Privacy Policy

What You Need to Know
Your privacy matters to us. Here’s a quick overview of how we handle your personal data:
What We Collect:
We collect information you provide (like your name and email), information about how you use our Services (like which features you access), and technical information (like your IP address and browser type).
Why We Collect It:
We use your data to provide our Services, improve your experience, communicate with you, and comply with Malaysian law.
Your Rights:
Under the Personal Data Protection Act 2010, you can access your data, request corrections, withdraw consent, and lodge complaints with the Personal Data Protection Commissioner.
Data Security:
We implement reasonable security measures to protect your data, but no system is 100% secure.
Data Sharing:
We don’t sell your personal data. We only share it with service providers who help us operate our Services, or when required by Malaysian law.
Cookies:
We use cookies and similar technologies to improve your experience and understand how you use our Services.
Contact Us:
If you have privacy concerns, email us at [admin@csoft.my].

1. INTRODUCTION
This Privacy Policy explains how CSoft Solutions Sdn Bhd (Registration No.: 201001025085 (908996-M)) (“CSoft“, “we“, “us“, or “our“), a company incorporated in Malaysia with its registered address at [N-13-13A, SS15 Courtyard (First Subang), Jalan SS 15/4G, SS15, 47500 Subang Jaya Selangor, Malaysia], collects, uses, discloses, and protects your personal data when you use our cloud-based software platform and services.

1.1 Our Commitment to Privacy

We’re committed to protecting your privacy and complying with the **Personal Data Protection Act 2010** of Malaysia (“**PDPA**”). This Privacy Policy is part of our Terms of Service, available at CSoft Terms of Service.

1.2 Scope of This Policy
This Privacy Policy applies to:
 
  • Our website at [www.csoft.my];
  • The CSoft System (our cloud-based software platform);
  • Our mobile applications;
  • Our API services; and
  • Any other services we provide (collectively, the “Services“).
1.3 Your Consent
By using our Services, you consent to the collection, use, disclosure, and processing of your personal data as described in this Privacy Policy. If you don’t agree, please don’t use our Services.
2. PERSONAL DATA WE COLLECT
2.1 Information You Provide Directly
When you use our Services, we collect personal data you provide to us, including:

Account Information:
  • Full name
  • Email address
  • Phone number
  • Company name and position
  • Business address
  • Password (encrypted)

Payment Information:
  • Billing address
  • Payment method details (credit card, bank account)
  • Transaction history
  • Tax identification numbers (if applicable)

Content You Upload:
  • Property data and documents
  • Valuation reports
  • Photos and attachments
  • Case files and notes
  • Chat messages and communications
  • Any other content you create or upload to the CSoft System

Support and Communications:
  • Support requests and correspondence
  • Feedback and survey responses
  • Email communications with us
  • Phone call recordings (with your consent)
2.2 Information We Collect Automatically
When you use our Services, we automatically collect:

Usage Data:
  • Features and modules you access
  • Pages you visit and actions you take
  • Time, frequency, and duration of your activities
  • Search queries and filters you use
  • Files you download or upload
  • API calls and responses

Technical Data:
  • IP address
  • Browser type and version
  • Device type and operating system
  • Screen resolution
  • Time zone and language settings
  • Referring website
  • Access times and dates

Location Data:
  • General location based on IP address
  • Precise location (only if you grant permission through your device)

Cookies and Tracking Technologies:
  • Session identifiers
  • Authentication tokens
  • Preference settings
  • Analytics data
(See Section 8 for more details on cookies)
2.3 Information from Third Parties
We may receive personal data about you from:

Business Partners:
  • Organizations that refer you to us
  • Third-party platforms integrated with our Services (like Valuation Xchange)
  • Professional associations or industry bodies

Service Providers:
  • Payment processors (transaction details)
  • Identity verification services
  • Marketing platforms
  • Analytics providers

