Home Privacy Policy
Legal

Privacy Policy

My6 Initiative Berhad is committed to protecting your privacy and handling your personal data responsibly in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA) and applicable international standards.

Effective: 1 January 2025
Last Reviewed: March 2025
Governed by: Malaysia PDPA 2010

01 Who We Are

My6 Initiative Berhad (Company Registration No. 897128-T / 201001012897) is Malaysia's dedicated IPv6 centre of excellence, incorporated under the Companies Act 1965 (now 2016) and operating in Malaysia. We are the data controller for personal information collected through our website (www.my6.my), training programmes, assessment engagements, and related services.

For the purposes of this Privacy Policy, "we", "us", and "our" refer to My6 Initiative Berhad. "You" and "your" refers to any individual whose personal data we process — including website visitors, training participants, clients, and government agency contacts.

Data Controller

My6 Initiative Berhad · ROC 897128-T (201001012897) · Malaysia · [email protected] · +603 8684 1977

02 Data We Collect

We collect personal data only to the extent necessary to deliver our services and comply with our obligations. The categories of data we may collect include:

2.1 Information You Provide Directly

  • Identity Data: Full name, title (e.g., Ir., Ts., Dr.), salutation, and designation
  • Contact Data: Email address, telephone number (office/mobile), postal address
  • Organisation Data: Company/agency name, department, job title, employee ID (for training records)
  • Training & Assessment Data: Qualification level, IPv6 competency scores, certification information, assessment responses
  • Correspondence Data: Messages, enquiries, and communications sent to us via email, forms, or telephone
  • Financial Data: Billing address and invoice information (payment cards are not stored by us)

2.2 Data Collected Automatically

  • Technical Data: IP address (including IPv6 address), browser type and version, operating system, device type
  • Usage Data: Pages visited, time spent, links clicked, referring URL, and navigation paths on www.my6.my
  • Cookie Data: Session identifiers, preference cookies, and analytics identifiers (see Section 7)

2.3 Data Received from Third Parties

  • Government Referrals: Contact information shared by MAMPU, MCMC, or other government bodies when directing agencies to engage our services
  • Public Records: Publicly available professional information (e.g., LinkedIn profiles) for business development purposes
  • Event Partners: Registration data shared by conference or seminar co-organisers with your consent

03 How We Use Your Data

We process your personal data for the following purposes:

  • Service Delivery: To provide IPv6 assessments, deployment services, training programmes, and post-implementation audits
  • Training Records: To issue certificates, maintain competency records, and administer programme participants
  • Communications: To respond to your enquiries, send service confirmations, invoices, and relevant updates
  • Government & Partner Reporting: To fulfil reporting obligations to MCMC, MAMPU, and partner agencies as required by our mandate
  • ITU-T & Standards Work: Aggregated, anonymised data may be used in international standards development and national reporting — never in a manner that identifies individuals
  • Website Improvement: To analyse traffic, improve user experience, and maintain website security
  • Marketing Communications: To send newsletters, event invitations, and IPv6 knowledge updates — with your consent and with opt-out available at any time
  • Legal Compliance: To comply with Malaysian law, court orders, or regulatory requirements
Important

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. Your data is used only for the purposes described in this Policy.

04 Legal Basis for Processing

Under Malaysia's Personal Data Protection Act 2010 (PDPA), we process personal data on the following legal grounds:

  1. Consent (Section 6 PDPA): Where you have given clear consent, such as subscribing to our newsletter or submitting an enquiry form
  2. Contract Performance: Where processing is necessary to fulfil a service contract or pre-contractual steps (e.g., assessment and deployment engagements)
  3. Legal Obligation: Where processing is required to comply with a legal or regulatory obligation under Malaysian law
  4. Legitimate Interests: Where processing is necessary for our legitimate business interests — including network security, fraud prevention, and improving our services — provided these interests are not overridden by your rights
  5. Public Task: Where processing is related to our national mandate work with MAMPU, MCMC, and Malaysian government agencies in the public interest

05 Data Sharing & Disclosure

We may share your personal data with the following categories of recipients, strictly on a need-to-know basis:

  • Government Bodies: MAMPU, MCMC, MOSTI, and relevant Malaysian ministries — where required by our mandate or contractual obligations
  • ITU-T / International Bodies: Only aggregated, anonymised, non-personally-identifiable data is shared in international standards contexts
  • Service Providers: Trusted third-party IT service providers (web hosting, email platform, cloud services) bound by data processing agreements
  • Training Partners: Where a training programme is jointly delivered, participant names and completion status may be shared with the co-organiser
  • Professional Advisors: Lawyers, auditors, and accountants under strict confidentiality obligations
  • Law Enforcement: Where required by Malaysian law, court order, or regulatory directive

All third parties with whom we share data are required to respect the security of your personal data and treat it in accordance with applicable law.

06 Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting obligations.

  • Client & Engagement Records: Retained for 7 years after the end of the engagement (Limitation Act 1953 / Companies Act 2016)
  • Training & Certification Records: Retained for 10 years to support certificate verification and professional recognition
  • Marketing Contact Data: Retained until you withdraw consent or opt out; inactive contacts reviewed every 2 years
  • Website Analytics: Retained for 26 months in aggregated form
  • Correspondence: General enquiries retained for 3 years; archived if related to an active engagement

When personal data is no longer required, we securely delete or anonymise it in accordance with our data lifecycle policy.

07 Cookies & Tracking Technologies

Our website (www.my6.my) uses cookies and similar technologies to enhance your browsing experience and gather analytics data.

7.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for website operation — cannot be disabled. Includes session management and security tokens
  • Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics). Data is aggregated and anonymised
  • Preference Cookies: Remember your settings and choices (e.g., language, cookie consent status)
  • Marketing Cookies: Only placed with your explicit consent for targeted communications

7.2 Your Cookie Choices

You may accept or decline non-essential cookies via our cookie consent banner when you first visit our site. You can also control cookies through your browser settings — note that disabling certain cookies may affect site functionality.

IPv6 Note

Our site is accessible over both IPv4 and IPv6. Your IPv6 address, where applicable, is treated as personal data and processed in accordance with this Policy. IPv6 addresses are not stored in unmasked form beyond the session.

08 Your Rights Under the PDPA

As a data subject under Malaysia's Personal Data Protection Act 2010, you have the following rights:

  • Right of Access (Section 30): To request a copy of the personal data we hold about you
  • Right to Correction (Section 34): To request correction of inaccurate, incomplete, or outdated personal data
  • Right to Withdraw Consent (Section 38): To withdraw consent for processing at any time — withdrawal does not affect the lawfulness of processing carried out before withdrawal
  • Right to Limit Processing (Section 43): To request that we cease or limit processing of your data in certain circumstances
  • Right to Object to Marketing: To opt out of receiving marketing communications at any time via the unsubscribe link in any email or by contacting us directly
  • Right to Complain: To lodge a complaint with the Personal Data Protection Commissioner of Malaysia (pdp.gov.my) if you believe your rights have been violated

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days of receiving your request, as required by the PDPA.

09 International Data Transfers

As Malaysia's representative to ITU-T Study Group 20, My6 Initiative may participate in international working groups and standards meetings. In doing so:

  • No personally identifiable data is shared in international standards contexts without your explicit consent
  • Where cloud services used by us store data outside Malaysia, we ensure appropriate safeguards are in place (e.g., standard contractual clauses, adequacy decisions)
  • All international transfers comply with Section 129 of the PDPA (restriction on transfer of personal data abroad)

10 Children's Privacy

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will take prompt steps to delete such data.

11 Security Measures

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. Our measures include:

  • Encryption: HTTPS/TLS 1.3 with IPv6-enabled endpoints; data at rest encrypted using AES-256
  • Access Controls: Role-based access controls; multi-factor authentication for internal systems
  • Staff Training: Regular data protection awareness training for all My6 personnel
  • Incident Response: A documented data breach response procedure in line with PDPA requirements
  • Vendor Assessment: Data processing agreements with all third-party processors
Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and, where required, the Personal Data Protection Commissioner within the timeframes prescribed by law.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

  • Post the updated Policy on this page with a revised "Last Reviewed" date
  • Send email notification to registered clients and subscribers for significant changes
  • Display a prominent notice on our website homepage for 30 days following material updates

Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated Policy.

13 Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact our Data Protection Officer:

Data Protection Contact

🏢
Organisation
My6 Initiative Berhad (897128-T)
✉️
📞
Telephone
+603 8684 1977
🌐
Website
www.my6.my

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commissioner of Malaysia at pdp.gov.my.