Privacy Policy

Version: v1

Last updated: 8 September 2025

1. Purpose of this Privacy Policy

This Privacy Policy explains how Sky Venture Studios ("Sky Venture Studios", "we", "us", "our") collects, uses, stores, shares and protects personal data when you visit or use our website (the "Site"), contact us, or when we interact with you as a prospective or existing client.

We aim to comply with the Malaysian Personal Data Protection Act 2010 (PDPA), its principles and any amendments, and, where applicable, with other data protection laws such as the EU/UK General Data Protection Regulation (GDPR) and similar regulations in other jurisdictions.

This Policy applies to personal data processed through the Site and in the course of our business development and service delivery activities. It does not apply to third-party websites or services that we do not control.

2. Who we are and our role

Sky Venture Studios is a Malaysia-based software and web development studio providing website and digital product development services to clients globally.

For the purposes of data protection laws, we generally act as a "data controller" (or equivalent term under local law) in respect of personal data collected through the Site or in the context of marketing and client relationships. In some cases (for example, when we process data on behalf of a client's system), we may act as a "data processor" or similar role, in which case the relevant processing will be governed by a separate agreement with that client.

3. Types of personal data we collect

The categories of personal data we may collect include:

Identification and contact details

Name, business email address, phone number, job title, company name, country or region.

Business and project information

Information you share about your business, website, existing systems, project goals, budget ranges (if you voluntarily disclose them), and other details relevant to a potential or ongoing engagement.

Communication data

Content of messages you send via contact forms or email, and our correspondence with you.

Technical and usage data

IP address, browser type and version, device type, operating system, pages viewed, time and date of visits, time spent on pages, and similar usage information collected through cookies and similar technologies. See our Cookies Policy for more details.

Contract and billing data (clients)

For clients, we may process contract and billing-related information such as invoicing details, tax numbers, payment references and records of transactions, but we do not store full payment card details on our own systems.

We generally do not intentionally collect sensitive personal data (e.g. health, religion, political opinions) via the Site. Please do not send such data to us through the Site unless explicitly requested in a secure context.

4. How we collect personal data

We may collect personal data:

Directly from you

  • When you submit a contact form on the Site
  • When you email us or schedule a call
  • When you sign a Service Agreement or other contract
  • When you participate in our surveys or events

Automatically when you use the Site

Through cookies and similar technologies that record how you use the Site (pages visited, time on page, etc.). See the Cookies Policy for more details.

From third parties

  • Business partners or referrers who introduce you to us
  • Publicly available sources (e.g. your company website, professional profiles) where appropriate and lawful.

5. Legal bases for processing

Depending on your location and applicable law, we rely on different legal bases for processing personal data, including:

  • Performance of a contract or steps taken at your request prior to entering into a contract - For example, when you ask us to prepare a proposal or when we deliver services to you or your organisation.
  • Legitimate interests - Our legitimate interests in running and improving our business, marketing our services to business contacts, maintaining security, and defending legal claims, provided such interests are not overridden by your rights and interests.
  • Consent - Where required by law (for example, for certain marketing communications or non-essential cookies), we will obtain your consent, which you may withdraw at any time.
  • Legal obligations - Where we must process personal data to comply with applicable laws, regulatory requirements, accounting or tax obligations.

6. How we use personal data

We may use personal data for the following purposes:

  • To respond to enquiries - Handling contact form submissions, email enquiries and requests for information about our services.
  • To evaluate and enter into client relationships - Assessing project requirements, preparing proposals, negotiating and executing Service Agreements.
  • To deliver and manage services - Managing projects, communicating with clients, providing support, maintaining project documentation and fulfilling contractual obligations.
  • To manage our business operations - Invoicing, payment processing via third-party providers, maintaining records, internal reporting and auditing.
  • To improve our Site and services - Analysing how visitors use the Site to improve layout, content and performance, and enhancing our offerings.
  • To send business-to-business marketing - Providing updates on our services, case studies or invitations to events, in compliance with applicable marketing and anti-spam laws. You may opt out at any time.
  • To maintain security and prevent misuse - Protecting our systems, detecting fraud or misuse, and enforcing our Terms of Use.
  • To comply with legal obligations - Responding to lawful requests by public authorities, courts or regulators, and complying with record-keeping obligations.

7. Data sharing and international transfers

We may share personal data with:

  • Service providers / processors - Third-party providers who assist us with hosting, email delivery, analytics, project management, invoicing and other functions. These providers are only allowed to process personal data on our instructions and subject to appropriate safeguards.
  • Affiliates or related entities - Entities under common management or control, to the extent necessary for business operations and service delivery.
  • Professional advisers - Lawyers, accountants, auditors, insurers and other professional advisers under confidentiality obligations.
  • Authorities and regulators - Where required by law, legal process or to protect our rights, property or safety.

Because we serve clients globally, personal data may be transferred to countries other than your own, including countries that may have different data protection standards. Where required by law, we will take appropriate measures to ensure that international transfers are subject to adequate safeguards (for example, contractual protections or equivalent mechanisms).

8. Data retention

We keep personal data only for as long as necessary to fulfil the purposes described in this Policy, including:

  • for visitors and enquiries: generally for a reasonable period after our last interaction, to respond to follow-up queries and keep records of our communications;
  • for clients: for the duration of the client relationship and for a period afterwards as required by law (e.g. tax and accounting retention periods) or as necessary to establish or defend legal claims.

We will take reasonable steps to anonymise or securely delete personal data when it is no longer needed.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration or destruction, taking into account the nature of the data and the risks involved. This may include access controls, encryption in transit where appropriate, secure hosting environments, regular updates and staff awareness measures.

However, no system can be completely secure, and we cannot guarantee absolute security of personal data transmitted to or stored by us.

10. Your rights

Depending on your location and applicable law, you may have some or all of the following rights in relation to your personal data:

  • right of access to your personal data;
  • right to request correction of inaccurate or incomplete data;
  • right to request deletion of personal data in certain circumstances;
  • right to restrict or object to certain processing;
  • right to data portability in certain situations;
  • right to withdraw consent where processing is based on your consent;
  • right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact us using the details below. We may request verification of your identity before responding.

11. Cookies and similar technologies

We use cookies and similar technologies to operate the Site, analyse performance and, where permitted, to improve user experience. For more detail on the types of cookies we use and how you can control them, please see our Cookies Policy.

12. Children's data

Our Site and services are not directed to children under the age of 18, and we do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact us so that we can take appropriate steps.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology or our practices. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this Policy periodically.

14. Contact us

If you have any questions about this Privacy Policy or how we handle personal data, or if you wish to exercise any of your rights, please contact us at:
Email: contact@skyventurestudios.com