Public Sources:
  • Publicly available business directories
  • Social media profiles (if you connect them)
  • Government registries and public records
2.4 Special Categories of Personal Data
We generally don’t collect sensitive personal data (like health information, religious beliefs, or political opinions) unless you voluntarily provide it. If you do, we’ll process it only with your explicit consent and in accordance with the PDPA.
3. HOW WE USE YOUR PERSONAL DATA
3.1 Purposes of Processing
We use your personal data for the following purposes:

To Provide Our Services:
  • Create and manage your account
  • Authenticate your identity and authorize access
  • Process your subscription and payments
  • Provide the CSoft System and its features
  • Store and manage your content
  • Enable communication between users
  • Generate reports and analytics
  • Provide customer support
  • Send service-related notifications

To Improve Our Services:
  • Analyze usage patterns and trends
  • Develop new features and modules
  • Optimize system performance
  • Conduct research and development
  • Test new functionality
  • Fix bugs and resolve technical issues

To Communicate with You:
  • Send account updates and notifications
  • Respond to your inquiries and requests
  • Provide technical support
  • Send marketing communications (with your consent)
  • Conduct surveys and gather feedback
  • Send newsletters and product updates

For Business Operations:
  • Process payments and manage billing
  • Detect and prevent fraud
  • Enforce our Terms of Service
  • Manage our relationship with you
  • Maintain records and documentation
  • Conduct internal audits and quality assurance

For Legal Compliance:
  • Comply with Malaysian laws and regulations
  • Respond to legal requests and court orders
  • Protect our rights and property
  • Resolve disputes
  • Enforce our agreements
  • Cooperate with law enforcement

For Marketing and Analytics:
  • Understand our customer base
  • Improve our marketing efforts
  • Personalize your experience
  • Measure campaign effectiveness
  • Conduct market research
3.2 Legal Basis for Processing
Under the PDPA, we process your personal data based on:

  • Your consent – When you agree to this Privacy Policy or opt in to specific processing activities;
  • Contractual necessity – To fulfill our obligations under the Terms of Service;
  • Legal obligations – To comply with Malaysian laws and regulations;
  • Legitimate interests – For our business operations, fraud prevention, and service improvement, provided your rights aren’t overridden; and
  • Vital interests – To protect your life or safety, or that of others (in rare circumstances).
4. HOW WE SHARE YOUR PERSONAL DATA
4.1 We Don’t Sell Your Data
We don’t sell, rent, or trade your personal data to third parties for their marketing purposes.
4.2 Service Providers
We share your personal data with trusted service providers who help us operate our Services, including:

Technology Providers:
  • Cloud hosting services (for data storage and processing)
  • Content delivery networks
  • Database management services
  • Email and communication platforms
  • Analytics and monitoring tools

Payment Processors:
  • Payment gateways and merchant services
  • Banking institutions
  • Fraud detection services

Professional Services:
  • Legal advisors
  • Accountants and auditors
  • Business consultants

Marketing Services:
  • Email marketing platforms
  • Customer relationship management (CRM) systems
  • Advertising networks (with your consent)

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.
4.3 Business Partners
We may share your data with:
  • Integration Partners – Third-party platforms you choose to connect with our Services (like Valuation Xchange);
  • Referral Partners – Organizations that refer customers to us (with your consent); and
  • Professional Associations – Industry bodies you’re affiliated with (with your consent).
4.4 Within Your Organization
If you use our Services as part of an organization:
  • Your account administrator can access your usage data and content;
  • Other authorized users in your organization may see your content if you share it; and
  • Your organization may have access to aggregated usage statistics.
4.5 Legal Requirements
We may disclose your personal data when required by law or in good faith belief that disclosure is necessary to:
  • Comply with legal obligations, court orders, or government requests;
  • Enforce our Terms of Service or other agreements;
  • Protect our rights, property, or safety, or that of our users or the public;
  • Detect, prevent, or address fraud, security, or technical issues; or
  • Respond to claims that content violates third-party rights.
4.6 Business Transfers
If CSoft is involved in a merger, acquisition, sale of assets, or bankruptcy, your personal data may be transferred to the successor entity. We’ll notify you before your data is transferred and becomes subject to a different privacy policy.
4.7 With Your Consent
We may share your personal data with other third parties when you give us explicit consent to do so.
4.8 Anonymized Data
We may share anonymized, aggregated, or de-identified data that doesn’t identify you personally with third parties for research, analytics, or marketing purposes.
5. DATA RETENTION
5.1 How Long We Keep Your Data
We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by Malaysian law.
 
