CRONY

CRONY Legal

PRIVACY NOTICE / NOTIS PRIVASI

Crony Solution · 202603112870 (IP0624709-V) · Berkuat kuasa / Effective: 24 June 2026

Bahasa Melayu

1. Pengenalan

Notis Privasi ini menerangkan bagaimana Crony Solution (No. Syarikat 202603112870 (IP0624709-V)) ("CRONY", "kami") mengumpul, menggunakan, mendedahkan, dan melindungi data peribadi apabila anda menggunakan Crony App di crony.my serta portal penganjur atau admin yang berkaitan.

Kami memproses data peribadi selaras dengan Akta Perlindungan Data Peribadi 2010 (PDPA) Malaysia. Dengan mendaftar, log masuk, atau terus menggunakan CRONY, anda mengakui Notis ini. Bagi pemprosesan yang bergantung pada persetujuan, anda boleh menarik baliknya pada bila-bila masa, tertakluk kepada had perundangan dan kontrak.

2. Data Peribadi Yang Kami Kumpul

Kami mengumpul data peribadi yang anda berikan secara langsung, data yang dijana melalui penggunaan platform, dan data teknikal. Kategori ini termasuk:

  • Akaun & Identiti: Alamat e-mel, kata laluan (disimpan sebagai cincangan/hash selamat), data profil log masuk Google (nama, avatar), dan ID pengguna.
  • Profil Vendor & Perniagaan: Nama jenama, nama syarikat, no. pendaftaran SSM, kategori perniagaan, senarai produk, negeri, nama dan jawatan wakil (PIC), nombor telefon, alamat bil, status halal, sejarah acara, pautan sosial awam, logo, dan imej galeri.
  • Dokumen Pematuhan: Salinan sijil SSM, sijil suntikan tifoid, dan sijil makanan/halal (Muat naik PDF tidak dipaparkan secara awam).
  • Kandungan Pengguna: Hantaran suapan (feed), komen, reaksi, ulasan profil elektronik (teks, penarafan), serta metadata anti-penyalahgunaan (IP dan maklumat peranti).
  • Tempahan Acara: Butiran pilihan reruai (booth), status tempahan, log pembayaran, dan petikan data (snapshot) vendor semasa permohonan.
  • Data Keselamatan & Teknikal: Alamat IP, jenis pelayar, sistem operasi, kuki autentikasi, log sesi audit, dan acara analitik melalui Google Tag Manager.

3. Tujuan Pemprosesan

Data peribadi anda diproses untuk tujuan teras berikut:

  • Mengurus penciptaan akaun, autentikasi, dan penyepaduan profil platform.
  • Melaksanakan proses onboarding, pengesahan kelayakan vendor, dan semakan dokumen pematuhan.
  • Memproses permohonan reruai (booth), transaksi, dan komunikasi dengan penganjur acara yang telah disaring.
  • Mengendalikan ciri komuniti awam seperti profil elektronik vendor, suapan (feed), dan sistem ulasan.
  • Menghantar mesej operasi penting (amaran keselamatan, pengesahan tempahan) dan komunikasi pemasaran (tertakluk pada pilihan anda).
  • Melindungi integriti sistem melalui pencegahan penipuan, had kadar trafik, dan siasatan audit penyalahgunaan.

5. Penzahiran Kepada Pihak Ketiga

Kami tidak menjual data peribadi anda. Data hanya dikongsi atas dasar perlu tahu (need to know basis) dengan:

  • Pembekal Infrastruktur: Penyedia pengehosan awan, pangkalan data, autentikasi, storan fail, dan keselamatan rangkaian yang berdaftar dengan CRONY.
  • Pihak Ketiga Terpilih: Google (Log masuk & Analitik) dan penyedia gerbang pembayaran (hanya memproses rujukan transaksi; nombor kad penuh tidak disimpan oleh CRONY).
  • Penganjur Acara: Maklumat pendaftaran dan dokumen sokongan dizahirkan kepada penganjur yang berdaftar untuk tujuan kelulusan acara.
  • Pihak Berkuasa Undang-undang: Apabila diwajibkan oleh proses undang-undang Malaysia yang sah.

