This policy explains how BakerLab Digital Sdn Bhd (Company Reg. No. 202301019448 (1518276-T)), operating the website bakerlab.my, handles personal data. We are a Malaysian company and process personal data in accordance with the Personal Data Protection Act 2010 (PDPA). Reading time is about four minutes, and we have tried to write it in language a human would use.
1. What we collect, and when
We collect personal data in three situations only:
- When you contact us. Our enquiry form asks for your name, work email, an optional phone number and a description of your project. Calling, emailing or messaging us on WhatsApp naturally shares whatever details you include.
- When you become a client. Contracts, invoices and project correspondence contain business contact details of the people involved.
- When you browse. Our hosting infrastructure records standard server logs (IP address, browser type, pages requested, timestamps) for security and troubleshooting. We do not run advertising trackers on this site.
2. What we use it for
We use personal data to reply to your enquiry, scope and deliver contracted work, issue invoices and meet our legal obligations. That is the complete list. We do not sell personal data, rent it, or add you to a mailing list without your explicit request.
3. Legal basis
Processing is based on your consent (which the enquiry form asks for explicitly), the performance of a contract where you are a client, and our legitimate interest in keeping this website secure.
4. Who we share it with
Data is shared only with service providers necessary to run our business — our hosting provider (servers located in Malaysia or Singapore), our accounting software, and our email provider — each bound by their own confidentiality obligations. We disclose data to authorities only where Malaysian law requires it.
5. How long we keep it
Enquiries that do not become projects are deleted after twenty-four months. Client records are retained for seven years to satisfy tax and audit requirements, then destroyed. Server logs rotate automatically after ninety days.
6. Your rights under the PDPA
You may request access to the personal data we hold about you, ask us to correct it, or withdraw consent to further processing. Write to [email protected] with the subject line “PDPA request” and we will respond within twenty-one days. If withdrawal of consent makes it impossible to continue providing a service, we will tell you before acting.
7. Security
This site is served over HTTPS. Enquiry submissions are protected against cross-site request forgery, access to client data inside the studio is limited to the people working on your account, and our devices are encrypted and access-controlled.
8. Contact
Questions about this policy can be sent to [email protected] or posted to BakerLab Digital Sdn Bhd, Level 5, Menara Ken TTDI, 37 Jalan Burhanuddin Helmi, Taman Tun Dr Ismail, 60000 Kuala Lumpur, Malaysia. If we revise this policy, the date at the top of this page changes and material changes are highlighted here for sixty days.