Privacy Policy
Effective date: 2026-04-25 Last updated: 2026-04-25
Apptivity Lab Sdn Bhd ("ApptivityLab", "we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit apptivitylab.com (the "Site") or otherwise interact with us.
This policy is issued in compliance with the Malaysian Personal Data Protection Act 2010 (PDPA) and references the General Data Protection Regulation (GDPR) where applicable to visitors from the European Economic Area.
1. Who we are
Apptivity Lab is a software engineering consultancy headquartered in Malaysia. Our principal business is bespoke software development for enterprise clients. We are the data controller for personal information collected through the Site.
For privacy-related enquiries: Email: hello@apptivitylab.com Registered address: K03-03-09 Tower 3, UOA Business Park, 1 Jln Pengaturcara U1/51A, Shah Alam 40150, Selangor, Malaysia
2. Information we collect
2.1 Information you provide directly
- Contact form / general enquiries: name, email address, company name, and the content of your message
- Careers / job applications: name, email address, phone number, CV/resume contents, and any additional information you submit
- Business correspondence: information you share when corresponding with us via email, phone, or other channels
2.2 Information collected automatically
When you visit the Site, we and our service providers automatically collect:
- Technical data: IP address, browser type and version, operating system, device type, referring URL, pages visited, timestamps
- Cookies and similar technologies: see Section 6 below
We do not collect special categories of personal data (e.g., health, religion, political opinions) through the Site.
3. How we use your information
We use personal data for the following purposes:
| Purpose | Legal basis (GDPR) / PDPA basis |
|---|---|
| Respond to enquiries you submit via contact forms or email | Performance of pre-contractual measures / consent |
| Evaluate job applications | Consent / pre-contractual measures |
| Operate, maintain, and improve the Site | Legitimate interests |
| Detect, investigate, and prevent fraud or security incidents | Legitimate interests / legal obligation |
| Comply with applicable laws and respond to lawful requests | Legal obligation |
| Conduct internal business operations (analytics, planning) | Legitimate interests |
We do not sell personal data, and we do not use it for automated decision-making or profiling that produces legal effects.
4. Disclosure of personal data
We disclose personal information only as necessary and to the following categories of recipients:
- Service providers acting on our behalf — including hosting providers, email providers, web analytics providers, applicant tracking systems, and similar vendors. These providers are contractually bound to protect your data and use it only for purposes we authorise.
- Professional advisers (legal, accounting, audit) where reasonably required.
- Authorities and courts where required by law, court order, or to protect our legal rights.
- Business successors in the event of a merger, acquisition, or sale of assets, subject to confidentiality obligations.
We do not transfer personal data to third parties for their independent marketing purposes.
5. International data transfers
Your personal data may be stored or processed in countries outside Malaysia, including Singapore, the United States, and the European Union, where our service providers operate data centres. Where such transfers occur, we ensure appropriate safeguards are in place, such as service-provider compliance with SOC 2, ISO 27001, or equivalent frameworks, and contractual data protection clauses (including Standard Contractual Clauses where applicable).
6. Cookies and similar technologies
The Site uses cookies and similar technologies for the following purposes:
- Strictly necessary cookies — required for the Site to function (e.g., security, preference storage)
- Analytics cookies — help us understand how visitors use the Site (e.g., Google Analytics or equivalent)
- Functional cookies — remember your preferences
You can control cookies through your browser settings. Disabling certain cookies may affect Site functionality.
7. Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements:
| Data category | Typical retention period |
|---|---|
| Contact-form submissions and enquiries | Up to 24 months from last contact |
| Job applications (unsuccessful) | Up to 12 months unless consent for longer retention is given |
| Job applications (successful) | Migrated to employee records, retained per HR policy |
| Web server logs | Up to 12 months |
| Analytics data | Per analytics provider's default retention |
8. Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your personal data (right to erasure)
- Restrict or object to certain processing
- Withdraw consent where processing is based on consent
- Data portability in a structured, machine-readable format
- Lodge a complaint with the Personal Data Protection Department (Jabatan Perlindungan Data Peribadi) in Malaysia, or the supervisory authority in your jurisdiction
To exercise any of these rights, email hello@apptivitylab.com. We will respond within the timeframe required by applicable law.
9. Security
We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. Our security programme is aligned to SOC 2 (Type II audit observation window beginning 2026-08-30) and ISO 27001:2022 principles. Specific controls include encryption in transit and at rest, identity-gated access with multi-factor authentication, continuous vulnerability scanning, audit logging, and an approved Incident Response Plan.
No method of transmission or storage is 100% secure. While we strive to protect personal data, we cannot guarantee absolute security.
10. Children's privacy
The Site is not directed at children under 13, and we do not knowingly collect personal data from children. If you believe we have collected such data, please contact us so we can delete it.
11. Third-party links
The Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal data.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified by posting the updated policy on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
13. Contact us
For any questions, requests, or concerns regarding this Privacy Policy or our handling of personal data:
- Email: hello@apptivitylab.com
- Registered address: Apptivity Lab Sdn Bhd, K03-03-09 Tower 3, UOA Business Park, 1 Jln Pengaturcara U1/51A, Shah Alam 40150, Selangor, Malaysia
This Privacy Policy is governed by the laws of Malaysia. By using the Site, you acknowledge you have read and understood this policy.