HomePrivacy Policy

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last Updated: 23 September 2025

1. Who We Are

This website (“Hyrax Oil” / “we” / “us”) is owned and operated by Hyrax Oil Sdn Bhd, a company incorporated in Malaysia. Our operations include lubricant manufacturing/distribution, research & development, customer services, and digital services related thereto. We have offices and operations in Malaysia and Sri Lanka, and may have partners or service providers abroad.

If you have any questions about this policy, how we collect, use, or protect your personal data, or to exercise your data subject rights, you can contact us at:

hyrax@hyraxoil.com(HQ) +603-2163-5893Level 7-1, No 36, Menara RKT,
Jalan Raja Abdullah,
Off Jalan Sultan Ismail,
50300 Kuala Lumpur,
Wilayah Persekutuan Kuala Lumpur.

2. Our Commitment

We are committed to protecting your privacy and complying with applicable data protection laws, including:

  • Malaysia’s Personal Data Protection Act 2010 (“PDPA”), including its amendments which came into force in 2024–2025.
  • Where relevant, the General Data Protection Regulation (“GDPR”) for EU residents.

We follow the principles of lawful, fair, transparent processing; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.

3. What Data We Collect & Why

We collect different kinds of personal data in order to provide and improve our services, maintain safety, comply with legal obligations, and fulfill business operations. The categories include:

Source / InteractionType of Data CollectedPurpose(s) for Collection / Use
Website Visits & AnalyticsIP addresses, Device/browser type, operating system, Geolocation (general, not precise), Pages visited, time spent, links clicked, referrer pages, Cookies, log filesTo analyze site usage, improve UX, identify technical issues, and for security monitoring.
Contact Forms / EnquiriesName, Email address, Phone number (optional), Company / organization name (if applicable), Nature of enquiry / message contentTo respond to your questions, provide quotes or support, and follow-up engagement.
Customer / Sales InteractionsBilling/shipping address, Company registration / tax numbers (if B2B), Payment information (when required), Product usage, order historyTo fulfill orders, deliver products or services, send invoices, handle returns, payments.
Employment / HR Data (if applicable)Identity documents (e.g. IC or passport), Contact details, Bank/account details for payroll, Work history, certifications, Emergency contactFor recruitment, employment contract administration, payroll, compliance with employment laws.
Marketing & Communication PreferencesEmail / phone number for newsletters or promotions, Preferences & consents, Interaction history with marketing materialsTo send marketing / promotional communications when you’ve consented, and to follow your preferences.
Safety / Compliance / RegulatoryIncident reports, Health / safety or environmental data (if required by law), Audit recordsTo comply with legal or regulatory obligations in the oil / energy sector, safety and environmental monitoring.

Note: We only collect sensitive personal data (e.g. health, biometric) where strictly necessary (e.g. for safety or regulatory reasons), and always with explicit consent.

4. Legal Basis for Processing

Depending on the situation, we rely on one or more of the following lawful bases:

  • Consent – when you give us permission (e.g. for marketing emails, special services).
  • Performance of a contract – to fulfill our obligations under contracts with you (e.g. order fulfillment, service provision).
  • Legal obligation – to comply with laws/regulations (e.g. health & safety, tax laws).
  • Legitimate interests – such as improving our products/services, preventing fraud, securing our systems, provided that such interests are not overridden by your rights.
  • Vital interests – in rare cases (e.g. to protect someone’s life).

5. Cookies & Tracking

We use cookies, web beacons, tracking pixels, and similar technologies to:

  • Enable basic website functionality (session cookies).
  • Monitor and analyze website performance and user behaviour (analytics cookies).
  • Deliver targeted or relevant content (if permitted by your consent).

You can manage or disable cookies via your browser settings. Some parts of the website may not work properly if cookies are disabled.

6. How We Store & Protect Your Data

  • Encryption of data in transit (HTTPS/TLS) and at rest where feasible.
  • Access controls – only authorised personnel and service providers who need the data to perform their functions have access.
  • Regular security reviews, penetration testing, and vulnerability assessments.
  • Secure data backups.
  • Security policies and procedures, staff training in data protection.

7. Data Sharing & Third-Parties

We may share your personal data with service providers, affiliates, regulatory bodies, or in connection with business transfers. These parties are bound to confidentiality and security obligations and will only receive the data needed to perform their duties.

8. Cross-Border Transfers

If we transfer your personal data outside Malaysia (or EU, if applicable), we ensure adequate protection through applicable laws, Standard Contractual Clauses, or your explicit consent.

9. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, taking into account legal, regulatory, tax, or accounting obligations. Typical retention periods include:

  • Contact enquiries — up to 24 months.
  • Customer / order records — as required for warranty, legal, tax obligations (often 5–7 years).
  • HR records — as required by employment law or for statutory liability for period required by law.
  • Marketing data — until you unsubscribe or withdraw consent.

10. Your Rights

You have the following rights under PDPA and GDPR (where applicable): access, correction, erasure, objection/restriction, portability (if applicable), withdraw consent, and lodge complaints with the Malaysian Personal Data Protection Department. To exercise these rights, contact us at privacy@hyraxoil.com.

11. Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) for all matters related to your personal data.

hyrax@hyraxoil.com

12. Data Breach Notification

In the unlikely event of a data breach that compromises personal data, we will assess the breach, notify affected individuals where required, notify the relevant authority within the timeframe mandated by law, and take corrective actions.

13. Children & Minors

Our services and website are not directed to children under the age of 18. We do not knowingly collect personal data from minors without parental or guardian consent.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operations. We will revise the “Last Updated” date at the top and notify users of material changes.

15. Miscellaneous / Additional Provisions

  • Language: This policy is written in English; if translated, the English version will prevail in case of discrepancies.
  • Security Logging and Monitoring: We may log system access and monitor systems to prevent unauthorised access.
  • Third-party Links: Our website may include links to third-party websites. We are not responsible for their privacy practices.
  • No Waiver: Failure to enforce any right or provision in this policy shall not constitute a waiver of such right.