Privacy Policy (Personal Data Protection Notice)

Last Updated: [17 April 2026]

This Privacy Policy (“Policy”) explains how Rankpage Sdn. Bhd. (“Rankpage”, “we”, “us”, “our”) collects, uses, discloses, transfers, stores and protects Personal Data when you interact with us, including when you access or use our Website or Services.

By accessing or using the Website, communicating with us, engaging our Services, or otherwise providing Personal Data to us, you acknowledge that you have read and understood this Policy. Where we rely on consent, you consent to the processing described in this Policy (subject to your rights to withdraw consent in accordance with this Policy).

  1. Who We Are

Data User / Controller: Rankpage Sdn. Bhd. (Company No.: 202301023636 (1517559-V))
Address: Q Sentral, Level 35-02 (East Wing), 2A, Jalan Stesen Sentral 2, KL Sentral, 50470 Kuala Lumpur, Malaysia

Email: [email protected]

  1. Scope of This Policy

This Policy applies to:

  • the Website; and
  • our online and offline interactions with you, including enquiries, marketing activities, Client onboarding, and delivery of our Services.

This Policy does not apply to third-party websites, platforms, tools or services that we do not own or control (even if we link to them), and your use of those third parties is governed by their own privacy policies and terms.

  • Rankpage as A Service Provider (Data Processor) for Client Projects

Where Rankpage provides services to a Client (for example, website development/maintenance, hosting support, analytics implementation, SEO or digital marketing support), Rankpage may Process Personal Data on the Client’s behalf and under the Client’s instructions (“Data Processor” role). In such cases, the Client is generally responsible for providing notices and obtaining consents (where required) in relation to that Personal Data, and the Client’s own privacy notice/policy applies to that Personal Data. Our processing activities in a Data Processor role are governed by the parties’ contract and any agreed data processing terms, including the nature of the processing, security measures, and permitted disclosures (including to approved subcontractors/service providers where applicable).

  • Client Users / End-Users

If you are an end-user of a Client’s website/application that Rankpage helps to build or maintain, please refer to the Client’s privacy policy for information on how your Personal Data is collected and used.

  1. Definitions

In this Policy, unless the context requires otherwise:

  • “Client” means any organisation or person that engages Rankpage for services.
  • “Data Controller / Data User” and “Data Processor” have the meanings given under the PDPA (as applicable).
  • “Website” means Rankpage’s website and any webpages, content, features or functionality made available through it (including any portals, forms, chat functions or other interactive features) from time to time.
  • “Services” means (as applicable) the Website and Rankpage’s services and offerings, including information technology and related services such as SEO, website maintenance, web development, digital marketing support, analytics/tracking implementation, and any other services we provide to Clients or users from time to time.
  • “Personal Data” means any information in respect of commercial transactions that relates directly or indirectly to an individual who is identified or identifiable from that information or from that and other information in our possession, and includes any “personal data” as defined under the Personal Data Protection Act 2010 (“PDPA”).
  • “Processing” means collecting, recording, holding, storing, using, disclosing, transferring, erasing or otherwise handling Personal Data.
  • “Sensitive Personal Data” has the meaning given under the PDPA (e.g., health information, religious beliefs), and is subject to additional protections.
  • “PDPA” means the Personal Data Protection Act 2010 and any subsidiary legislation, guidelines, standards and/or codes of practice issued thereunder, as amended from time to time.
  1. What Personal Data We Collect

We may collect Personal Data through the Website, communications (email/phone/WhatsApp), meetings, Client onboarding, service delivery, and third-party sources (where permitted). The types of Personal Data may include:

  • Personal Data You Provide Directly
  • Identity & Contact Details: Name, email address, phone number, company/organisation name, job title, business address.
  • Enquiry Information: Messages, requests, feedback, proposals, and attachments you send to us (including via forms, email or chat features).
  • Client Onboarding & Service Delivery Data: authorised contact/admin information, configuration details, instructions, approvals, project-related information, content you supply, and communications.
  • Access Details (Where Necessary): details required to facilitate access to systems/accounts for service delivery (for example, administrator usernames, access permissions, or token-based access), and we may request that such details be shared via secure methods. You should not share passwords via the Website or unsecured channels.
  • Billing and Payment-Related Details (Where Applicable): Billing name, billing address, tax information, payment confirmation and transaction records.
  • Event/Webinar Participation: Registration details, attendance, preferences, and interactions (if we run events).
  • Personal Data Collected Automatically When You Use the Website
  • Device and Usage Data: IP address, device identifiers, browser type, operating system, session data.
  • Website Activity: Pages viewed, timestamps, referring URLs, clickstream data, and approximate location derived from IP (where enabled).
  • Cookies and Similar Technologies: Cookie IDs, pixels/tags, and local storage identifiers (see Section 8).
  • Personal Data from Third Parties (Where Permitted)

