PRIVACY POLICY

Last updated: 26/09/2025.

INTRODUCTION

SFERA ('we,' 'our,' or 'us') is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our software services and website. This policy applies to all users of our services regardless of their geographical location and reflects our commitment to maintaining the highest standards of data protection across all jurisdictions in which we operate.

DATA CONTROLLER INFORMATION

SFERA operates as the data controller for the personal information processed through our services. Our business is registered at A-3-3, Plaza Bukit Jalil (Aurora Place), No. 1, Persiaran Jalil 1, Bandar Bukit Jalil, 57000 Kuala Lumpur W.P. Kuala Lumpur Malaysia. You may contact us regarding any privacy-related matters at hello@sfera-technologies.com or by phone at +60 017-679 9949.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process your personal data based on several legal foundations depending on the nature of our relationship and the specific processing activity. When you voluntarily provide information through our contact forms or schedule appointments through our booking system, we rely on your consent as the primary legal basis. Additionally, we process certain data based on our legitimate business interests, particularly when responding to your inquiries and providing our software services. Where we have entered into service agreements with you or your organization, we process personal data as necessary to fulfill our contractual obligations.

PERSONAL DATA WE COLLECT

Through our various touchpoints with users and clients, we collect personal information in several ways. When you complete our message form, we gather your full name, email address, company name, company industry classification, and the content of your text message. This information allows us to understand your needs and respond appropriately to your inquiry.

Our integration with Calendly enables us to collect additional scheduling-related information, including your name, email address, phone number if you choose to provide it, your meeting preferences and scheduling requirements, and time zone information necessary for coordinating appointments across different geographical locations.

HOW WE USE YOUR PERSONAL DATA

The personal data we collect serves several important business purposes that enable us to provide effective software services and maintain professional relationships with our clients and prospects. We use your contact information primarily to respond to your inquiries and maintain ongoing communication about our services. The scheduling data collected through Calendly allows us to efficiently manage appointments and coordinate meetings across different time zones.

Your information also supports our broader business operations, including sending relevant business communications that may be of interest to you, continuously improving our services and website functionality based on usage patterns, and ensuring compliance with our legal obligations. Additionally, we process certain data to maintain the security of our systems and prevent fraudulent activities that could harm our business or our clients.

DATA SHARING AND DISCLOSURE

We recognize that sharing personal data requires careful consideration and appropriate safeguards. In the normal course of our business operations, we work with trusted third-party service providers who assist us in delivering our services effectively. This include our Calendly integration for appointment scheduling functionality, email service providers who help us maintain professional communication, cloud hosting providers who ensure reliable data storage and processing, and analytics providers who help us understand and improve website performance.

When legal requirements demand disclosure, we may share your data with relevant authorities in applicable jurisdictions where we operate or where legal obligations arise. This occurs only when required by law, regulation, or legal process, and we carefully evaluate each request to ensure it meets appropriate legal standards.

In the event of significant business changes such as a merger, acquisition, or sale of assets, your personal data may be transferred as part of the business transaction. Should such circumstances arise, we would ensure that any acquiring entity maintains the same level of data protection outlined in this policy.

DATA RETENTION POLICY

Our approach to data retention balances business needs with privacy principles, ensuring we retain personal data only as long as necessary for legitimate purposes. We maintain contact form submissions for three years from the date of last contact, allowing us to reference previous communications and maintain relationship continuity. Calendly-related data is retained for two years from your last appointment, supporting our scheduling history and service improvement efforts.

Website analytics data is kept for twenty-four months, providing sufficient historical data for understanding trends and optimizing user experience. Email communications are retained for seven years to maintain comprehensive business records and support any potential legal or contractual requirements. These retention periods may be extended when necessary to comply with legal obligations, resolve disputes, or enforce agreements.

YOUR RIGHTS

We respect your right to control your personal data and have established processes to honour your privacy rights under applicable laws. If you are located in the European Union, you benefit from comprehensive rights under the General Data Protection Regulation (GDPR). These include the right to access your personal data and understand how it is being processed, the right to rectify any inaccurate information we hold about you, and the right to request erasure of your data under certain circumstances, commonly known as the 'right to be forgotten.'

You also have the right to restrict processing of your data in specific situations, request data portability to transfer your information to another service provider, object to certain types of processing, and withdraw any consent you have previously given at any time without affecting the lawfulness of processing based on consent before its withdrawal.

For individuals located in Malaysia, the Personal Data Protection Act (PDPA) provides important rights including access to your personal data, the ability to correct inaccurate information, withdrawal of consent for processing activities, prevention of processing that may cause damage or distress, and requests for deletion in certain circumstances.

To exercise any of these rights, you may contact us at hello@sfera-technologies.com. We are committed to responding to your requests promptly, typically within thirty days for GDPR-related requests and twenty-one days for Malaysian PDPA requests. We may require verification of your identity before processing certain requests to ensure the security of your personal data.

DATA SECURITY

Protecting your personal data is fundamental to our operations, and we have implemented comprehensive technical and organizational measures designed to safeguard your information against unauthorized access, alteration, disclosure, or destruction. Our security framework includes encryption of data both during transmission and while stored in our systems, robust access controls and authentication mechanisms that limit data access to authorized personnel only, and regular security assessments to identify and address potential vulnerabilities.

We maintain ongoing staff training programs on data protection principles and requirements, utilize secure cloud infrastructure with industry-standard security certifications, and have established regular backup procedures and disaster recovery protocols to ensure data availability and integrity. Our security measures are regularly reviewed and updated to address evolving threats and maintain alignment with industry best practices.

CHILDREN'S PRIVACY

Our software services are designed for business use and are not intended for individuals under eighteen years of age. We do not knowingly collect personal data from children, and if we become aware that we have inadvertently collected information from someone under eighteen, we will take immediate steps to delete such information from our systems and prevent further collection.

SUPERVISORY AUTHORITY

Should you have concerns about our data processing practices that cannot be resolved through direct communication with us, you have the right to lodge a complaint with the relevant supervisory authority. In Malaysia, this would be the Personal Data Protection Department within the Ministry of Digital. For matters related to EU data protection law, you may contact your local data protection authority.

CHANGES TO THIS PRIVACY POLICY

As our business evolves and privacy laws develop, we may need to update this privacy policy periodically. When changes occur, we will ensure you are informed through multiple channels including posting the updated policy prominently on our website, sending email notifications for significant changes that materially affect your rights or our processing practices, and updating the 'Last Updated' date at the top of this document. We encourage you to review this policy periodically to stay informed about how we are protecting your personal information.

GOVERNING LAW

This privacy policy operates within the framework of applicable data protection laws in the jurisdictions where we conduct business and serve clients. Our operations are governed by the Personal Data Protection Act 2010, and we also comply with the General Data Protection Regulation when processing personal data of clients and users located within the European Union. Additionally, we adhere to applicable local laws in other jurisdictions where our users and clients are located, ensuring comprehensive protection regardless of your geographical location

If you have questions about this privacy policy or our data handling practices, we encourage you to reach out to us. You may contact us by email at hello@sfera-technologies.com, by phone at +60 017-679 9949, or by mail at A-3-3, Plaza Bukit Jalil (Aurora Place), No. 1, Persiaran Jalil 1, Bandar Bukit Jalil, 57000 Kuala Lumpur W.P. Kuala Lumpur Malaysia. We are committed to addressing your privacy concerns promptly and transparently.