CRONY Legal
PRIVACY NOTICE / NOTIS PRIVASI
Bahasa Melayu
1. Pengenalan
Notis Privasi ini menerangkan bagaimana Crony Solution (No. Syarikat 202603112870 (IP0624709-V)) ("CRONY", "kami") mengumpul, menggunakan, mendedahkan, dan melindungi data peribadi apabila anda menggunakan Crony App di crony.my serta portal penganjur atau admin yang berkaitan.
Kami memproses data peribadi selaras dengan Akta Perlindungan Data Peribadi 2010 (PDPA) Malaysia. Dengan mendaftar, log masuk, atau terus menggunakan CRONY, anda mengakui Notis ini. Bagi pemprosesan yang bergantung pada persetujuan, anda boleh menarik baliknya pada bila-bila masa, tertakluk kepada had perundangan dan kontrak.
2. Data Peribadi Yang Kami Kumpul
Kami mengumpul data peribadi yang anda berikan secara langsung, data yang dijana melalui penggunaan platform, dan data teknikal. Kategori ini termasuk:
- Akaun & Identiti: Alamat e-mel, kata laluan (disimpan sebagai cincangan/hash selamat), data profil log masuk Google (nama, avatar), dan ID pengguna.
- Profil Vendor & Perniagaan: Nama jenama, nama syarikat, no. pendaftaran SSM, kategori perniagaan, senarai produk, negeri, nama dan jawatan wakil (PIC), nombor telefon, alamat bil, status halal, sejarah acara, pautan sosial awam, logo, dan imej galeri.
- Dokumen Pematuhan: Salinan sijil SSM, sijil suntikan tifoid, dan sijil makanan/halal (Muat naik PDF tidak dipaparkan secara awam).
- Kandungan Pengguna: Hantaran suapan (feed), komen, reaksi, ulasan profil elektronik (teks, penarafan), serta metadata anti-penyalahgunaan (IP dan maklumat peranti).
- Tempahan Acara: Butiran pilihan reruai (booth), status tempahan, log pembayaran, dan petikan data (snapshot) vendor semasa permohonan.
- Data Keselamatan & Teknikal: Alamat IP, jenis pelayar, sistem operasi, kuki autentikasi, log sesi audit, dan acara analitik melalui Google Tag Manager.
3. Tujuan Pemprosesan
Data peribadi anda diproses untuk tujuan teras berikut:
- Mengurus penciptaan akaun, autentikasi, dan penyepaduan profil platform.
- Melaksanakan proses onboarding, pengesahan kelayakan vendor, dan semakan dokumen pematuhan.
- Memproses permohonan reruai (booth), transaksi, dan komunikasi dengan penganjur acara yang telah disaring.
- Mengendalikan ciri komuniti awam seperti profil elektronik vendor, suapan (feed), dan sistem ulasan.
- Menghantar mesej operasi penting (amaran keselamatan, pengesahan tempahan) dan komunikasi pemasaran (tertakluk pada pilihan anda).
- Melindungi integriti sistem melalui pencegahan penipuan, had kadar trafik, dan siasatan audit penyalahgunaan.
4. Asas Undang-undang & Persetujuan
Pemprosesan data kami bersandarkan pada: (a) Pelaksanaan kontrak untuk menyediakan perkhidmatan akaun dan tempahan; (b) Kepentingan sah untuk melindungi platform dan mencegah penyalahgunaan; dan (c) Persetujuan anda untuk komunikasi pemasaran serta paparan profil awam. Rekod persetujuan anda, termasuk cap masa dan versi dasar, disimpan dengan selamat untuk tujuan pengauditan.
5. Penzahiran Kepada Pihak Ketiga
Kami tidak menjual data peribadi anda. Data hanya dikongsi atas dasar perlu tahu (need to know basis) dengan:
- Pembekal Infrastruktur: Penyedia pengehosan awan, pangkalan data, autentikasi, storan fail, dan keselamatan rangkaian yang berdaftar dengan CRONY.
- Pihak Ketiga Terpilih: Google (Log masuk & Analitik) dan penyedia gerbang pembayaran (hanya memproses rujukan transaksi; nombor kad penuh tidak disimpan oleh CRONY).