We may receive Personal Data about you from third parties, where permitted by applicable law and subject to the third party’s privacy settings and policies. This may occur, for example, where you interact with our advertisements or content, submit a lead/enquiry form via a third-party platform, or make a payment through a third-party provider. Examples include:

  • analytics, measurement, advertising and marketing platforms (which may provide referral information, campaign identifiers and online identifiers such as cookie/advertising IDs, device/online identifiers, and information about your interactions with our ads or content);
  • lead generation platforms and social networks where you submit an enquiry/lead form or interact with our content (which may provide the details you submit, such as your name, email address, phone number, company and any message you submit, depending on the platform and your settings); and
  • payment processors and fraud-prevention providers (where payments are involved) (e.g., transaction references, payment status and fraud/risk signals).

Where available, you can usually control or limit such sharing via your account settings on the relevant third-party platform and/or by managing cookies (see Section 8).

  • Sensitive Personal Data

We do not intentionally collect Sensitive Personal Data through the Website. If you voluntarily provide Sensitive Personal Data, you consent to our Processing of such data in accordance with this Policy and the PDPA (and we may delete or refuse to process such data where not required or appropriate).

  1. Purposes of Processing (Why We Use Personal Data)

We may Process Personal Data for one or more of the following purposes:

  • Website and Security
  • to operate, provide, maintain, secure and improve the Website and its features;
  • to administer access, prevent abuse, detect security incidents and protect against malware, fraud or unlawful activity;
  • to analyse Website performance, usage trends and improve user experience.
  • Enquiries, Relationship Management and Communications
  • to respond to enquiries, requests, complaints and feedback;
  • to communicate with you (including to provide updates about your enquiry or engagement);
  • to manage our relationship with you and maintain records of communications.
  • Providing Services
  • to provide, manage and deliver Services, including implementation, optimisation, troubleshooting, monitoring (where agreed), reporting, and support;
  • to manage project administration (including scoping discussions, timelines, approvals and deployments);
  • to carry out quality assurance, internal training, and service improvement (using reasonable safeguards).

Where we Process Personal Data on behalf of a Client (Data Processor role), we do so to perform our contractual obligations and in accordance with the Client’s instructions and the applicable agreement(s).

  • Commercial and Business Operations
  • to issue quotations, proposals, invoices and receipts;
  • to process payments and maintain accounting and audit records;
  • to manage vendor/supplier relationships and operational administration.
  • Marketing
  • to send newsletters, updates, invitations, promotions or marketing communications where permitted;
  • to personalise marketing and measure effectiveness (where enabled and permitted).
  • Legal and Compliance
  • to comply with legal/regulatory obligations;
  • to enforce our legal rights, manage disputes, and protect the rights, property or safety of Rankpage, our Clients, users or others.
  • Data Accuracy

We take reasonable steps to ensure Personal Data we hold is accurate and up to date. You are responsible for ensuring that Personal Data you provide to us is accurate, complete and not misleading, and for informing us of any changes where relevant.

  • Consequences of Not Providing Personal Data

Where Personal Data is required for us to respond to your enquiry, onboard you as a client, provide Services, or comply with legal obligations, failure to provide such Personal Data may mean we cannot (or cannot fully) respond to you or provide the relevant Services.

  1. PDPA Notice and Choice; Consent

Under the PDPA, we process Personal Data for purposes directly related to our business activities, and we provide notice and choices as required by law. Where consent is required (for example, certain marketing communications or certain cookie categories), we will obtain your consent and you may withdraw it as described in Section 15.

  1. Third-Party Personal Data You Provide

If you provide us Personal Data about another individual (e.g., your staff, customers, stakeholders), you confirm that you have informed them of this Policy and obtained any necessary consent or authority for you to disclose their Personal Data to us and for us to Process it as described in this Policy.

  1. Cookies and Similar Technologies

We use cookies and similar technologies (such as pixels, tags and local storage) to:

  • enable core Website functionality and security;
  • remember preferences (where enabled);
  • understand usage and improve performance (analytics);
  • measure marketing effectiveness (where enabled).

You may manage cookies through:

  • any cookie banner/settings on the Website (if implemented); and/or
  • your browser settings (which may allow blocking or deleting cookies).

Note: Disabling cookies may affect the availability or functionality of the Website. Some cookies may be set by third-party providers (e.g., analytics or embedded content). We do not control third-party cookies and your use of those third parties is subject to their policies.

  1. Marketing Communications

Where permitted or with your consent, we may send marketing communications. You can opt out at any time by:

  • clicking the unsubscribe link in the relevant email (if provided); or
  • contacting us at [email protected].

Even if you opt out of marketing, we may still send you essential service-related or transactional communications (e.g., responses to enquiries, service notices, invoices).

