaysia.

8. Third-party Resources

Our Services may contain software, content, resources, websites, links, features and components that are provided by third-party; advertisement to third-party website and services; and/or any third-party products and/or services that may be provided to the users of our Services (collectively, “Third-Party Resources”). You agree and acknowledge that Third-Party Resources are not under our control and we are not responsible for the privacy practices they have. We also do not provide any express or implied guarantees for the privacy practices of Third-Party Resources. Third-Party Resources are responsible for informing you about their own privacy practices. Before submitting your Personal Data to Third-Party Resources, please read carefully and understand the privacy policies of these Third-Party Resources.

If you link, connect, or login to our service using a third party service such as Google, Facebook or Apple, you direct that service to send us information of your registration and profile as controlled by that service or authorized by you via your privacy settings at that service.

When you link our service to Google Calendar, we will ask your consent to connect your Google account, thereby providing us with access to your calendar. The calendar integration sync all your tasks to the Google Calendar.  When integrating with your Google Calendar, our service stores calendar event titles, time and attendee information.  This data is not shared with third parties and it is stored in an encrypted database.

Our service uses and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

For the avoidance of doubt, the Company shall not provide third-parties under this section with your identification or contact data without your express permission.

9. Your Rights to Access and Correct Your Personal Data

It is your responsibility to ensure that you provide us with true, accurate and complete Personal Data as we will not be responsible for any inaccurate, incomplete, misleading or not up-to-date data in our record. You have the right to request access to and to request correction of your Personal Data by sending an email to our Personal Data Protection Officer at pdpo.my@imstar.io. We will make every endeavour to ensure your personal information is accurate and up to date therefore if there are changes to your information you should notify us directly.

Please note that we may decline to comply with your data access request and/or data correction request in certain situations, for example when your identity is unable to be verified or where information requested for is of a confidential commercial nature or in the event, we receive repeated requests from you for access to the same information which burden or expense of providing access is disproportionate to the risks to your privacy.

Nevertheless, we will notify you of the reasons for not being able to accede to your data access and/or data correction request. We shall be entitled charge a fee (where permitted under the applicable law) for any data access request.

Please take note that your exercise of the aforesaid right may have effects on our provision of the Services (such effects may include the non-provision of the Services) to you and we shall not be liable for any loss, damage, or any other liability resulting directly or indirectly resulted therein.

10. Exercising Your Right in Respect of the Disclosure, Use and Deletion of Your Personal Data

At any point of time, you have the right to delete your personal information by removing your account from the Service, and we will process such requests in accordance with this Privacy Policy and our obligations under the Privacy Laws and other applicable law.

You have the right to limit our processing of your Personal Data. To exercise this right, please contact us by sending an email to our Personal Data Protection Officer at pdpo.my@imstar.io. Note that your exercise of the aforesaid right may have effects on our provision of the Services (such effects may include the non-provision of the Services) to you and we shall not be liable for any loss, damage, or any other liability resulting directly or indirectly from such effects.

The Personal Data you provide to us is obligatory and necessary in order for us to provide you with the Services. Any failure to provide such Personal Data may have effects on our provision of the Services (such effects may include non-provision of the Services) to you and we are not liable for any loss, damage, or any other liability resulting directly or indirectly from such effects.

Subject always to our contractual rights and obligations under relevant laws and regulations, you may exercise your choice in respect of the disclosure, retention and use of your Personal Data by the Company by sending an email to our Personal Data Protection Officer at pdpo.my@imstar.io.

We endeavour to protect the Personal Data we collect. We use commercially reasonable physical, technical, and administrative security measures designed to protect information against loss and unauthorized access or use. Please note, however, that no information system is 100% secure and we cannot guarantee the security of your information.

As our Services are linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us and you are doing so at your own risk.

11. Rights to Amend

We reserve the right to amend this Privacy Notice from time to time to be consistent with applicable data protection laws and regulations. If we make any changes to the Privacy Notice, we will notify you through a new version of this Privacy Notice on our Services including the Website and the Application.

12. Miscellaneous

We trust that you have read and understood the terms of this Privacy Notice and you hereby declare that you have agreed and accepted the terms herein and you have granted your consent for us to process your Personal Data when you register for first use of the Services.

13. Additional Notices and Disclosures for Certain Jurisdictions

Depending on your state of residency, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):

• EUROPEAN UNION AND UNITED OF KINGDOM

We comply with the privacy laws and regulations of the United Kingdom, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We collect and process personal data in accordance with the principles of fairness, transparency, and lawful basis for processing. We may share your personal data with third parties only when necessary for the purposes for which the data was collected or with your explicit consent. You have the right to access, correct, or delete your personal data held by us, and to object to the processing of your personal data for certain purposes. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your privacy rights have been infringed.

• UNITED STATES OF AMERICA

We comply with the privacy laws and regulations of the United States, including the California Consumer Privacy Act (CCPA) and the Children’s Online Privacy Protection Act (COPPA). We may collect personal information from you for the purposes of providing our services, with your consent, or as required by law. We take reasonable measures to protect personal information from unauthorized access, disclosure, alteration, or destruction. We may share personal information with third parties only as necessary for the purposes for which it was collected or with your consent. You have the right to access, correct, or delete your personal information held by us, and to opt-out of the sale of your personal information if you are a California resident.