- Penganjur Acara: Maklumat pendaftaran dan dokumen sokongan dizahirkan kepada penganjur yang berdaftar untuk tujuan kelulusan acara.
- Pihak Berkuasa Undang-undang: Apabila diwajibkan oleh proses undang-undang Malaysia yang sah.
6. Pemindahan Rentas Sempadan
Pembekal teknologi awan kami mungkin memproses atau menyimpan data di pelayan (server) di luar Malaysia. Dalam situasi ini, kami mengambil langkah yang munasabah untuk memastikan pemindahan tersebut dilindungi oleh jaminan keselamatan dan kontrak selaras dengan peruntukan PDPA.
8. Langkah Keselamatan
CRONY menggunakan protokol keselamatan gred industri termasuk kuki HttpOnly/Secure, kawalan akses berdasarkan peranan pada pangkalan data, dan perlindungan perimet rangkaian proaktif. Log audit tidak boleh ubah (immutable logs) diaktifkan untuk tindakan sensitif. Walau bagaimanapun, memandangkan tiada sistem yang 100% kebal, anda bertanggungjawab menjaga kerahsiaan kata laluan anda.
Jika CRONY mengaktifkan pemantauan ralat pihak ketiga pada masa hadapan, pemprosesan data berkaitan akan dinyatakan dalam notis privasi yang dikemas kini.
9. Penyimpanan
Data profil dan operasi disimpan selagi akaun anda aktif. Dokumen pematuhan kewangan dan perniagaan mungkin disimpan sehingga tujuh (7) tahun selepas tamat perkhidmatan bagi memenuhi ketetapan cukai dan undang-undang. Log keselamatan disimpan di antara 12 hingga 24 bulan, melainkan tempoh lanjutan diperlukan untuk siasatan.
10. Komunikasi Pemasaran
CRONY dan penganjur rakan kongsi mungkin menghantar kemas kini promosi. Untuk ketelusan: aplikasi mungkin memerlukan persetujuan pemasaran awal untuk melengkapkan pendaftaran. Walau bagaimanapun, anda mengekalkan hak mutlak untuk menarik balik (opt out) persetujuan ini pada bila-bila masa dengan menghantar e-mel ke privacy@crony.my dengan subjek "Marketing opt out", tanpa menjejaskan akses kepada perkhidmatan teras.
11. Kanak-kanak
Platform CRONY dibangunkan khusus untuk pengguna perniagaan berumur lapan belas (18) tahun ke atas. Kami tidak mengumpul data kanak-kanak secara sengaja. Sila hubungi kami jika rekod sedemikian perlu dihapuskan.
12. Perubahan Kepada Notis Ini
CRONY berhak mengemas kini Notis ini. Perubahan material mungkin memerlukan persetujuan baharu (cth: persetujuan versi 2026.06). Penggunaan berterusan platform selepas tarikh pengemaskinian akan dianggap sebagai penerimaan sah.
13. Hubungi Kami & Hak Akses Data
Di bawah PDPA, anda berhak untuk memohon akses kepada, membuat pembetulan ke atas, memadam data peribadi anda yang tidak tepat, atau menyalurkan aduan. Untuk sebarang permohonan pelaksanaan hak ini atau pertanyaan privasi, sila hubungi kami di:
- Entiti: Crony Solution (202603112870 (IP0624709-V))
- E-mel Rasmi: privacy@crony.my
- E-mel Alternatif: me@halem.my
(Nota: Kami mungkin memerlukan proses pengesahan identiti sebelum memproses permintaan anda.)
English
1. Introduction
This Privacy Notice explains how Crony Solution (Company No. 202603112870 (IP0624709-V)) ("CRONY", "we", "us") collects, uses, discloses, and protects personal data when you use the Crony App at crony.my and related organiser or admin portals.
We process personal data in strict accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. By registering, logging in, or continuing to use CRONY, you acknowledge this Notice. Where processing relies on consent, you may withdraw it subject to legal and contractual boundaries.
