Privacy Policy
Last Updated: January 7, 2025
1. Introduction
Elegant Aspire Sdn Bhd (Company No: 200801017132 (818425-M)) ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the MK Parking Payment System.
This Privacy Policy complies with the Personal Data Protection Act 2010 (PDPA) of Malaysia and other applicable data protection laws.
2. Information We Collect
2.1 Personal Information
We collect information that you provide directly to us:
- Identity Data: Name, IC number, date of birth, photographs
- Contact Data: Email address, phone number, mailing address
- Financial Data: Payment card details (processed securely by eGHL), transaction history
- Vehicle Data: Registration numbers, make, model, color
- Account Data: Username, password (encrypted), security questions
2.2 Automatically Collected Information
- Usage Data: Parking entry/exit times, facility locations, duration
- Technical Data: IP address, browser type, device information, operating system
- Location Data: Parking facility locations, GPS data (if enabled)
- Transaction Data: Payment amounts, dates, methods, status
2.3 Information from Third Parties
- Payment verification from eGHL payment gateway
- Vehicle registration verification from JPJ (Road Transport Department)
- Building management system integration data
3. How We Use Your Information
3.1 Primary Purposes
We use your personal data to:
- Provide Services: Process parking payments, manage accounts, facilitate facility access
- Account Management: Create and maintain your account, verify identity
- Payment Processing: Process transactions, prevent fraud, issue refunds
- Communication: Send confirmations, notifications, updates, customer support
- Compliance: Generate e-invoices, tax reporting, regulatory compliance
3.2 Secondary Purposes
- Service Improvement: Analyze usage patterns, optimize performance
- Marketing: Send promotional offers (with your consent)
- Research: Conduct surveys, market research
- Security: Detect and prevent fraud, protect against unauthorized access
4. Legal Basis for Processing
We process your personal data based on:
- Consent: You have given explicit consent for processing
- Contract Performance: Processing is necessary to provide services
- Legal Obligation: Required by Malaysian law (e.g., tax, anti-money laundering)
- Legitimate Interests: For fraud prevention, security, service improvement
5. Information Sharing and Disclosure
5.1 Service Providers
We share information with trusted third parties who assist us:
- Payment Processor: eGHL for payment processing
- Cloud Services: AWS/Azure for data hosting
- Email Services: For transactional and marketing emails
- Analytics: For service improvement and analytics
5.2 Parking Facility Operators
We share necessary information with parking facilities:
- Vehicle registration numbers
- Entry/exit times
- Payment status
- Account balance status
5.3 Government Authorities
We may disclose information to:
- Inland Revenue Board (LHDN) for tax purposes
- Road Transport Department (JPJ) for vehicle verification
- Law enforcement when legally required
- Regulatory bodies for compliance
5.4 Business Transfers
In the event of merger, acquisition, or asset sale, your data may be transferred to the acquiring entity.
6. Data Security
6.1 Security Measures
We implement industry-standard security measures:
- Encryption: SSL/TLS for data transmission, AES-256 for stored data
- Access Controls: Multi-factor authentication, role-based access
- PCI DSS Compliance: For payment card data security
- Regular Audits: Security assessments and penetration testing
- Employee Training: Data protection and security awareness
6.2 Data Breach
In the event of a data breach affecting your personal data, we will:
- Notify you within 72 hours
- Report to Personal Data Protection Commissioner
- Take immediate remedial action
- Provide guidance on protective measures
7. Data Retention
7.1 Retention Periods
| Data Type |
Retention Period |
| Account Information |
Active account + 7 years after closure |
| Transaction Records |
7 years (tax compliance requirement) |
| E-Invoices |
7 years (MyInvois requirement) |
| Vehicle Records |
Active account + 2 years after deregistration |
| Marketing Consent |
Until consent withdrawn + 30 days |
| Security Logs |
2 years |
7.2 Data Deletion
After retention period expiry, data is securely deleted or anonymized.
8. Your Rights Under PDPA
8.1 Access Right
You have the right to:
- Request access to your personal data
- Obtain a copy of your data
- Know how your data is being used
8.2 Correction Right
You can:
- Update inaccurate or incomplete data
- Request correction of errors
8.3 Withdrawal of Consent
You may withdraw consent for:
- Marketing communications
- Optional data processing
- Note: Essential processing for service provision may continue
8.4 Data Portability
You can request data transfer in a machine-readable format.
8.5 Complaint Right
You can lodge complaints with:
- Our Data Protection Officer
- Personal Data Protection Commissioner of Malaysia
9. Cookies and Tracking Technologies
9.1 Types of Cookies
- Essential Cookies: Required for Service functionality
- Performance Cookies: Analyze usage and performance
- Functional Cookies: Remember preferences and settings
- Marketing Cookies: Track for advertising (with consent)
9.2 Cookie Management
You can control cookies through:
- Browser settings
- Our cookie preference center
- Third-party opt-out tools
10. Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.
11. Children's Privacy
Our Service is not directed to persons under 18. We do not knowingly collect data from children. If you believe a child has provided us data, please contact us immediately.
12. International Data Transfers
Your data may be transferred to and processed in countries outside Malaysia, including:
- Cloud hosting locations (Singapore, US)
- Payment processor servers
We ensure adequate protection through:
- Standard contractual clauses
- Privacy Shield certification (where applicable)
- EU adequacy decisions
13. Marketing Communications
13.1 Opt-In
We will only send marketing communications with your explicit consent.
13.2 Opt-Out
You can unsubscribe by:
- Clicking "unsubscribe" in emails
- Updating preferences in your account
- Contacting customer support
13.3 Transactional Communications
Service-related messages (receipts, security alerts) cannot be opted out as they are essential.
14. CCTV and Surveillance
Parking facilities may use CCTV for security. Such recordings are controlled by facility operators and subject to their privacy policies.
15. Changes to Privacy Policy
We may update this Privacy Policy periodically. Changes are effective:
- Immediately for new users
- 30 days after notification for existing users
Significant changes will be communicated via email and account notification.
16. Contact Information
16.1 Data Protection Officer
Elegant Aspire Sdn Bhd
Company No: 200801017132 (818425-M)
Data Protection Officer
Address: Lot 25, 1st Floor, Likas Square Commercial Centre, Jalan Istiadat, Teluk Likas, 88400 Kota Kinabalu, Sabah, Malaysia
Email: sales@elegantaspire.com
Phone: +6088 266 025 / +6088 266 015
Operating Hours: Monday - Friday, 8:00 AM - 5:00 PM | Saturday, 8:00 AM - 12:30 PM
16.2 Complaints
For privacy complaints, contact our DPO first. If unsatisfied, you may contact:
Personal Data Protection Commissioner
Department of Personal Data Protection
Level 6, Tower 1, Menara Cyber Port
Jalan Impact, Cyber 6
63000 Cyberjaya, Selangor
Email: pdp@pdp.gov.my
Website: www.pdp.gov.my
17. Consent
By using our Service, you consent to this Privacy Policy and our data practices as described herein. For specific processing activities, we will seek separate explicit consent.
← Back to Home