Privacy Policy

Tell us if you have questions about your personal data or our Privacy Policy. Contact us at [email protected].

Gain a reliable tech partner

Privacy Policy

Tell us if you have questions about your personal data or our Privacy Policy. Contact us at [email protected].

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

At Ninebright we place a large emphasis on the security of your personal information. There is nothing more important to us than our relationship with our customers thus we care about securing any personal data that we process.

It is important for us to be compliant with the privacy requirements of PDPA (Regulation (MY) 2010/709 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and as required by the Personal Data Protection Act. We make sure that our related Companies and subcontractors are compliant, as well. Stated below is the summary of our practices related to processing personal data. Should you have any questions regarding this subject please feel free to contact us and we will be happy to help you out with your inquiries.

Ninebright in view of the GDPR is the controller (Malaysian: administrator) of your data. Here is our full registered name:

Ninebright Group Sdn Bhd, registered with the Companies Commission of Malaysia (Suruhanjaya Syarikat Malaysia), registration number 202001025880, address S-23-11, Wisma YNH Kiara, 8, Jalan Kiara, Mont Kiara, 50480 Kuala Lumpur, Malaysia.

Ninebright collects your personal data through various means. Some data is collected automatically when you visit out page at www.ninebright.com and its subpages, other you can choose to share with us via email, land mail, phone or other means of communication, as well as during employee referral program (e.g. name, surname, email address, contact details, CV, Linkedin profile or any other data provided in CV).

If personal data are not collected from the data subject, they were obtained e.g. from Ninebright clients, contractors, partners, or co-workers, as well as from publicly accessible registers and Internet platforms or during employee referral program.

When you contact us, you share some personal information with us. For instance, when you choose to use our online contact form you have to provide your name and email address. Depending on the context in which you interact with us, such as business venture or recruitment you may have to provide other information about yourself. Whenever we collect your data in this way you will be informed of it and asked for consent. You do not have to agree and provide us with this data, but we may not be able to interact with you if you choose so.

You may also provide us with your email address by subscribing to our newsletter. It is a voluntary option and you are free to cancel your subscription at any time.

The period of personal data processing depends on the purpose and legal basis of the processing. Personal data obtained through the contact forms or addresses indicated for communication will be processed for the duration of the communication or until an objection to the processing is raised, unless another legal basis for the processing of personal data applies.

Personal data collected for recruitment will be processed for the duration of the recruitment period and if you express the voluntary, separate consent to the processing of their personal data for the purposes of future recruitment processes – for a period of 1 year.

The personal data of contractors or clients will be processed for the duration of the agreement, and after this period for the time necessary to comply with the law and to establish, investigate or defend against any claims. Personal data processed in order to fulfill the legal obligations will be processed for the period resulting from the relevant legal provisions.

Personal data collected for the purpose of sending a newsletter will be processed until the consent is withdrawn.

Same as many other webpages our site uses a special type of small files stored on your device called cookies. They are used to provide you a personalised experience by tailoring some of the website’s features like advertisements to your preferences as well as remembering some of your choices on our website for future visits. They are also necessary for some features of the websites to run properly.

Cookies are used to help us improve our services as well. They help us to collect anonymised information about your activity on the website, for instance which parts of the screen are most often “visited” by your mouse pointer so that we can structure our website in a more optimal and user-friendly way.

We also collect information about your hardware and software. When you visit our webpage we automatically log information such as your operating system, web browser, how much time you spent on our webpage, your activity there and your IP address.

We use your personal information in many different ways depending on the type of information. We use your information for the following reasons:

  • to run, maintain and improve our sites, products and services based on our legitimate interest;
  • to interact with our customers by replying to comments and questions as well as by providing customer support based on our legitimate interest;
  • to provide and deliver products and services to our customers request, to conclude and execute contracts;
  • to interact with you in other ways such as during the current recruitment and future recruitment processes based on your consent,
  • to send you newsletter based on your consent,
  • to enable you to download ebooks based on your consent,
  • to fulfil legal obligations regarding in particular accounting and tax,
  • to investigate or safeguard against possible claims and defend rights based on our legitimate interest.

We respect your privacy, so we keep the sharing of your information to the minimum. However, there are certain situations in which it is necessary.

We may share your personal data upon your consent. In the cases where your consent is required, we will ask you if you agree to share your personal data and/or provide you with additional information, commercial offers or cooperation opportunities. You are always free to disagree in those cases.

