Privacy Policy

Effective: [SET DATE BEFORE PUBLISHING] · Version 1.0
Draft for review. This document is a working draft prepared for Astaka Mega Sdn Bhd and must be reviewed by a qualified Malaysian lawyer before it is relied on. It is not legal advice. Fields in amber must be completed before publishing.

Data user (PDPA): Astaka Mega Sdn Bhd (202501040520 (1641929-D))
Address: No. 30-02 (2nd Floor), Jalan Aliff 5, Taman Damansara Aliff, 81200 Johor Bahru, Johor, Malaysia
Contact: [dpo@berespro.my]
Law: Personal Data Protection Act 2010

This Privacy Policy explains how Astaka Mega Sdn Bhd, operating the Berespro platform, collects, uses, discloses and protects your personal data under the Personal Data Protection Act 2010.

1. Data we collect

We do not collect full identification numbers in our database (only the last four digits), precise background location, or your device contacts.

2. How we use your data

Service delivery and matching; identity and safety verification; fraud prevention; dispute resolution; legal compliance; and service notifications. We do not sell your personal data and do not use it for third-party advertising.

3. Who we share it with

4. Identity document handling

Identity document images and selfies are stored in a private, access-controlled location, viewable only by authorised reviewers through short-lived secure links. They are retained for [6 months] after account closure or as required by law, then deleted. Our database stores only your name and the last four digits of your identification number.

5. Retention

You may request deletion at any time, subject to statutory retention obligations.

6. Your rights under the PDPA

You have the right to access and correct your personal data, to withdraw consent, and to limit processing. Send requests to [dpo@berespro.my]. We respond within 21 days as required by the PDPA.

7. Security

We protect your data with encryption in transit (TLS), signed session tokens with expiry, rate limiting, audit logging of sensitive actions, least-access controls for staff, and by not storing card data on our systems. No system is perfectly secure. We work to protect your data and will notify you of a material breach as required.

8. Children

Berespro is not directed at, and not for use by, persons under 18.

9. Changes

We will post material changes to this policy with an updated effective date before they take effect.

Contact

Data protection contact: [dpo@berespro.my]