Privacy Policy
Specflux Solutions
SSM Registration: 201603047703 (IP0447581-D)
Website: www.specflux.com
Email: [email protected]
Phone: +6016-338 9716
Last Updated: 27 March 2026
1. Introduction
Specflux Solutions (“we”, “us”, “our”) is committed to protecting the privacy of our clients, website visitors, and users of our services. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
By using our Website, purchasing our services, or providing us with your personal data, you consent to the practices described in this policy.
2. Data Controller
The data controller responsible for your personal data is:
Specflux Solutions
SSM Registration: 201603047703 (IP0447581-D)
Email: [email protected]
Phone: +6016-338 9716
3. Personal Data We Collect
We may collect the following categories of personal data:
3.1 Information You Provide Directly
- Contact information: Name, email address, phone number, business name, mailing address
- Account information: Login credentials (if applicable)
- Payment information: Billing address, payment method details (processed securely via CHIP Payment Gateway — we do not store full card numbers)
- Project-related information: Content, images, brand guidelines, access credentials, and other materials provided for service delivery
- Communication records: Emails, WhatsApp messages, phone call records, meeting notes, and support tickets
3.2 Information Collected Automatically
- Website usage data: Pages visited, time spent, referral source, browser type, device type, operating system
- Cookies and tracking technologies: Cookie identifiers, session data, analytics data (see Section 8)
- IP address and geolocation data (approximate location based on IP)
3.3 Information from Third Parties
- Payment processor (CHIP): Transaction confirmation, payment status
- Analytics platforms: Aggregated website visitor data (Google Analytics)
- Advertising platforms: Campaign performance data (Google Ads, Meta) — this does not include your personal data unless you interact with our ads
4. How We Use Your Personal Data
| Purpose | Legal Basis (PDPA) |
|---|---|
| To provide and deliver our services | Performance of a contract |
| To process payments and issue invoices | Performance of a contract |
| To communicate with you about projects and support | Performance of a contract |
| To send marketing communications (with your consent) | Consent |
| To improve our Website and services | Legitimate business interest |
| To comply with legal and regulatory obligations | Legal obligation |
| To prevent fraud and protect our business | Legitimate business interest |
| To analyse website traffic and user behaviour | Legitimate business interest |
5. Payment Data and CHIP Payment Gateway
When you make a payment through our Website:
- Payments are processed securely by CHIP Payment Gateway, a PCI DSS-compliant payment processor.
- We do not store, process, or have access to your full credit/debit card number, CVV, or card PIN.
- CHIP may collect and process your payment data in accordance with their own privacy policy.
- We receive only transaction confirmations, payment status, and the last four digits of your card (for reference purposes).
- FPX online banking transactions are processed directly through your bank’s secure environment.
6. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data to third parties. We may share your data with:
| Recipient | Purpose |
|---|---|
| CHIP Payment Gateway | Processing payments securely |
| Hosting providers | Website hosting and data storage |
| Google Analytics | Website traffic analysis (anonymised/aggregated) |
| Google Ads / Meta | Advertising campaign measurement |
| Professional advisors | Legal, accounting, or compliance advice |
| Regulatory authorities | When required by law or court order |
All third-party service providers are contractually obligated to protect your data and use it only for the specified purposes.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Client project files and records | 3 years after project completion |
| Financial and payment records | 7 years (as required by Malaysian tax law) |
| Marketing consent records | Until consent is withdrawn |
| Website analytics data | 26 months (Google Analytics default) |
| Communication records | 2 years after last interaction |
| Support and enquiry records | 2 years after resolution |
After the retention period, personal data is securely deleted or anonymised.
8. Cookies
Our Website uses cookies to improve your browsing experience and analyse traffic.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential cookies | Required for Website functionality (e.g., sessions, security) | Session |
| Analytics cookies | Help us understand how visitors use our Website (Google Analytics) | Up to 2 years |
| Marketing cookies | Used for advertising measurement and retargeting (Google Ads, Meta Pixel) | Up to 1 year |
Managing Cookies
You can manage or disable cookies through your browser settings. Disabling essential cookies may affect Website functionality. For analytics and marketing cookies, you may opt out via:
- Your browser’s cookie settings
- Google Analytics opt-out browser add-on
- Our cookie consent banner (if displayed)
9. Your Rights Under PDPA
Under the Personal Data Protection Act 2010, you have the right to:
- Access your personal data held by us
- Correct any inaccurate or incomplete personal data
- Withdraw consent for processing your personal data (where consent is the legal basis)
- Request deletion of your personal data (subject to legal and contractual obligations)
- Limit processing of your personal data in certain circumstances
- Complain to the Personal Data Protection Commissioner if you believe your rights have been violated
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within twenty-one (21) days.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:
- SSL/TLS encryption for data in transit
- Secure password policies and access controls
- Regular software updates and security patches
- Use of PCI DSS-compliant payment processors (CHIP)
- Access to personal data restricted to authorised personnel only
While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
11. International Data Transfers
Your personal data is primarily stored and processed in Malaysia. In some cases, data may be processed by third-party service providers located outside Malaysia (e.g., Google, Cloudflare). Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with the PDPA.
12. Children’s Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such data promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Changes will be posted on our Website with an updated “Last Updated” date. We encourage you to review this policy periodically.
14. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Specflux Solutions
Email: [email protected]
Phone: +6016-338 9716
Website: www.specflux.com