We may share your personal information when our company is subject to a business transaction involving sale or a transfer of all or part of our shares or assents assets such as during merger, financing, acquisition or bankruptcy transaction or proceedings.

We may also share your information to comply with binding provisions of the law or to pursue a valid legal reason. These include responding to lawful requests and legal processes, protection of rights and property of Ninebright, our agents, customers and others.

We may share your personal data in an emergency to protect vital interests of our employees, subcontractors, agents, customers or any persons.

We may also share your personal information with those who work with us, including in particular our IT subcontractors, administration staff, accountants, lawyers and/or tax advisors. Please note that whenever you are contacting us via our website www.ninebright.com or via our emails address [email protected] – the information included in such correspondence may be accessed by any of our Team members (incl. the IT developers who are our subcontractors/ sub-processors as well as by our administration staff).

Further, please note that our company uses cloud-based services such as in particular G Suite (information management service including amongst others e-mails and virtual drive, operated by the Google group), Trello (operated by Atlassian group) and Slack. Any processing outside the European Economic Area (EEA) to a third party country which is not deemed by European Commission a country fulfilling a required protection level, will be based on up-to-date standard contractual clauses approved by the European Commission. Information and copy of safeguards including such standard contractual clauses may be provided at the Ninebright registered office or via e-mail. By contacting us via email or our website you agree that the information you share with us (in particular, the personal data) will be processed in these services.

Further, please note that if you contact us to join our Team as one of our subcontractors (i.e. our Team members who cooperate with us on the business-to-business basis, as registered entrepreneurs) – your personal data will be processed subject to our Recruitment Policy which you may request from us for your review before submitting your application.

Whenever we share your personal data we make sure that the party we share it with provides sufficient guarantees of its safety. We also sign a DPA (Data Processing Agreement) when such an option is possible.

Furthermore, we are applying internal standards of the personal data processing which is set out in our Personal Data Protection Policy.

On our site, we use hyperlinks and social plugins to third party websites (e.g. Twitter, Linkedin, Instagram, Facebook, Slideshare, Clutch, Dribbble, Github, Youtube). The plugins are independent extensions of the social network providers. We, therefore, have no influence on the extent of the data collected by the social network providers using the plugins.

The purpose and scope of data collection, further processing and use of data by the third parties, as well as the associated rights of users and setting options for protecting privacy, are described in the privacy policy information of the respective provider. Ninebright has no control over, and is not responsible for, the privacy policies and practices of third parties. If you do not want the providers of social networks to receive data and possibly save or use them, you should not use the respective plugins on our site.

We are happy to inform you of your rights and make sure that you can use them whenever you desire.

You have a right to withdraw your consent. Whenever we process your personal data based on your consent we do it only for as long as you permit us. All our marketing emails have an informative section describing to you how you can opt-out of them. If you choose to do so we will no longer send you the newsletter, however we may still contact you regarding non-marketing stuff such as your accounts matters or our business dealings with you, or if there is any additional processing basis.

Remember that when we ask you for your consent you can say no, or withdraw it at any moment you please, however this may mean we will no longer be able to provide you with some or all our services based on your consent. Withdrawal of your consent doesn’t affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

You have a right to information on your data processing. If you so choose you can ask us to provide you with a summary of the whole scope of your data being processed by us.

You have a right to a copy of your data. You can ask us to provide you with a copy of all your data processed by us. We will do so in a convenient and easily readable format. First time is free; however, any subsequent requests may be subject to a fee covering our expenses.

You have a right to transfer your data. You can ask us to transfer all your data we process to another entity chosen by you.

You have a right to update your data. If at any point you find that information we process about you are outdated or simply wrong, you have a right to have them corrected.

You have a right to object to processing of your data based on public or our interests as well as to processing for direct marketing purposes.

You have a right to be forgotten. You can ask us to delete all your personal information. We may not be able to fully comply with your request however, if there are other lawful reasons for us to process your data such as a legal obligation.

You can directly influence the processing of your data by contacting us or by changing your devices settings.

You can disable cookies in your browser settings. Please note that this may cause some parts of our website to not load properly and otherwise change how the website works for you.

We take multiple steps to protect the safety of your personal information. We encrypt all our hard discs where your personal data is being stored as well as all the mobile devices that might be used to access services that we use to process your data (like a workplace communicator for instance). We also use top of the line anti-virus software on our computers to ensure maximum security of your data. All our employees use access passwords generated at random by a secure application and we strictly enforce that those passwords are not to be saved or noted in a place where potential third party can gain access to them. We also use two-factor-authentication with all apps and services that provide this option. Any physical copies of your data are also safely locked away in our main facility.

