Data user (PDPA): Astaka Mega Sdn Bhd (202501040520 (1641929-D))
Address: No. 30-02 (2nd Floor), Jalan Aliff 5, Taman Damansara Aliff, 81200 Johor Bahru, Johor, Malaysia
Contact: [dpo@berespro.my]
Law: Personal Data Protection Act 2010
This Privacy Policy explains how Astaka Mega Sdn Bhd, operating the Berespro platform, collects, uses, discloses and protects your personal data under the Personal Data Protection Act 2010.
1. Data we collect
- Name, phone, email for account creation (via Google or phone sign-in) and contact between customer and partner.
- Approximate location or chosen city to match tasks and partners by distance.
- Task details, bids, messages, reviews to operate the marketplace.
- Partner identity verification: full name, last 4 digits of identification number, ID document images and a selfie, to verify identity for the safety of customers whose homes partners enter, and to prevent fraud.
- Device push token to send job and payment notifications, if enabled.
- Payment events (amount, status) as order records. Card and banking details are collected by our licensed payment service provider, not by Berespro.
We do not collect full identification numbers in our database (only the last four digits), precise background location, or your device contacts.
2. How we use your data
Service delivery and matching; identity and safety verification; fraud prevention; dispute resolution; legal compliance; and service notifications. We do not sell your personal data and do not use it for third-party advertising.
3. Who we share it with
- Our licensed payment service provider, to process payments and onboard partner payouts.
- Our authentication provider, to sign you in securely.
- Cloudflare, for hosting and infrastructure.
- The other party to your job, limited to what is necessary: first name, rating and job details. Phone numbers are shared only after a bid is accepted.
- Authorities, where required by Malaysian law.
4. Identity document handling
Identity document images and selfies are stored in a private, access-controlled location, viewable only by authorised reviewers through short-lived secure links. They are retained for [6 months] after account closure or as required by law, then deleted. Our database stores only your name and the last four digits of your identification number.
5. Retention
- Account data: while your account is active, plus [24 months].
- Transaction and audit records: [7 years] (statutory).
- Identity document images: as in clause 4.
You may request deletion at any time, subject to statutory retention obligations.
6. Your rights under the PDPA
You have the right to access and correct your personal data, to withdraw consent, and to limit processing. Send requests to [dpo@berespro.my]. We respond within 21 days as required by the PDPA.
7. Security
We protect your data with encryption in transit (TLS), signed session tokens with expiry, rate limiting, audit logging of sensitive actions, least-access controls for staff, and by not storing card data on our systems. No system is perfectly secure. We work to protect your data and will notify you of a material breach as required.
8. Children
Berespro is not directed at, and not for use by, persons under 18.
9. Changes
We will post material changes to this policy with an updated effective date before they take effect.
Contact
Data protection contact: [dpo@berespro.my]