GDPR Compliance
Last Updated: April 1, 2025
This GDPR Compliance statement explains how FlawTrack Sdn Bhd (Registration Number: 202301023564 (1517487-T)) ("FlawTrack," "we," "us," or "our") complies with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Union (EU) and European Economic Area (EEA).
1. Our Commitment to GDPR Compliance
FlawTrack is committed to ensuring the security and protection of the personal information that we process, and to providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR.
2. How We Comply with the GDPR
2.1 Data Protection Principles
We adhere to the principles set out in the GDPR, which require that personal data shall be:
- Processed lawfully, fairly, and in a transparent manner
- Collected for specified, explicit, and legitimate purposes
- Adequate, relevant, and limited to what is necessary
- Accurate and kept up to date
- Kept in a form which permits identification for no longer than necessary
- Processed in a manner that ensures appropriate security
2.2 Legal Basis for Processing
We ensure that we have a lawful basis for processing personal data. The legal bases we rely on include:
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose
- Contract: Where processing is necessary for the performance of a contract with you
- Legal obligation: Where processing is necessary for us to comply with the law
- Legitimate interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your rights do not override these interests
2.3 Data Subject Rights
We respect and honor the rights of data subjects under the GDPR, including:
- Right to be informed: About how we collect and use your personal data
- Right of access: To your personal data and supplementary information
- Right to rectification: To have inaccurate personal data rectified
- Right to erasure: To have personal data erased in certain circumstances
- Right to restrict processing: To block or suppress processing of your personal data
- Right to data portability: To obtain and reuse your personal data for your own purposes
- Right to object: To processing based on legitimate interests, direct marketing, and for research/statistics
- Rights related to automated decision making and profiling: Safeguards against the risk of damaging decisions without human intervention
3. Data Protection Measures
3.1 Data Protection Impact Assessments (DPIAs)
We conduct DPIAs for processing operations that are likely to result in a high risk to the rights and freedoms of individuals. These assessments help us identify and minimize data protection risks.
3.2 Data Protection by Design and Default
We implement appropriate technical and organizational measures to integrate data protection into our processing activities from the outset. Our systems and processes are designed to:
- Minimize the processing of personal data
- Pseudonymize personal data as soon as possible
- Ensure transparency in data processing functions
- Enable individuals to monitor the processing
- Create and improve security features
3.3 Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data where appropriate
- Regular testing and evaluation of security measures
- Access controls and authentication procedures
- Secure data backup and recovery processes
- Regular security awareness training for staff
4. International Data Transfers
FlawTrack is based in Malaysia, and the information we collect may be transferred to, stored, and processed in Malaysia and other countries where our servers and service providers are located. When we transfer personal data from the EU/EEA to countries that have not received an adequacy decision from the European Commission, we use appropriate safeguards such as:
- Standard Contractual Clauses approved by the European Commission
- Binding Corporate Rules, where applicable
- Derogations for specific situations, such as explicit consent
5. Data Breach Notification
We have procedures in place to detect, report, and investigate personal data breaches. In the case of a breach that is likely to result in a risk to the rights and freedoms of individuals, we will:
- Notify the relevant supervisory authority without undue delay and within 72 hours of becoming aware of the breach, where feasible
- Notify the affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms
- Document all breaches, including facts, effects, and remedial action taken
6. Data Protection Officer
While not legally required for our organization, we have voluntarily appointed a Data Protection Officer (DPO) to oversee our GDPR compliance efforts. Our DPO's responsibilities include:
- Informing and advising us and our employees about GDPR obligations
- Monitoring compliance with the GDPR and our data protection policies
- Providing advice on Data Protection Impact Assessments
- Cooperating with supervisory authorities
- Acting as a contact point for data subjects and supervisory authorities
7. Exercising Your Rights
To exercise your rights under the GDPR, please contact us at team@flawtrack.com. We will respond to your request within one month. This period may be extended by up to two further months where necessary, taking into account the complexity and number of requests.
8. Changes to This GDPR Compliance Statement
We may update this GDPR Compliance statement from time to time to reflect changes in our practices or legal requirements. If we make material changes, we will notify you as required by applicable law. We encourage you to review this statement periodically.
9. Contact Us
If you have any questions about this GDPR Compliance statement or our data protection practices, please contact us at: