PERSONAL DATA PROTECTION NOTICE

CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital.

  • Home
  • Personal Data Protection Notice


(Effective date: 19 December 2025)
(Last reviewed: 17 December 2025)


INTRODUCTION

CyberSecurity Malaysia care about your personal data protection. This notice clarifies how CyberSecurity Malaysia processes your data from the point we collect, use, share, dispose of and the security measure that we established to ensure your personal data is well protected.

COLLECTION OF PERSONAL DATA

We collect your personal data which ranges from your name, home address, e-mail address, phone number, bank account and any other personal data information. We may collect certain sensitive personal data only when necessary for the provision of our services, such as biometric information for identity verification or other data required to comply with legal and regulatory obligations.

SOURCE OF PERSONAL DATA COLLECTION

We gather your personal data from:

  1. Career section available at our website (https://www.cybersecurity.my/portal-main/career). 
  2. Visitor registration at the reception desk to obtain an access pass for entry into the CyberSecurity Malaysia building for meetings or other official purposes.
  3. Purchase forms that are filled out during transactions for products or services.
  4. Cookies and similar technologies which are being used to enhance your browsing experience, analyze website traffic, and personalize content.
  5. Customer support interactions refer to information provided when you contact us via email, phone, or live chat for assistance.
  6. Surveys and feedback forms where data is being collected when you participate in satisfaction surveys or research studies.
  7. Event registrations when you register for webinars, training sessions, or conferences organized by CyberSecurity Malaysia.
  8. Social media interactions where data are shared when you engage with our official social media pages.
  9. Mobile applications refer to data collected when you use our official applications.
  10. Third-party partners or affiliates which data are shared by trusted partners to deliver services or fulfil contractual obligations.
  11. Publicly available sources where information obtained from public directories or government databases, where legally permitted.
  12. System logs and analytics include technical data such as IP address, device information, and usage patterns for security and performance monitoring.

REASON FOR PERSONAL DATA COLLECTION

We collect your personal data:

  1. To provide specialized cyber security services, including:
    1. Accessing, processing, facilitating, administering, and maintaining services such as cyber security emergency response and security quality management.
    2. Providing and maintaining on-demand access to resources that support in-house security expertise.
    3. Accessing advanced tools and education to assist in forensic investigations.
  2. To fulfil your requests and transactions, including:
    1. Processing your request to purchase our products or services.
    2. Delivering products to your specified address and location.
    3. Resolving complaints or delivery issues (if any).
    4. Sending new product promotions to you (only with your consent).
  3. To manage and maintain your relationship with us, including:
    1. Responding to your enquiries or complaints.
    2. Improving and facilitating customer services through market research and opinion surveys.
    3. Supporting business development initiatives and other purposes necessary or related to your relationship with us.

PROCESSING OF PERSONAL DATA COLLECTION

We primarily process and store your personal data within Malaysia. However, in certain circumstances, such as when cloud services are utilized for backup, disaster recovery, or system redundancy, your data may be stored in secure servers located outside Malaysia, including within the ASEAN region. Any such transfer will be conducted in compliance with applicable data protection laws and with appropriate technical and organizational safeguards to ensure the confidentiality, integrity, and security of your personal data. We are very serious about providing a comparable level of protection for personal data should the information be processed or used outside Malaysia by our vendors or experts. We will process your personal data in accordance with the POPA, its applicable regulations, guidelines, and/or orders, considering the latest amendments. Processing may include collecting, recording, holding, storing, using, and/or disclosing your personal data.

DISCLOSURE OF PERSONAL DATA

We may disclose your personal data to other entities within our group (where applicable and with the data subject's consent, unless otherwise permitted by law), including:

  1. the Ministry of Digital,
  2. our professional advisers, vendors, suppliers, agents, contractors, service providers, business partners, insurance companies, banks, financial institutions, or successors in title,
  3. any governmental agencies, regulatory authorities, and/or statutory bodies,
  4. parties involved in corporate exercises (e.g., mergers, acquisitions, joint ventures, funding exercises, asset sales),
  5. any party within or outside Malaysia who undertakes to keep your personal data confidential, or
  6. any person we are compelled or required by law to disclose to.

SECURITY MEASURE

We take these measures to protect your personal data:

  1. By ensuring your personal data is kept as required by Act 709,
  2. By ensuring our staff not to misuse your personal data, and
  3. By performing contract/ agreement with system vendor, appointed courier company.

Nevertheless, where access credentials such as passwords are required to use our services, you are responsible for maintaining the confidentiality of those credentials and for ensuring they are not shared with any unauthorized party.

PERSONAL DATA RETENTION PERIOD

We are committed to protecting your personal data in line with PDPA requirements and our internal policies. Personal data is retained only as long as necessary for the fulfilment of its purposes or as required by law.

YOUR RIGHTS

You have the rights:

  1. to access your personal data, if necessary.
  2. to correct your personal data that has been processed.
  3. to withdraw consent to processing. However, you should be informed of the consequences of the withdrawal of consent.
  4. to have freedom from automated decision-making.
  5. to prevent processing of your personal data for direct marketing purposes.
  6. to be told the purpose for which your personal data is being processed by an organization.
  7. to request the transfer of your personal data to another data controller within a designated timeframe, provided it is technically feasible, and the format is compatible.
  8. to prevent processing of your personal data that may cause damage or distress.
  9. to refuse direct marketing calls or mail.

CONTACT US

You can contact us or submit your inquiry in regard to the processing of your personal data at:

Data Protection Officer
CyberSecurity Malaysia Level 7, Tower 1, Menara Cyber Axis, Jalan Impact, 63000 Cyberjaya, Selangor, Malaysia
Tel: 03-8800 7999
Fax: 03-8008 7000
Email: dpo@cybersecurity.my
Name: Ts. Sabariah Binti Ahmad

logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Select User Category
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

COPYRIGHT © CYBERSECURITY MALAYSIA

CONTACT US | DISCLAIMER | PERSONAL DATA PROTECTION NOTICE | SITEMAP

TOP
ASK Byte
Chatbot Portal

Hi, I am ASK Byte. Please submit your questions about the portal and I will try to get answers from online knowledge stores.

Hi, Saya Admin Chatbot. Saya sedia chat dengan anda secara terus. Bagaimana saya boleh membantu anda?

Click the button below to interact with the CSM chatbot

Proceed