PRIVACY POLICY AND PERSONAL DATA PROTECTION NOTICE

Last updated: 14 July 2026

KLOUDAWAN TECHNOLOGY SDN. BHD. respects the privacy of individuals whose personal data we process.

This Privacy Policy and Personal Data Protection Notice explains how we collect, record, hold, store, use, disclose, transfer, secure, retain and otherwise process personal data in connection with:

a. kloudawan.com and its associated pages and subdomains;

b. enquiries, demonstrations, trials and pilot requests;

c. business-development and partnership communications;

d. events, meetings and presentations;

e. customer, supplier and partner relationships;

f. recruitment activities; and

g. other interactions with Kloudawan.

It is intended to comply with the Malaysian Personal Data Protection Act 2010 and its amendments, regulations, standards and applicable guidelines collectively referred to as the “PDPA”.

1. Data Controller

For the processing covered by this Privacy Policy, the data controller is:

KLOUDAWAN TECHNOLOGY SDN. BHD. Company Registration No. 202601002341 (1664438-H) Level 1, PRIMA 9 Jalan Teknokrat 6, Cyberjaya 5 63000 Cyberjaya, Selangor Malaysia

Privacy contact: connect@kloudawan.com

Where Kloudawan processes personal data solely on behalf of an enterprise customer under that customer’s documented instructions, Kloudawan may act as a data processor. That processing will also be governed by the applicable customer agreement or data-processing agreement.

2. Scope

This Privacy Policy applies to personal data processed by Kloudawan in connection with the activities described above.

It does not govern an independent third party’s processing practices, even where a third-party website or platform is linked from our Website.

3. Meaning of Personal Data

“Personal data” means information relating directly or indirectly to an identifiable individual, whether the information is recorded electronically, physically or in another form.

Personal data may include names, contact details, online identifiers, employment information, communications and other information capable of identifying an individual.

“Sensitive personal data” may include health information, biometric information, religious beliefs, political opinions, information concerning alleged or actual offences and other data treated as sensitive under applicable law.

4. Personal Data We May Collect

Depending on your interaction with Kloudawan, we may collect the following categories.

4.1 Identity and Contact Information

This may include:

a. name;

b. organisation;

c. job title or position;

d. business or personal email address;

e. telephone number;

f. business address;

g. country or region; and

h. preferred communication method.

4.2 Business and Professional Information

This may include:

a. industry and business activity;

b. employer or represented organisation;

c. professional background;

d. business needs and technical requirements;

e. procurement information;

f. partnership interests;

g. project location; and

h. authority to represent an organisation.

4.3 Enquiry and Opportunity Information

This may include information submitted when you:

a. contact Kloudawan;

b. request information;

c. schedule a meeting;

d. request a demonstration, trial or pilot;

e. request a quotation;

f. propose a partnership;

g. respond to a survey; or

h. participate in business-development discussions.

4.4 Technical and Deployment Information

Where relevant to a proposed demonstration, pilot or deployment, we may collect:

a. general network environment information;

b. number and type of available network connections;

c. site or deployment requirements;

d. network-performance observations;

e. equipment and operating-system information;

f. application and traffic requirements;

g. service logs and diagnostic information; and

h. information required to assess technical compatibility.

Customers should not provide network passwords, encryption keys, access credentials or classified information through a general Website form.

4.5 Account Information

Where the Website or a related portal provides account access, we may collect:

a. username;

b. password or password hash;

c. authentication information;

d. account permissions;

e. login history;

f. account activity; and

g. security-event information.

4.6 Device and Website Usage Information

When you access the Website, we may automatically receive:

a. internet protocol address;

b. device type;

c. browser type and version;

d. operating system;

e. language settings;

f. approximate location derived from an internet protocol address;

g. referring page;

h. pages viewed;

i. access date and time;

j. session duration;

k. links selected;

l. cookie identifiers; and

m. security and error logs.

4.7 Communications

We may retain:

a. emails;

b. Website form submissions;

c. meeting notes;

d. support communications;

e. correspondence;

f. feedback; and

g. recordings or transcripts of calls or demonstrations where appropriate notice has been provided.

4.8 Marketing and Event Information

This may include:

a. event registrations;

b. attendance records;

c. communication preferences;

d. areas of interest;

e. campaign interaction;

f. newsletter subscriptions; and

g. responses to invitations.

4.9 Recruitment Information

Where you apply for a position, we may process:

a. curriculum vitae or résumé;

b. employment history;

c. education and qualifications;

d. professional certifications;

e. references;

f. salary expectations;

g. work eligibility;

h. interview notes; and

i. other information voluntarily included in an application.

4.10 Supplier and Partner Information

We may process personal data relating to representatives of:

a. suppliers;

b. contractors;

c. manufacturers;

d. resellers;

e. distributors;

f. system integrators;

g. consultants;

h. funding organisations;

i. research organisations; and

j. commercial or technology partners.

4.11 Transaction and Payment Information

Where payment is required, we may collect billing details, tax information, invoice information and transaction records.

Payment-card information may be processed directly by a payment-service provider. Kloudawan does not intend to store complete payment-card credentials unless expressly required and appropriately secured.

4.12 Office and Event Security Information

Where you visit a Kloudawan office, event or controlled demonstration location, we may collect:

a. visitor details;

b. access records;

c. identification details where reasonably necessary;

d. photographs or video taken at an event with appropriate notice; and

e. security-camera recordings where installed and clearly notified.

4.13 Sensitive Personal Data

Kloudawan generally does not require sensitive personal data through the Website.

Where sensitive personal data is necessary, we will process it only in accordance with applicable law and, where required, with express consent.

Please do not voluntarily submit unnecessary sensitive personal data.

5. Sources of Personal Data

We may obtain personal data:

a. directly from you;

b. from your employer or represented organisation;

c. from customers, partners, suppliers or authorised representatives;

d. through Website and device technologies;

e. from event organisers;

f. from publicly available professional sources;

g. from business directories and corporate websites;

h. from social-media platforms where you interact with Kloudawan;

i. from referees or recruitment agencies; and

j. from service providers supporting our business.

Where another person provides your data, that person must be authorised to do so and, where required, must ensure that you have received an appropriate privacy notice.

6. Purposes of Processing

Kloudawan may process personal data for the following purposes.

6.1 Enquiries and Communications

To:

a. respond to enquiries;

b. provide requested information;

c. arrange meetings;

d. maintain correspondence;

e. identify relevant products or services; and

f. manage follow-up communications.

6.2 Demonstrations, Trials and Pilots

To:

a. assess eligibility and technical suitability;

b. understand deployment requirements;

c. configure and manage demonstrations;

d. conduct tests;

e. provide technical support;

f. evaluate results;

g. prepare validation reports; and

h. protect the security and integrity of the pilot environment.

6.3 Products and Services

To:

a. create and administer accounts;

b. provide products and services;

c. provision and configure systems;

d. manage subscriptions and licences;

e. monitor service performance;

f. provide updates and support;

g. respond to incidents;

h. maintain records; and

i. fulfil contractual obligations.

6.4 Business Development

To:

a. assess potential projects;

b. prepare proposals and quotations;

c. conduct due diligence;

d. manage commercial opportunities;

e. establish customer or partner relationships;

f. develop markets and channels; and

g. maintain business contact records.

6.5 Website Operation

To:

a. deliver Website content;

b. understand Website use;

c. diagnose technical issues;

d. improve navigation and performance;

e. protect the Website against misuse;

f. maintain logs;

g. detect security incidents; and

h. develop Website features.

6.6 Marketing

Subject to applicable consent and objection rights, to:

a. provide company updates;

b. communicate product or service information;

c. issue invitations;

d. share relevant publications;

e. conduct campaigns; and

f. measure engagement.

6.7 Corporate Administration

To:

a. manage customers, partners, suppliers and contractors;

b. process invoices and payments;

c. maintain accounting and tax records;

d. carry out audits;

e. manage insurance;

f. administer corporate governance; and

g. support internal reporting.

