Effective on: January 1, 2020
Last updated on January 1, 2024
Hexasoft Development Sdn. Bhd. (“Hexasoft” “we,” “us,” “our”) takes the protection of your personally identifiable information (“Personal Data”) very seriously. This privacy policy (the “Notice”) addresses data subjects whose Personal Data we may process in three separate ways:
We collect IP Address information, coupled with some high-level geolocation data which we store in the Service. Many of our customers use this information to provide the right services to the right people. For example, the data we provide might help a streaming service provide the right content to international users or an e-commerce website to show only the clothing options that ship to a particular region.
We work very hard to protect the Personal Data we do collect and to ensure that the Personal Data we collect is appropriate for the services we provide. You can view the information we typically collect about your device and location for use in the Service by visiting this demo page of our Website. You can request that we delete or not sell the Personal Data we have about you at any time via the process described below.
With respect to all three categories of Personal Data we collect (Personal Data we collect directly for the Service, Personal Data we receive from users of our Website, and Personal Data we are provided by business contacts and prospects of Hexasoft), we decide the purposes and means of processing your Personal Data. Consequently, we act as a data controller or “business” under the relevant Privacy Laws like the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) (together with other privacy laws, “the Applicable Laws”).
Data Used In The Service: The Personal Data we collect for use in our Service is described in detail in the Table below. With respect to the Personal Data used in the Service we only collect IP Addresses and certain coarse geolocation and Internet Service Provider information associated with that IP Address.
Most of the IP Address and geolocation Personal Data we collect is publicly accessible by anyone using networking diagnostic commands such as ping or traceroute. It is also coarse geolocation data, meaning that we collect your postal or ZIP code and city-level GPS coordinates, but not your street, name, or mailing address.
Because we only collect your IP Address coupled with coarse, high-level geolocation information, we do not think the information we collect is reasonably capable of being associated with or could be reasonably linked, directly or indirectly, with a particular consumer or household. As a result, it is possible a court would decide this information would not constitute Personal Data as defined under some or all of the Applicable Laws. By disclosing this information, we do not waive any rights to argue that this information should be understood as de-identified or otherwise not Personal Data.
Because we cannot associate the data in the Service with any person except to identify unique IP Addresses, exercising some of your data subject rights could be complicated, as discussed below, and in some cases, we may require additional information from your Internet Service Provider to do so. This is especially true if you have a dynamic IP Address as opposed to a static one.
Data Collected Via Website or Customers: When you visit our Website, contact us directly, or are a current, prospective, or former customer of our Service, we may collect and process the following categories of Personal Data about you:
This Notice does not apply to the Personal Data of our employees, job applicants, contractors, business owners, directors, officers, and other staff.
We must have a valid reason to use your Personal Data. It's called the "lawful basis for processing". Within the scope of this Notice, we may rely on one or more of the following lawful grounds for processing of your Personal Data:
Data Used In The Service: We process certain categories of Personal Data in our Service for the purposes of identifying the geographical location of an individual or an IT system and providing this information to our customers. Our customers then decide how to use this information. We understand our customers often use this information for geo-fencing. That is, they may use this information to limit the content they show or services they provide based on the location of the individual or IT system trying to access it. They may also use the Personal Data we process to identify whether you are using a proxy server, to comply with export control laws and sanctions, web traffic analysis, digital rights management, geographical targeting for advertising or other purposes, and spam-filtering by location.
The Table below contains more information about how we collect Personal Data for the Service and the categories of third parties with whom we share Personal Data used in the Service.
Data Collected Via Website or Customers: Additionally, if you access our website, contact us, or sign up as a customer for our Service, we process Personal Data:
We may use third-party vendors to perform certain services on our behalf. We may share your Personal Data with these third-party vendors solely to enable them to perform the services for us. In providing them with your Personal Data, we require that these third-party vendors maintain at least the same level of data protection that we maintain for your Personal Data. We do not provide your Personal Data to parties unconnected with the services we provide.
Data Collected Via Website or Customers: For visitors to our website, individuals who contact us directly or who are current, prospective, or former clients, we share the Personal Data we collect about you with certain third-party vendors who perform services on our behalf. These third-party vendors include those providing:
Data Used In The Service: For data-subjects whose Personal Data we process as part of providing the Service, please see the Table below for more information about which third parties, including vendors, may receive your Personal Data.
