Privacy Policy

REACH2050 SDN. BHD. (Registration No: 202501037579 (1638988-X)) acts as the data controller for personal data processed through our platform and services.

Address: REACH2050 SDN. BHD., Tower A, Level 3F, Pinnacle PJ, Jalan Utara C, 46200 Petaling Jaya, Selangor Darul Ehsan.

How to contact us about privacy:

• Email: privacy@reach2050.com
• Postal: REACH2050 (Privacy Officer), at the address above.

• Registration & account information: name, job title, organisation, sector, country, contact details, payment information (if applicable), dietary/accessibility needs.
• Platform usage data: account ID, login credentials, session data, activity logs, feature usage.
• Communication data: email preferences, newsletter subscriptions, support tickets, feedback submissions.
• Media & recordings: photographs, videos, testimonials, and other content that may capture you during our activities or events.
• Technical data: device/browser information, IP addresses, cookies/analytics identifiers used on our websites or applications.
• Surveys/feedback: responses, ratings, and comments provided through our platforms.

We process data only for purposes connected to REACH2050 services and professional outreach:

• To provide our services – register accounts, manage access, deliver platform features, and enable collaboration – contract/performance of services and legitimate interests of running a secure, professional platform.
• Payments/invoicing – contract and legal obligations (e.g., tax/records).
• Security & compliance (security measures, incident logs, fraud prevention) – legal obligations and legitimate interests.
• Communications (service updates, notifications, important changes) – legitimate interests.
• Photography/recordings & publicity – legitimate interests to document and promote REACH2050 activities. Clear notices will be provided; you can request not to be featured in promotional materials.
• Marketing by REACH2050 – consent (opt-in for email marketing). You can withdraw at any time.
• Analytics & service improvement – legitimate interests to improve our platform and services.

PDPA note: The Personal Data Protection Act 2010 (PDPA) (as amended in 2024/2025) introduces updated controller terminology, DPO appointment, breach notification requirements, and strengthens rights such as data portability. This notice aligns with those requirements.

• Directly from you (registration forms, emails, profile updates, communications).
• Your organisation (when nominated or authorized to use our services).
• Service providers (payment processors, analytics tools, communication platforms).
• Publicly available sources for professional profiles (company pages, LinkedIn) when relevant to our services.

Our websites and applications may use essential cookies (security/session management) and analytics to understand aggregate engagement and improve user experience. You'll see a cookie banner with controls when required. Detailed guidance will be posted on the REACH2050 website.

We use trusted service providers under contract (data processors) solely to deliver REACH2050 services—for example: payment gateways, email/SMS services, cloud hosting, analytics tools, customer support platforms, and content delivery networks.

We do not sell your personal data to third parties. Limited data may be shared where necessary for:

• Legal compliance or regulatory requirements
• Protection of our rights, property, or safety
• With your explicit consent

Because REACH2050 uses global SaaS tools and cloud services, data may be processed/stored outside Malaysia. We will ensure appropriate safeguards and comply with Malaysian PDPA cross-border transfer rules (as updated by 2024/2025 amendments and Commissioner guidance).

• Core user records: typically 24 months after account closure to support audits, legal compliance, dispute resolution, and service continuity.
• Financial/transaction data: retained per Malaysian statutory retention rules.
• Marketing consents: until you withdraw consent or we retire the list.
• Media and promotional content: retained for archival and promotional purposes unless you object (see your rights). We will endeavour to respect reasonable takedown requests.

Under Malaysia's PDPA (as amended) you may:

• Access and request a copy of your personal data;
• Correct inaccurate or incomplete data;
• Withdraw consent (for example, marketing) at any time;
• Object to processing based on legitimate interests where your rights override;
• Request data portability (where available under the amended PDPA);
• Complain to Malaysia's Department of Personal Data Protection (PDP Department) if you believe we've mishandled your data.

How to exercise these rights: email privacy@reach2050.com with "REACH2050 – Data Request" in the subject line.

We apply administrative, technical, and physical safeguards, including:

• Role-based access controls
• Encryption in transit and at rest for sensitive data
• Regular security assessments
• Least-privilege access for service providers
• Vendor Data Processing Agreements (DPAs)

Incident response procedures support mandatory breach notification to the PDP Department and, where required, to affected individuals under the PDPA amendments.

• Photography/recording: Where applicable, photography and recording zones will be clearly signposted. You may request not to be featured in close-up promotional materials.
• Children/Minors: REACH2050 services are intended for professional and business use. We do not knowingly collect minors' data.
• Mobile applications: If used, our apps will have in-app privacy summaries and separate permissions for features like notifications or location services.

Data Protection Contact (REACH2050): privacy@reach2050.com

Postal: REACH2050 SDN. BHD. (Privacy Officer), Tower A, Level 3F, Pinnacle PJ, Jalan Utara C, 46200 Petaling Jaya, Selangor Darul Ehsan.

Regulator: Department of Personal Data Protection, Malaysia (PDP Department).

We may update this notice to reflect legal or operational changes. Material changes will be highlighted on the REACH2050 website with a new effective date.