6.8 Security and Legal Compliance

To:

a. prevent fraud and misuse;

b. secure systems and premises;

c. investigate incidents;

d. enforce agreements;

e. establish, exercise or defend legal rights;

f. comply with legal and regulatory requirements;

g. respond to lawful requests; and

h. protect individuals, Kloudawan and third parties.

6.9 Recruitment

To:

a. assess applications;

b. verify qualifications;

c. contact referees;

d. conduct interviews;

e. determine suitability;

f. prepare employment offers; and

g. maintain recruitment records.

6.10 Research, Development and Improvement

Where appropriate, to:

a. improve products and services;

b. analyse technical performance;

c. identify common deployment requirements;

d. develop new capabilities;

e. create aggregated or anonymised insights; and

f. improve documentation and support.

Kloudawan will seek to use aggregated, de-identified or anonymised data where individual identification is not necessary.

7. Grounds for Processing

Kloudawan processes personal data where permitted by applicable law, including where:

a. you have provided consent;

b. processing is necessary to take steps at your request before entering a contract;

c. processing is necessary to perform a contract;

d. processing is required by law;

e. processing is necessary to protect legal rights or vital interests;

f. processing is necessary for lawful business administration; or

g. another lawful ground applies.

Where consent is required, you may withdraw it subject to legal, contractual and operational limitations.

Withdrawal of consent does not invalidate processing carried out before withdrawal.

8. Mandatory and Voluntary Information

Certain information is required for Kloudawan to respond to an enquiry, evaluate a pilot, open an account, provide a service or comply with law.

Where required information is not provided, Kloudawan may be unable to:

a. respond fully;

b. provide requested information;

c. assess a proposed deployment;

d. enter into or perform a contract;

e. provide account access; or

f. comply with a request.

Optional fields will be identified where reasonably practicable.

9. Cookies and Similar Technologies

The Website may use cookies, pixels, local storage, log files and similar technologies.

These technologies may be used for:

a. essential Website functions;

b. security;

c. session management;

d. preference storage;

e. performance measurement;

f. analytics; and

g. marketing, where permitted.

9.1 Essential Cookies

Essential cookies support Website operation, security, forms, authentication and user preferences. Disabling them may prevent parts of the Website from functioning.

9.2 Analytics Cookies

Analytics cookies help Kloudawan understand how visitors use the Website, including page visits, navigation paths and technical performance.

9.3 Marketing Cookies

Where used, marketing cookies may help measure campaigns or provide more relevant communications. Non-essential marketing cookies should be deployed only in accordance with applicable consent requirements.

9.4 Cookie Controls

You may manage cookies through:

a. the Website cookie banner or preference centre, where available;

b. browser settings; or

c. device controls.

Blocking cookies may affect Website functionality.

The cookies and tracking technologies actually deployed should be identified through the Website’s cookie settings or cookie notice.

10. Disclosure of Personal Data

Kloudawan may disclose personal data to the following classes of recipients where reasonably necessary.

10.1 Kloudawan Personnel

Authorised directors, employees, contractors and representatives who require access for their duties.

10.2 Service Providers

Providers supporting:

a. Website hosting;

b. cloud infrastructure;

c. email and communications;

d. customer relationship management;

e. analytics;

f. cybersecurity;

g. technical support;

h. payment processing;

i. accounting;

j. legal services;

k. recruitment; and

l. document storage.

10.3 Business and Technology Partners

Relevant system integrators, manufacturers, resellers, distributors, consultants, connectivity providers or implementation partners where required for an enquiry, proposal, pilot or deployment.

Kloudawan will not disclose confidential technical or commercial information beyond what is reasonably necessary.

10.4 Professional Advisers

Lawyers, accountants, auditors, insurers, bankers and other professional advisers.

10.5 Corporate Transactions

Prospective investors, financiers, purchasers, merger parties or advisers involved in a financing, restructuring, merger, acquisition or transfer of business, subject to appropriate confidentiality safeguards.

10.6 Authorities and Legal Recipients

Regulators, courts, law-enforcement bodies, government agencies or other recipients where disclosure is:

a. required by law;

b. ordered by a court;

c. necessary for an investigation;

d. necessary to protect rights or safety; or

e. otherwise legally permitted.

