top of page

Privacy Policy

PRIVACY POLICY & PERSONAL DATA PROTECTION NOTICE (NOTIS PRIVASI & PERLINDUNGAN DATA PERIBADI)

LUMINA DIGITAL PRIVACY POLICY

 

Last Updated: August 28, 2025

 

1. Introduction and Our Commitment to Your Privacy

 

Lumina Digital ("we," "us," "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy is issued in compliance with the Personal Data Protection Act 2010 of Malaysia ("PDPA") and its subsequent amendments. It serves as a written notice to all our clients, potential clients, and website visitors ("you," "your") as required under the Notice and Choice Principle of the PDPA.

This policy explains how we collect, process, use, disclose, and protect your personal data when you interact with us, use our services, or visit our website, https://www.luminadigital.biz/ (the "Website"). By engaging with our services or providing us with your personal data, you consent to the processing of your personal data as described in this policy.

 

2. Definitions

 

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them under the PDPA:

  • "Personal Data" means any information in respect of commercial transactions that relates directly or indirectly to an individual, who is identified or identifiable from that information or from that and other information in our possession. This includes, but is not limited to, name, email address, phone number, company details, and online identifiers like IP addresses.

  • "Sensitive Personal Data" means any personal data consisting of information as to the physical or mental health or condition, political opinions, religious beliefs, or the commission or alleged commission of any offence. We do not typically collect Sensitive Personal Data.

  • "Processing" means collecting, recording, holding, storing, or carrying out any operation on personal data, including its organisation, adaptation, retrieval, use, disclosure, and destruction.

  • "Data Controller" (formerly "Data User" under the PDPA) refers to a person who either alone or jointly with other persons processes any personal data or has control over or authorises the processing of any personal data. For the purposes of this policy, Lumina Digital is a Data Controller.

 

3. The Personal Data We Collect and How We Collect It

 

We collect Personal Data through various channels to provide and improve our services. The types of data and methods of collection include:

  • Information You Provide Directly:

    • Via Website Forms: When you fill out our contact or inquiry forms, we collect your name, email address, phone number, company name, and any message you provide.

    • Via Direct Communication: When you communicate with us via email, WhatsApp, or other messaging services, we collect your contact details and the content of your communications.

    • During Client Onboarding: When you become a client, we collect business and contact information necessary to establish a service agreement, including company registration details, billing addresses, and key personnel contact information.

  • Information Collected Automatically:

    • Website Usage Data: When you visit our Website, we automatically collect certain information about your device and browsing activity. This may include your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of your visits. This data is collected through cookies and other tracking technologies.

    • Analytics and Marketing Tools: We use third-party tools such as Google Analytics and the Meta Pixel (Facebook Pixel) to collect aggregated and anonymized data about website traffic and user interactions. These tools may collect data such as cookie identifiers and IP addresses, which are considered Personal Data.

 

4. Purpose of Processing Your Personal Data

 

In compliance with the General Principle of the PDPA, we process your Personal Data only for lawful purposes directly related to our business activities. The purposes include:

  • Service Delivery: To enter into and perform our contractual obligations with you, including providing social media management, content creation, website development, and digital marketing strategy services.

  • Communication: To respond to your inquiries, provide quotations, send service-related updates, and manage our client relationship.

  • Marketing and Promotion: To send you information about our services, industry insights, or promotional materials that may be of interest to you. You may opt-out of receiving marketing communications at any time.

  • Website Improvement: To analyse how our Website is used, diagnose technical issues, and improve user experience and the effectiveness of our content.

  • Legal and Regulatory Compliance: To comply with our legal obligations, including for billing, accounting, and tax purposes, and to respond to lawful requests from government authorities.

  • Security: To protect the security and integrity of our Website and business operations.

The primary legal bases for our processing are your consent and the necessity of processing for the performance of a contract to which you are a party.

 

5. Disclosure of Your Personal Data to Third Parties

 

We do not sell your Personal Data. In line with the Disclosure Principle of the PDPA, we will not disclose your Personal Data to any third party without your consent, except to the classes of third parties listed below and/or as permitted by law:

  • Service Providers and Partners: We may share your data with third-party vendors who provide services on our behalf, such as website hosting providers (e.g., AWS, Google Cloud), payment gateway operators, and email service providers. We ensure these parties provide sufficient guarantees to protect your data.

  • Analytics and Advertising Partners: As detailed below, data is shared with partners like Google LLC and Meta Platforms, Inc. for website analytics and marketing purposes.

