Dasar Privasi / Privacy Policy

1. Scope & Applicability

This policy covers tuanmajlis.com, related subdomains, customer portals, preview links, and other digital invitation services that we operate (collectively, the “Platform”). It applies to personal data belonging to customers, their invited guests, agents, suppliers, and website visitors in Malaysia or abroad.

BM: Dasar ini merangkumi tuanmajlis.com, subdomain berkaitan, portal pelanggan, pautan pratonton dan semua perkhidmatan jemputan digital yang kami kendalikan (secara kolektif, “Platform”). Ia terpakai kepada data peribadi milik pelanggan, tetamu mereka, ejen, pembekal dan pelawat di Malaysia atau luar negara.

2. Data Controller & Contact

Tuan Majlis is the data user (data controller) under the PDPA. For any privacy enquiry, request, or complaint, please contact our Data Protection Lead:

• Email: admin@tuanmajlis.com
• WhatsApp: +60 11-1206 8252
• Postal: Please email us to request the latest mailing address for formal correspondence.

We acknowledge requests within three (3) working days and aim to resolve them within twenty-one (21) days, as required by the PDPA.

BM: Tuan Majlis ialah pengguna data di bawah PDPA. Hubungi Pegawai Perlindungan Data kami melalui butiran di atas. Kami akan mengesahkan penerimaan dalam tiga (3) hari bekerja dan berusaha menyelesaikan permintaan dalam tempoh dua puluh satu (21) hari seperti yang ditetapkan PDPA.

3. Personal Data We Collect

We only process personal data that is relevant and necessary for operating the Platform. Depending on how you interact with us, we may collect:

• Account and contact details: Name, email address, phone number, login credentials, billing address, and identification details provided when you register, request a demo, or contact us. Nama, alamat e-mel, nombor telefon, maklumat log masuk, alamat bil dan butiran pengenalan yang diberikan semasa anda mendaftar, meminta demo atau menghubungi kami.
• Event and invitation content: Wedding details, dates, venue, stories, custom messages, guest lists, RSVP information, guestbook entries, and uploaded images, audio, or videos that you choose to publish or store on the Platform. Maklumat majlis, tarikh, lokasi, cerita, mesej tersuai, senarai tetamu, maklum balas RSVP, catatan buku tetamu dan imej, audio atau video yang anda pilih untuk siarkan atau simpan di Platform.
• Payment and contribution details: Order history, package selections, transaction reference numbers, and bank account or e-wallet details you provide for “salam kaut” or gift contributions. We do not store full card numbers; card payments are processed by certified payment gateways. Sejarah pesanan, pilihan pakej, nombor rujukan transaksi dan butiran akaun bank atau e-dompet yang anda sediakan untuk fungsi salam kaut atau sumbangan hadiah. Kami tidak menyimpan nombor kad penuh; pembayaran kad diproses oleh gerbang pembayaran bertauliah.
• Support and communications data: Records of enquiries made through email, WhatsApp, web forms, or live chat, including any screenshots or attachments you share. Rekod pertanyaan melalui e-mel, WhatsApp, borang web atau chat langsung, termasuk sebarang tangkap layar atau lampiran yang anda kongsikan.
• Technical and usage data: IP address, device information, browser type, operating system, referral URL, language, pages visited, session identifiers, error logs, and behaviour analytics collected through our servers, Cloudflare, and optional analytics tools. Alamat IP, maklumat peranti, jenis pelayar, sistem operasi, URL rujukan, bahasa, halaman yang dilawati, pengecam sesi, log ralat dan analitik tingkah laku yang dikumpul melalui pelayan kami, Cloudflare dan alatan analitik pilihan.
• Third-party data sources: Verification outcomes from Cloudflare Turnstile, payment status updates from our payment partners, and contact details supplied by event hosts on behalf of their guests. Keputusan pengesahan daripada Cloudflare Turnstile, status pembayaran daripada rakan pembayaran kami, dan butiran hubungan yang dibekalkan oleh penganjur majlis bagi pihak tetamu mereka.

