BMO Privacy Notice

How BizCloud Asia Sdn Bhd collects, uses and protects personal data in the BMO System.

BizCloud Asia Sdn Bhd  | 

1. Introduction

This Privacy Notice explains how BizCloud Asia Sdn Bhd (“BizCloud”, “we”, “us”, “our”) collects, uses and protects personal data when you use the BMO System and our related websites, modules and services.

This Privacy Notice should be read together with our Master Subscription & Service Level Agreement (SLA) and Terms of Service. If there is any conflict, the SLA and Terms of Service will prevail.

2. Who this applies to

This Privacy Notice applies to:

  • Companies and organisations that subscribe to BMO;
  • Users who log in to BMO (e.g. HR, payroll, finance, admin, manager, staff);
  • Visitors who browse our websites, submit forms, or contact us.

If you are an employee, customer or supplier of our client, your data is usually entered and controlled by that client. In that case, BizCloud only acts as a service provider / data processor. You should also refer to your employer’s or service provider’s own privacy policy.

3. What personal data we collect

3.1 Information you or your company provide to us

We only collect information that is reasonably necessary to provide our services and support, for example:

  • Company details: name, registration number, billing address, contact details;
  • Contact persons: name, job title, email, phone number, department;
  • Login details: username, password (stored in protected form, not plain text);
  • Subscription and billing information: package subscribed, payment records, invoices, support history;
  • Support communications: emails, phone/WhatsApp messages, tickets, remote-session logs.

3.2 Information entered into the BMO System (“Your Data”)

Your company and users may store a wide range of business data in BMO, for example:

  • HR & employee data (HRM, e-Leave, e-Claim, attendance, payroll);
  • Accounting and e-Invoice data (customers, suppliers, transactions, SST/tax codes);
  • CRM, sales, inventory, POS and other business records;
  • Files and documents uploaded to file management modules.

This data is controlled by you. We do not create or change this content on our own and we do not use Your Data for our own marketing or resale.

3.3 Website & usage information

When you visit our websites or cloud systems, we may collect:

  • Technical information: IP address, browser type, device type, approximate location;
  • Log information: login time, pages accessed, error logs, basic usage patterns;
  • Cookies or similar technologies used mainly for session management and user experience.

You can adjust your browser settings to limit cookies, but some features may not work properly if cookies are disabled.

4. How we use your personal data

We use your personal data for the following purposes:

  • To provide and operate the BMO System – create and manage user accounts, provide access to subscribed modules, and generate system reports based on Your Data and settings.
  • To provide support and maintenance – respond to support tickets, diagnose issues, perform configuration, updates and improvements.
  • To manage our relationship with you – handle billing, renewals, system notices, training and implementation.
  • To improve our products and services – analyse anonymised or aggregated usage trends to enhance performance, stability and security.
  • Marketing and communication (optional) – send information on new features, modules, promotions or events. You can opt-out from marketing emails at any time.

We do not sell your personal data to third parties.

5. Who we share your data with

5.1 Within BizCloud and trusted contractors

We may share personal data within BizCloud and with appointed contractors who help us provide hosting, support, development or customer service. Access is on a need-to-know basis and subject to confidentiality obligations.

5.2 Third-party service providers & integrations

Depending on your setup and modules, we may use third-party providers for data centre/cloud hosting, backup, email gateways, SMS/WhatsApp providers, payment gateways, government e-Invoice platforms and other APIs.

  • Any contract or fee for these services is between you and the provider (where applicable);
  • When you enable an integration, you authorise us to exchange data with that provider as needed to make the integration work;
  • These providers handle data according to their own privacy policies and contracts. We do not control their internal systems or policies.

5.3 Legal and regulatory requirements

We may disclose personal data if required by law, court order or regulatory authority, or if we reasonably believe disclosure is necessary to comply with legal obligations, protect our rights or respond to fraud, security or abuse cases.

We do not provide your personal data to unrelated third parties for their own marketing.

