Our commitment to data protection
elm craft is committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page explains how we handle personal data in accordance with these regulations and outlines your rights as a data subject.
elm craft acts as the data controller for personal information collected through our website and in connection with our consulting services. As data controller, we determine the purposes and means of processing your personal data.
Contact details:
elm craft
Level 15, Menara Prestige
Jalan Sultan Ismail
50250 Kuala Lumpur, Malaysia
Email: [email protected]
We process personal data only when we have a valid legal basis to do so. The legal bases we rely upon include:
Under the GDPR, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you and to receive information about how we process it.
You have the right to request that we correct any inaccurate personal data or complete any incomplete personal data.
You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.
You have the right to request that we limit the way we use your personal data in certain circumstances.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
You have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing purposes.
You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.
To exercise any of these rights, please contact us using the details provided above. We will respond to your request within one month. In complex cases or where we receive numerous requests, we may extend this period by a further two months, but we will inform you of any such extension within the first month.
We may need to request specific information from you to confirm your identity and ensure your right to access the information or exercise other rights.
If we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place to protect your data. These safeguards may include:
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to satisfy any legal, accounting, or reporting requirements, or as required by applicable law. When determining retention periods, we consider the nature and sensitivity of the data, the purposes for processing, and legal requirements.
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing personal data. These measures include:
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with your local data protection supervisory authority. However, we would appreciate the opportunity to address your concerns before you approach the supervisory authority, so please contact us in the first instance.
We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.