Privacy and Personal Data Protection Policy (EN)

1. Introduction
StoryArc Media (“we”, “us”, “our”, or “the Company”) is committed to protecting your privacy and personal information. This Privacy and Personal Data Protection Policy (“the Policy”) outlines how we collect, use, disclose, store, and protect your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and other applicable data protection laws.

By using our website, engaging our services, or providing us with your personal data, you acknowledge that you have read, understood, and agreed to the practices described in this Policy.

Important Notice: The Company reserves the right to amend this Policy at any time. Any amendments will be reflected on this webpage with an updated “Last Updated” date. We encourage you to review this Policy periodically. Material changes will be communicated to existing clients via email where practicable.

 

2. Personal Data We Collect

2.1 Definition of Personal Data
Personal Data means any information that relates directly or indirectly to you as an identifiable individual, whether collected online or offline.

 

2.2 Types of Personal Data We Collect
We may collect the following categories of personal data:

  • Contact Information: Full name, Email address, Phone number, Mailing address, Company name and position/job title.
  • Business and Project Information: Company information and registration details, Project briefs and requirements, Brand assets and marketing materials, Campaign information and objectives, Social media account access credentials (when authorized), Website analytics and performance data.
  • Financial Information: Billing address, Bank account details (for payments), Payment card information (processed securely through third-party payment processors), Transaction history and invoices.
  • Technical and Usage Data: IP address, Browser type and version, Device information, Pages visited and time spent on our website, Referring website addresses, Cookie identifiers and similar tracking data.
  • Communications: Email correspondence, Chat messages, Phone call records (for quality and training purposes, when disclosed), Feedback and survey responses.
  • Studio Rental Information: Equipment usage records, Booking history, Emergency contact information.
  • Other Information: Any other information you voluntarily provide to us through forms, inquiries, or during the course of our business relationship.

 

3. How We Collect Personal Data

3.1 Direct Collection
We collect personal data directly from you when you: Fill out contact forms or inquiry forms on our website; Request a quote or proposal; Book our services or rent our studio; Sign service agreements or contracts; Subscribe to our newsletter or marketing communications; Communicate with us via email, phone, or in person; Participate in surveys or provide feedback; Attend our events or workshops.

 

3.2 Indirect Collection
We may collect personal data indirectly from: Your employers, agents, or legal representatives (when you engage us on behalf of an organization); Our vendors and service providers; Publicly available sources (e.g., business directories, social media profiles); Website tracking technologies (cookies, pixels, analytics tools); Third-party platforms (e.g., social media advertising platforms).

 

3.3 From Customers and Potential Customers
We collect personal data from individuals or organizations who: Inquire about our services; Request quotations or consultations; Engage us for projects; Visit our website or social media pages.

 

3.4 From Vendors and Partners
We collect personal data from: Freelancers and contractors who work with us; Suppliers and service providers; Business partners and collaborators.

 

3.5 Data Submission Requirements
All personal data requested in any form or agreement is mandatory unless explicitly marked as optional. All personal data submitted to StoryArc Media is deemed to be true and accurate. If you fail to provide required personal data, we may not be able to provide you with our services or fulfill our contractual obligations. You are responsible for ensuring that any personal data you provide about third parties (e.g., employees, models) is provided with their knowledge and consent.

 

4. Purpose of Collection and Use

4.1 Processing of Personal Data
“Processing” means any operation performed on personal data, including collecting, recording, holding, storing, organizing, adapting, altering, retrieving, using, disclosing, transmitting, combining, blocking, erasing, or destroying data.

 

4.2 Purposes
We process your personal data for the following purposes:

  • Service Delivery: To provide, maintain, and improve our creative and marketing services; To communicate with you about your projects and bookings; To deliver final work products and project files; To manage studio rentals and equipment usage; To process payments and issue invoices.
  • Contract Performance: To develop, comply with, and fulfill purchase orders, service agreements, and contracts; To manage project timelines, deliverables, and revisions; To handle customer support and service requests.
  • Communication: To contact you via email, telephone, SMS, WhatsApp, or other communication channels regarding your projects; To respond to your inquiries and requests; To send administrative information, updates, and service notifications; To provide customer support and technical assistance.
  • Marketing and Promotional Activities: To send you newsletters, promotional offers, and marketing communications about our services, events, and special offers (only with your consent or where permitted by law); To inform you about services similar to those you have purchased or inquired about; To conduct market research and surveys.
  • Business Operations: To manage and administer our business operations; To maintain accurate business records; To conduct internal audits and quality control; To train our staff and improve service quality; To evaluate and improve our services, products, and user experience.
  • Analytics and Optimization: To analyze website usage patterns and trends; To measure the effectiveness of our marketing campaigns; To optimize our website performance and user experience; To understand customer preferences and behavior.
  • Legal and Compliance: To comply with legal obligations, regulations, and government requests; To enforce our Terms of Service and other agreements; To protect our rights, property, and safety, and that of our users and the public; To prevent fraud, security breaches, and other illegal activities.
  • Business Transactions: To evaluate or conduct mergers, acquisitions, divestitures, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceedings.
  • Other Purposes: For any other purposes with your explicit consent; For purposes that are reasonably related to the above.

 

5. Legal Basis for Processing
We process your personal data based on one or more of the following legal grounds:

  • Consent: You have given clear consent for us to process your personal data for specific purposes.
  • Contract: Processing is necessary for the performance of a contract with you.
  • Legal Obligation: Processing is necessary to comply with legal or regulatory obligations.
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms.