We request that customers obtain the necessary consent from their guests before entering their personal data into the Platform.

BM: Kami meminta pelanggan mendapatkan persetujuan yang diperlukan daripada tetamu sebelum memasukkan data peribadi mereka ke dalam Platform.

4. How We Use Your Data & Our Legal Grounds

We use personal data for the purposes below and rely on the legal grounds recognised by the PDPA (consent, contractual necessity, legitimate interests, and legal obligation) as appropriate:

• Deliver and maintain our services: Creating invitations, enabling RSVP, guestbook, digital map, broadcast features, and ensuring your content is available to invited guests (contractual necessity). Menyampaikan dan menyelenggara perkhidmatan termasuk jemputan, RSVP, buku tetamu, peta digital, siaran dan memastikan kandungan anda tersedia kepada tetamu jemputan (keperluan kontrak).
• Process payments and contributions: Managing orders, invoices, refunds, and “salam kaut” features via certified payment providers (contractual necessity and legal obligation). Mengurus pesanan, invois, bayaran balik dan fungsi salam kaut melalui penyedia pembayaran bertauliah (keperluan kontrak dan kewajipan undang-undang).
• Provide customer support: Responding to enquiries, troubleshooting technical issues, and improving service quality (legitimate interests). Menjawab pertanyaan, menyelesaikan isu teknikal dan menambah baik mutu perkhidmatan (kepentingan sah).
• Improve security and performance: Preventing fraud and abuse, verifying users via Cloudflare Turnstile, monitoring uptime, and applying security patches (legitimate interests and legal obligation). Mencegah penipuan serta penyalahgunaan, mengesahkan pengguna melalui Cloudflare Turnstile, memantau kebolehsediaan dan melaksanakan tampalan keselamatan (kepentingan sah dan kewajipan undang-undang).
• Customise content and communications: Sending service updates, reminders, marketing offers (with your consent), and tailoring templates based on your preferences (consent or legitimate interests). Menghantar makluman perkhidmatan, peringatan, tawaran pemasaran (dengan persetujuan anda) dan menyesuaikan templat mengikut pilihan anda (persetujuan atau kepentingan sah).
• Comply with laws and enforce rights: Meeting tax, accounting, audit, and regulatory requirements, and protecting our contractual or legal claims (legal obligation and legitimate interests). Memenuhi keperluan cukai, perakaunan, audit dan kawal selia serta melindungi tuntutan kontrak atau undang-undang kami (kewajipan undang-undang dan kepentingan sah).

5. PDPA Principles in Practice

• Notice & Choice: We provide clear notices at the point of collection and allow you to decide whether to supply optional data or receive marketing communications. Kami memberi notis yang jelas semasa pengumpulan dan membenarkan anda memilih untuk menyerahkan data pilihan atau menerima komunikasi pemasaran.
• Disclosure: We only share personal data with service providers who support the Platform or where required by law, and we keep records of such disclosures. Kami hanya berkongsi data peribadi dengan penyedia perkhidmatan yang menyokong Platform atau apabila dikehendaki undang-undang, dan kami menyimpan rekod pendedahan tersebut.
• Security: We implement administrative, technical, and physical safeguards to prevent unauthorised access, alteration, loss, or misuse of personal data. Kami melaksanakan kawalan pentadbiran, teknikal dan fizikal untuk mengelakkan capaian, pengubahan, kehilangan atau penyalahgunaan data peribadi tanpa izin.
• Retention: We retain data only for as long as necessary to fulfil the purposes described in this policy or to meet legal requirements. Kami menyimpan data hanya selama mana diperlukan untuk memenuhi tujuan yang diterangkan atau keperluan undang-undang.
• Access & Correction: We provide mechanisms for individuals to request access to, or correction of, their personal data within PDPA timeframes. Kami menyediakan mekanisme untuk individu meminta akses atau pembetulan data peribadi mereka dalam tempoh masa PDPA.
• Data Integrity: We take reasonable steps to ensure personal data is accurate, complete, not misleading, and kept up to date. Kami mengambil langkah munasabah untuk memastikan data peribadi tepat, lengkap, tidak mengelirukan dan sentiasa dikemas kini.

