This policy explains how BrewWorks Digital Sdn. Bhd. ("BrewWorks", "we", "us") handles personal data collected through brewworks.pro and in the course of providing our services. We process personal data in accordance with the Malaysian Personal Data Protection Act 2010 (PDPA) and, where it applies to overseas clients, comparable legislation in their jurisdiction.
1. Who is responsible
The data user is BrewWorks Digital Sdn. Bhd. (Company No. 202101034872 (1431208-K)), Suite 27-03, Menara Keck Seng, 203 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia. Questions about this policy go to [email protected] or +60 3-2716 4409.
2. What we collect, and when
We collect personal data in three situations:
- When you contact us. Name, email address, phone number if you provide one, and whatever you write in your message.
- When you become a client. Billing details, company information, project credentials you share with us, and correspondence records.
- When you browse this site. Standard server logs (IP address, browser type, pages requested, timestamps) and, only if you accept them, preference cookies described in our Cookie Policy.
3. Why we use it
We use personal data to reply to enquiries, prepare proposals, deliver contracted services, invoice and collect payment, meet legal obligations (including tax record-keeping), and maintain the security of our website. We do not use your data for automated decision-making, and we do not send marketing emails to people who have merely enquired.
4. Who sees it
Within BrewWorks, access is limited to staff who need the data for their work. Outside BrewWorks, data may be handled by our hosting provider, our accounting firm and, for clients, payment processors — each bound by contract or professional duty to protect it. We do not sell, rent or trade personal data with anyone. If a court order or lawful government request compels disclosure, we comply only to the extent required.
5. Where it lives and for how long
Enquiry data is kept for up to twenty-four months, then deleted unless you have become a client. Client records are kept for seven years to satisfy Malaysian tax and audit requirements. Server logs rotate every ninety days. Data is stored on servers located in Malaysia and Singapore.
6. Your rights
Under the PDPA you may request access to the personal data we hold about you, ask us to correct it, withdraw consent to further processing, or ask what third parties have received it. Write to [email protected] with "Data request" in the subject line; we respond within twenty-one days. We may charge the small fee the PDPA permits for access requests, and we will tell you before any fee applies.
7. Security
The site is served over HTTPS. Contact form submissions are protected against cross-site request forgery, form data is validated and sanitised on the server, and administrative access to our systems requires multi-factor authentication. No system is perfectly secure; if a breach affecting your data ever occurs, we will notify you and the relevant authorities promptly.
8. Changes to this policy
When we change this policy we update the revision date at the top of this page. Material changes affecting existing clients are notified by email. Continued use of the site after a revision constitutes acceptance of the revised policy.