top of page
Nuveq
mydigital ID integrated with Nuveq Access Control System
MySTI
made in malaysia
Malaysia Digital
  • Instagram
  • Facebook
  • X
  • LinkedIn
  • Youtube
  • TikTok

PRIVACY POLICY

The Personal Data Protection Act 2010 (“PDPA”) has been enforced since 15 November 2013 to regulate the processing of personal data in commercial transactions.

 

Under the PDPA, NUVEQ Sdn. Bhd. (“NUVEQ”, “we”, “us” or “our”) is required to inform you of your rights in respect of your personal data that is being processed or that is to be collected and further processed by us and the purposes for which such data processing is carried out.


This Privacy Notice (“Notice”) applies to all personal data collected through your interactions with us, including through our website at https://www.nuveq.net/ (“Website”), our mobile applications (“Applications”), and our cloud-based access control and related products and services (collectively, “Products and Services”).


By interacting with us, accessing or using our Website or Applications, using or continuing to use our Products or Services, or submitting your Personal Data to us, you hereby consent to and authorise the collection, use, disclosure, transfer and/or processing of your Personal Data by us in accordance with this Notice and the PDPA.


1. Personal Data We Collect


Depending on our relationship with you, we may collect your Personal Data such as your name, identification number, gender, nationality, photographs or other audio-visual information, telephone number(s), mailing address, email address, information about your interaction with our Website or Applications, and any other information relating to any individuals which you have provided us in any forms you may have submitted to us, or via other methods of interaction with you (collectively, “Personal Data”).


1.1. Website


When you visit our Website, we may collect information automatically through cookies and similar tracking technologies, including log data such as your IP address, browser type, pages visited, and time spent on pages. Please see Section 7 (Website and Cookies) for further detail.


1.2. Applications


When you use our Applications, we may additionally collect: device information such as your mobile device ID, model, manufacturer, operating system version, and phone number; geolocation information (continuously or while you are using the Applications) to enable location-based features necessary for the operation of the Applications; access to your device’s Bluetooth and storage, which are required for the intended use of the Applications; and push notification tokens to deliver system and account notifications. Push notifications are required for updating features and functions of the Applications.


1.3. Biometric and access data


Where you interact with our access control systems, including face recognition terminals, palm vein recognition terminals, or ANPR systems deployed at premises using our Products and Services, we or our customers (as the case may be) may collect biometric identifiers and access event data, including entry and exit records, images, and facial or vein
recognition templates. Such data constitutes sensitive personal data and is handled accordingly under Section 2 below.


2. Sensitive Personal Data


We do not generally collect or process any sensitive Personal Data unless explicit consent has been obtained from you, or where such processing is otherwise permitted or required under any applicable law. However, should you voluntarily provide us with any sensitive Personal Data, it will be deemed that you have given us your explicit consent by conduct to collect, use, disclose or process the sensitive Personal Data solely for the purpose for which it was provided, where it is reasonable that you would voluntarily provide the information, and in accordance with the PDPA.
 

Sensitive personal data includes, but is not limited to, the following:


• your physical or mental health conditions;
• your political opinions;
• your religious belief or other beliefs of a similar nature;
• commission or alleged commission of an offence by you; and
• biometric data (including facial recognition templates, palm vein data, and related biometric identifiers processed through our Products and Services).
 

3. How We Collect Personal Data


Generally, we collect Personal Data in the following ways:


• when you submit any application for Cloud-Based Access Control System or any other services which relating thereto to NUVEQ’s Product and Services;
• when you enter into any agreement or provide other documentation or information in respect of your interactions with us or when you use any of our Products and Services;
• when you interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, face-to-face meetings, social media platforms and emails;
• when you use our electronic services, or interact with us via our Website or Applications;
• when you request that we contact you or request that you be included in an email or other mailing list;
• when you respond to our promotions, initiatives or to any request for additional PersonalData;
• when your images are captured by us via CCTV cameras or face recognition system while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events at our premises;
• when we receive references from business partners and third parties, for example, where you have been referred by them with your consent; and
• when you submit your Personal Data to us for any other reasons.


4. Purposes of Processing


Generally, NUVEQ collect, use, and process your Personal Data for the following purposes:


• to facilitate the provisioning of Cloud-based access control and/or related Products and Services that you requested;
• for the maintenance of customer database and customer service related processes;
• for billing and payment processing purposes;
• for contact purposes;
• to provide you with any updates, notifications or information that we think may be of interest to you;
• to respond to your enquiries;
• for administrative and business purposes of NUVEQ;
• to meet any legal and statutory requirement;
• for analysis and planning purposes including historical and statistical record;
• general operation and maintenance of the services provided by NUVEQ;
• investigating complaints and suspected suspicious transaction; and
• any other purposes which are reasonably affiliated to the aforesaid.
 

You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with our Products and Services you have requested, or delays in processing your applications. Depending on the purpose for which the Personal Data is collected, it may be mandatory for you to provide certain Personal Data in order for us to process your request and deliver our Products and Services. Where possible, such required Personal Data will be indicated as mandatory at the point of collection. Please note that failure to provide any Personal Data designated as mandatory may limit, delay, or otherwise affect our ability to respondeffectively to your requests, enquiries, or applications.
 