6. Pemindahan Rentas Sempadan

Pembekal teknologi awan kami mungkin memproses atau menyimpan data di pelayan (server) di luar Malaysia. Dalam situasi ini, kami mengambil langkah yang munasabah untuk memastikan pemindahan tersebut dilindungi oleh jaminan keselamatan dan kontrak selaras dengan peruntukan PDPA.

7. Kuki & Teknologi Serupa

Kami bergantung pada kuki penting (termasuk kuki sesi HttpOnly yang selamat) untuk mengekalkan log masuk yang selamat. Kuki pengurusan sesi dan storan sesi pelayar (sessionStorage) digunakan untuk melancarkan peralihan halaman. Anda boleh mengurus kuki bukan penting melalui tetapan pelayar, namun melumpuhkan kuki penting akan menjejaskan keupayaan anda untuk log masuk.

8. Langkah Keselamatan

CRONY menggunakan protokol keselamatan gred industri termasuk kuki HttpOnly/Secure, kawalan akses berdasarkan peranan pada pangkalan data, dan perlindungan perimet rangkaian proaktif. Log audit tidak boleh ubah (immutable logs) diaktifkan untuk tindakan sensitif. Walau bagaimanapun, memandangkan tiada sistem yang 100% kebal, anda bertanggungjawab menjaga kerahsiaan kata laluan anda.

Jika CRONY mengaktifkan pemantauan ralat pihak ketiga pada masa hadapan, pemprosesan data berkaitan akan dinyatakan dalam notis privasi yang dikemas kini.

9. Penyimpanan

Data profil dan operasi disimpan selagi akaun anda aktif. Dokumen pematuhan kewangan dan perniagaan mungkin disimpan sehingga tujuh (7) tahun selepas tamat perkhidmatan bagi memenuhi ketetapan cukai dan undang-undang. Log keselamatan disimpan di antara 12 hingga 24 bulan, melainkan tempoh lanjutan diperlukan untuk siasatan.

10. Komunikasi Pemasaran

CRONY dan penganjur rakan kongsi mungkin menghantar kemas kini promosi. Untuk ketelusan: aplikasi mungkin memerlukan persetujuan pemasaran awal untuk melengkapkan pendaftaran. Walau bagaimanapun, anda mengekalkan hak mutlak untuk menarik balik (opt out) persetujuan ini pada bila-bila masa dengan menghantar e-mel ke privacy@crony.my dengan subjek "Marketing opt out", tanpa menjejaskan akses kepada perkhidmatan teras.

11. Kanak-kanak

Platform CRONY dibangunkan khusus untuk pengguna perniagaan berumur lapan belas (18) tahun ke atas. Kami tidak mengumpul data kanak-kanak secara sengaja. Sila hubungi kami jika rekod sedemikian perlu dihapuskan.

12. Perubahan Kepada Notis Ini

CRONY berhak mengemas kini Notis ini. Perubahan material mungkin memerlukan persetujuan baharu (cth: persetujuan versi 2026.06). Penggunaan berterusan platform selepas tarikh pengemaskinian akan dianggap sebagai penerimaan sah.

13. Hubungi Kami & Hak Akses Data

Di bawah PDPA, anda berhak untuk memohon akses kepada, membuat pembetulan ke atas, memadam data peribadi anda yang tidak tepat, atau menyalurkan aduan. Untuk sebarang permohonan pelaksanaan hak ini atau pertanyaan privasi, sila hubungi kami di:

  • Entiti: Crony Solution (202603112870 (IP0624709-V))
  • E-mel Rasmi: privacy@crony.my
  • E-mel Alternatif: me@halem.my

(Nota: Kami mungkin memerlukan proses pengesahan identiti sebelum memproses permintaan anda.)

English

1. Introduction

This Privacy Notice explains how Crony Solution (Company No. 202603112870 (IP0624709-V)) ("CRONY", "we", "us") collects, uses, discloses, and protects personal data when you use the Crony App at crony.my and related organiser or admin portals.

We process personal data in strict accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. By registering, logging in, or continuing to use CRONY, you acknowledge this Notice. Where processing relies on consent, you may withdraw it subject to legal and contractual boundaries.

