Last Updated/Effective Date:

12 February, 2026

Privacy Policy

This Privacy Policy explains how SG Global Support Services Sdn Bhd (Company No.: 841626-T), of Level 18, Axiata Tower, No. 9 Jalan Stesen Sentral 5, KL Sentral, 50470 Kuala Lumpur, Malaysia (“SG”, “we”, “us”, or “our”) collects, uses, discloses, stores, and protects Personal Data in connection with the SignUP digital acquisition application (“SignUP”).

This Privacy Policy applies to:

  • trial users;
  • paid subscribers; and
  • individuals whose Personal Data is collected through SignUP campaigns.

By accessing or using SignUP, you acknowledge that you have read and understood this Privacy Policy.

1. DEFINITIONS

“Personal Data” means any information relating to an identified or identifiable individual.

“User” means any individual or organisation that registers for, accesses, or uses SignUP.

“Data Subject” means an individual whose Personal Data is collected through SignUP.

“Applicable Data Protection Laws” means all data protection, privacy, and data security laws applicable to the processing of Personal Data in any relevant jurisdiction, including the Personal Data Protection Act 2010 (Malaysia), and any equivalent or successor legislation, as amended from time to time.

2. ROLE OF THE PARTIES

SG acts as a data processor, service provider, or equivalent role under Applicable Data Protection Laws in relation to Personal Data processed through SignUP.

The User acts as the data controller or equivalent role and determines the purposes and means of processing Personal Data collected from Data Subjects.

Users are responsible for ensuring that Data Subjects are informed of, and have consented to, the collection and processing of their Personal Data.

3. PERSONAL DATA COLLECTED

Depending on how the User configures SignUP, the following categories of Personal Data may be collected:

  • name and identifying information;
  • contact details such as email address and telephone number;
  • payment-related information (processed via PCI DSS–compliant service providers);
  • responses to forms, questionnaires, or surveys;
  • membership, subscription, or donation details;
  • device, browser, log, and usage information.

SG does not control the specific data fields collected and does not determine the content of User campaigns.

4. PURPOSES OF PROCESSING

Personal Data collected through SignUP may be processed for the following purposes:

  • providing, operating, and maintaining SignUP;
  • enabling fundraising, questionnaire, membership, or subscription campaigns;
  • processing transactions and payments;
  • responding to enquiries, requests, and technical issues;
  • complying with legal and regulatory obligations; and
  • analytics, monitoring, and service improvement, as further described in Clause 7.

5. DATA ACCURACY AND CONSENT

The User represents and warrants that:

  • all Personal Data collected through SignUP is accurate, complete, and up to date;
  • all required privacy notices have been provided to Data Subjects; and
  • a valid lawful basis (including consent, where required) has been obtained for the collection, use, processing, disclosure, and transfer of Personal Data.

SG is not responsible for the User’s failure to comply with Applicable Data Protection Laws.

6. DATA SECURITY

SG implements reasonable technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

You acknowledge that no system can be guaranteed to be completely secure, and SG does not warrant absolute security of Personal Data.

7. DATA ANALYTICS AND AGGREGATION

SG may collect, process, and analyse User Data, including Personal Data, in an aggregated, anonymised, or de-identified form for purposes including:

  • service monitoring and performance optimisation;
  • product development and improvement;
  • system security, fraud prevention, and integrity checks;
  • statistical analysis, reporting, and benchmarking.

Such analytics will not be used to identify individual Data Subjects and will not disclose User-specific confidential information.

8. CROSS-BORDER DATA TRANSFERS

Personal Data collected through SignUP may be transferred to, stored in, processed in, or accessed from jurisdictions outside the country in which the User or Data Subject is located, including Malaysia.

You acknowledge that data protection and privacy laws in such jurisdictions may differ from those in the Data Subject’s country of residence.

Where required by Applicable Data Protection Laws, SG will take reasonable steps to implement appropriate safeguards for cross-border data transfers, which may include contractual, technical, or organisational measures, or reliance on recognised legal exceptions.

9. DISCLOSURE OF PERSONAL DATA

Personal Data may be disclosed to:

  • the User who collected the Personal Data;
  • SG’s employees, contractors, affiliates, and professional advisers on a need-to-know basis;
  • third-party service providers engaged to support SignUP operations (including hosting, security, analytics, and payment processing); and
  • regulators, authorities, or courts where disclosure is required by law.

SG does not sell Personal Data.

10. DATA RETENTION

Personal Data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by Applicable Data Protection Laws.

Upon termination or expiry of a User’s account:

  • the User is responsible for exporting and retaining any required Personal Data; and
  • SG will retain User Data for a period of thirty (30) days following termination or suspension of the User’s account (the “Grace Period”), unless otherwise agreed in writing or required by Applicable Data Protection Laws. Upon expiry of the Grace Period, SG may delete, permanently anonymise, or render inaccessible the Personal Data in accordance with its standard data deletion and backup practices, without liability.

11. RIGHTS OF DATA SUBJECTS

Subject to Applicable Data Protection Laws, Data Subjects may have rights to:

  • access their Personal Data;
  • request correction of inaccurate or incomplete Personal Data; and
  • withdraw consent, where processing is based on consent.

Requests should be directed to the relevant User acting as data controller.
SG will reasonably assist Users in responding to such requests where required.

SG is not responsible for responding directly to Data Subject requests unless required by Applicable Data Protection Laws or instructed by the User.

12. PAYMENT CARD DATA

Where payment card information is processed, SG complies with, or engages third-party providers that comply with, applicable PCI DSS standards. SG does not store full payment card details except where permitted under such standards.

13. CHANGES TO THIS PRIVACY POLICY

Where updates materially affect the rights or obligations of Users or Data Subjects, SG will use reasonable efforts to provide prior notice through email, in-application notification, or other reasonable electronic means. Continued use of SignUP after the effective date of any update constitutes acceptance of the revised Privacy Policy.

14. CONTACT

For privacy-related enquiries, please contact:

SG Global Support Services Sdn Bhd

By email: hello@marketing.sgsupport.com