  1. Disclosure: Who We Share Personal Data With

We may disclose Personal Data on a need-to-know basis to:

  • Service Providers (Data Processors)

Third parties that help us operate our business and Website, such as:

  • hosting/CDN and IT infrastructure providers;
  • email/SMS communications providers;
  • CRM and customer support tools;
  • analytics, measurement and SEO-related tools;
  • payment processing providers (where applicable);
  • security, monitoring and fraud prevention vendors;
  • marketing and advertising partners (where enabled and permitted).

We require such parties to handle Personal Data with appropriate confidentiality and security measures, and (where applicable) under data processing terms.

  • Professional Advisers

Legal, tax, auditors, consultants, insurers and other advisers under duties of confidentiality.

  • Authorities and Lawful Disclosures

Where required by law, court order, regulator request, or where necessary to protect rights, safety and security, or to investigate suspected unlawful activity.

  • Business Transfers

In connection with a merger, acquisition, restructuring, sale of assets or similar transaction, subject to appropriate safeguards.

  1. International Transfers

Your Personal Data may be transferred, stored or processed outside Malaysia (for example, where our service providers or cloud infrastructure are located overseas). Where required under the PDPA, we will take reasonable steps to ensure that Personal Data transferred internationally is afforded a level of protection comparable to the PDPA, including (as applicable):

  • obtaining consent where required;
  • using contractual safeguards with relevant vendors; and/or
  • conducting vendor due diligence and security reviews.

Where appropriate, we may also implement additional safeguards and assessments consistent with applicable laws and regulator guidance relating to cross-border transfers.

  1. Data Retention

We retain Personal Data only as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Indicative retention periods:

  • Enquiry/support records: up to 24 months after last interaction;
  • Client service records: for the duration of the engagement and typically up to 24 months thereafter;
  • Billing/transaction records: up to 7 years (tax/accounting requirements);
  • Analytics data: typically 14–26 months (subject to tool settings).

When Personal Data is no longer needed, we will take reasonable steps to delete, anonymise or securely dispose of it.

  1. Security Measures

We implement reasonable technical and organisational security measures to protect Personal Data, which may include:

  • encryption in transit (e.g., TLS) where applicable;
  • access controls and least-privilege practices;
  • logging and monitoring;
  • secure configuration and patching practices (where applicable);
  • vendor due diligence and contractual protections.

No method of transmission or storage is completely secure. You are responsible for using appropriate device security and avoiding sharing passwords or highly sensitive information through unsecured channels. Where account/system access is required for Services, we may specify secure methods for granting access (for example, role-based access, token-based access, or secure credential sharing tools).

  1. Your Rights Under the PDPA

Subject to the PDPA and applicable requirements, you may:

  • request access to your Personal Data held by us; and
  • request correction of Personal Data that is inaccurate, incomplete, misleading or outdated.

To submit a request, email [email protected] with:

  • the subject line “PDPA Request”;
  • your name and contact details; and
  • details of your request.

We may request verification of identity and additional information to process your request. We may also charge a reasonable fee where permitted by law.

  1. Withdrawal of Consent

Where we rely on your consent to Process Personal Data (e.g., certain marketing or cookie categories), you may withdraw consent by contacting us at [email protected]. Withdrawal of consent may affect our ability to provide certain features or respond to certain requests, but we will inform you of the impact (where applicable). If you withdraw consent for marketing, we will stop sending marketing communications, but may still send non-marketing communications that are necessary to respond to enquiries or to perform or administer Services.

  1. Minors

The Website and Services are not directed to children. We do not knowingly collect Personal Data from individuals under 18 without verifiable parental/guardian consent. If you believe a minor has provided Personal Data without appropriate consent, contact us and we will take reasonable steps to delete it.

  1. Third-Party Links and Embedded Content

The Website may link to third-party websites or include embedded content (e.g., videos, maps, social media widgets). Those third parties may collect data about you according to their own policies. Please refer also to Section 2 regarding third-party services. We are not responsible for third-party privacy practices. Please review their policies before interacting.

  1. Data Incidents / Breaches

We take suspected security incidents seriously and will assess and respond promptly. Where notification is required by applicable law and/or regulator guidance, we will take steps to notify affected individuals and/or the relevant authority as appropriate. We may also keep records of relevant incidents and remediation steps, where appropriate.

  1. Updates to This Policy

We may update this Policy from time to time. The latest version will be posted on the Website with the updated “Last Updated” date. If changes are material, we may provide additional notice on the Website or through other appropriate channels.

  1. Contact Us

If you have questions, complaints, requests or comments about this Policy or our handling of Personal Data, contact:

Email: [email protected]

Post:
Rankpage Sdn. Bhd.

Level 35-02, Q Sentral (East Wing)

2A, Jalan Stesen Sentral 2

KL Sentral, 50470 Kuala Lumpur, Malaysia.

We will review and respond to PDPA requests and privacy-related enquiries within a reasonable time, and may request additional information to verify identity and/or clarify the scope of your request.