Last updated: 27 June 2026
Purpose of this notice
This notice explains how SenangBoss collects, uses, discloses and protects personal data of individuals in Malaysia in accordance with the PDPA 2010. It supplements our Privacy Policy.
Data user
SenangBoss is the data user for personal data collected through senangboss.com and the SenangBoss platform. Contact our Data Protection Officer: [email protected].
Personal data we collect
Identity and contact details, employment and director/shareholder information, financial and billing metadata, identity verification records, documents containing personal data, and technical usage logs โ as described in the Privacy Policy.
Purpose of processing
- Providing and administering your account and company entities
- Delivering incorporation, compliance, accounting, legal, HR and related services
- Identity verification for regulated modules
- Billing, customer support and service communications
- Security, fraud prevention and legal compliance
- Product improvement (aggregated/anonymised where possible)
Consent
By registering or submitting forms, you consent to processing for the purposes stated. Marketing communications require separate opt-in where required; you may unsubscribe at any time. Sensitive personal data (if any) is processed only with explicit consent or as permitted by law.
Disclosure to third parties
We may disclose personal data to payment processors (Stripe), cloud infrastructure providers, identity verification partners, partner firms fulfilling your service requests, and professional advisers โ only as necessary and under appropriate contracts.
Your rights under the PDPA
You may request access to and correction of your personal data, withdraw consent (subject to legal/contractual limits), and lodge a complaint with the Personal Data Protection Commissioner of Malaysia if you believe your rights have been violated.
To exercise rights, email [email protected] with sufficient detail for us to verify your identity. We respond within the timeframe required by law.
Retention
We retain personal data only as long as necessary for the purposes above and to meet legal, regulatory, tax and audit obligations (including company records required under the Companies Act 2016).
Security
We implement administrative, technical and physical safeguards including encryption, access controls, tenant isolation and audit logging. No method of transmission over the internet is 100% secure; we continuously improve our controls.
Cross-border transfers
Where personal data is transferred outside Malaysia, we take steps consistent with PDPA requirements, including contractual protections with recipients.
Updates
We may update this notice. Material changes will be posted here with an updated date.