Talk to Expert

Data Processing Agreement (DPA) – Data Handling & Security Compliance

Effective Date: January 1, 2025
Last Updated: January 1, 2025

  1. Introduction
    1. This Data Processing Agreement (DPA) is an addendum to the Terms of Service (TOS) and applies when Net Onboard Sdn Bhd processes personal data on behalf of its customers.
    2. This DPA ensures compliance with:
      1. Malaysia’s Personal Data Protection Act (PDPA) 2010
      2. General Data Protection Regulation (GDPR) (for EU users, if applicable)
      3. Other relevant data protection laws
    3. By using our services, you agree to this DPA, which defines the rights, responsibilities, and obligations related to data processing.
  2. Definitions
    1. “Data Controller” – The customer who determines how and why personal data is processed.
    2. “Data Processor” – Net Onboard Sdn Bhd, which processes data on behalf of the Data Controller.
    3. “Personal Data” – Any information related to an identifiable individual.
    4. “Processing” – Any operation performed on personal data, such as collection, storage, transfer, or deletion.
  3. Processing of Personal Data
    1. Purpose of Processing:
      1. Net Onboard processes personal data solely to provide cloud computing and IT services.
    2. Types of Data Processed:
      1. User Information: Name, email, contact details, and business information.
      2. Service Data: Logs, configurations, and usage analytics.
      3. Billing Information: Payment records, transaction history.
    3. Legal Basis for Processing:
      1. Contractual necessity – Required to deliver services.
      2. Legal compliance – To meet regulatory obligations.
      3. Legitimate interests – To enhance security and user experience.
  4. Data Security Measures
    1. Net Onboard implements strict security controls to protect data, including:
      1. AES-256 encryption for data storage & transmission.
      2. Multi-Factor Authentication (MFA) for account security.
      3. ISO 27001-certified security framework for cloud infrastructure.
      4. Regular security audits, penetration testing & compliance checks.
    2. Data Access Control:
      1. Only authorized personnel have access to personal data.
      2. Access is restricted based on role-based permissions.
  5. Data Retention & Deletion
    1. Personal data is retained only as long as necessary for legal, regulatory, and operational requirements.
    2. Standard retention periods:
      1. Account Information – Retained for the duration of the contract + five (5) years after termination.
      2. Billing & Transaction Data – Retained for seven (7) years for financial compliance.
    3. Users may request data deletion upon account termination by contacting [email protected].
  6. Data Transfers & Data Sovereignty
    1. Data is stored within Malaysia, unless an international transfer is necessary for service fulfillment.
    2. For cross-border transfers, we:
      1. Ensure GDPR-standard protection measures for EU-based users.
      2. Use legally binding contracts and industry-approved security mechanisms.
  7. Subprocessors
    1. Net Onboard engages third-party vendors (e.g., cloud storage providers, analytics platforms, payment processors) under strict Data Processing Agreements (DPA).
    2. A list of approved subprocessors is available upon request.
  8. Data Breach Notification
    1. In case of a personal data breach, Net Onboard will:
      1. Assess the impact and take immediate action.
      2. Notify affected customers and authorities within 72 hours, as required by PDPA & GDPR.
      3. Provide remediation steps and security enhancements.
  9. Customer Rights & Obligations
    1. Customers have the right to:
      1. Access, correct, or delete their personal data.
      2. Withdraw consent for non-essential data processing.
      3. Request data portability in a structured, digital format.
    2. Customers must:
      1. Ensure compliance with applicable data protection laws.
      2. Not use Net Onboard’s services for unauthorized or illegal data processing.
  10. Governing Law & Dispute Resolution
    1. This DPA is governed by Malaysian law.
    2. Disputes will be handled through negotiation and mediation before proceeding to arbitration or litigation.
  11. Amendments & Updates
    1. Net Onboard reserves the right to update this DPA at any time.
    2. Users will be notified of material changes via email or system notifications.

For data protection inquiries, contact [email protected].