Privacy Policy
How Maxicom Global Malaysia collects, uses, retains and protects personal data — aligned to NIST 800-88 · PDPA Malaysia · BNM RMiT · NACSA · IEEE 2883-2022 · NAID-grade.
What we collect
Asset lists, contact details and engagement records. Nothing else.
Why we collect it
To respond to RFQs, deliver engagements, issue Per-job Certificates of Destruction, and maintain audit-grade records for regulator inspection.
How long we retain it
Engagement records: 7 years. Marketing contact: until you unsubscribe. Per-device Certificates of Destruction: as long as our relationship continues.
Where it lives
Within the jurisdiction of the engagement. We do not export personal data to third parties without explicit consent.
Your rights
Access, correction, deletion, portability — exercised in writing to our Compliance Desk.
Regulator alignment specific to Malaysia
This policy is written to align with the regulators that govern engagements in Malaysia: NIST 800-88 · PDPA Malaysia · BNM RMiT · NACSA · IEEE 2883-2022 · NAID-grade. Where the policy intersects sector-specific rules ( for BFSI engagements; PDPA Malaysia for personal-data processing), the more specific rule prevails. The policy is reviewed quarterly by the Maxicom compliance desk and updated within 30 days of any regulator material change. The version date stamp is in the page footer.
Where this policy applies
To the Maxicom Malaysia Sdn Bhd entity contracting in Malaysia. Cross-jurisdictional engagements (where assets route between Maxicom operating regions) are governed by the SOW jurisdiction clause, which typically points to the contracting entity's jurisdiction. Where customer policy specifies a different jurisdiction (rare but possible), the SOW addendum names the applicable governing law and the dispute-resolution forum.
How to exercise your rights or report a concern
Written request to compliance-my@maxicom.my (or via the contact form at https://maxicomglobal.com/my/contact/). Standard response time: 5 business days for acknowledgement, 30 calendar days for resolution under PDPA Malaysia. Where the matter requires regulator coordination ( for BFSI; data protection authority for personal-data matters), we escalate within 48 hours. Confidentiality is preserved throughout.
Document retention and version control
This policy is stored in the Maxicom compliance vault under controlled access. Version history is maintained for the lifetime of operations. Material changes are notified to active customers via the master service agreement notification clause; non-material changes are published to this page with the updated date stamp. The current version was reviewed by the compliance desk on the date stamp shown in the footer.
مراجع موثوقة
Primary sources for the standards and frameworks referenced on this page. Maxicom maps every engagement to these recognised authorities.
Frequently asked questions
How does this policy interact with my company's own policy on the same topic?
Both policies apply to their respective scope. Maxicom's policy governs how we (the disposition vendor) handle the data and operations within our scope; your company's policy governs your own obligations. Where the two intersect (typically in the master service agreement), the SOW addendum specifies which prevails for the engagement. PDPA Malaysia compliance is jointly held — Maxicom as Data Processor, you as Data Fiduciary/Controller.
Where can I see Maxicom's sub-processors / sub-contractors?
Sub-processor list available on NDA via the contact form. The list includes licensed-recycler partners (with their certifications), trader-channel partners (for cross-border resale routing), and IT-infrastructure partners (Cloudflare for site hosting, dedicated email-delivery provider, etc.). Where a sub-processor change affects your engagement, we notify under the SOW notification clause.
What happens if a regulator changes the rules during our engagement?
Maxicom tracks regulator updates across the four operating regions. Where a change affects an active engagement (revised certificate format, new retention period, etc.), the engagement protocol is updated mid-cycle and affected certificates are re-issued at no additional charge. This policy is updated on the same cadence; the update date stamp tracks revisions.
How do I escalate a complaint to the regulator if Maxicom's response is not satisfactory?
For personal-data complaints under PDPA Malaysia, the relevant data protection authority. For BFSI engagements, escalation to . For e-waste / sustainability matters, the relevant environmental regulator. We do not impede regulator escalation; we cooperate with regulator inspection.
Related practices, regulators & markets
IT Asset Disposal (ITAD)
ITAD
→Data Destruction
Data destruction
→Dell Server Buyback
Dell server buyback
→HPE Server Buyback
HPE server buyback
→Banking & Finance
Banking
→Government & Public Sector
Government
→NIST SP 800-88 Rev. 1
NIST 800-88
→IEEE 2883-2022
IEEE 2883
→IT disposal in Kuala Lumpur
Kuala Lumpur
→Send the asset list. We will send the number.
A photograph of the rack works. A spreadsheet works better. MYR settlement, against PO.