10.7 With Consent

Other parties where you have authorised or requested the disclosure.

Kloudawan does not sell personal data as a standalone business activity.

11. Data Processors

Where a service provider processes personal data on behalf of Kloudawan, Kloudawan will take reasonable steps to require the provider to:

a. process data only for authorised purposes;

b. implement appropriate security measures;

c. maintain confidentiality;

d. assist with applicable data-subject requests;

e. notify Kloudawan of relevant security incidents; and

f. delete or return data as required.

12. Cross-Border Transfers

Some service providers, cloud systems, support personnel or business partners may be located outside Malaysia.

Where personal data is transferred outside Malaysia, Kloudawan will take reasonable steps to ensure that the transfer complies with applicable law.

Depending on the circumstances, safeguards may include:

a. assessing the receiving jurisdiction;

b. confirming an adequate level of protection;

c. contractual data-protection obligations;

d. transfer-risk assessments;

e. obtaining consent where required;

f. limiting transferred information;

g. encryption or access controls; and

h. relying on another condition permitted by law.

By submitting information for an international enquiry, partnership, deployment or support request, your data may need to be accessed by relevant recipients in another country. Kloudawan will provide additional notice or obtain consent where required.

13. Security

Kloudawan uses reasonable administrative, technical and organisational safeguards appropriate to the nature of the personal data and associated risks.

Measures may include:

a. role-based access controls;

b. authentication controls;

c. encryption where appropriate;

d. system and security monitoring;

e. malware protection;

f. logging;

g. backup and recovery processes;

h. confidentiality obligations;

i. vendor-security requirements;

j. incident-response procedures;

k. access reviews; and

l. staff awareness measures.

No method of transmission, storage or security is completely risk-free. Kloudawan cannot guarantee absolute security.

Users must protect their own credentials and notify Kloudawan promptly of suspected unauthorised access.

14. Personal Data Breaches

Kloudawan maintains procedures for assessing and responding to suspected personal data breaches.

Where required by applicable law, Kloudawan will notify the Personal Data Protection Commissioner and affected individuals within the applicable requirements and timeframes.

Notifications may include:

a. a description of the incident;

b. the categories of data affected;

c. possible risks or consequences;

d. actions taken by Kloudawan;

e. recommended protective steps; and

f. contact information for further enquiries.

15. Retention

Kloudawan retains personal data only for as long as reasonably necessary for the purpose for which it was collected and for applicable legal, contractual, security and business requirements.

Retention periods may depend on:

a. the nature of the relationship;

b. contractual obligations;

c. limitation periods;

d. tax and accounting requirements;

e. regulatory requirements;

f. security and incident records;

g. intellectual property protection;

h. dispute management; and

i. consent or objection status.

Examples may include:

a. enquiry records retained while an opportunity remains active and for a reasonable follow-up period;

b. customer and contract records retained for the relationship and applicable statutory periods;

c. security logs retained according to security needs;

d. unsuccessful recruitment records retained for a reasonable recruitment and legal period; and

e. marketing data retained until consent is withdrawn, an objection is made or the data is no longer useful.

When retention is no longer necessary, data will be deleted, securely destroyed, anonymised or placed beyond ordinary operational use, subject to lawful archival requirements.

16. Data Accuracy

Kloudawan takes reasonable steps to maintain accurate, complete and current personal data.

You should notify Kloudawan when your information changes or is inaccurate.

17. Your Rights

Subject to the PDPA and applicable exceptions, you may have the right to:

a. be informed whether Kloudawan processes your personal data;

b. request access to your personal data;

c. request correction of inaccurate, incomplete, misleading or outdated data;

d. withdraw consent to processing;

e. object to or prevent processing likely to cause substantial damage or distress;

f. require Kloudawan to cease or not begin processing for direct marketing;

g. request data portability where the right applies and the request is technically feasible;

h. request information concerning relevant processing activities; and

i. submit a complaint to the Personal Data Protection Commissioner.

Kloudawan may request information necessary to verify your identity and authority.

Access may be restricted where permitted by law, including where disclosure would affect another person’s rights, reveal confidential information or conflict with legal obligations.

