Privacy Policy

Summary

SNCO Consulting Sdn Bhd is committed to protecting your privacy. This policy explains how we collect, use, share and protect your personal data in compliance with the Personal Data Protection Act 2010 (PDPA). It applies when you visit our website, arrange Microsoft services through us, or use our consulting and support services.


1. Who We Are

SNCO Consulting Sdn Bhd (Company No. 1177885-H) ("SNCO Consulting", "we", "us" or "our") is the data user for personal data collected via www.sncoconsulting.com or during service delivery. We are an independent Microsoft Partner and are not Microsoft Corporation. See also our Terms of Use and Cookie Policy.

2. Personal Data We Collect

  • Identity & contact: name, designation, email, phone, billing details.
  • Business & technical: company name, subscription details, system configuration.
  • Website data: IP address, device and browser details, cookies, form submissions.

3. Basis for Processing Under the PDPA 2010

We process your personal data on the bases recognised under the PDPA 2010, namely:

  • your consent (for example, for marketing communications);
  • where processing is necessary for the performance of a contract with you or your organisation (for example, delivering the services you have requested);
  • where processing is necessary to comply with a legal or regulatory obligation to which we are subject; or
  • where processing is otherwise permitted under the General Principle in section 6 of the PDPA 2010.

Where we rely on consent, you may withdraw it at any time (see "Your Rights under the PDPA" below).

4. Purposes of Processing

  • Service delivery: Microsoft subscriptions, consulting and support.
  • Business operations: billing, account management, fraud prevention.
  • Compliance: meeting our obligations under Malaysian company, tax and consumer-protection law, and responding to lawful requests from regulators or authorities.
  • Marketing: with your consent.
  • Analytics: to understand and improve website performance.

5. Data Sharing & International Transfers

We may share data with Microsoft, IT and cloud providers, service contractors, professional advisers and regulators, subject to confidentiality and data-protection safeguards. Personal data may be transferred to, and stored in, locations outside Malaysia, including on Microsoft’s global infrastructure, in connection with the Microsoft services we help you use. Where we transfer personal data outside Malaysia, we take steps to meet the cross-border transfer requirements of the PDPA 2010 (as amended), which may include contractual safeguards with the recipient and technical measures such as encryption.

6. Data Security

We apply access controls, monitoring and staff training to protect your data. Because some data we hold may include client system and infrastructure configuration details, we take particular care to restrict access to that information to personnel directly involved in the relevant engagement.

7. Data Retention

  • Subscription and billing records: 7 years, in line with record-keeping requirements under Malaysian tax and company law.
  • Website and cookie data: 12–24 months.
  • Marketing data: until consent is withdrawn.

8. Your Rights under the PDPA 2010

Under the PDPA 2010 you have the right to: (a) request access to the personal data we hold about you; (b) request correction of inaccurate or incomplete personal data; (c) withdraw your consent to processing where consent is the basis for that processing; and (d) request that we cease or refrain from processing your personal data where that processing is likely to cause you damage or distress, subject to the exceptions in the Act. We will consider requests to delete personal data on a case-by-case basis; we may be required to retain certain records to comply with other Malaysian laws (for example, financial and company-law record-keeping requirements) even after a request to withdraw consent. To exercise these rights, email enquiry@sncoconsulting.com; we aim to acknowledge your request within 7 working days and to respond substantively within 21 working days, or such other period as the PDPA 2010 and its regulations prescribe for the type of request.

9. Children

Our services are not intended for individuals under 18.

10. Data Breaches

In the event of a personal data breach, we will assess the risk to affected individuals and notify the Department of Personal Data Protection (JPDP) and affected individuals in accordance with our obligations under the PDPA 2010 (as amended) and any notification period prescribed by the Commissioner.

11. Contact

General enquiries: enquiry@sncoconsulting.com. Hours: Mon–Fri, 9:00 AM–5:00 PM MYT. We comply with the Personal Data Protection Act 2010 (as amended) and operate under the oversight of the Department of Personal Data Protection (JPDP).


Microsoft, Microsoft 365, Microsoft Azure, and other Microsoft products referenced in this Privacy Policy are trademarks of the Microsoft group of companies. SNCO Consulting Sdn Bhd is an independent Microsoft Partner and is not Microsoft Corporation.