Dronepoint Events Sdn Bhd (Reg. No. 202301045218 (1538726-P)), of Unit 9-3, Level 9, Menara UOA Bangsar, 5 Jalan Bangsar Utama 1, 59000 Kuala Lumpur, Malaysia ("Dronepoint", "we", "us"), is committed to handling personal data responsibly and in accordance with the Personal Data Protection Act 2010 of Malaysia ("PDPA"). This policy explains what we collect through the website at dronepoint.help and in the course of providing our services, why we collect it, and the choices available to you.
1. Data we collect
We collect personal data in three main situations:
- Enquiries. When you submit our contact form or email us, we receive your name, email address, phone number and any details you include about your event.
- Service delivery. When we plan an event for you, we may process guest lists, dietary requirements, accessibility needs and similar information supplied by you as the event organiser.
- Website usage. Subject to your cookie choices, we collect anonymised analytics data such as pages visited and approximate location at city level. See our Cookie Policy for details.
2. How we use personal data
We use personal data to respond to enquiries, prepare proposals, deliver contracted event services, meet legal and accounting obligations, and improve our website. We do not sell personal data, and we do not use enquiry details for unsolicited marketing. If you become a client, we may occasionally share information we genuinely believe is relevant to your future events; you can opt out of such messages at any time.
3. Disclosure to third parties
Event delivery involves suppliers — venues, caterers, production crews, security providers. We disclose only the personal data each supplier needs to perform its role (for example, dietary requirements to a caterer), and we require suppliers to treat that data confidentially. We may also disclose data where required by Malaysian law or regulatory authorities.
4. Data retention
Enquiry data is retained for up to twenty-four months so that we can pick up conversations that resume. Client and event records are retained for seven years to meet tax and audit requirements, after which they are securely deleted. Guest data processed for a specific event is deleted or returned to the organising client within ninety days of the event concluding, unless the client instructs otherwise.
5. Security
We apply appropriate technical and organisational safeguards, including encrypted transmission of form data, access controls limiting personal data to staff who need it, and confidentiality obligations in all employment and supplier contracts.
6. Your rights under the PDPA
You have the right to request access to the personal data we hold about you, to request correction of inaccurate data, to withdraw consent to processing, and to limit processing for direct marketing. To exercise any of these rights, contact us at [email protected] or write to the address above. We respond to verified requests within twenty-one days.
7. International transfers
Our systems are hosted within Malaysia where practicable. Where a service provider stores data outside Malaysia (for example, cloud email), we select providers offering safeguards consistent with PDPA requirements.
8. Children
Our website and services are directed at businesses and adults. We do not knowingly collect personal data from children under eighteen except as supplied by an event organiser for legitimate event purposes (for example, a family celebration guest list).
9. Changes to this policy
We may update this policy from time to time. The "last updated" date at the top of this page reflects the current version, and material changes will be highlighted on this page for thirty days.
10. Contact
Questions about this policy or our data practices can be directed to [email protected] or +60 3-2181 6742.