  • Professional Advisors: We may disclose your information to our lawyers, accountants, and auditors when necessary for professional advice.

  • Legal and Governmental Authorities: We may disclose your Personal Data if required to do so by law or in response to a valid request from a court or regulatory body.

 

6. Use of Cookies, Google Analytics, and Meta Pixel

 

Our Website uses cookies and similar tracking technologies to enhance user experience, analyse website performance, and for marketing purposes.

  • Cookies: Cookies are small text files placed on your device when you visit a website. We use them to remember your preferences and to collect statistical data. You can control the use of cookies at the individual browser level.

  • Google Analytics: We use Google Analytics to understand our website traffic and user behaviour. Google Analytics collects data such as your IP address, device type, and browsing patterns. This information is transmitted to and stored by Google on its servers. We have enabled IP anonymization features where available. For more information on how Google uses this data, please visit Google's Privacy & Terms page. You can opt-out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

  • Meta Pixel (Facebook Pixel): We use the Meta Pixel to measure the effectiveness of our advertising campaigns on Facebook and Instagram, and to deliver targeted ads (remarketing). The pixel collects data about your actions on our Website (e.g., pages visited, forms submitted) and links it to your Meta account. This data is subject to Meta's Data Policy. You can manage your ad preferences and opt-out of interest-based advertising within your Facebook and Instagram settings.

By using our Website, you consent to the processing of data by these third-party services in the manner and for the purposes set out above.

 

7. Security and Retention of Your Personal Data

 

  • Security Principle: We take practical and reasonable steps to protect your Personal Data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration, or destruction. We have implemented suitable physical, electronic, and managerial procedures to safeguard the information we collect.

  • Retention Principle: We will retain your Personal Data only for as long as is necessary to fulfil the purposes for which it was collected, or as required for legal, regulatory, or internal policy requirements. Once your Personal Data is no longer required, we will take reasonable steps to destroy or permanently de-identify it.

 

8. Your Rights as a Data Subject

 

In accordance with the PDPA, you have the following rights in relation to your Personal Data:

  • Right to Access: You have the right to request access to the Personal Data we hold about you and to obtain a copy of it.

  • Right to Correct: You have the right to request the correction of your Personal Data if it is inaccurate, incomplete, misleading, or not up-to-date. This aligns with our obligation under the Data Integrity Principle.

  • Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your Personal Data at any time. Upon receiving your request, we will cease processing your data for the purposes you specified, unless we have another lawful basis to continue doing so.

  • Right to Prevent Processing for Direct Marketing: You have the right to request that we cease processing your Personal Data for direct marketing purposes.

To exercise any of these rights, please contact our Data Protection Officer using the details in Section 11. We will respond to your request within the statutory timeframe.

 

9. Lumina Digital's Dual Role: Data Controller and Data Processor

 

We wish to clarify our roles under the PDPA:

  • As a Data Controller: Lumina Digital acts as a Data Controller for the Personal Data we collect directly from you for our own business purposes (e.g., website visitors, our own clients, and marketing leads).

  • As a Data Processor: When providing services to our clients, we may process Personal Data on their behalf (e.g., managing their customer databases for email marketing or handling inquiries on their social media pages). In such cases, our client is the Data Controller, and we are the Data Processor. The 2024 amendments to the PDPA impose direct legal obligations on Data Processors, particularly concerning the Security Principle. We commit to upholding these obligations and processing all client data securely and only upon their lawful instruction.

 

10. International Data Transfers

 

Your Personal Data may be transferred to, stored, and processed in jurisdictions outside of Malaysia, particularly where our third-party service providers (such as cloud hosting and analytics partners) operate. We will ensure that any such transfer complies with the requirements of the PDPA, for instance, by ensuring the recipient jurisdiction has an adequate level of data protection or by implementing appropriate contractual safeguards.

 

11. Data Protection Officer and Contact Information

 

In line with the mandatory requirement to appoint a Data Protection Officer (DPO) under the amended PDPA, we have designated a point of contact for all data protection matters. If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Data Protection Officer Lumina Digital Email: LuminaDigital.OIE@gmail.com Address: LOT 12240 BLOCK 5 LAMBIR LAND DISTRICT (FIRST FLOOR), 98000 MIRI, SARAWAK, MALAYSIA

 

12. Changes to this Privacy Policy

 

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any amendments will be posted on this page, and the "Last Updated" date will be revised. We encourage you to review this policy periodically.

bottom of page