Active Accounts:
  • We retain your data for the duration of your subscription and as long as your account remains active.

Inactive Accounts:
  • If you don’t use your account for 12 consecutive months, we may delete your content and personal data (after notifying you).

After Termination:
  • After your subscription ends, we may retain your data for up to 90 days to allow you to reactivate your account.
  • We may retain certain data longer for legal, accounting, or dispute resolution purposes.

Specific Retention Periods:
  • Transaction records: 7 years (for tax and accounting purposes)
  • Support communications: 3 years
  • Usage logs: 2 years
  • Marketing data: Until you withdraw consent or 3 years of inactivity
  • Legal claims: Until the claim is resolved plus the applicable limitation period
5.2 Deletion Requests
You can request deletion of your personal data at any time (see Section 6.3). However, we may retain certain data if:
  • Required by Malaysian law;
  • Necessary to resolve disputes or enforce agreements;
  • Needed for legal claims or investigations; or
  • Already anonymized and used for analytics.
6. YOUR RIGHTS UNDER THE PDPA
6.1 Right to Access
You have the right to request access to your personal data. We’ll provide you with:
  • Confirmation of whether we’re processing your personal data;
  • A copy of your personal data;
  • Information about how we use and share your data; and
  • Details about data retention and your other rights.
You can access most of your data directly through your account dashboard. For additional information, contact us at [admin@csoft.my].
6.2 Right to Correction
You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings. For other corrections, contact us at [admin@csoft.my].
6.3 Right to Withdraw Consent

Where we process your personal data based on consent, you can withdraw your consent at any time by:
  • Adjusting your account settings;
  • Unsubscribing from marketing emails (using the unsubscribe link);
  • Disabling cookies in your browser; or
  • Contacting us at [admin@csoft.my].
Withdrawing consent doesn’t affect the lawfulness of processing before withdrawal.
6.4 Right to Data Portability

You can request a copy of your personal data in a structured, commonly used, and machine-readable format. We’ll provide your data in CSV, JSON, or PDF format, as appropriate.
6.5 Right to Limit Processing

You can request that we limit processing of your personal data in certain circumstances, such as:
  • While we verify the accuracy of your data;
  • When processing is unlawful but you don’t want deletion;
  • When we no longer need the data but you need it for legal claims; or
  • While we verify our legitimate grounds for processing.
6.6 Right to Lodge a Complaint

If you believe we’ve violated your privacy rights, you can lodge a complaint with:

Personal Data Protection Commissioner
Personal Data Protection Department
Ministry of Communications and Digital
Level 4-7, Menara MCMC, Off Persiaran Multimedia
Cyberjaya, 63000 Selangor, Malaysia
Phone: +603 8688 8333
Website: [www.pdp.gov.my]

You can also contact us first at [admin@csoft.my], and we’ll do our best to resolve your concerns.
6.7 How to Exercise Your Rights

To exercise any of these rights:
  • Email us at [admin@csoft.my] with “Privacy Rights Request” in the subject line;
  • Provide sufficient information to verify your identity;
  • Specify which right you’re exercising and what you’re requesting; and
  • We’ll respond within 21 days (as required by the PDPA).

