Privacy Policy | Fikir Systems

1. Introduction

Fikir Systems ("we", "us", "our") is committed to safeguarding the privacy of individuals who interact with our website and services. This Privacy Policy describes the types of personal data we collect, how we use and protect it, and the rights you hold over your information.

This policy applies to all visitors of our website at https://fikirsystems.world and to clients who engage our AI integration consulting services.

Governing law: Our data practices comply with Malaysia's Personal Data Protection Act 2010 (PDPA). If you are located in a jurisdiction with additional data protection requirements, we will make reasonable efforts to accommodate those as well.

Questions about this policy may be directed to: [email protected]

2. Personal Data We Collect

We collect personal data only when necessary for the purposes described in this policy. The categories of data we may collect include:

2.1 Data You Provide Directly

Contact details — full name, email address, phone number provided through our enquiry form or direct correspondence
Organisation information — company name, role or job title, industry sector (when shared)
Project details — information about your business challenge or requirements that you choose to share with us
Communication records — emails, messages, and notes from phone or video calls where relevant to service delivery

2.2 Data Collected Automatically

Usage data — pages visited, time on site, referral sources, approximate geographic region (country/state level)
Technical data — browser type and version, device type, operating system, IP address (anonymised where possible)
Cookie data — as described in our Cookie Policy

2.3 Data from Third Parties

We may receive publicly available professional information (such as LinkedIn profile data) if you reference it in correspondence. We do not purchase third-party marketing lists.

2.4 Data We Do Not Collect

We do not collect sensitive personal data as defined under the PDPA (including information on race, religion, health, political opinions, or biometric data) unless you explicitly and voluntarily share such context and it is directly relevant to a service engagement.

3. Legal Basis for Processing

Under the PDPA 2010, we process your personal data on the following grounds:

Your consent — when you submit our contact form or provide data voluntarily, you consent to its use for the purposes stated at the point of collection
Contractual necessity — when you engage our services, processing your data is necessary to deliver and manage that engagement
Legitimate interests — we process certain usage analytics data to understand how our site performs and how we can improve it, in ways that do not override your fundamental rights
Legal obligation — we may retain data where required by Malaysian law, including financial records for accounting and tax compliance

4. How We Use Your Personal Data

We use the data we collect for the following purposes:

Responding to enquiries and arranging discovery consultations
Delivering AI integration services and managing client engagements
Sending project-related updates, invoices, and supporting documentation
Improving our website content, structure, and user experience based on aggregate usage patterns
Fulfilling our obligations under applicable Malaysian law
Sending occasional service or thought-leadership updates, only if you have opted in and with a clear option to unsubscribe at any time

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

5. Sharing Your Data

We share personal data only in limited, defined circumstances:

Service providers — we use third-party tools for analytics (e.g. Google Analytics), email communication, and project management. These providers are selected for their data protection standards and are contractually bound not to use your data for their own purposes.
Professional advisors — accountants, lawyers, or auditors, where legally required and under confidentiality obligations
Regulatory authorities — if required to do so by law, court order, or lawful government request
Business transfers — in the event of a merger, acquisition, or sale of business assets, with appropriate notice to affected individuals

6. Data Retention

We retain personal data only as long as reasonably necessary for the purpose it was collected:

Enquiry data (non-clients): up to 12 months from the last interaction, unless extended engagement begins
Client engagement data: 7 years following project completion, to meet Malaysian financial recordkeeping obligations
Analytics and cookie data: up to 26 months (Google Analytics default), with anonymisation applied where possible
Email correspondence: retained for the duration of a business relationship plus 2 years

Once the applicable retention period expires, data is securely deleted or anonymised.

7. Data Protection Measures

Our website uses HTTPS (TLS encryption) for all data in transit
Access to client data within our systems is restricted to team members who require it to perform their work
We conduct periodic reviews of our data handling practices
In the event of a data breach that poses a risk to affected individuals, we will notify the relevant parties in accordance with PDPA obligations

8. Cookies

Our website uses cookies to support basic functionality and to understand how visitors engage with our content. You can manage your cookie preferences at any time through our Cookie Policy page.

Essential cookies cannot be disabled as they are necessary for the site to function. Analytics and preference cookies are optional and require your consent.

9. Your Rights

Under the PDPA 2010 and applicable data protection principles, you have the following rights with respect to your personal data:

Right to Access Request a copy of the personal data we hold about you

Right to Rectification Ask us to correct inaccurate or incomplete data

Right to Erasure Request deletion of your data where no legal obligation to retain exists

Right to Object Object to processing based on legitimate interests or for direct marketing

Right to Portability Receive your data in a structured, machine-readable format where feasible

Right to Withdraw Consent Withdraw consent at any time; this does not affect prior lawful processing

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days. If you believe your rights have been infringed, you may lodge a complaint with Malaysia's Department of Personal Data Protection (JPDP) at www.pdp.gov.my.

10. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently. Our Privacy Policy applies solely to data collected through our own website and communications.

11. Children's Privacy

Our services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under 18. If we become aware that such data has been collected, we will delete it promptly.

12. International Data Transfers

Some of our third-party service providers (such as analytics platforms) may process data outside Malaysia. When this occurs, we ensure appropriate safeguards are in place — including contractual data protection clauses — consistent with PDPA requirements for cross-border transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we do, we will update the "Last Updated" date at the top of this page. Continued use of our website following such changes constitutes your acknowledgement of the revised policy. For material changes, we will make reasonable efforts to notify active clients directly.

14. Contact for Privacy Matters

If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please reach out:

Fikir Systems
82 Jalan P. Ramlee, 50250 Kuala Lumpur, Malaysia
[email protected]
+60 3-8624 1597