This table summarizes the Personal Data we collect as part of the Service. The Personal Data we collect from our Website, from individuals who contact us directly, and from our customers is described above.
| Personal Data We May Collect, Process, or Store | How We Obtain It | Business/Commercial Purpose for this Collection | Third Parties Who Receive this Information |
|---|---|---|---|
|
Identifiers Your IP Address, country, ZIP code, region, city, city-level coordinates and elevation, nearest weather station. |
Identifiers We obtain this information using networking diagnostic technology or from your Internet Service Provider. |
Identifiers To provide this information to our customers for the purpose of providing the Service; our legitimate interests and those of our customers (as detailed above). |
Identifiers Our customers; certain third-party vendors that provide infrastructure support services, and software management services (service desk, bug tracking, etc.). |
|
Internet or other similar network activity Your use of a proxy server; internet connection speed; the identity and location of your internet service provider; domain information; mobile carrier information. |
Internet or other similar network activity Same as above. |
Internet or other similar network activity Same as above. |
Internet or other similar network activity Same as above. |
|
Geolocation Data Your IP Address, country, ZIP code, region, city, city-level coordinates and elevation, nearest weather station. |
Geolocation Data Same as above. |
Geolocation Data Same as above. |
Geolocation Data Same as above. |
A “cookie” is a small file stored on your device that contains information about your computer. We may use cookies for session management, targeted advertising, and web analytics. Most of the cookies placed on your device through our Services are first-party cookies, since they are placed directly by us. Other parties, such as Google, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.
If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of our Website’s features. For more information, please visit https://www.aboutcookies.org/.
You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/.
Please see our Cookie Policy for more information about the cookies we place on our website.
We may also disclose your Personal Data:
We reserve the right to use, transfer, sell and share aggregated, anonymous data, which does not include any Personal Data, for any legal business purpose. The purposes may include analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
We are strongly committed to keeping your Personal Data safe. Hexasoft has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction.
Personal Data processed in relation to our Service is retained indefinitely. However, you may send a request to us to ask to delete your Personal Data at any time, subject to the limitations described in this Notice.
None of our services and specifically the Service is not directed at, or intended for use by, children under the age of 18. We have no actual knowledge that we sell the personal information of minors under 16 years of age.
You have specific rights regarding your Personal Data collected and processed by us. Please note that you can only exercise these rights with respect to Personal Data that we process about you when we act as a “data controller” under the GDPR or as a “business” under the CCPA. This is when Hexasoft decides why and how your Personal Data will be processed, and not our Customers. To exercise your rights with respect to information processed by us on behalf of one of our Customers, please read the privacy policy of our Customer.
In this section, we first describe your privacy rights and then we explain how you can exercise those rights.
Please note: with respect to data stored in our Service, there are significant limitations on our ability to respond to requests to exercise these rights. These limitations relate to our ability to verify your identity.
In part to protect your privacy, we purposefully collect only “coarse” level information associated with your IP Address. For example, we collect your ZIP or postal code, but we do not have your street address. It is this lack of identifying information that presents a challenge in verifying your identity for purposes of exercising your rights. We need to reliably verify your identity to prevent malicious or fraudulent attempts to alter or delete data in our Service.
We must rely on your IP Address to verify your identity. We will automatically detect your IP Address when you make a request to exercise any of the rights below. If you would like us to reveal, edit, delete or otherwise manipulate our stored data associated with an IP Address that does not match the one you are contacting us from, we will need to take additional steps to verify your identity. This may include requiring you to acquire an attestation from your Internet Service Provider. This is particularly likely to be true if you are seeking to exercise rights regarding a dynamic IP Address, as opposed to a static one.
This is called the “right to be informed”. It means that you have the right to obtain from us all information regarding our data processing activities that concern you such as how we collect and use your Personal Data, how long we will keep it and who it will be shared with, among other things.
We are informing you of how we process your Personal Data with this Notice.
We will always try to inform you about how we process your Personal Data.
This is called the “right of access”. This right allows you to ask for full details of the Personal Data we have about you.
You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you, and, where that is the case, a copy of or access to the Personal Data and certain related information.
Data Used In The Service: With respect to the Personal Data processed as part of the Service, you can access and view the information we collect at any time at this demo feature. Please see the Section “How Can You Exercise Your Privacy Rights,” below, for more information.
Data Collected Via Website or Customers: Once we receive and confirm that it was effectively you or your authorized agent who made the request, we will disclose to you:
This is called the “right to rectification”. It gives you the right to ask us to correct, without undue delay, anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete personal data.
If your account settings do not allow you to change it directly, please follow the steps described below and we will do our best to change the Personal Data for you.
This is called the right to erasure, right to deletion or the "right to be forgotten". This right means you can ask for your Personal Data to be deleted.
Sometimes we can delete your information, but other times it is just not possible, like when the law tells us we cannot do that. If that's the case, we will consider if we can limit how we use it.
Occasions Where We Cannot Fulfil a Deletion Request Under the GDPR or the CCPA: The GDPR and the CCPA allow us to deny a request to erase your Personal Data if we or our service providers need to retain the Personal Data to:
This is called the “right to restrict processing”. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain occasions, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, for example, if you want us to establish its accuracy or the reason for processing it.
This is called the “right to object”. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party) to support our processing of your Personal Data, as we do in this Privacy Policy. Also, you have the right to object at any time to the processing of your Personal Data for direct marketing purposes.
We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.
This is called the “right to data portability”. It's the right to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our Services, so that you can:
We sometimes use computers to study your Personal Data. We might use this Personal Data so we know how you use our services. For decisions that may seriously impact you, you have "the right not to be subject to automatic decision-making, including profiling". But in those cases, we will always explain to you when we might do this, why it is happening and the effect.
