Privacy Policy

1. Introduction and Scope

This Privacy Policy applies to all personal data collected by Bestari Labs ("we", "us", "our") through our website at bestarilabs.live, our service enquiry processes, and our client engagements. It covers individuals who visit our website, submit enquiries, or enter into a service relationship with us.

By using our website or services, you acknowledge that you have read and understood this policy. For questions, contact us at [email protected].

2. What Personal Data We Collect

Information You Provide Directly

• Full name and job title (when provided)
• Email address
• Phone number (optional)
• Organisation name and industry
• Message content submitted through our contact form

Information Collected Automatically

• Browser type and version
• Pages visited and time spent on each page
• Referring website or search term
• Approximate geographic location (country or city level)
• Device type (desktop, mobile, tablet)

Information from Service Engagements

When you engage Bestari Labs for a service, we may collect additional information relevant to the scope of work — for example, aggregated and anonymised employee data for the Analytics service, or system configuration details for the Edge AI or Vendor Management services. These are handled under separate data processing agreements.

3. How We Use Your Data

We use personal data for the following purposes:

• Responding to enquiries: When you contact us, we use your name and contact details to respond and follow up appropriately.
• Delivering services: For active engagements, contact information and relevant project data are used to coordinate and deliver the agreed scope of work.
• Improving our website: Aggregated, anonymised analytics data helps us understand how visitors use our site and where we can improve it.
• Legal and compliance obligations: We retain certain records as required under Malaysian law, including for accounting and contractual purposes.
• Communications: With your consent, we may send relevant updates about our services. You can withdraw this consent at any time.

We do not sell personal data to third parties, and we do not use it for automated decision-making that produces legal or significant effects on individuals.

4. Legal Basis for Processing

Under Malaysia's PDPA 2010, we process personal data on the following bases:

• Consent: Where you have provided express consent, such as when submitting a contact form or agreeing to receive communications.
• Contractual necessity: Where processing is necessary to deliver a service you have engaged us for.
• Legitimate interests: Where we have a reasonable business interest, such as maintaining records of communications or improving our website, and this interest does not override your rights.
• Legal obligation: Where we are required by law to retain or process certain information.

5. Data Sharing and Third Parties

We share personal data only where necessary and appropriate:

• Service delivery partners: Where a project requires specialist input, we may work with contracted third parties under confidentiality obligations.
• Analytics tools: We use web analytics services (such as Google Analytics) that process aggregated, anonymised usage data. These services have their own privacy policies.
• Legal requirements: We may disclose data where required by Malaysian law, court order, or government authority.

We do not transfer personal data outside Malaysia except where appropriate safeguards are in place and in compliance with PDPA requirements.

6. How We Protect Your Data

We take reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, or loss. These include:

• Encrypted data transmission (HTTPS) for all web communications
• Access controls limiting data access to authorised personnel only
• Secure storage of client records with regular review
• Confidentiality obligations for all team members and contractors

In the event of a data breach that is likely to affect your rights or interests, we will notify you and the relevant authority as required under applicable law.

7. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected:

• Enquiry records: Up to 12 months after the last communication, unless a service relationship is established.
• Client engagement records: Up to 7 years following the completion of a project, for contractual and accounting purposes.
• Website analytics data: Typically 26 months in aggregated form, as per standard analytics platform defaults.

Once personal data is no longer required, it is securely deleted or anonymised.

8. Cookies

Our website uses cookies to support its operation and to understand how visitors use it. These include essential cookies (required for the site to function) and optional analytics or preference cookies (which you can accept or decline).

For full details on the types of cookies we use and how to manage your preferences, please see our Cookie Policy.

9. Your Rights

Under Malaysia's PDPA 2010, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that inaccurate or incomplete data be corrected.
• Withdrawal of consent: Withdraw consent to data processing where consent is the legal basis.
• Limitation: Request that we limit how we use your data in certain circumstances.
• Complaint: Lodge a complaint with the relevant supervisory authority if you believe your data has been handled incorrectly.

To exercise any of these rights, please contact us at [email protected]. We will respond within a reasonable timeframe and in accordance with applicable requirements.

10. External Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their respective policies before providing any personal data.

11. Individuals Under 18

Our services are directed at organisations and business professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently received data from a minor, please contact us and we will take appropriate steps to remove it.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated version will be published on this page with a revised "Last Updated" date. We encourage you to check this page periodically.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please reach out: