PDPA Statement

This PDPA Statement sets out how IT Paradise Solutions Sdn. Bhd., the operator of SMS-LAH, complies with the Personal Data Protection Act 2010 (Act 709) of Malaysia ("PDPA"). It should be read together with our full Privacy Policy.

1. Overview

The PDPA regulates the processing of personal data in commercial transactions in Malaysia. IT Paradise Solutions Sdn. Bhd. is a registered data processor and, for the personal data of our platform users, also acts as a data user (controller) under the PDPA.

We take our obligations under the PDPA seriously. We have implemented technical, administrative, and physical safeguards to protect all personal data processed through the SMS-LAH platform.

2. PDPA Principles We Uphold

Our data handling practices are guided by the seven principles of the PDPA:

3. Our Role as Platform Operator

SMS-LAH operates in a dual capacity under the PDPA:

• As a Data User (Controller): For personal data of our registered customers (account holders), such as name, email, and billing information — we determine the purposes and means of processing.
• As a Data Processor: For contact data uploaded by our customers for the purpose of sending SMS — we process that data strictly on the instructions of the customer. The customer remains the Data User (Controller) responsible for ensuring they have obtained lawful consent from their contacts.

4. Personal Data We Hold About You (as Our Customer)

When you register and use SMS-LAH, we hold the following personal data about you:

• Full name, email address, phone number, and company name.
• Account credentials (password stored in hashed, irreversible format).
• Billing and credit transaction records.
• Campaign activity logs for up to 12 months.
• Communications with our support team.

This data is used solely to provide and maintain the Service, communicate with you about your account, and comply with our legal obligations. We do not use it for third-party marketing without your explicit consent.

5. Contact Data You Upload (Your Recipients)

When you upload contact lists to SMS-LAH, you are the Data User responsible for that personal data under the PDPA. By using our platform to send SMS to those contacts, you represent and warrant that:

• You have obtained valid, documented consent from each recipient to receive SMS communications from you.
• The consent covers the type of messages you intend to send (commercial, transactional, informational, etc.).
• You maintain an up-to-date opt-out/suppression list and have excluded opted-out contacts from your upload.
• Your use of the data complies with the PDPA, including the Notice & Choice and Disclosure Principles.

We process contact data strictly on your instructions. We do not use your contact lists for our own purposes and do not sell or share this data with any third party except telecommunications carriers for the sole purpose of delivering the SMS you have authorised.

6. Consent Best Practices for Your SMS Campaigns

As the Data User, you are responsible for ensuring consent compliance. We recommend the following best practices for Malaysian businesses:

• Use double opt-in where possible (e.g. a confirmation SMS after sign-up).
• Maintain a record of when and how each contact consented.
• Include a clear opt-out instruction in every commercial SMS (e.g. "Reply STOP to opt out").
• Process opt-out requests within 14 business days as required under the PDPA.
• Do not send messages to contacts on the Communications and Multimedia Consumer Forum (CMCF) Do Not Call Registry unless you have a clear pre-existing relationship.

7. Cross-Border Data Transfer

To deliver SMS to international destinations, message content and recipient phone numbers are passed to international telecommunications carriers. This may involve data being processed in countries outside Malaysia.

We ensure that any such transfer is conducted with appropriate safeguards, including contractual clauses with carriers that bind them to confidentiality and data protection standards no less stringent than those required under Malaysian law.

8. Exercising Your Data Subject Rights

As our customer, you have the following rights under the PDPA:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete personal data.
• Right to Withdraw Consent: Withdraw consent to non-essential processing at any time, noting this may affect your ability to use the Service.
• Right to Erasure: Request deletion of your personal data, subject to our legal retention obligations.

Submit requests by email to it@mobile360.cc with the subject line "PDPA Data Request". We will acknowledge within 5 business days and respond substantively within 21 days.

9. Data Breach Response

In the event of a personal data breach that poses a risk to data subjects, we will:

• Investigate and contain the breach within 24 hours of discovery.
• Notify affected registered users as soon as practicable with details of the breach and remediation steps.
• Cooperate fully with the Personal Data Protection Commissioner's office as required by law.

If you discover or suspect a breach involving data on our platform, please contact us immediately at it@mobile360.cc.

10. Data Protection Officer / Contact

Our designated Personal Data Compliance contact is responsible for overseeing PDPA compliance within IT Paradise Solutions Sdn. Bhd. All data protection queries, access requests, and complaints should be directed to:

• Email: it@mobile360.cc
• Subject line: "PDPA Enquiry"
• Company: IT Paradise Solutions Sdn. Bhd., Malaysia

You also have the right to lodge a complaint with the Department of Personal Data Protection (JPDP) of Malaysia if you believe your personal data rights have been violated.