6. Cookie & Tracking Policy

Our Platform uses cookies and similar technologies to deliver core functionality and understand how the site is used. Non-essential cookies are only activated after you provide consent via the cookie banner or your account settings.

BM: Platform kami menggunakan kuki dan teknologi serupa untuk menyampaikan fungsi teras dan memahami penggunaan laman. Kuki tidak penting hanya diaktifkan selepas anda memberikan persetujuan melalui sepanduk kuki atau tetapan akaun.

Cookie Categories

• Strictly necessary: Session cookies required for login, shopping cart, RSVP management, and security (e.g., PHP session identifiers). Kuki sesi yang diperlukan untuk log masuk, troli pembelian, pengurusan RSVP dan keselamatan (cth pengecam sesi PHP).
• Functionality: Preferences that remember language, template selections, and draft invitations. Kuki yang mengingati bahasa, pilihan templat dan jemputan draf.
• Analytics & performance: Privacy-focused analytics provided by Cloudflare Web Analytics and similar tools to measure aggregated traffic without identifying individuals. Analitik berfokuskan privasi daripada Cloudflare Web Analytics dan alatan serupa untuk mengukur trafik secara agregat tanpa mengenal pasti individu.
• Marketing (optional): Tags we activate only after your consent to deliver promotional emails or measure campaign effectiveness. Tag pemasaran yang diaktifkan hanya selepas persetujuan anda bagi menghantar e-mel promosi atau menilai keberkesanan kempen.

Third-Party Technologies

• Cloudflare Turnstile: Protects forms against bots and may capture limited device and usage metadata for security verification. Melindungi borang daripada bot dan mungkin merekodkan metadata peranti terhad bagi tujuan pengesahan keselamatan.
• Content delivery & fonts: Resources from Cloudflare and Google Fonts optimise loading speed and may receive your IP address when assets are requested. Sumber daripada Cloudflare dan Google Fonts mengoptimumkan kelajuan muat dan mungkin menerima alamat IP anda apabila aset diminta.
• Payment gateways: Certified processors handle payment pages and apply their own cookies or trackers subject to their privacy notices. Pemproses bertauliah mengendalikan halaman pembayaran dan menggunakan kuki atau penjejak mereka tertakluk kepada notis privasi mereka.

You can withdraw cookie consent at any time by adjusting the banner preferences, clearing your browser cookies, or contacting us for assistance. Essential cookies cannot be disabled because they are required for the Platform to operate.

BM: Anda boleh menarik balik persetujuan kuki pada bila-bila masa dengan melaraskan pilihan sepanduk, mengosongkan kuki pelayar atau menghubungi kami untuk bantuan. Kuki penting tidak boleh dinyahaktifkan kerana diperlukan untuk Platform berfungsi.

7. How We Share Personal Data

We do not sell or rent personal data. We may disclose data to the categories of recipients below, subject to written agreements that require them to protect your data:

• Hosting and infrastructure partners that provide secure servers, backup, storage, and content delivery.
• Payment and finance providers that process transactions, fraud screening, invoicing, and accounting.
• Customer support and communication tools such as email or messaging platforms used to respond to your queries.
• Analytics, security, and monitoring vendors including Cloudflare for distributed denial-of-service (DDoS) protection and performance insights.
• Professional advisors and compliance authorities (lawyers, auditors, regulators) when required by law or to enforce our rights.

BM: Kami tidak menjual atau menyewa data peribadi. Data hanya didedahkan kepada kategori penerima di atas tertakluk kepada perjanjian bertulis yang memerlukan mereka melindungi data anda.

8. International Transfers

Some service providers may operate from data centres outside Malaysia (for example, in Singapore, the European Union, or the United States). When we transfer data overseas, we ensure the recipient provides a level of protection that is at least comparable to the PDPA, through contractual safeguards or certification programmes.

