Privacy Policy

1. Personal Data We Collect

We collect personal data only when you interact with us directly or use our services. The categories of data we may hold include:

Information you provide

• Full name and job title
• Business email address and phone number
• Organisation name and industry sector
• Project details shared through enquiry forms or consultations
• Correspondence via email or other channels

Information collected automatically

• IP address and browser type
• Pages visited and time spent on site
• Referring URLs
• Cookie identifiers (see Section 7)

Information from third parties

• Analytics data from services such as Google Analytics
• Data from advertising platforms where applicable

2. How We Use Your Data

We use your personal data for specific, legitimate purposes only:

• Responding to enquiries and scoping service engagements
• Delivering contracted AI consulting services
• Sending project updates, deliverables, and invoices
• Improving our website experience based on usage patterns
• Complying with applicable Malaysian laws and regulations
• Sending relevant industry updates — only with your consent

We do not use your data for automated decision-making that produces legal or similarly significant effects without human oversight.

3. Legal Basis for Processing

Under the PDPA 2010 (Malaysia), we process personal data on the following grounds:

• Consent — where you have actively provided information through our contact form or opted in to communications
• Contract performance — where processing is necessary to deliver agreed services
• Legitimate interests — for website analytics and service improvement, balanced against your privacy rights
• Legal obligation — where processing is required to comply with Malaysian law

4. Data Sharing

We do not sell your personal data. We may share limited information with trusted third parties under strict conditions:

• Service providers — hosting, email delivery, analytics platforms operating under data processing agreements
• Professional advisers — legal or accounting firms subject to professional confidentiality obligations
• Regulatory authorities — where disclosure is required by Malaysian law or court order

Any third party receiving your data is contractually required to handle it with equivalent care and to use it only for the specified purpose.

5. Data Retention

We retain personal data only for as long as necessary:

• Enquiry records — up to 12 months from last contact if no engagement follows
• Client engagement data — for the duration of the engagement plus 7 years for tax and legal purposes
• Website analytics — aggregated and retained for up to 26 months
• Cookie data — as specified in our Cookie Policy

On expiry of the relevant period, data is securely deleted or anonymised.

6. Security Measures

We take data security seriously and implement appropriate technical and organisational measures:

• TLS encryption for all data in transit
• Access controls limiting data to authorised personnel only
• Regular review of systems and data handling procedures
• Secure disposal of data when retention periods expire

In the event of a personal data breach that is likely to result in significant harm, we will notify affected individuals and the relevant Malaysian authorities in accordance with PDPA obligations.

7. Cookies

Our website uses cookies to function properly and to understand how visitors use our content. Cookies fall into four categories: essential, analytics, marketing, and preference. You can manage your cookie choices at any time via our Cookie Policy page, which includes detailed information about each category and controls to adjust your preferences.

8. Your Rights

Under the PDPA 2010 and aligned with broader data protection principles, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to correct inaccurate or incomplete data
• Withdrawal of consent — withdraw consent at any time where processing is consent-based
• Erasure — request deletion of your data where there is no overriding lawful reason to retain it
• Restriction — ask us to limit how we use your data while a dispute is resolved
• Objection — object to processing based on our legitimate interests
• Portability — receive your data in a structured, machine-readable format where technically feasible

To exercise any of these rights, contact us at privacy@cerebrixas. We aim to respond within 21 days. If you are unsatisfied with our response, you may contact the Department of Personal Data Protection Malaysia (PDPD).

9. Children's Privacy

Our services are intended for professionals and organisations, not individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently received data from a person under 18, please contact us and we will remove it promptly.

10. Third-Party Links

Our website may contain links to external resources. We are not responsible for the privacy practices of those websites and encourage you to review their policies before sharing personal data. Our policy applies only to data collected directly by Cerebrix.

11. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. Continued use of our website after changes are posted constitutes acceptance of the revised policy. We encourage you to review this page periodically.

12. Contact & Data Controller

The data controller responsible for your personal information is: