Ready to use legal template

Drafted by experienced lawyers

Compliant with Malaysian law

Ready to use legal template

Drafted by lawyers

Compliant with Malaysian law

HomeIntellectual propertyPrivacy Policy

Learn more about Website Privacy Policy in Malaysia

In Malaysia, privacy policy refers to a legal document that outlines how an organization collects, uses, discloses, and protects personal information of individuals in accordance with the Personal Data Protection Act (PDPA) 2010. The PDPA is the primary legislation governing the handling of personal data in Malaysia. A privacy policy serves as a transparent and informative statement that informs individuals about their rights, the purposes for which their personal data is collected, and how it will be used and protected. Themis Partner offers you an easy to edit Privacy Policy drafted by lawyers to comply with the law in Malaysia.

Table of contents


What is a Privacy Policy?

A privacy policy is a document that outlines how an organization collects, uses, discloses, and protects the personal information of individuals. It serves as a clear and transparent statement that informs individuals about their privacy rights and how their personal data is handled by the organization. It typically includes details on the types of information collected, the purposes for which it is collected, the methods of data collection, and the measures taken to ensure data security. It also specifies how individuals can access, update, or request the deletion of their personal information. Privacy policies are crucial in establishing trust between organizations and individuals, as they demonstrate a commitment to respecting privacy and complying with applicable privacy laws and regulations. By providing clarity and transparency, it helps individuals make informed decisions about sharing their personal information and promotes responsible data handling practices.

Why use a Privacy Policy?

Using it is essential for organizations to establish a clear framework for handling personal information and respecting individual privacy rights. It outlines the Terms and Conditions regarding the collection, use, and disclosure of personal data. By implementing the document, organizations demonstrate their commitment to safeguarding personal information and complying with applicable privacy laws and regulations. This helps build trust with customers, clients, and users by assuring them that their data will be handled responsibly and securely. It provide individuals with important information about the purposes for which their data is collected, how it will be used, who it may be shared with, and the measures taken to protect it. It also informs individuals of their rights regarding their personal data, such as the right to access, correct, or delete their information. By using a privacy policy, organizations not only fulfill legal requirements but also prioritise transparency, trust, and the protection of individual privacy.

What should it include?

1. Types of Information

Clearly specify the types of personal information that may be collected, such as names, contact details, or financial data.

2. Collection and Use

Explain the purposes for which the information is collected and how it will be used, whether for customer service, marketing, or other legitimate business activities.

3. Data Sharing

Indicate whether the information will be shared with third parties and, if so, the reasons and conditions under which this may occur.

4. Data Security

Outline the measures in place to protect personal information from unauthorized access, loss, or misuse, such as encryption or firewalls.

5. User Rights

Inform individuals of their rights regarding their personal data, including the ability to access, correct, or delete their information.

6. Cookie Policy

If applicable, include a separate section explaining the use of cookies on the website or application and how users can manage their preferences.

7. Legal Basis

Specify the legal basis for processing personal information, such as consent, legitimate interest, or compliance with legal obligations.

8. Updates

State how the document may be updated or modified, and how individuals will be notified of any changes.

9. Contact Information

Provide contact details for individuals to reach out with questions, concerns, or requests related to their personal information.

By including these elements, the document can effectively inform individuals about the organization’s data practices, their rights, and the measures taken to protect their personal information.

How does it comply with privacy regulations?

To comply with privacy regulations such as the General Data Protection Regulation (GDPR) or the Personal Data Protection Act (PDPA), privacy policies should incorporate specific requirements outlined in these regulations

➤ Firstly, it should clearly state the legal basis for collecting and processing personal data, such as consent or legitimate interest, as required by the GDPR.
➤ It should also provide information about the rights of individuals, including the right to access, rectify, and erase their personal data, as well as the right to object to processing or data portability, as mandated by both the GDPR and PDPA.
➤ Additionally, the document should explain how individuals can exercise their rights and provide contact information for data protection inquiries.
➤ It should outline the security measures implemented to protect personal data, such as encryption or pseudonymization, as required by the GDPR.
➤ Moreover, it should address data transfers to third countries, if applicable, and provide information on cross-border data transfers and safeguards in place to protect the data.

By aligning with the requirements of specific privacy regulations, the document ensures that organizations respect individuals’ privacy rights and adhere to legal obligations related to data protection and privacy.

What if I don’t have a Privacy Policy?

Not having a privacy policy can have various implications for individuals and organizations. Without it, an organisation may lack clear guidelines and transparency regarding the collection, use, and protection of personal information. This can lead to confusion and concerns among individuals who entrust their data to the organization. Furthermore, the absence of the document may indicate a lack of compliance with privacy laws and regulations, such as the General Data Protection Regulation (GDPR) or the Personal Data Protection Act (PDPA), depending on the jurisdiction. Non-compliance with privacy regulations can result in legal consequences, including penalties, fines, or legal actions. Additionally, not having a privacy policy can erode trust and credibility, as individuals may question the organization’s commitment to data privacy and security. Implementing a privacy policy is crucial to establish a transparent and accountable approach to handling personal information, protect individuals’ privacy rights, and demonstrate compliance with applicable privacy laws and regulations.

How does it address personal data collection?

➤ It addresses personal data collection by providing clear information about how an organisation collects and handles personal information.
➤ It outlines the types of data collected, such as names, contact details, or browsing information, and specifies the methods of collection, whether through website forms, cookies, or other means.
➤ The document also explains the purposes for which the data is collected, such as processing orders, improving services, or personalising experiences.
➤ It may include details on the legal basis for collecting data, such as consent or legitimate interest, as well as any applicable retention periods for the collected information.
➤ Additionally, it informs individuals about their rights regarding their personal data, including the right to access, rectify, or delete their information.

By addressing personal data collection, organizations provide individuals with transparency and control over their data, fostering trust and compliance with privacy regulations.

How does a privacy policy address cookie consent?

It addresses Cookie Consent by providing information about the use of cookies on a website or application and explaining the user’s options and rights in relation to them. It informs individuals about the types of cookies used, such as functional, analytical, or advertising cookies, and the purposes for which they are used, such as improving website functionality or personalising content. The privacy policy outlines whether the website or application uses first-party or third-party cookies and whether the data collected through cookies may be shared with third parties. Importantly, it explains the user’s right to provide or withdraw consent for the use of cookies and provides instructions on how to manage cookie preferences through browser settings or other means. By addressing cookie consent, organizations demonstrate their commitment to respecting user choices and complying with applicable cookie and privacy regulations, such as the General Data Protection Regulation (GDPR) or the ePrivacy Directive.

Share information

Why Themis Partner ?

Make documents forhundreds of purposes

Hundreds of documents

Instant access to our entire library of documents for Malaysia.

24/7 legal support

Free legal advice from our network of qualified lawyers.

Easily customized

Editable Word documents, unlimited revisions and copies.

Legal and Reliable

Documents written by lawyers that you can use with confidence.

DOWNLOAD NOW