2. Personal Data We Collect
We collect data provided directly by you, generated via platform usage, and technical metrics. Categories include:
- Account & Identity: Email address, password (stored as a secure hash), Google sign-in profile data (name, avatar), and user IDs.
- Vendor & Business Profile: Brand name, company name, SSM registration number, business category, product lists, state, PIC name and position, contact number, billing address, halal status, past event history, public social links, logos, and gallery images.
- Compliance Documents: Copies of SSM certificates, typhoid injection certificates, and food/halal certificates (PDF uploads are not displayed publicly).
- User-Generated Content: Feed posts, comments, reactions, e profile reviews (text, ratings), and anti-abuse metadata (IP and device information).
- Event Bookings: Booth selection details, booking status, payment logs, and vendor snapshots captured during applications.
- Security & Technical Data: IP addresses, browser type, operating system, authentication cookies, audit session logs, and analytics events via Google Tag Manager.
3. Purposes of Processing
Your personal data is processed for the following core operations:
- Managing account creation, authentication, and platform profile integration.
- Executing onboarding procedures, vendor verification, and compliance document reviews.
- Processing booth applications, transactions, and facilitating communication with screened event organisers.
- Operating public community features such as vendor e-profiles, feeds, and the review ecosystem.
- Dispatching critical operational messages (security alerts, booking confirmations) and, subject to your preference, marketing communications.
- Safeguarding system integrity through fraud prevention, rate limiting, and abuse audit investigations.
4. Legal Basis & Consent
Our data processing relies on: (a) Performance of a contract to provide requested account and booking services; (b) Legitimate interests to secure the platform and prevent abuse; and (c) Your explicit consent for marketing communications and public profile disclosures. Consent records, including timestamps and policy versions, are securely stored for auditing.
5. Disclosure to Third Parties
We do not sell personal data. Information is strictly shared on a need to know basis with:
- Infrastructure Providers: Registered cloud hosting, database, authentication, file storage, and network security providers engaged by CRONY.
- Selected Third Parties: Google (Sign-in & Analytics) and payment gateway providers (processing transaction references only; CRONY does not store full card details).
- Event Organisers: Registration information and supporting documents are disclosed to registered organisers for event approval purposes.
- Legal Authorities: When mandated by valid Malaysian legal processes.
6. Cross Border Transfers
Our cloud technology providers may process or store data on servers located outside Malaysia. In such instances, we implement reasonable measures to ensure these transfers are safeguarded by security and contractual guarantees consistent with PDPA provisions.
8. Security Measures
CRONY deploys industry-grade security protocols, including HttpOnly/Secure cookies, role-based database access controls, and proactive network perimeter protection. Immutable audit logs are enabled for sensitive actions. However, as no system is 100% impenetrable, you are responsible for maintaining the confidentiality of your password.
If CRONY enables third-party error monitoring in the future, related data processing will be described in an updated privacy notice.
9. Retention
Profile and operational data are retained as long as your account is active. Business and financial compliance documents may be held for up to seven (7) years post-service to fulfill tax and regulatory mandates. Security logs are retained between 12 to 24 months, unless extended periods are required for investigations.
10. Marketing Communications
CRONY and partner organisers may dispatch promotional updates. For transparency: the application may require an initial marketing opt in to complete registration. However, you retain the absolute right to opt out of this consent at any time by emailing privacy@crony.my with the subject "Marketing opt out", without losing access to core services.
11. Children
The CRONY platform is designed exclusively for business users aged eighteen (18) and above. We do not knowingly collect data from minors. Please contact us if such records require immediate deletion.
12. Changes to This Notice
CRONY reserves the right to update this Notice. Material changes may necessitate renewed consent (e.g., consent version 2026.06). Continued use of the platform following an update constitutes legal acceptance.
13. Contact Us & Data Access Rights
Under the PDPA, you have the right to request access to, correction of, or deletion of inaccurate personal data, or to lodge a complaint. To exercise these rights or for any privacy-related inquiries, please contact us at:
- Entity: Crony Solution (202603112870 (IP0624709-V))
- Official Email: privacy@crony.my
- Alternative Email: me@halem.my
(Note: Identity verification may be required prior to processing your requests.)