BM: Sesetengah penyedia perkhidmatan beroperasi dari pusat data di luar Malaysia (contohnya di Singapura, Kesatuan Eropah atau Amerika Syarikat). Apabila kami memindahkan data ke luar negara, kami memastikan penerima menyediakan tahap perlindungan yang setara dengan PDPA melalui perlindungan kontrak atau program pensijilan.

9. Data Security Measures

We maintain layered safeguards aligned with industry best practices:

• Transport Layer Security (TLS) encryption for all web traffic and HSTS enforcement. Penyulitan TLS untuk semua trafik web dan penguatkuasaan HSTS.
• Role-based access controls, password hashing, and activity logging for internal systems. Kawalan capaian berasaskan peranan, hashing kata laluan dan log aktiviti untuk sistem dalaman.
• Regular security patches, vulnerability monitoring, and malware scanning. Tampalan keselamatan berkala, pemantauan kelemahan dan imbasan perisian hasad.
• Secure development and backup practices, including disaster recovery procedures. Amalan pembangunan dan sandaran selamat termasuk prosedur pemulihan bencana.
• Vendor due diligence to confirm that partners handle data responsibly. Kajian wajar vendor untuk memastikan rakan kongsi mengendalikan data secara bertanggungjawab.

If we identify a data breach that is likely to harm you, we will notify affected users and the regulator as required.

BM: Jika berlaku pelanggaran data yang mungkin memudaratkan anda, kami akan memaklumkan pengguna terjejas dan pengawal selia seperti yang diperlukan.

10. Data Retention & Disposal

We retain personal data only for as long as necessary for the purposes stated above or as required by law. Our key retention periods are:

• Customer accounts: Stored while the subscription or project remains active and for up to twenty-four (24) months after the last activity, unless you request earlier deletion. Disimpan sepanjang langganan atau projek aktif dan sehingga dua puluh empat (24) bulan selepas aktiviti terakhir, kecuali jika anda meminta pemadaman lebih awal.
• Event content & guest data: Retained for the duration of your event and archived for up to twelve (12) months for backup and dispute resolution, after which it is anonymised or deleted. Disimpan sepanjang tempoh acara anda dan diarkib sehingga dua belas (12) bulan untuk sandaran dan penyelesaian pertikaian sebelum dianonimkan atau dipadam.
• Financial and transaction records: Kept for seven (7) years to meet tax, accounting, and statutory obligations. Disimpan selama tujuh (7) tahun bagi memenuhi kewajipan cukai, perakaunan dan statut.
• Support tickets and communications: Retained for up to twenty-four (24) months to monitor service quality and resolve issues. Disimpan sehingga dua puluh empat (24) bulan untuk memantau mutu perkhidmatan dan menyelesaikan isu.
• Security logs: Retained for up to twelve (12) months unless longer retention is needed for investigations. Disimpan sehingga dua belas (12) bulan kecuali diperlukan lebih lama bagi tujuan siasatan.

When data is no longer required, we securely delete, anonymise, or aggregate it so that individuals cannot be identified.

BM: Apabila data tidak lagi diperlukan, kami memadam, menganonim atau mengagregatkannya secara selamat supaya individu tidak boleh dikenal pasti.

11. Your PDPA Rights

Subject to applicable law, you have the right to:

• Request a copy of the personal data we hold about you.
• Ask us to correct incomplete, inaccurate, or misleading data.
• Withdraw consent for optional processing (such as marketing) without affecting essential services.
• Object to processing based on legitimate interests when you believe it impacts your rights.
• Request deletion of data that is no longer required for the stated purposes.

BM: Tertakluk kepada undang-undang yang berkenaan, anda berhak meminta salinan data peribadi, membetulkan data yang tidak tepat, menarik balik persetujuan bagi pemprosesan pilihan, membantah pemprosesan atas kepentingan sah dan meminta pemadaman data yang tidak lagi diperlukan.