2. Personal Data We Collect

We collect data provided directly by you, generated via platform usage, and technical metrics. Categories include:

  • Account & Identity: Email address, password (stored as a secure hash), Google sign-in profile data (name, avatar), and user IDs.
  • Vendor & Business Profile: Brand name, company name, SSM registration number, business category, product lists, state, PIC name and position, contact number, billing address, halal status, past event history, public social links, logos, and gallery images.
  • Compliance Documents: Copies of SSM certificates, typhoid injection certificates, and food/halal certificates (PDF uploads are not displayed publicly).
  • User-Generated Content: Feed posts, comments, reactions, e profile reviews (text, ratings), and anti-abuse metadata (IP and device information).
  • Event Bookings: Booth selection details, booking status, payment logs, and vendor snapshots captured during applications.
  • Security & Technical Data: IP addresses, browser type, operating system, authentication cookies, audit session logs, and analytics events via Google Tag Manager.

3. Purposes of Processing

Your personal data is processed for the following core operations:

  • Managing account creation, authentication, and platform profile integration.
  • Executing onboarding procedures, vendor verification, and compliance document reviews.
  • Processing booth applications, transactions, and facilitating communication with screened event organisers.
  • Operating public community features such as vendor e-profiles, feeds, and the review ecosystem.
  • Dispatching critical operational messages (security alerts, booking confirmations) and, subject to your preference, marketing communications.
  • Safeguarding system integrity through fraud prevention, rate limiting, and abuse audit investigations.

5. Disclosure to Third Parties

We do not sell personal data. Information is strictly shared on a need to know basis with:

  • Infrastructure Providers: Registered cloud hosting, database, authentication, file storage, and network security providers engaged by CRONY.
  • Selected Third Parties: Google (Sign-in & Analytics) and payment gateway providers (processing transaction references only; CRONY does not store full card details).
  • Event Organisers: Registration information and supporting documents are disclosed to registered organisers for event approval purposes.
  • Legal Authorities: When mandated by valid Malaysian legal processes.

6. Cross Border Transfers

Our cloud technology providers may process or store data on servers located outside Malaysia. In such instances, we implement reasonable measures to ensure these transfers are safeguarded by security and contractual guarantees consistent with PDPA provisions.

7. Cookies & Similar Technologies

We rely on essential cookies (including secure HttpOnly session cookies) to maintain secure logins. Session management cookies and browser sessionStorage are utilized for seamless navigation. Non-essential cookies can be managed via browser settings, though disabling essential cookies will restrict login capabilities.

8. Security Measures

CRONY deploys industry-grade security protocols, including HttpOnly/Secure cookies, role-based database access controls, and proactive network perimeter protection. Immutable audit logs are enabled for sensitive actions. However, as no system is 100% impenetrable, you are responsible for maintaining the confidentiality of your password.

If CRONY enables third-party error monitoring in the future, related data processing will be described in an updated privacy notice.

9. Retention

Profile and operational data are retained as long as your account is active. Business and financial compliance documents may be held for up to seven (7) years post-service to fulfill tax and regulatory mandates. Security logs are retained between 12 to 24 months, unless extended periods are required for investigations.

10. Marketing Communications

CRONY and partner organisers may dispatch promotional updates. For transparency: the application may require an initial marketing opt in to complete registration. However, you retain the absolute right to opt out of this consent at any time by emailing privacy@crony.my with the subject "Marketing opt out", without losing access to core services.

11. Children

The CRONY platform is designed exclusively for business users aged eighteen (18) and above. We do not knowingly collect data from minors. Please contact us if such records require immediate deletion.

12. Changes to This Notice

CRONY reserves the right to update this Notice. Material changes may necessitate renewed consent (e.g., consent version 2026.06). Continued use of the platform following an update constitutes legal acceptance.

13. Contact Us & Data Access Rights

Under the PDPA, you have the right to request access to, correction of, or deletion of inaccurate personal data, or to lodge a complaint. To exercise these rights or for any privacy-related inquiries, please contact us at:

  • Entity: Crony Solution (202603112870 (IP0624709-V))
  • Official Email: privacy@crony.my
  • Alternative Email: me@halem.my

(Note: Identity verification may be required prior to processing your requests.)

Privacy Notice — CRONY | Notis Privasi PDPA