Apart from those technical measures we also employ organizational provisions aimed at increasing your data security as much as possible. We make sure that only those among us who absolutely have to gain access to your personal data do. By minimalizing the scope of our personnel with access to the data we aim at minimizing the possibility of human error threatening the safety of your data.

Please note however, that no system is impenetrable and there are many factors beyond our control that can compromise the safety of your data. In such a case we are prepared to fully cooperate with proper authorities to ensure swift termination of the risk and to minimalize potential damages.

In an event that you feel that your rights are violated, or the security of your data is being infringed you have a right to report your concerns to the proper authorities. We strongly suggest that you contact us first with any concerns whatsoever, should you choose to go straight to the authorities however, this is how you should do it.

The proper authority in the field of data protection in Malaysia is Department of Personal Data Protection (JPDP) or President of the Office of Personal Data Protection. There are a multitude of ways to contact JPDP, both traditional and electronic.

You can visit JPDP’s office at Level 6, Ministry of Communications and Digital Complex, Lot 4G9, Persiaran Perdana, Presint 4, Pusat Pentadbiran Kerajaan Persekutuan, 62100 Putrajaya, Malaysia every business day, from 8AM to 4PM GMT+8. You can also send your complaint by post, to the same address.

You can also call the phone line 603-8000 8000 from 10AM to 2PM GMT+8 on business days.

Should you choose so you can file your complaint via the electronic platforms at SPDP and daftar.pdp.gov.my/p_aduan or send it via e-mail at [email protected]

Please note that to be able to use electronic platforms you need to have the trusted profile. For further information on filing a complaint with SPDP please visit https://daftar.pdp.gov.my/

We constantly change and adapt to new challenges and situations to provide better services and data protection. Same is true with this Privacy Policy. You can always see the date of the last update of this Policy below.

This Privacy Policy has been updated on 29 December 2023.

We respect your privacy, so we keep the sharing of your information to the minimum. However, there are certain situations in which it is necessary.

We may share your personal data upon your consent. In the cases where your consent is required, we will ask you if you agree to share your personal data and/or provide you with additional information, commercial offers or cooperation opportunities. You are always free to disagree in those cases.

We may share your personal information when our company is subject to a business transaction involving sale or a transfer of all or part of our shares or assents assets such as during merger, financing, acquisition or bankruptcy transaction or proceedings.

We may also share your information to comply with binding provisions of the law or to pursue a valid legal reason. These include responding to lawful requests and legal processes, protection of rights and property of Ninebright, our agents, customers and others.

We may share your personal data in an emergency to protect vital interests of our employees, subcontractors, agents, customers or any persons.

We may also share your personal information with those who work with us, including in particular our IT subcontractors, administration staff, accountants, lawyers and/or tax advisors. Please note that whenever you are contacting us via our website www.ninebright.com or via our emails address [email protected] – the information included in such correspondence may be accessed by any of our Team members (incl. the IT developers who are our subcontractors/ sub-processors as well as by our administration staff).

Further, please note that our company uses cloud-based services such as in particular G Suite (information management service including amongst others e-mails and virtual drive, operated by the Google group), Trello (operated by Atlassian group) and Slack. Any processing outside the European Economic Area (EEA) to a third party country which is not deemed by European Commission a country fulfilling a required protection level, will be based on up-to-date standard contractual clauses approved by the European Commission. Information and copy of safeguards including such standard contractual clauses may be provided at the Ninebright registered office or via e-mail. By contacting us via email or our website you agree that the information you share with us (in particular, the personal data) will be processed in these services.

Further, please note that if you contact us to join our Team as one of our subcontractors (i.e. our Team members who cooperate with us on the business-to-business basis, as registered entrepreneurs) – your personal data will be processed subject to our Recruitment Policy which you may request from us for your review before submitting your application.

Whenever we share your personal data we make sure that the party we share it with provides sufficient guarantees of its safety. We also sign a DPA (Data Processing Agreement) when such an option is possible.

Furthermore, we are applying internal standards of the personal data processing which is set out in our Personal Data Protection Policy.

On our site, we use hyperlinks and social plugins to third party websites (e.g. Twitter, Linkedin, Instagram, Facebook, Slideshare, Clutch, Dribbble, Github, Youtube). The plugins are independent extensions of the social network providers. We, therefore, have no influence on the extent of the data collected by the social network providers using the plugins.