6. Security and where data is stored

We take reasonable technical and organisational measures to protect data under our control, for example:

  • Using HTTPS (TLS) for access to our cloud systems and admin portals;
  • Role-based access controls and passwords for our staff;
  • Separation of production and test environments where applicable;
  • Regular backups for cloud-hosted data with restricted access.

However, no system or internet transmission can be guaranteed to be 100% secure, and we cannot guarantee absolute protection against all attacks, malware, or human error.

6.1 Cloud vs client-hosted / on-premise (important)

  • Cloud BMO: when hosted on our servers or our cloud partner, we are responsible for the infrastructure level (server OS, database, basic backup and security within our environment).
  • Client-hosted / PC-hosted / on-premise: when BMO is installed on your own PC, server, VM, NAS or third-party hosting, you are fully responsible for hardware, OS, network, antivirus, firewall, access control and backup/restore of your database and files.

We cannot be responsible for data loss or breaches caused by your own devices, networks, misconfiguration, ransomware, or failure to implement proper backup.

7. Data accuracy, retention and your responsibilities

You are responsible to ensure that all information entered into BMO (including HR, payroll, accounting and e-Invoice data) is accurate, complete and up to date.

We do not review or audit Your Data for correctness, and we do not provide tax, accounting or legal advice. You should regularly:

  • Review system reports and ledgers before using them for payment or submission;
  • Perform and test backup and restore procedures, especially for client-hosted installations.

We retain personal data for as long as reasonably required to deliver the services, fulfil our contract with you, comply with legal requirements, and handle disputes or audits. When data is no longer needed, we will take reasonable steps to delete or anonymise it, subject to any legal or regulatory retention duties.

For cloud systems, after your subscription ends, we may provide a limited window for data export upon written request (as described in the SLA). After that period, data may be deleted or archived.

8. Your rights

Subject to applicable law (including the Malaysian Personal Data Protection Act, PDPA), you may have the right to:

  • Request access to personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request deletion, blocking or restriction of processing in certain circumstances;
  • Withdraw consent to marketing communications.

If your data is managed by your employer or another organisation using BMO, we may refer you back to that organisation, as they are the primary data controller.

9. Third-party websites

Our websites and portals may contain links to third-party sites or services. We are not responsible for the privacy practices, content or security of those external websites. You should review the privacy notices of any third-party site you visit.

10. Online threats and logging

Access to BMO and related admin systems requires a valid username and password, and in some cases additional security measures. Certain activities (such as login attempts, configuration changes, and support actions) may be logged for security and audit purposes.

While we follow secure development practices and take reasonable precautions, no software can be guaranteed free from vulnerabilities. Our goal is to make unauthorised access difficult and detectable, and to respond in a timely manner when issues are reported.

11. How to contact us

If you have any questions, concerns or requests related to this Privacy Notice or your personal data, please contact us:

Email (general)
sales@bizcloud.asia

Kuala Lumpur Office
No.B-2-7, Block B, Kuchai Exchange,
Jalan Kuchai Maju 13, Kuchai Lama 58200,
Kuala Lumpur, Malaysia.
Phone: +603 2780 3880
Email: sales@bizcloud.asia
Waze: View in Waze
Google Maps: View in Google Maps

Penang Offices

Unit 1-3-31, i-Avenue, No. 1, Jalan Tun Dr Awang,
11900 Bayan Lepas, Penang, Malaysia.

5-5-37, The Promenade,
Persiaran Mahsuri,
Bandar Bayan Lepas,
11900 Bayan Lepas,
Penang, Malaysia.
Phone: +604 2024 033
Email: sales@bizcloud.asia
Waze: View in Waze
Google Maps: View in Google Maps

Johor Office
01-35, Jalan Austin Perdana 2/22,
Taman Austin Perdana,
81100 Johor Bahru,
Johor, Malaysia.
Phone: +607 4890 353
Email: sales@bizcloud.asia
Waze: View in Waze
Google Maps: View in Google Maps