Privacy Policy

Specflux Solutions
SSM Registration: 201603047703 (IP0447581-D)
Website: www.specflux.com
Email: [email protected]
Phone: +6016-338 9716

Last Updated: 27 March 2026


1. Introduction

Specflux Solutions (“we”, “us”, “our”) is committed to protecting the privacy of our clients, website visitors, and users of our services. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

By using our Website, purchasing our services, or providing us with your personal data, you consent to the practices described in this policy.

2. Data Controller

The data controller responsible for your personal data is:

Specflux Solutions
SSM Registration: 201603047703 (IP0447581-D)
Email: [email protected]
Phone: +6016-338 9716

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide Directly

  • Contact information: Name, email address, phone number, business name, mailing address
  • Account information: Login credentials (if applicable)
  • Payment information: Billing address, payment method details (processed securely via CHIP Payment Gateway — we do not store full card numbers)
  • Project-related information: Content, images, brand guidelines, access credentials, and other materials provided for service delivery
  • Communication records: Emails, WhatsApp messages, phone call records, meeting notes, and support tickets

3.2 Information Collected Automatically

  • Website usage data: Pages visited, time spent, referral source, browser type, device type, operating system
  • Cookies and tracking technologies: Cookie identifiers, session data, analytics data (see Section 8)
  • IP address and geolocation data (approximate location based on IP)

3.3 Information from Third Parties

  • Payment processor (CHIP): Transaction confirmation, payment status
  • Analytics platforms: Aggregated website visitor data (Google Analytics)
  • Advertising platforms: Campaign performance data (Google Ads, Meta) — this does not include your personal data unless you interact with our ads

4. How We Use Your Personal Data

PurposeLegal Basis (PDPA)
To provide and deliver our servicesPerformance of a contract
To process payments and issue invoicesPerformance of a contract
To communicate with you about projects and supportPerformance of a contract
To send marketing communications (with your consent)Consent
To improve our Website and servicesLegitimate business interest
To comply with legal and regulatory obligationsLegal obligation
To prevent fraud and protect our businessLegitimate business interest
To analyse website traffic and user behaviourLegitimate business interest

5. Payment Data and CHIP Payment Gateway

When you make a payment through our Website:

  • Payments are processed securely by CHIP Payment Gateway, a PCI DSS-compliant payment processor.
  • We do not store, process, or have access to your full credit/debit card number, CVV, or card PIN.
  • CHIP may collect and process your payment data in accordance with their own privacy policy.
  • We receive only transaction confirmations, payment status, and the last four digits of your card (for reference purposes).
  • FPX online banking transactions are processed directly through your bank’s secure environment.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We may share your data with:

RecipientPurpose
CHIP Payment GatewayProcessing payments securely
Hosting providersWebsite hosting and data storage
Google AnalyticsWebsite traffic analysis (anonymised/aggregated)
Google Ads / MetaAdvertising campaign measurement
Professional advisorsLegal, accounting, or compliance advice
Regulatory authoritiesWhen required by law or court order

All third-party service providers are contractually obligated to protect your data and use it only for the specified purposes.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

Data TypeRetention Period
Client project files and records3 years after project completion
Financial and payment records7 years (as required by Malaysian tax law)
Marketing consent recordsUntil consent is withdrawn
Website analytics data26 months (Google Analytics default)
Communication records2 years after last interaction
Support and enquiry records2 years after resolution

After the retention period, personal data is securely deleted or anonymised.

8. Cookies

Our Website uses cookies to improve your browsing experience and analyse traffic.

Types of Cookies We Use

Cookie TypePurposeDuration
Essential cookiesRequired for Website functionality (e.g., sessions, security)Session
Analytics cookiesHelp us understand how visitors use our Website (Google Analytics)Up to 2 years
Marketing cookiesUsed for advertising measurement and retargeting (Google Ads, Meta Pixel)Up to 1 year

Managing Cookies

You can manage or disable cookies through your browser settings. Disabling essential cookies may affect Website functionality. For analytics and marketing cookies, you may opt out via:

  • Your browser’s cookie settings
  • Google Analytics opt-out browser add-on
  • Our cookie consent banner (if displayed)

9. Your Rights Under PDPA

Under the Personal Data Protection Act 2010, you have the right to:

  • Access your personal data held by us
  • Correct any inaccurate or incomplete personal data
  • Withdraw consent for processing your personal data (where consent is the legal basis)
  • Request deletion of your personal data (subject to legal and contractual obligations)
  • Limit processing of your personal data in certain circumstances
  • Complain to the Personal Data Protection Commissioner if you believe your rights have been violated

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within twenty-one (21) days.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

  • SSL/TLS encryption for data in transit
  • Secure password policies and access controls
  • Regular software updates and security patches
  • Use of PCI DSS-compliant payment processors (CHIP)
  • Access to personal data restricted to authorised personnel only

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

11. International Data Transfers

Your personal data is primarily stored and processed in Malaysia. In some cases, data may be processed by third-party service providers located outside Malaysia (e.g., Google, Cloudflare). Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with the PDPA.

12. Children’s Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such data promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Changes will be posted on our Website with an updated “Last Updated” date. We encourage you to review this policy periodically.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Specflux Solutions
Email: [email protected]
Phone: +6016-338 9716
Website: www.specflux.com