The purpose and scope of data collection, further processing and use of data by the third parties, as well as the associated rights of users and setting options for protecting privacy, are described in the privacy policy information of the respective provider. Ninebright has no control over, and is not responsible for, the privacy policies and practices of third parties. If you do not want the providers of social networks to receive data and possibly save or use them, you should not use the respective plugins on our site.

We are happy to inform you of your rights and make sure that you can use them whenever you desire.

You have a right to withdraw your consent. Whenever we process your personal data based on your consent we do it only for as long as you permit us. All our marketing emails have an informative section describing to you how you can opt-out of them. If you choose to do so we will no longer send you the newsletter, however we may still contact you regarding non-marketing stuff such as your accounts matters or our business dealings with you, or if there is any additional processing basis.

Remember that when we ask you for your consent you can say no, or withdraw it at any moment you please, however this may mean we will no longer be able to provide you with some or all our services based on your consent. Withdrawal of your consent doesn’t affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

You have a right to information on your data processing. If you so choose you can ask us to provide you with a summary of the whole scope of your data being processed by us.

You have a right to a copy of your data. You can ask us to provide you with a copy of all your data processed by us. We will do so in a convenient and easily readable format. First time is free; however, any subsequent requests may be subject to a fee covering our expenses.

You have a right to transfer your data. You can ask us to transfer all your data we process to another entity chosen by you.

You have a right to update your data. If at any point you find that information we process about you are outdated or simply wrong, you have a right to have them corrected.

You have a right to object to processing of your data based on public or our interests as well as to processing for direct marketing purposes.

You have a right to be forgotten. You can ask us to delete all your personal information. We may not be able to fully comply with your request however, if there are other lawful reasons for us to process your data such as a legal obligation.

You can directly influence the processing of your data by contacting us or by changing your devices settings.

You can disable cookies in your browser settings. Please note that this may cause some parts of our website to not load properly and otherwise change how the website works for you.

We take multiple steps to protect the safety of your personal information. We encrypt all our hard discs where your personal data is being stored as well as all the mobile devices that might be used to access services that we use to process your data (like a workplace communicator for instance). We also use top of the line anti-virus software on our computers to ensure maximum security of your data. All our employees use access passwords generated at random by a secure application and we strictly enforce that those passwords are not to be saved or noted in a place where potential third party can gain access to them. We also use two-factor-authentication with all apps and services that provide this option. Any physical copies of your data are also safely locked away in our main facility.

Apart from those technical measures we also employ organizational provisions aimed at increasing your data security as much as possible. We make sure that only those among us who absolutely have to gain access to your personal data do. By minimalizing the scope of our personnel with access to the data we aim at minimizing the possibility of human error threatening the safety of your data.

Please note however, that no system is impenetrable and there are many factors beyond our control that can compromise the safety of your data. In such a case we are prepared to fully cooperate with proper authorities to ensure swift termination of the risk and to minimalize potential damages.

In an event that you feel that your rights are violated, or the security of your data is being infringed you have a right to report your concerns to the proper authorities. We strongly suggest that you contact us first with any concerns whatsoever, should you choose to go straight to the authorities however, this is how you should do it.

The proper authority in the field of data protection in Malaysia is Department of Personal Data Protection (JPDP) or President of the Office of Personal Data Protection. There are a multitude of ways to contact JPDP, both traditional and electronic.

You can visit JPDP’s office at Level 6, Ministry of Communications and Digital Complex, Lot 4G9, Persiaran Perdana, Presint 4, Pusat Pentadbiran Kerajaan Persekutuan, 62100 Putrajaya, Malaysia every business day, from 8AM to 4PM GMT+8. You can also send your complaint by post, to the same address.

You can also call the phone line 603-8000 8000 from 10AM to 2PM GMT+8 on business days.

Should you choose so you can file your complaint via the electronic platforms at SPDP and daftar.pdp.gov.my/p_aduan or send it via e-mail at [email protected]

Please note that to be able to use electronic platforms you need to have the trusted profile. For further information on filing a complaint with SPDP please visit https://daftar.pdp.gov.my/

We constantly change and adapt to new challenges and situations to provide better services and data protection. Same is true with this Privacy Policy. You can always see the date of the last update of this Policy below.

This Privacy Policy has been updated on 29 December 2023.