We don’t charge fees for most requests, but we may charge a reasonable fee for excessive or repetitive requests.
7. DATA SECURITY
7.1 Our Security Measures
We implement reasonable technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction, including:

Technical Measures:
  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication and access controls
  • Regular security testing and vulnerability assessments
  • Intrusion detection and prevention systems
  • Secure backup and disaster recovery procedures
  • Multi-factor authentication options

Organizational Measures:
  • Employee training on data protection
  • Confidentiality agreements with staff and contractors
  • Role-based access controls
  • Regular security audits and reviews
  • Incident response procedures
  • Vendor security assessments
7.2 Your Security Responsibilities
You’re responsible for:
  • Keeping your password secure and confidential;
  • Using strong passwords and changing them regularly;
  • Not sharing your login credentials;
  • Logging out after using shared devices;
  • Notifying us immediately of any security breaches; and
  • Implementing your own security measures for your devices and networks.
7.3 No Absolute Security
While we strive to protect your personal data, no security system is impenetrable. We can’t guarantee absolute security, and you use our Services at your own risk.
7.4 Data Breach Notification
If we become aware of a data breach that poses a risk to your rights and freedoms, we’ll:
  • Notify you within 72 hours (as required by the PDPA);
  • Describe the nature of the breach;
  • Explain the likely consequences;
  • Describe the measures we’re taking to address the breach; and
  • Provide advice on steps you can take to protect yourself.
8. COOKIES AND TRACKING TECHNOLOGIES
8.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website or use our Services. They help us recognize you, remember your preferences, and improve your experience
8.2 Types of Cookies We Use
Essential Cookies:
  • Required for the Services to function properly
  • Enable authentication and security features
  • Remember your session and login state
  • Can’t be disabled without affecting functionality

Functional Cookies:
  • Remember your preferences and settings
  • Personalize your experience
  • Enable specific features you’ve requested
  • Can be disabled in your browser settings

Analytics Cookies:
  • Help us understand how you use our Services
  • Measure traffic and usage patterns
  • Identify popular features and areas for improvement
  • Aggregate data that doesn’t identify you personally
  • Can be disabled in your browser settings

Marketing Cookies:
  • Track your visits across websites
  • Deliver relevant advertisements
  • Measure campaign effectiveness
  • Only used with your consent
  • Can be disabled in your browser settings or through our cookie consent tool
8.3 Third-Party Cookies
We use third-party services that may set cookies on your device, including:
  • Google Analytics – For website analytics
  • Google Ads – For advertising (with your consent)
  • Facebook Pixel – For advertising (with your consent)
  • Payment processors – For secure payment processing
These third parties have their own privacy policies governing their use of cookies.
8.4 Other Tracking Technologies
We may also use:
  • Web beacons (small graphic images) to track email opens and engagement
  • Local storage to store data on your device for faster performance
  • Session storage to maintain your session during your visit
8.5 Managing Cookies
You can control cookies through:

Browser Settings:
  • Most browsers allow you to block or delete cookies
  • Instructions vary by browser (check your browser’s help section)
  • Blocking essential cookies may affect functionality

Our Cookie Consent Tool:
  • When you first visit our website, we’ll ask for your cookie preferences
  • You can change your preferences at any time through the cookie settings link in the footer

