General Data Protection Regulation (GDPR) Compliance

Last Updated: September 27, 2025

Smartfocusrer is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This policy explains how we collect, use, store, and protect your information when you use our financial data integration and synchronization services.

1. Data Controller Information

Data Controller: Smartfocusrer

Address: Suria Mutiara, 6, Jalan Grik, Green Lane, 31350 Jelutong, Pulau Pinang, Malaysia

Email: [email protected]

Phone: +60168122000

Signal: https://signal.me/#p/+60168122000

2. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds:

Consent: You have given explicit consent for us to process your personal data for specific purposes related to our financial data integration services.

Contract Performance: Processing is necessary to fulfill our contractual obligations to provide you with our services.

Legal Obligation: We must process certain data to comply with legal and regulatory requirements.

Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, and ensuring network security.

3. Categories of Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Identity Data

Name, username, title, date of birth, and identification numbers as required for service provision and verification.

3.2 Contact Data

Email address, telephone numbers, physical address, and communication preferences.

3.3 Financial Data

Bank account details, payment card information, transaction history, and financial integration credentials necessary for synchronization services.

3.4 Technical Data

IP address, browser type and version, device information, operating system, time zone settings, location data, and other technology on devices used to access our services.

3.5 Usage Data

Information about how you use our website and services, including access times, pages viewed, navigation paths, and feature utilization.

3.6 Profile Data

Service preferences, account settings, feedback, survey responses, and any other information you provide when interacting with our platform.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

Service Delivery: To provide, maintain, and deliver our financial data integration and synchronization services according to your subscription and preferences.

Account Management: To create and manage your user account, process registrations, and authenticate your identity.

Payment Processing: To process transactions, manage billing, collect payments, and prevent fraudulent activities.

Communication: To send service-related notifications, respond to inquiries, provide customer support, and communicate important updates about our services.

Service Improvement: To analyze usage patterns, conduct research, develop new features, and enhance the overall user experience.

Security: To monitor and maintain the security of our platform, detect and prevent fraud, and protect against unauthorized access.

Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.

5. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

5.1 Right of Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of the data we hold about you.

5.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

5.3 Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, including when the data is no longer necessary for the purposes for which it was collected.

5.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

5.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

5.6 Right to Object

You have the right to object to our processing of your personal data based on legitimate interests or for direct marketing purposes.

5.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable data protection laws.

6. How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us using the following methods:

Email: [email protected]

Phone: +60168122000

Signal: https://signal.me/#p/+60168122000

Mail: Suria Mutiara, 6, Jalan Grik, Green Lane, 31350 Jelutong, Pulau Pinang, Malaysia

We will respond to your request within one month of receipt. In complex cases, we may extend this period by an additional two months and will inform you of any such extension.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Active Accounts: Personal data is retained for the duration of your active service subscription and account maintenance.

Legal Requirements: We may retain certain data for longer periods when required by law, regulation, or legal obligation.

Legitimate Business Purposes: Data necessary for fraud prevention, dispute resolution, or enforcing our agreements may be retained as reasonably necessary.

After Account Closure: Following account termination or closure, we will delete or anonymize your personal data within a reasonable timeframe unless retention is required for legal, regulatory, or legitimate business purposes.

8. Data Sharing and Transfers

8.1 Third-Party Service Providers

We may share your personal data with trusted third-party service providers who assist us in delivering our services, including:

Payment processors and financial institutions for transaction processing

Cloud infrastructure providers for data storage and hosting

Analytics and monitoring service providers for performance optimization

Customer support platforms for inquiry management

All third-party processors are contractually bound to protect your data and use it only for specified purposes in compliance with GDPR requirements.

8.2 Legal Requirements

We may disclose your personal data when required by law, court order, or governmental authority, or when necessary to protect our rights, property, or safety.

8.3 International Data Transfers

If we transfer your personal data outside your jurisdiction, we ensure appropriate safeguards are in place, such as:

Standard contractual clauses approved by relevant supervisory authorities

Adequacy decisions recognizing equivalent data protection standards

Binding corporate rules for intra-organizational transfers

Your explicit consent for specific transfers

9. Data Security Measures

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

Encryption: Data is encrypted both in transit and at rest using industry-standard protocols.

Access Controls: Strict access controls limit data access to authorized personnel only on a need-to-know basis.

Monitoring: Continuous monitoring systems detect and respond to security incidents and potential threats.

Regular Audits: Periodic security assessments and audits ensure ongoing compliance with security standards.

Employee Training: Staff members receive regular training on data protection principles and security best practices.

Incident Response: Documented procedures enable rapid response to any data breaches or security incidents.

10. Automated Decision-Making and Profiling

We may use automated processing and profiling to:

Detect and prevent fraudulent transactions

Analyze usage patterns for service optimization

Personalize user experience based on preferences

Assess credit or financial risk where applicable

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. You may request human intervention, express your point of view, and contest such decisions by contacting us.

11. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. For detailed information about the cookies we use and your choices regarding cookies, please refer to our separate Cookie Policy available on our website.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such information promptly.

13. Data Protection Officer

For questions or concerns regarding our data protection practices, you may contact our Data Protection Officer:

Email: [email protected]

Subject Line: Attention: Data Protection Officer

14. Changes to This GDPR Policy

We may update this GDPR compliance policy from time to time to reflect changes in our practices, services, legal requirements, or regulatory guidance. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy

Notify you via email or through prominent notices on our website

Seek your consent where required by applicable law

We encourage you to review this policy periodically to stay informed about how we protect your personal data.

15. Contact Information

For any questions, concerns, or requests regarding this GDPR policy or our data processing practices, please contact us:

Company: Smartfocusrer

Address: Suria Mutiara, 6, Jalan Grik, Green Lane, 31350 Jelutong, Pulau Pinang, Malaysia

Email: [email protected]

Phone: +60168122000

Signal: https://signal.me/#p/+60168122000

Website: smartfocusrer.info

16. Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. We encourage you to contact us first so we can address your concerns directly.

17. Consent

By using our services, you acknowledge that you have read and understood this GDPR compliance policy. Where we rely on consent as the legal basis for processing your personal data, we will obtain your explicit, informed, and freely given consent before processing begins. You may withdraw your consent at any time by contacting us through the methods provided above.