To exercise your rights, email admin@tuanmajlis.com with the subject “PDPA Request”. We may need to verify your identity and charge a reasonable administrative fee where permitted by law.

BM: Untuk menggunakan hak anda, e-mel admin@tuanmajlis.com dengan tajuk “Permintaan PDPA”. Kami mungkin perlu mengesahkan identiti anda dan mengenakan fi pentadbiran munasabah jika dibenarkan undang-undang.

12. Managing Consent & Preferences

You can update your personal details, notification settings, and template content directly within your dashboard. Marketing emails include an unsubscribe link, and you can also contact us to opt out. For guest data provided by our customers, please contact the event host first so that they can coordinate updates with us.

BM: Anda boleh mengemas kini butiran peribadi, tetapan notifikasi dan kandungan templat melalui papan pemuka anda. E-mel pemasaran mengandungi pautan berhenti langgan dan anda juga boleh menghubungi kami untuk memilih keluar. Bagi data tetamu yang diberikan oleh pelanggan kami, sila hubungi penganjur majlis terlebih dahulu supaya mereka boleh menyelaras kemas kini dengan kami.

13. Data Integrity & Accuracy

We ask that you provide data that is accurate and kept up to date. Where we become aware that information is inaccurate or incomplete, we will work with you to correct it or remove the data from our systems.

BM: Kami meminta anda memberikan data yang tepat dan sentiasa dikemas kini. Jika kami sedar maklumat tidak tepat atau tidak lengkap, kami akan bekerjasama dengan anda untuk membetulkan atau memadam data tersebut daripada sistem kami.

14. Children’s Data

Our services are intended for adults organising events. We do not knowingly collect personal data from children under the age of 13. If you believe a child has provided personal data to us without parental consent, please contact us so we can delete it.

BM: Perkhidmatan kami ditujukan kepada orang dewasa yang mengurus majlis. Kami tidak sengaja mengumpul data peribadi daripada kanak-kanak di bawah umur 13 tahun. Jika anda percaya kanak-kanak telah memberikan data tanpa keizinan ibu bapa, hubungi kami untuk pemadaman.

15. Third-Party Links & Integrations

The Platform may contain links to third-party sites (such as WhatsApp, Google Maps, or payment portals). We are not responsible for the privacy practices of those sites. Please review their policies before sharing personal data.

BM: Platform mungkin mengandungi pautan ke laman pihak ketiga (seperti WhatsApp, Google Maps atau portal pembayaran). Kami tidak bertanggungjawab terhadap amalan privasi laman tersebut. Sila semak dasar mereka sebelum berkongsi data peribadi.

16. Updates to This Policy

We may revise this policy from time to time to reflect changes in law, technology, or our services. When we publish an update, we will revise the “Last updated” date, post a notice on the Platform, and, where appropriate, notify you by email or dashboard message. Continued use of the Platform after the changes take effect constitutes acceptance of the updated policy.

BM: Kami mungkin mengemas kini dasar ini dari semasa ke semasa selaras dengan perubahan undang-undang, teknologi atau perkhidmatan kami. Apabila kami menyiarkan kemas kini, kami akan mengubah tarikh “Dikemas kini”, menyiarkan notis di Platform dan, jika sesuai, memaklumkan anda melalui e-mel atau mesej papan pemuka. Penggunaan berterusan Platform selepas perubahan berkuat kuasa dianggap sebagai penerimaan dasar yang dikemas kini.

17. Contacting Us

If you have questions about this policy or our data practices, please reach out to admin@tuanmajlis.com. You may also lodge a complaint with the Jabatan Perlindungan Data Peribadi (JPDP) if you believe we have not resolved your concern satisfactorily.

BM: Jika anda mempunyai soalan mengenai dasar ini atau amalan data kami, hubungi admin@tuanmajlis.com. Anda juga boleh membuat aduan kepada Jabatan Perlindungan Data Peribadi (JPDP) sekiranya kami tidak menyelesaikan kebimbangan anda dengan memuaskan.