A legally permitted fee may apply to certain requests.

18. Exercising Your Rights

Requests may be submitted to:

Privacy Contact KLOUDAWAN TECHNOLOGY SDN. BHD. Email: connect@kloudawan.com Level 1, PRIMA 9, Jalan Teknokrat 6, Cyberjaya 5, 63000 Cyberjaya, Selangor, Malaysia.

Please provide:

a. your full name;

b. contact information;

c. a description of the request;

d. the context in which Kloudawan obtained your data; and

e. reasonable proof of identity where required.

Kloudawan will respond within the period required by applicable law.

19. Withdrawal of Consent

You may withdraw consent by contacting Kloudawan.

Following withdrawal, Kloudawan will cease the affected processing as far as reasonably practicable, unless continued processing is:

a. required by law;

b. necessary for contractual or legal rights;

c. required for record retention;

d. necessary for a dispute or investigation; or

e. otherwise permitted by law.

Withdrawal may affect Kloudawan’s ability to provide certain services or continue a relationship.

20. Direct Marketing

You may request that Kloudawan cease using your personal data for direct marketing at any time.

You may:

a. use an unsubscribe mechanism in an email;

b. reply requesting removal; or

Administrative, contractual, security and service-related messages are not marketing communications and may continue where necessary.

21. Children

The Website is primarily intended for businesses, government organisations, professional users and adult visitors.

Kloudawan does not knowingly seek personal data directly from children through the Website.

Where a child’s information is required for a lawful activity, Kloudawan will seek appropriate parental or guardian authorisation where required.

A parent or guardian who believes that a child has submitted personal data without appropriate authorisation should contact Kloudawan.

22. Enterprise Customer Data

An enterprise customer may provide data through an AWAN service, support environment, portal, pilot or deployment.

The relevant customer generally determines:

a. what data is collected;

b. whose data is involved;

c. the purposes of processing;

d. access permissions; and

e. applicable retention instructions.

Where Kloudawan acts as a processor, requests concerning that data may need to be directed to the relevant customer as data controller.

Customer data will be governed by the applicable contract and data-processing terms in addition to this Privacy Policy.

23. Automated Processing

Kloudawan may use automated tools for security monitoring, Website analytics, network diagnostics, support prioritisation or operational analysis.

Kloudawan does not intend to make a decision producing significant legal or similar effects concerning an individual solely through automated Website profiling without appropriate notice, safeguards and lawful authority.

24. Third-Party Websites and Social Media

The Website may link to social-media platforms, video platforms, cloud-storage systems or other third-party websites.

Those parties process personal data under their own privacy policies. Kloudawan is not responsible for their independent practices.

25. Changes to This Privacy Policy

Kloudawan may update this Privacy Policy to reflect:

a. legal changes;

b. regulatory guidance;

c. new Website features;

d. changes in data processing;

e. new services; or

f. security and operational improvements.

The updated version will be published with a revised effective date.

Where a material change requires additional notice or consent, Kloudawan will take reasonable steps to provide it.

26. Data Protection Officer

Where Kloudawan meets the statutory criteria requiring appointment of a Data Protection Officer, Kloudawan will appoint and register an eligible officer and make the relevant business contact information available as required by law.

Until separate DPO contact information is published, privacy enquiries may be sent to connect@kloudawan.com.

27. Complaints

You may first contact Kloudawan so that we can investigate and respond to your concern.

You may also lodge a complaint with the Malaysian Personal Data Protection Commissioner where you believe that personal data has been processed contrary to applicable law.

28. Language

This Privacy Policy should be made available in Bahasa Malaysia and English in accordance with applicable Malaysian personal data protection requirements.

Where Kloudawan issues a Bahasa Malaysia version, both versions should be read together. Any language-precedence clause should be confirmed before publication by Malaysian legal counsel.

29. Contact

For questions, requests or complaints relating to personal data, contact:

KLOUDAWAN TECHNOLOGY SDN. BHD. Privacy contact: connect@kloudawan.com Level 1, PRIMA 9 Jalan Teknokrat 6, Cyberjaya 5 63000 Cyberjaya, Selangor Malaysia.

Thank you.