Opt-Out Tools:
  • Network Advertising Initiative: [www.networkadvertising.org/choices]
  • Digital Advertising Alliance: [www.aboutads.info/choices]
  • Google Analytics Opt-Out: [tools.google.com/dlpage/gaoptout]
8.6 Do Not Track
Some browsers have a “Do Not Track” feature. We currently don’t respond to Do Not Track signals, but you can control cookies through the methods described above.
9. INTERNATIONAL DATA TRANSFERS
9.1 Data Storage Location
Our Services are hosted in [specify location, e.g., Malaysia, Singapore, or other data centers]. Your personal data is primarily stored and processed in this location.
9.2 Transfers Outside Malaysia
We may transfer your personal data outside Malaysia to:
  • Service providers located in other countries;
  • Cloud hosting facilities in other jurisdictions; or
  • Third-party platforms you choose to integrate with.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:
  • Standard contractual clauses approved by the Personal Data Protection Commissioner;
  • Adequacy decisions recognizing equivalent data protection standards; or
  • Your explicit consent.
9.3 Countries We May Transfer Data To
We may transfer data to countries including (but not limited to):
  • Singapore
  • United States
  • European Union member states
  • Other countries where our service providers operate
9.4 Your Rights Regarding International Transfers
You have the right to:
  • Request information about where your data is stored and processed;
  • Object to transfers to specific countries; and
  • Request that your data be stored only in Malaysia (subject to technical feasibility and additional fees).
10. CHILDREN’S PRIVACY
10.1 Age Restrictions
Our Services are not intended for children under 18 years of age. We don’t knowingly collect personal data from children.
10.2 Parental Consent
If you’re under 18, you may only use our Services with the involvement and consent of a parent or legal guardian.
10.3 If We Discover Child Data
If we become aware that we’ve collected personal data from a child without proper consent, we’ll delete it promptly. If you believe we have data from a child, please contact us at [admin@csoft.my].
11. CHANGES TO THIS PRIVACY POLICY
11.1 Updates to This Policy
We may update this Privacy Policy from time to time to reflect:
  • Changes in our Services or business practices;
  • Changes in Malaysian law or regulations;
  • New technologies or security measures; or
  • Feedback from users or regulators.
11.2 How We Notify You
When we make material changes, we’ll notify you by:
  • Posting the updated Privacy Policy on our website with a new “Last Updated” date;
  • Sending an email to the address associated with your account; or
  • Displaying a prominent notice in your account dashboard.
We’ll provide at least 30 days’ notice before material changes take effect.
11.3 Your Options
If you don’t agree with the updated Privacy Policy:
  • You can stop using our Services;
  • You can request deletion of your data; or
  • You can contact us to discuss your concerns.
Continued use of our Services after changes take effect means you accept the updated Privacy Policy.
11.4 Previous Versions
We maintain previous versions of this Privacy Policy for your reference. Contact us at [admin@csoft.my] to request older versions.

12. CONTACT US

12.1 Privacy Questions and Requests

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:

 

CSoft Solutions Sdn Bhd
Registration No.: 201001025085 (908996-M)
Address: [N-13-13A, SS15 Courtyard (First Subang), Jalan SS 15/4G, SS15, 47500 Subang Jaya Selangor, Malaysia]

 

Email:
  • Privacy matters: [admin@csoft.my]
  • Data protection officer: [admin@csoft.my]
  • General inquiries: [admin@csoft.my]
 
Phone: [+6011 6071 3831]
 
Business Hours: 9:00 AM to 6:00 PM MYT, Monday to Friday (excluding Malaysian public holidays)

12.2 Response Time
We aim to respond to all privacy inquiries within 21 days, as required by the PDPA. For complex requests, we may need additional time and will keep you informed of our progress.
12.3 Verification
To protect your privacy, we may need to verify your identity before responding to your request. Please provide sufficient information to help us confirm your identity.
13. ADDITIONAL INFORMATION
13.1 Relationship to Terms of Service
This Privacy Policy is part of our Terms of Service, available at CSoft Terms of Service. In case of conflict, the Terms of Service prevail.
13.2 Language
This Privacy Policy is executed in English. If translated into other languages, the English version prevails in case of conflict.
13.3 Governing Law
This Privacy Policy is governed by the laws of Malaysia, including the Personal Data Protection Act 2010.
13.4 Severability
If any provision of this Privacy Policy is found invalid or unenforceable, the remaining provisions continue in full force and effect.

CSoft Solutions Sdn Bhd

201001025085 (908996-M)

N-13-13A, SS15 Courtyard (First Subang)

Jalan SS 15/4G, SS15

47500 Subang Jaya Selangor, Malaysia

+6011 6071 3831

admin@csoft.my