 

6. Disclosure and Sharing of Personal Data

6.1 When We Share Personal Data
Your personal data will be kept confidential. However, you hereby consent to and authorise StoryArc Media to disclose your personal data to the following parties:

  • Government and Regulatory Bodies: Government agencies, statutory authorities, regulatory bodies, and law enforcement agencies where we are legally required to disclose personal data pursuant to any law, regulation, court order, or government request.
  • Service Providers and Business Partners: We may share your personal data with carefully selected third-party service providers who assist us in operating our business, including: Cloud Storage Providers (Google Workspace, Dropbox, Microsoft OneDrive); Payment Processors; Email and Communication Services; Website and Analytics Providers; Advertising Platforms; Project Management Tools; Freelancers and Contractors; Studio Equipment Suppliers; Professional Advisors; Stock Media Platforms.
  • Business Transfers: In the event of a merger, acquisition, sale of assets, or business restructuring, your personal data may be transferred to the acquiring entity.
  • With Your Consent: Any other parties with your explicit consent or as directed by you.

 

6.2 Safeguards for Third-Party Disclosure
When we share your personal data with third parties, we ensure that:

  • Only the necessary personal data required for the specific purpose is disclosed;
  • Third parties are contractually obligated to protect your personal data and use it only for authorized purposes;
  • Access to and disclosure of personal data is restricted to authorized personnel who need it to perform their duties;
  • Third parties comply with applicable data protection laws and maintain appropriate security measures.

 

6.3 We Do Not Sell Personal Data
We do not sell, rent, or trade your personal data to third parties for their marketing purposes without your explicit consent.

 

7. Your Rights
Under the Personal Data Protection Act 2010 and applicable laws, you have the following rights regarding your personal data:

  • Right of Access: You have the right to request access to your personal data held by us.
  • Right to Correction: You have the right to request correction of your personal data.
  • Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your personal data at any time.
  • Right to Limit Processing: You have the right to request that we limit or restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data in certain circumstances.
  • Right to Object: You have the right to object to processing of your personal data for direct marketing purposes.
  • Right to Raise Concerns or Complaints: You have the right to raise concerns or lodge a complaint with the Personal Data Protection Commissioner of Malaysia.

 

7.9 How to Exercise Your Rights: To exercise any of these rights, please contact us at [email protected] with the subject line “Data Subject Rights Request”. We will respond to your request within 21 days as required by the PDPA.

 

8. Data Retention

8.1 Retention Period
StoryArc Media will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

  • Active Clients: Retained for the duration of relationship + 7 years.
  • Prospective Clients: Retained for 2 years from last contact.
  • Financial Records: Retained for 7 years.
  • Studio Rental Records: Retained for 3 years.

 

8.2 Secure Deletion
When personal data is no longer required, we will securely delete, destroy, or anonymise it.

 

9. Cookies and Tracking Technologies

9.1 What Are Cookies?
Cookies are small text files placed on your device when you visit our website. They help us recognise your device, remember your preferences, and improve your browsing experience.

 

9.2 Types of Cookies We Use
We use Essential Cookies, Performance and Analytics Cookies, Functionality Cookies, and Marketing and Advertising Cookies.

 

9.3 Third-Party Cookies
Some cookies are placed by third-party services (e.g., Facebook, YouTube) that appear on our pages.

 

9.4 Managing Cookies
You can control and manage cookies through your browser settings or opt-out tools.

 

9.5 Other Tracking Technologies
We may also use web beacons/pixels, local storage, and session recording tools.

 

10. Data Security and Safeguards

10.1 Our Commitment to Security
StoryArc Media takes the security of your personal data seriously. We implement appropriate technical, physical, and organizational security measures.

 

10.2 Security Measures We Implement

  • Technical Safeguards (Encryption, Secure authentication);
  • Physical Safeguards (Restricted access, Secure storage);
  • Organizational Safeguards (Access controls, Employee training).

 

10.3 Third-Party Security
We require all third-party service providers and partners to implement appropriate security measures.

 

10.4 Limitations
No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

 

10.5 Your Responsibility
You also play a role in protecting your personal data (e.g., keeping passwords confidential).

 

11. International Data Transfers

11.1 Cross-Border Transfers
We may transfer your personal data to third-party service providers located outside of Malaysia (e.g., United States, Singapore, EU).

 

11.2 Safeguards for International Transfers
We ensure appropriate safeguards are in place, such as standard contractual clauses and verifying adequate data protection laws.

 

11.3 Your Consent
By using our services, you consent to the transfer of your personal data outside Malaysia.

 

12. Children’s Privacy
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors without parental or guardian consent. If we need to collect data from a minor, we will obtain verifiable parental consent.

 

13. Data Breach Notification
If we become aware of a data breach that poses a risk to your rights, we will investigate, mitigate, and notify the relevant authorities and affected individuals as required by law. If you suspect a breach, please notify us at [email protected].

 

14. Changes to This Policy
We may update this Privacy Policy from time to time. We will update the “Last Updated” date at the top of this page. Continued use of our services constitutes acceptance of the updated Policy.

 

15. Contact Us
If you have any questions regarding this Privacy Policy, please contact:
StoryArc Media – Data Protection Officer
Email: [email protected]
Phone: 60105155942
Website: storyarc-media.com

 

16. Language

16.1 Bilingual Policy
In accordance with Section 7(3) of the Personal Data Protection Act 2010 (PDPA), this Privacy Policy is issued in both Bahasa Malaysia and English.

 

16.2 Conflict Resolution
In the event of any conflict between the English language version and the Bahasa Malaysia language version, the terms in the English language version shall prevail.

Acknowledgment

By using our services, website, or providing your personal data to StoryArc Media, you acknowledge that you have read, understood, and agreed to this Privacy and Personal Data Protection Policy.