1 Scope and Controller

For this Privacy Policy, "BizCloud Asia", "we", "us" or "our" means BizCloud Asia Sdn Bhd and its authorised personnel, representatives, service providers and business units operating icrm.com.my, iCRM, BizCloud App, Queue System (QMS), WhatsApp Business API solutions and related software or support services.

This Policy applies to:

• Website visitors to icrm.com.my
• Prospects and customers who enquire, register, or subscribe to iCRM
• Administrators, staff, and end users of iCRM accounts
• Customers and members whose data is entered into iCRM by our subscribers
• Queue users who join a queue via QR code or WhatsApp
• WhatsApp users who interact with AI chatbots powered by iCRM

2 Personal Data We May Collect

3 Purposes of Processing

We process personal data for the following purposes:

• To provide, configure, maintain, and support subscribed iCRM modules and cloud services;
• To respond to enquiries, demo requests, support tickets, WhatsApp messages, calls, and sales communications;
• To manage user accounts, authentication, permissions, audit trails, and operational logs;
• To perform implementation, onboarding, training, troubleshooting, backup, and security monitoring;
• To issue invoices, manage subscriptions, collect payment, and administer accounts;
• To send service notices, maintenance updates, renewal reminders, and product information;
• To operate WhatsApp Business API features including AI auto-reply and message forwarding;
• To operate the Queue Management System and process queue requests;
• To comply with legal, regulatory, tax, accounting, audit, and enforcement requirements.

4 Disclosure and Sharing

We do not sell customer data. We may disclose personal data only where reasonably necessary, including to:

• Authorised personnel and contractors who support iCRM operations;
• Hosting and cloud infrastructure providers that operate the iCRM platform;
• SMS and WhatsApp Business API providers (including iSMS) for message delivery;
• AI model providers (such as OpenAI, Google, Anthropic, or others) when AI Features are used — see Section 5;
• Payment providers for subscription and billing processing;
• Professional advisers including lawyers and auditors where required;
• Government authorities and regulators where required by law;
• A business successor in the event of a merger, acquisition, or sale of the business.

5 WhatsApp, AI & Data Processing

5.1 WhatsApp Business API (WABA)

When you use iCRM's WhatsApp Business API features, customer message content is processed via iSMS and the WhatsApp Business API platform. You are responsible for ensuring your customers are informed that their messages may be processed through these systems.

5.2 AI Auto-Reply & Knowledge Base

When a customer sends a WhatsApp message and iCRM's AI auto-reply is enabled, the message content may be transmitted to and processed by third-party AI model providers (such as OpenAI, Google, Anthropic, or similar) to generate a response. This transmission may occur outside Malaysia.

We use commercially reasonable efforts to:

• Limit the data shared with AI providers to what is reasonably necessary;
• Select AI providers that offer reasonable data-handling and security commitments;
• Avoid using your data to train third-party AI models where we have the contractual ability to opt out.

However, we cannot fully control or guarantee how third-party AI providers process, store, retain, or use data once it is transmitted to their systems. iCRM subscribers are responsible for ensuring that their use of AI Features complies with the Malaysian PDPA and any other applicable data protection laws, including obtaining necessary consents from customers whose messages may be processed by AI systems.

5.3 Queue System (QMS) Data

When customers join a queue via QMS, their name, phone number, and queue request are collected and stored within iCRM. For WhatsApp QMS, this data is also transmitted via WhatsApp Business API. Queue data is used solely for managing the queue session and notifying customers when their number is called.

6 Security

We apply reasonable technical and organisational measures to protect personal data against accidental loss, misuse, unauthorised access, disclosure, alteration, and destruction. Measures may include HTTPS/TLS access, access controls, role-based permissions, backup procedures, audit logging, and restricted internal access.

No website, cloud service, internet transmission, WhatsApp communication, email, or storage system can be guaranteed completely secure. iCRM subscribers are responsible for managing authorised users, passwords, internal access approvals, device security, and data accuracy within their accounts.

7 Retention

We retain personal data for as long as reasonably necessary to provide services, support customer accounts, meet legal and accounting obligations, resolve disputes, enforce agreements, maintain backups, and protect legitimate business interests.

For Cloud Services, upon written request made within 30 days after termination of subscription, we will provide a reasonable method to export your data. After this period, we may delete or anonymise your data from active systems. Backup data may remain for a limited additional period due to technical backup cycles and disaster recovery practices.

8 Cross-Border Processing

Some service providers, cloud infrastructure, AI model providers, messaging providers, or support tools may process data outside Malaysia. This may include AI providers located in the United States or other countries. Where this occurs, we will take reasonable steps to ensure personal data is handled consistently with applicable Malaysian PDPA requirements and with appropriate contractual safeguards where available.

9 Cookies & Website Technologies

icrm.com.my may use cookies, session storage, logs, and similar technologies to operate the website, remember user preferences, improve performance, analyse traffic, secure sessions, and support enquiry and marketing workflows.

You may adjust your browser settings to reject cookies, but some website functions may not work correctly as a result. We do not use cookies to identify you personally without your knowledge or to share your personal data with third-party advertisers.

10 Your Rights

Subject to applicable Malaysian law and the PDPA, you may request:

• Access to personal data we hold about you;
• Correction of inaccurate or incomplete personal data;
• Information about how your data is being processed.

We may need to verify your identity and may decline requests where permitted by law — for example, where data belongs to a customer-controlled account, where disclosure would affect another person, or where legal privilege applies.

If your data is controlled by your employer or an iCRM subscriber (for example, your details are in their CRM), please contact that organisation first. We may redirect your request to the relevant account administrator.

To submit a data request, contact us at sales@bizcloud.asia.

11 Third-Party Links & Platforms

icrm.com.my and iCRM may link to or integrate with third-party websites, WhatsApp, email providers, payment providers, government portals, or external services. We are not responsible for the privacy practices, security, or content of third-party platforms. Please review their privacy policies separately.

12 Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, data practices, or applicable laws. The "Last updated" date at the top of this page will be revised accordingly.

Continued use of icrm.com.my or iCRM after changes are posted means you acknowledge the updated Policy. We encourage you to review this page periodically.

13 Contact Us

For any privacy-related enquiries, data access or correction requests, or concerns about your personal data: