Personal Data Protection Notice (PDPA Notice)
Pursuant to Section 7 of the Personal Data Protection Act 2010 (Act 709), as amended by the Personal Data Protection (Amendment) Act 2024, with all phases active since 1 June 2025.
Effective date: 15 May 2026 · Last reviewed: May 2026 (2024 Amendment Act incorporated)
This Notice is provided by Fastlink Fix ("we", "us") as the Data Controller (formerly known as the "Data User" under the original 2010 Act; renamed under the 2024 Amendment Act) to inform you of how your personal data is processed when you engage our services or use our website.
A Bahasa Malaysia version of this Notice is available at /notis-privasi/ and will be provided alongside service contracts on request (PDPA requires processing notification in the language the data subject understands).
1. Personal data being processed
We collect and process the following personal data about you:
- Full name
- Contact details (phone number, email address, residential or business address)
- Property details (type, size, equipment installed)
- Photographs of equipment or premises submitted for quotation or work documentation
- Payment information (bank account number for transfers, credit/debit card details processed via secure third-party processors)
- Service history with Fastlink Fix
- Communications records (WhatsApp, email, phone)
2. Purposes for which the personal data is collected
- To respond to your service enquiries and prepare quotations
- To schedule, deliver, and document service work
- To administer Annual Maintenance Contracts
- To process payments and issue invoices
- To send service-related communications
- To send marketing communications (only with your express consent)
- To comply with legal, tax, and regulatory obligations
- To maintain records required for warranty, dispute resolution, and quality assurance
3. Source of personal data
- Directly from you (forms, WhatsApp, phone, email)
- Indirectly from your authorised representatives (property managers, tenants, family members) who provide your details to arrange service
- From third parties only with your consent
4. Right of access and correction
You have the right to request access to your personal data we hold and to request correction of inaccurate, incomplete, or out-of-date data.
To exercise these rights, contact our Data Protection Officer:
- Email: hello@fastlinkfix.com
- WhatsApp/Phone: +60 12-792 5700
We will respond within 21 days as required by the PDPA. A reasonable administrative fee may apply for access requests.
5. Classes of third parties to whom personal data may be disclosed
We may disclose your personal data to:
- Our employees and authorised representatives delivering the service
- Licensed subcontractors and service partners (e.g. pest control partner) under written confidentiality obligations
- Payment processors and financial institutions for payment transactions
- Professional advisors (legal, accounting, tax)
- Government authorities, regulatory bodies, and law enforcement where required by law
- Hosting and IT service providers under written data processing agreements
We do not sell personal data to third parties.
6. Choices and means to limit the processing of personal data
You may:
- Withdraw consent for direct marketing at any time by replying "STOP" to any marketing message or emailing hello@fastlinkfix.com
- Request that we cease processing your personal data for purposes beyond the original service engagement (subject to legal retention requirements)
- Decline to provide personal data — but this may prevent us from providing services
7. Whether the supply of personal data is obligatory
Provision of personal data is voluntary. However, certain data is necessary for us to deliver services:
- Required for service delivery: name, contact number, address, property details
- Required for payment: payment information
- Required for legal compliance: records required by tax law (retained 7 years)
If you do not provide required data, we may be unable to provide the requested service.
8. Consequences of failure to supply personal data
If you do not provide the personal data marked as required above, we cannot:
- Issue a quotation
- Schedule or deliver a service
- Issue an invoice
- Maintain warranty records
9. Retention period
Personal data is retained only as long as necessary:
- Active service records: duration of relationship + 7 years (tax compliance)
- Unconverted enquiries: 24 months
- Marketing consent records: until withdrawn
10. Right to data portability (PDPA Amendment Act 2024, Section 43A)
Under the 2024 Amendment Act, you have a new right to request that your personal data be transferred to another data controller in a structured, commonly-used, machine-readable format. To exercise this right:
- Send a written request to the DPO contact below specifying which categories of data you want transferred and the recipient data controller
- We respond within 21 days of receipt, including any administrative fee that may apply
- Where technically feasible, we transfer the data directly to the named recipient; otherwise we provide it to you in an exportable format
11. Data breach notification commitment
Under the 2024 Amendment Act, we are required to notify the PDP Commissioner (and you, where applicable) of any personal data breach that causes or is likely to cause significant harm. Our commitment:
- We notify the PDP Commissioner within the prescribed period (currently 72 hours of becoming aware of the breach) for breaches causing or likely to cause significant harm
- We notify affected data subjects directly when the breach is likely to cause significant harm to those individuals
- Our DPO maintains an incident log and breach response procedures per the Data Breach Notification (DBN) Guidelines issued by the PDP Department
- Failure to notify per the 2024 Amendment Act carries fines of up to RM 250,000 and/or imprisonment — we take this obligation seriously
12. Cross-border data transfer (CBPDT Guidelines No. 03/2025)
Some of our processing infrastructure uses cloud services hosted outside Malaysia. Per the Cross-Border Personal Data Transfer (CBPDT) Guidelines No. 03/2025 issued under the 2024 Amendment Act:
- Hosting provider: Hostinger (servers located in Singapore / regional data centres). Data processing agreement in place; provider operates under PDPA-equivalent privacy frameworks.
- Email and document collaboration: Google Workspace (Google Cloud, regional servers). Standard contractual safeguards under Google's Data Processing Amendment.
- Payment processing: Local Malaysian payment processors (FPX, DuitNow, Touch n Go, GrabPay, ShopeePay) where data stays within Malaysia. Card processing via Stripe / iPay88 with PCI-DSS Level 1 compliance.
- You may request the full list of cross-border data processors and their safeguards from our DPO.
13. Data processors we engage
Per the 2024 Amendment Act, data processors (entities that process data on our behalf) have direct compliance obligations under the Security Principle. Our principal data processors:
- Hostinger — website hosting and infrastructure
- Google LLC — email (hello@fastlinkfix.com), calendar, document storage
- Meta Platforms — Facebook Page, Instagram Business, WhatsApp Business (for customer communication)
- Stripe / iPay88 — card payment processing where applicable
- Licensed subcontractors (named in writing per job) — only data necessary for service delivery
Each data processor is bound by written data processing terms requiring PDPA-equivalent security standards.
14. Bahasa Malaysia version
A Bahasa Malaysia translation of this Notice is available at /notis-privasi/. In the event of inconsistency between the English and Bahasa Malaysia versions, the English version shall prevail. PDPA requires us to provide the Notice in the language the data subject understands.
15. Designated Data Protection Officer (DPO)
Per the DPO Guidelines issued under the 2024 Amendment Act, Fastlink Fix has designated a Data Protection Officer responsible for monitoring PDPA compliance, advising on processing activities, acting as the contact point for the PDP Commissioner and data subjects, and managing breach notifications.
DPO contact:
Name: {TBC_BY_SAL_DPO_NAME}
Role: Data Protection Officer, Fastlink Fix
Email: hello@fastlinkfix.com (subject line: "DPO request")
WhatsApp/Phone: +60 12-792 5700
Postal: No 87-89 Jalan Tuanku Abdul Rahman, 50100 Kuala Lumpur, Wilayah Persekutuan
16. Escalation to the PDP Commissioner
For unresolved complaints about how we process your personal data, you may escalate to the Personal Data Protection Commissioner:
- Website: pdp.gov.my
- Email: aduan@pdp.gov.my (per PDP Department published contacts)
- Postal: Department of Personal Data Protection, Ministry of Digital, Putrajaya