Privacy Policy

1. Introduction

Didik AI (referred to as "we", "us", or "our") is committed to protecting the personal data of individuals who engage with our services, visit our website, or contact us through any channel. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).

This policy applies to all personal data processed by Didik AI in connection with our AI integration consulting services and our website at didikai.live. If you have any questions, please contact us at [email protected].

2. Data We Collect

Information You Provide

• Name and job title
• Email address and phone number
• Organisation name and address
• Message content submitted via contact forms

Information Collected Automatically

• Browser type and operating system
• IP address and approximate location
• Pages visited and time spent on pages
• Referral source (how you reached our website)
• Cookie data (see Section 7)

Information from Engagements

During client engagements, we may process organisational data (which may include limited personal data) as required to deliver the agreed service. This is governed by a separate data processing agreement and non-disclosure agreement signed with each client.

3. Legal Basis for Processing

• Consent: Where you have provided consent, such as submitting a contact form or accepting non-essential cookies.
• Contractual necessity: Where processing is required to fulfil an engagement agreement.
• Legitimate interests: Where we have a legitimate business reason, such as improving our services, that does not override your rights.
• Legal obligation: Where processing is required to comply with applicable law.

4. How We Use Your Data

• Responding to enquiries submitted through our website or by phone
• Providing and managing consulting engagement services
• Sending service-related communications and updates
• Improving our website and service offerings based on usage patterns
• Complying with legal and regulatory requirements

We do not sell your personal data to third parties. We do not use your data for unsolicited marketing without your prior consent.

5. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

• Contact form data: up to 24 months from submission, unless an engagement follows
• Engagement-related data: up to 5 years following engagement close, in line with regulatory record-keeping requirements
• Website analytics data: aggregated, retained for up to 26 months

After the applicable retention period, data is securely deleted or anonymised.

6. Data Sharing

We may share your personal data with:

• Service providers: Including email, hosting, and analytics platforms — under appropriate data processing agreements
• Legal and regulatory authorities: Where required by Malaysian law
• Professional advisors: Including lawyers and accountants, under confidentiality obligations

We do not transfer personal data to parties outside Malaysia without appropriate safeguards in place.

7. Cookies

Our website uses cookies to improve your browsing experience and to understand how our site is used. You can manage your cookie preferences via our Cookie Policy page. For full details, please see our Cookie Policy.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

• Encrypted data storage and transmission (SSL/TLS)
• Access controls restricting data to authorised personnel
• Non-disclosure agreements with all staff and subcontractors
• Regular review of data handling practices

In the event of a data breach that is likely to result in significant harm, we will notify affected individuals and the relevant authority in accordance with Malaysian regulatory guidance.

9. Your Rights Under PDPA

As a data subject, you have the following rights:

• Access: Request a copy of personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Withdrawal of consent: Withdraw consent where processing is based on consent
• Limitation of processing: Request that we limit how we use your data in certain circumstances
• Complaint: Lodge a complaint with the Personal Data Protection Commissioner of Malaysia

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days.

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing personal data.

11. Children's Privacy

Our services are intended for business professionals aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have inadvertently collected such data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make significant changes, we will update the "Last Updated" date at the top of this page. Continued use of our website or services after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

For any privacy-related questions or to exercise your rights:

• Email: [email protected]
• Address: 26 Jalan Semantan, Damansara Heights, 50490 Kuala Lumpur, Malaysia
• Phone: +60 3-3749 8621