We are committed to protecting your personal data and ensuring transparency.
Effective Date: 18 October 2025
This Privacy Policy applies to CLOUDVALLEY SDN. BHD. (“CloudValley”, “we”, “us”, “our”) and to the website www.cloudvalleyidc.net and our cloud/IDC hosting services. If you do not agree with this Policy, please do not use our website or services.
We are committed to protecting the privacy of our customers, visitors, and partners. This Policy explains what personal data we collect, how we use it, the legal bases for processing, how long we keep it, and the rights and choices available to you. This Policy is designed to comply with applicable laws including the Personal Data Protection Act 2010 (Malaysia) (“PDPA”) and, where relevant, the EU/UK General Data Protection Regulation (“GDPR”).
In this Policy, “personal data” means information about an identifiable individual. “Services” means our cloud, colocation, dedicated server, and related support services.
We collect and process personal data for legitimate, specified purposes:
Special note for IDC/Cloud customers: You are responsible for the lawful collection and processing of any end-user or client data you host with us. See “Customer Content & Controller/Processor Roles”.
We respect privacy and intellectual property rights. If you believe content hosted via our Services infringes your rights, please contact us at support@cloudvalleyidc.net with sufficient details for us to assess and respond. Where applicable, we may act in accordance with relevant takedown procedures and our Acceptable Use Policy.
Customer Content & Controller/Processor Roles. For data you upload or host on our infrastructure (“Customer Content”), you are typically the controller and CloudValley is the processor (or service provider). You determine the purposes and means of processing; we process in accordance with your instructions, the service agreement, and applicable law.
Data Center & Security. We implement administrative, technical, and physical safeguards designed to protect personal data, including: network segregation and firewalls, DDoS mitigation, access controls, encryption in transit (TLS), vulnerability management, logging and monitoring, and incident response procedures. Our facilities and partners align with industry standards (e.g., ISO/IEC 27001 and Tier III–style data center practices) where applicable.
Retention. We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, to comply with our legal obligations, resolve disputes, and enforce agreements. Billing and tax records may be kept for statutory periods.
Subprocessors. We may engage trusted infrastructure and service providers (e.g., data centers, connectivity, payments, analytics, support tools) under written contracts requiring confidentiality and appropriate security.
Under the Personal Data Protection Act 2010 (Malaysia), we will: (a) provide you with notice of processing; (b) obtain consent where required; (c) not process data for unrelated purposes without further consent; (d) take reasonable steps to ensure data is accurate and secure; (e) allow access and correction requests; and (f) not keep data longer than necessary. You may submit access/correction requests to support@cloudvalleyidc.net.
Marketing communications. Where consent is required, you may withdraw at any time. We will honor Do-Not-Call and other applicable PDPA requirements.
If the GDPR applies to you, you have the following rights, subject to conditions and exemptions: access, rectification, erasure, restriction, portability, and objection to processing (including direct marketing). Where processing is based on consent, you may withdraw consent at any time without affecting prior processing. You also have the right to lodge a complaint with a supervisory authority.
Our legal bases for processing include contract performance, legitimate interests (e.g., securing and improving the Services), legal obligations, and consent where required.
We may process or store personal data in Malaysia or other jurisdictions where we or our providers operate data centers or support teams, including but not limited to Hong Kong, Singapore, Japan, the United States, and the European Union.
For cross-border transfers, we implement appropriate safeguards consistent with applicable law, such as contractual protections (e.g., Standard Contractual Clauses), data minimization, access controls, and security measures. By using the Services, you understand that your data may be transferred to and processed in countries with data protection laws different from those of your country.
We use cookies and similar technologies to remember preferences, maintain sessions, analyze traffic, and improve performance. You can manage cookies through your browser settings. Some features may not function properly if cookies are disabled. Where required by law, we will request consent for non-essential cookies.
We do not sell personal data. We may disclose personal data to: (a) our subprocessors and affiliates supporting the Services; (b) professional advisers (lawyers, auditors); (c) authorities or third parties when required by law, court order, or to protect rights, safety, or integrity; and (d) a buyer or successor in connection with a merger, acquisition, or restructuring.
You may update account details in your portal or by contacting support. To exercise PDPA/GDPR rights (access, correction, deletion, restriction, portability, or objection), contact support@cloudvalleyidc.net. We may need to verify your identity before responding. If your data is part of Customer Content controlled by our customer, please contact that customer directly (we will assist where appropriate).
Our Services are not directed to children under the age of 13 (or the minimum age required by local law). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us to delete it.
We may update this Policy from time to time. We will post the updated version with a new effective date on this page. Material changes may also be communicated through the Services or by email notice where appropriate.
CLOUDVALLEY SDN. BHD.
Location: Malaysia
Website: www.cloudvalleyidc.net
Email: support@cloudvalleyidc.net
For privacy requests (PDPA/GDPR), please include sufficient information to verify your identity and to identify the data you are requesting.
CloudValley operates and partners with facilities designed to meet recognized industry practices for security and availability, including ISO/IEC 27001–aligned information security controls and Tier III–style data center standards where applicable. While no system is 100% secure, we apply defense-in-depth measures, least-privilege access, security monitoring, and incident response processes to help protect your data and maintain service continuity.
Customers are responsible for securing their own applications, operating systems, and data within their environments (shared responsibility model), including proper configuration, patching, access management, encryption at rest where required, and compliance with laws applicable to their use cases.
“Client”, “you”, and “your” refer to any user, visitor, or customer of our website or Services. “Company”, “we”, “us”, and “our” refer to CLOUDVALLEY SDN. BHD. Headings are for convenience only and do not affect interpretation. Terms used but not defined have the meanings given by applicable law.