5. Disclosure of Your Personal Data


We may disclose the Personal Data to the following parties for the purposes stated above. By continuing to engage with us, you have consented to the disclosure and cross-border transfer of your Personal Data to these third parties within or outside of Malaysia, where such disclosure or transfer is necessary to fulfil the purposes listed above. The list of third parties is as follows and may be updated from time to time:


• NUVEQ’s related corporations and employees;
• Our agents and contractors (including those located overseas) providing Products and Services relating to the purposes for which the Personal Data is collected;
• Third party service providers (including those located overseas) who provide data processing services;
• Government-integrated digital identity verification service providers, where you use such services to authenticate your identity through our systems or premises;
• In circumstances where delay or default payment has occurred, to our appointed lawyers, debt collection agencies, or credit reporting agencies;
• Any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions;
• Our professional advisers such as consultants, auditors and lawyers;
• Relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority;
• Any person who is under a duty of confidentiality who has undertaken to keep such data confidential; and
• Any other party to whom you authorise us to disclose your Personal Data.

 

We may also disclose the Personal Data if required to do so by law or in good faith, if such action is necessary to (i) comply with requirements of any law enforcement agency, court order, or legal process; or (ii) protect and defend rights or property of NUVEQ and its personnel.


In respect of any disclosures or transfers of your Personal Data, we will take reasonable steps to ensure your Personal Data is disclosed or transferred in accordance with the PDPA. Where any disclosure or transfer is made, we shall also take reasonable steps to ensure that any disclosure or transfer will be carried out in a safe and secure manner. Such security measures includes encryption of data in transit, implementation of token-based authentication mechanisms, access control management through Identity and Access Management (IAM) systems within Google Cloud Platform (GCP), periodic reviews to remove unnecessary or excessive access rights, and the use of firewalls or other network security controls.


6. Security of Your Personal Data


NUVEQ will take reasonable and appropriate security measures to protect your Personal Data against unauthorised access, disclosure, alteration, or destruction. In addition to the measures mentioned above, NUVEQ also adopts industry-recognised cloud security practices and standards to further protect your Personal Data.
 

We take reasonable and appropriate security measures to ensure that any disclosure of your personal data to any third parties is implemented in a safe and secure manner. Notwithstanding, please be aware that no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information transmitted online is vulnerable to interception by unauthorised parties. Therefore, we cannot guarantee complete security if you provide Personal Data online.
 

7. Website and Cookies


We also use cookies to enhance user experience on our website. Cookies are small text files containing small amounts of information which are downloaded and may be stored on your user devices such as your computer, smartphone or tablet. These cookies and similar techniques are sometimes necessary to remember your account settings, language, and country, but also enable us to measure and analyse your behaviour and may be for showing you personalised advertisements on our website or on third party websites.
 

Where required, you will be asked for consent to our use of cookie. You can choose to decline cookie via your browser setting, however you may not be able to access or use certain features of our website.
 

8. Retention and Disposal of Personal Data


We will retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected. Upon fulfilment of those purposes, we will continue to retain your Personal Data for an additional period of seven (7) years to comply with legal, regulatory, accounting, or business requirements. Thereafter, your Personal Data will be securely disposed.


9. Your Rights – Access, corrections and complaints


If you would like to:


• make any enquiries or complaints relating to your Personal Data;
• request access, update or correction of your Personal Data; or
• withdraw or limit your consent to our processing or use of your Personal Data (including for direct marketing) as set out in this Notice.

 

you may contact our Data Protection Officer at dpo_nuveq@hhq.com.my


Any access request to your Personal Data may be subject to a fee and to the requirements under the PDPA. Please note that NUVEQ may to withhold access to your Personal Data in certain situations, for example when we are unable to confirm your identity or in the event we receive repeated requests for the same information. Nevertheless, we will notify you of the reasons for not being able to accede to your request.
 

Where you withdraw your consent to the processing of your Personal Data or request to limit such processing, please note that this may affect our ability to provide you with our Products and Services or continue to perform any contractual obligations. Notwithstanding the foregoing, we may continue to process your Personal Data to the extent permitted under the PDPA, including where such processing is necessary for the performance of a contract to which you are a party, for the taking of steps at your request prior to entering into a contract, for compliance with any legal obligation, or for the exercise of any functions conferred under any law.
 

10. Changes to This Notice


NUVEQ may revise this Notice from time to time to ensure that this Notice is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. All changes to this notice will be published on NUVEQ’s Website. You are encouraged to visit our Website from time to time to keep yourself updated on our latest Notice. By interacting with us or continuing to use our Products and Services, you are deemed to have consented to the changes made to the Notice.
 

11. Language


This Notice issued in both English and Bahasa Malaysia languages. In the event of any inconsistency, the English language version of this Notice shall prevail.


Effective Date: 06 May 2026
Last Review Date: 11 May 2026

Bahasa Malaysia

bottom of page