Privacy Policy

Last updated: 28 December 2025

1) Who we are

Maverick Resources (“we”, “our”, “us”) operates the website maverickresources.my and provides automation, RPA & web solutions to streamline business efficiency. We are the data controller for personal data we collect and process via our site and services. (“Data controller” is the PDPA term since April–June 2025.)

Contact:

  • Registered address B2-2-3, Solaris Dutamas, No. 1, Jalan Dutamas 1, 50480 Kuala Lumpur, Wilayah Persekutuan
  • General email: contact@maverickresources.my
  • Phone: +60107803153

2) What this policy covers

This policy explains what personal data we collect, how we use it, the parties we may share it with, your rights, and how we keep it secure—reflecting Malaysia’s seven PDPA principles: General (consent), Notice & Choice, Disclosure, Security, Retention, Data Integrity, and Access.

3) Personal data we collect

Depending on how you interact with us, we may collect:

  • Contact & identity data: name, company, role, phone, email, postal address.
  • Transaction & service data: inquiry details, quotes, orders, invoices, delivery records.
  • Website & device data: IP address, device/browser type, pages visited, timestamps, referring URL, cookie identifiers. (Cookie use requires notice and consent under PDPA.)
  • Recruitment data (if you apply): CV/resume, qualifications, employment history, referees.
  • Sensitive personal data: we generally do not intentionally collect sensitive data (e.g., health, religion, political opinions, biometric data). If processing is necessary, we will obtain explicit consent and apply enhanced safeguards per PDPA.

4) How we collect your data

  • Directly from you: web forms, emails, calls, meetings, events.
  • Automatically: cookies/analytics (see section 11 Cookies).
  • Third parties: business partners, logistics, payment providers—only where permitted and disclosed. PDPA requires prior notice and choice at or before collection.

We process personal data for the following commercial purposes (PDPA scope) and only with your consent or where necessary for requested services: 3

  • Respond to inquiries & provide quotes/services
  • Customer onboarding, order fulfilment & after‑sales support
  • Billing & payments; accounting & tax compliance
  • Site operation, performance & security
  • Marketing communications (only with your opt‑in consent; you can opt out anytime)
  • Recruitment & HR (applicants)

PDPA requires that processing be necessary and with consent, particularly for sensitive data.

6) Your choices & rights (Notice & Choice; Access; Correction; Withdrawal)

Under PDPA, you have the right to:

  • Access your personal data we hold;
  • Correct inaccuracies to ensure data integrity;
  • Withdraw consent to processing;
  • Object to direct marketing; and
  • Request data portability (effective June 1, 2025, for supported systems).

Submit requests to privacy@maverickresources.my and we’ll respond as soon as practicable per PDPA.

Note: PDPA recognises access & correction rights and prohibits direct marketing if you object. The data portability right was introduced in the 2024/2025 amendments.

7) Disclosure to third parties

We may share data with:

  • Service providers (hosting, security, email, CRM, analytics, logistics, payment) bound by contracts and PDPA security obligations (processors now have direct statutory duties).
  • Professional advisors (legal, tax, audit).
  • Regulators or law enforcement where required by law.

We do not sell personal data. We disclose only for stated purposes or those directly related, consistent with PDPA’s Disclosure Principle.

8) Cross‑border transfers

If we transfer personal data outside Malaysia (e.g., cloud hosting, email, analytics), we will ensure one of the PDPA‑compliant conditions applies, such as:

  • The destination has a law substantially similar to PDPA or provides an adequate level of protection (supported by a Transfer Impact Assessment and contractual safeguards); or
  • You have given explicit consent; or
  • The transfer is necessary for a contract with you or in your interest.

We also take reasonable precautions and due diligence when engaging overseas processors, per the Cross Border Personal Data Transfer Guidelines (29 Apr 2025).

9) Security (Security Principle)

We implement practical steps to protect personal data from loss, misuse, unauthorised or accidental access/disclosure, alteration, or destruction—aligned with PDPA’s Security Principle and increased penalties for breaches since 2025. Measures include:

  • Access controls, encryption in transit/at rest (where applicable), network security;
  • Role‑based permissions & staff training;
  • Vendor due diligence & data processing agreements;
  • Regular backups & secure disposal;
  • Incident response procedures.

10) Retention (Retention Principle)

We retain personal data only as long as necessary for the purposes outlined, legal obligations (e.g., tax), and to resolve disputes. When no longer needed, we securely delete or anonymise it in line with PDPA retention requirements.

11) Cookies & similar technologies

We use essential and optional cookies (e.g., analytics) to improve site performance and understand usage. Non‑essential cookies will be set only after you provide consent via our cookie banner. You can change preferences anytime. Details appear in our Cookie Notice: types of cookies, purposes, retention, and third‑party providers. (Under PDPA, websites must obtain explicit consent for cookies that process personal data.)

12) Marketing

We send marketing emails only if you opted in. You can unsubscribe via the link in each email or email privacy@maverickresources.my. PDPA requires notice/choice and respects objections to direct marketing.

13) Data breach notification

If we become aware of a personal data breach, we will assess and, where required, notify the Personal Data Protection Commissioner as soon as practicable; and if the breach is likely to cause significant harm, we will also notify affected individuals—per PDPA amendments effective June 1, 2025. 2

14) Children’s data

Our services are intended for business users. We do not knowingly collect personal data from children. If you believe a child’s data was provided, please contact us to remove it.

15) Links to third‑party sites

Our site may link to external websites. Their privacy practices are their responsibility; please review their policies.

16) Changes to this policy

We may update this policy from time to time. The “Last updated” date reflects the latest changes. Material updates will be highlighted on this page.

17) How to exercise your rights or make a complaint

To exercise PDPA rights, ask questions, or lodge a complaint:

  • Email: privacy@maverickresources.my
  • Mail: B2-2-3, Solaris Dutamas, No. 1, Jalan Dutamas 1, 50480 Kuala Lumpur, Wilayah Persekutuan

If you are unsatisfied with our response, you may contact Malaysia’s Department of Personal Data Protection (PDP) / Personal Data Protection Commissioner.

Appendix: PDPA alignment (at a glance)

  • Seven PDPA Principles (Sections 6–12): General, Notice & Choice, Disclosure, Security, Retention, Data Integrity, Access.
  • Amendment Act (phased in 2025): terminology changes (data controller), processor obligations, increased penalties, cross‑border transfer reform, breach notification, DPO thresholds & guidance.
  • Cross‑border transfers: new Guidelines (Apr 29, 2025) require conditions like substantially similar law/adequate protection, consent, or contractual necessity; recommend Transfer Impact Assessments and due diligence.
  • Cookies: PDPA requires explicit consent for cookies that process personal data; notice of purposes/third parties.
Scroll to Top