privacy policy

1. Personal Data and Privacy Policy

• 1.1. Regarding information sharing, WeManage will only share the personal information gathered with other companies or individuals outside of the organization in the following limited circumstances:
• • 1.1.1. We have your consent;
  • 1.1.2. We provide such information to our subsidiaries, affiliated companies, or other government agencies (including but not limited to the local authorities) or people for processing/confirming the personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures;
  • 1.1.3. We have a good faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to:-
  • • 1.1.3.1. Satisfy any applicable law, regulation, legal process, or enforceable governmental request;
    • 1.1.3.2. Enforce applicable Terms and Conditions, including investigation of potential violations thereof;
    • 1.1.3.3. Detect, prevent, or otherwise address fraud, security, or technical issues; or
    • 1.1.3.4. Protect against harm to the rights, property, or safety of WeManage, its users, or the public as required or permitted by law.
• 1.2. The Processing of Personal Data
• • 1.2.1. User Data
  • • 1.2.1.1. WeManage collects users’ names, email addresses, and contact details to create accounts, authenticate users, send notifications, and access system features.
    • 1.2.1.2. This data is provided directly by users through registration forms or entered by authorized System Admins on their behalf. Where the client’s administrator submits data, it is their responsibility to obtain prior consent from the user.
  • 1.2.2. Vendor Data
  • • 1.2.2.1. WeManage collects the names, identification details, and contact information of vendor company shareholders and directors to support the registration and verification of vendor profiles.
    • 1.2.2.2. Authorized company representatives typically submit this information. The submitting party is responsible for obtaining prior consent from the individuals whose personal data is provided.
• 1.3. Data Retention
• • 1.3.1. WeManage will retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Once the data is no longer required, it will be securely deleted or anonymized under the Retention Principle under Malaysia’s PDPA.
  • 1.3.2. Upon termination of subscription, WeManage will retain personal data for up to 7 years, or upon request for deletion by the subscription’s System Admin, whichever comes first.
• 1.4. Information Security
• • 1.4.1. WeManage takes appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure, or destruction of data. These include internal reviews of our data collection, storage, and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorised access to systems where we store personal data.
  • 1.4.2. We restrict access to personal information to WeManage’s employees, contractors and third parties who need to know that information in order to process it on our behalf. Confidentiality obligations bind these entities and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
• 1.5. Enforcement
• • 1.5.1. WeManage regularly reviews its compliance with this Privacy Policy. When WeManage receives formal written complaints, our policy is to contact the complaining user regarding his or her concerns.
  • 1.5.2. WeManage will cooperate with the appropriate regulatory authorities, including data protection authorities, to resolve any complaints regarding transferring personal data that cannot be resolved between WeManage and an individual or organisation.
• 1.6. Changes to this Privacy Policy
• • 1.6.1. Please note that this Privacy Policy may change occasionally.
  • 1.6.2. WeManage will not reduce your rights under this Privacy Policy without your explicit consent.
  • 1.6.3. WeManage will post any Privacy Policy changes on this page and, if the changes are significant, WeManage will provide a more prominent notice on a best-case basis (including, for certain services, email notification of Privacy Policy changes).

2. Data Protection Officer

• 2.1. WeManage has appointed a Data Protection Officer (DPO) to oversee compliance with the Personal Data Protection Act (PDPA).
• 2.2. Individuals may contact our DPO by emailing support@wemanage.cloud for any inquiries or concerns regarding personal data handling and protection.

3. Data Breach Notification

• 3.1. WeManage will notify affected individuals within 7 days of a personal data breach that is likely to result in significant harm.

4. Data Subject Rights

• 4.1. Users have the right to access their personal data held by WeManage, request corrections to inaccurate data, and withdraw consent for data processing. However, as each organization's designated System Admins manage personal data within the WeManage system, users should contact their respective System Admins to exercise these rights.
• 4.2. System Admins are responsible for handling data access, correction, and consent withdrawal under PDPA requirements.
• 4.3. WeManage may directly manage individual user data in order to facilitate subscription termination and support case handling. In such cases, System Admins may contact support@wemanage.cloud.

5. Third-Party Personal Data Responsibility

• 5.1. If users input personal data on behalf of other individuals, they are responsible for obtaining the necessary consent from those individuals prior to submission. Users are also responsible for ensuring that such personal data is accurate and up-to-date, and for making any amendments or deletions as required by the data subjects. WeManage shall not be held liable for any failure by users to obtain consent or to manage third-party personal data under the Personal Data Protection Act (PDPA).

6. Cross-Border Data Transfer

• 6.1. WeManage may transfer personal data to jurisdictions outside Malaysia for processing and storage.
• 6.2. Such transfers will comply with PDPA, ensuring that the receiving party provides a level of protection equivalent to that under Malaysian law.

7. Copyright

• 7.1. This website and its contents are copyrighted by V-Work Sdn Bhd. All rights reserved.

8. Severability

• 8.1. The Terms and Conditions are severable in that if any provision is determined to be illegal or unenforceable by a court of competent jurisdiction, it shall be deemed to have been deleted without affecting the remaining provisions of these Terms and Conditions.

9. Waiver

• 9.1. WeManage's failure to exercise any particular right or provision of these Terms and Conditions shall not constitute a waiver of such right or provision unless acknowledged and agreed to by WeManage in writing.

10. Governing Law

• 10.1. Your use of this website and the operation of the terms and conditions contained herein shall be governed in accordance with the laws of Malaysia. Any dispute arising out of or in relation to this website, including these terms and conditions, shall be subject to the exclusive jurisdiction of the Malaysian courts.
• 10.2. In the event of any differences in interpretation between the English and Bahasa Malaysia versions of this Privacy Policy, the English version shall prevail.