In respect of North America, we comply with the privacy laws and regulations of the United States and Canada, including the General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA), the Canadian Anti-Spam Legislation (CASL), and other applicable laws. We collect and use personal information and data only for purposes that are reasonable and appropriate, and take reasonable measures to protect personal information and data from unauthorized access, use, disclosure, or destruction. We may share personal information and data with third parties only for the purposes for which it was collected or with your consent. You have the right to access, correct, or delete your personal information and data held by us, and to opt-out of receiving commercial electronic messages if you no longer wish to receive them.

• AUSTRALIA

We comply with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 and other applicable data protection laws. This means that we collect and handle personal information in a fair and lawful way, and take reasonable steps to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. We may collect personal information for the purposes of providing our services or with your consent, and we may disclose personal information to third parties only for the purposes for which it was collected or with your consent. You have the right to access and correct your personal information held by us, and to make a complaint if you believe your privacy rights have been breached.

• CANADA

We comply with the privacy laws and regulations of Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Canadian Anti-Spam Legislation (CASL). We collect and use personal information only for purposes that are reasonable and appropriate, and take reasonable measures to protect personal information from unauthorized access, use, disclosure, or destruction. We may share personal information with third parties only for the purposes for which it was collected or with your consent. You have the right to access, correct, or delete your personal information held by us, and to opt-out of receiving commercial electronic messages if you no longer wish to receive them.

• NEW ZEALAND

We comply with the privacy laws and regulations of New Zealand, including the Privacy Act 2020. We collect and use personal information only for purposes that are lawful, fair, and reasonable, and take reasonable measures to protect personal information from unauthorized access, use, disclosure, or destruction. We may share personal information with third parties only for the purposes for which it was collected or with your consent. You have the right to access and correct your personal information held by us, and to make a complaint if you believe your privacy rights have been breached.

• SINGAPORE

We comply with the Personal Data Protection Act (PDPA) and other applicable data protection laws in Singapore. This means that we collect and process personal data in a fair and lawful manner, and only for purposes that are reasonable and appropriate. We may collect personal data for the purposes of providing our services or with your consent, and we may disclose personal data to third parties only for the purposes for which it was collected or with your consent. We take reasonable steps to protect personal data from unauthorized access, collection, use, disclosure, copying, modification, or disposal. You have the right to access and correct your personal data held by us, and to withdraw your consent for the collection, use, or disclosure of your personal data.

• THAILAND

We comply with the Personal Data Protection Act (PDPA) and other applicable data protection laws in Thailand. We collect and process personal data only for purposes that are lawful, necessary, and proportionate to the purposes for which the data was collected. We take reasonable measures to protect personal data from unauthorized access, use, disclosure, or destruction. We may share personal data with third parties only when necessary for the purposes for which the data was collected or with your explicit consent. You have the right to access, correct, or delete your personal data held by us, and to withdraw your consent for the collection, use, or disclosure of your personal data.

• PHILIPPINES

We comply with the Data Privacy Act (DPA) and other applicable data protection laws in the Philippines. We collect and process personal information only for purposes that are lawful, necessary, and proportionate to the purposes for which the information was collected. We take reasonable measures to protect personal information from unauthorized access, use, disclosure, or destruction. We may share personal information with third parties only when necessary for the purposes for which the information was collected or with your explicit consent. You have the right to access, correct, or delete your personal information held by us, and to withdraw your consent for the collection, use, or disclosure of your personal information. You also have the right to lodge a complaint with the National Privacy Commission (NPC) if you believe your privacy rights have been violated.

• INDONESIA

We comply with the Law on Personal Data Protection (UU PDP) and other applicable data protection laws in Indonesia. We collect and process personal data only for purposes that are lawful, necessary, and proportionate to the purposes for which the data was collected. We take reasonable measures to protect personal data from unauthorized access, use, disclosure, or destruction. We may share personal data with third parties only when necessary for the purposes for which the data was collected or with your explicit consent. You have the right to access, correct, or delete your personal data held by us, and to withdraw your consent for the collection, use, or disclosure of your personal.

• CHINA

We comply with the Personal Information Protection Law (PIPL) and other applicable data protection laws in China. We collect and process personal information in accordance with the principles of legality, legitimacy, and necessity, and take appropriate measures to protect personal information from unauthorized access, use, disclosure, alteration, or destruction. We may collect personal information for the purposes of providing our services, with your consent, or as required by law, and we may share personal information with third parties only for the purposes for which it was collected or with your consent. You have the right to access, correct, or delete your personal information held by us, and to withdraw your consent for the collection, use, or disclosure of your personal information.

• SOUTH KOREA

We comply with the Personal Information Protection Act (PIPA) and other applicable data protection laws in South Korea. We collect and process personal information only for purposes that are lawful, necessary, and proportionate to the purposes for which the information was collected. We take reasonable measures to protect personal information from unauthorized access, use, disclosure, or destruction. We may share personal information with third parties only when necessary for the purposes for which the information was collected or with your explicit consent. You have the right to access, correct, or delete your personal information held by us, and to withdraw your consent for the collection, use, or disclosure of your personal information.

• JAPAN

We comply with the Act on the Protection of Personal Information (APPI) and other applicable data protection laws in Japan. We may collect and process your personal data for legitimate business purposes or with your consent, and we will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected. We may also disclose your personal data to third parties for the purposes of providing our services or with your explicit consent. We take appropriate measures to protect your personal data from unauthorized access, loss, destruction, or alteration.