We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:
If the GDPR applies to the processing of your Personal Data with us, the GDPR grants individuals to lodge a complaint with a supervisory authority if you’re not satisfied with how we process your Personal Data.
In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work or place of an alleged violation of the GDPR.
You have the right to ask us to not sell your Personal Data at any time. This is called the “right to opt out”. We sell the information stored in our Service to our Customers. We do not sell the information we collect from our Website or from our Customers.
To exercise the right to opt-out, you may submit a request to us by completing the below webform:
Once you make an opt-out request, we will wait at least twelve months before asking you to reauthorize the sale of your Personal Data. However, if you change your mind, you may opt back into Personal Data sales at any time by using the procedure described below. We will only use Personal Data provided in an opt-out request to review and comply with the request.
If you have directed us not to sell your Personal Data, you can opt-in to the sale of your Personal Data at any time.
In addition, we do not sell the Personal Data of individuals that we know are less than 18 years old. Individuals who opt-in to Personal Data sales may opt-out of future sales at any time.
You may exercise any of the rights described above, including the right to opt out of the sale of your Personal Data, by filling out this webform:
Please note, for our Customers, please log into your client account where you will find a customized webform where you may exercise any of the rights described above.
You may always contact us by email at [email protected]; or by writing to us at:
Hexasoft Development Sdn. Bhd.
Attn: Data Protection Officer
70-3-30A D'Piazza Mall
Jalan Mahsuri
11950 Bayan Baru
Pulau Pinang
Malaysia
For requests related to Personal Data stored in the Service PLEASE NOTE since we require your IP Address to verify your identity, the simplest way to make your request is via our webform. If you contact us by email or mail, we will be happy to assist you in submitting a webform request, or answering any other questions you may have. If you need to submit a request not via our webform, we will need another way to verify that you own or use the IP Address at issue. We will likely require that you obtain an attestation from your Internet Service Provider that you own or use the IP Address you are contacting us about.
Data Collected Via Website or Customers: You may appoint an authorized agent to exercise your rights on your behalf. You should appoint such agent via written permission or a power of attorney pursuant to Probate Code sections 4000 to 4465 (if you reside in the State of California) or the applicable rules for authorizing somebody else to exercise your rights in your country of residence.
To verify that your authorized agent acts on your behalf, we will ask for this written permission from your agent or for the power of attorney. In case you provided your authorized agent with written permission, we will require that you also verify your identity.
Data Used in the Service: In addition to the above information, your authorized agent will need to provide us with certification from your Internet Service Provider that you own or use the IP Address(es) at issue.
Data Collected Via Website or Customers: To evaluate your privacy rights requests, we need to be sure it was you who made the request. Consequently, we might need some identification to check that you are who you say you are.
For this verification, we may ask you for specific information, including certain Personal Data. We will only use the Personal Data you provide us in a request to verify the requestor's identity or authority to make the request.
Please note that you may only make a consumer request to know or data portability twice within a 12-month period.
Data Used in the Service: As discussed above, we will verify your identity by matching the IP Address you are using to make your request to the IP Address we have stored in the Service. If the two do not match, we will need to verify your identity by another method. We will likely require you to obtain a certification or attestation from your Internet Service Provider that you own or use the IP Address at issue. We may also ask for certain Personal Data such as your Name or email address so that we may contact you about your request. We will only use this information to contact you about your request and will delete this information once the request is complete.
We will confirm the receipt of your request in 10 days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, except when we have already granted or denied the request.
Please allow us up to 30 days to reply to your requests, from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option.
Consider that we will only cover the twelve-month period preceding the moment we receive the request in any disclosures we provide you with.
We will act upon your request to opt-out from selling your Personal Data in 15 days. We will also notify the third parties to whom we sold your Personal Data of your request and instruct them not to further sell your Personal Data, if they do. We will inform you about this in 90 days from the receipt of your request.
If we cannot satisfy a request, we will also explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.
We promise we will not charge a fee for processing or responding to your requests. Exceptionally, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective” date above to reflect the date on which the new Notice became effective.
If you have any questions about this Notice or our processing of your Personal Data, please write to us by email at [email protected] or by postal mail at:
Hexasoft Development Sdn. Bhd.
Attn: Data Protection Officer
70-3-30A D'Piazza Mall
Jalan Mahsuri
11950 Bayan Baru
Pulau Pinang
Malaysia
Please allow up to 30 days for us to reply.
VeraSafe has been appointed as Hexasoft's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to Hexasoft, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Alternatively, VeraSafe can be contacted at:
VeraSafe Czech Republic s.r.o
Klimentská 46
Prague 1, 11002
Czech Republic
If you are a resident of the European Union, you may have the right to lodge a complaint with a data protection regulator in one or more of the EU member states.
VeraSafe has been appointed as Hexasoft's representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom VeraSafe, can be contacted in addition to or instead of Hexasoft, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contactdata-protection-representative or via telephone at +44 (20) 4532 2003.
Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom