Skip links

Privacy and Policy

Thank you for visiting Aye Official Website (www.aye-ai.org, “Official Website”), which is operated by Aye Solutions Sdn. Bhd. and its related parties (“Aye”, “we”, “us” or “our”). We respect your privacy and value the trust you place in us when you provide your personal data with us. This privacy policy (hereinafter “Privacy Policy”) sets out how we, including how any member of Aye to which we legitimately collect, use and safeguard personal data you provide to us through this Official Website. We also inform you why we use your personal data collected through the Official Website, with whom we share it, the rights to which you may be entitled and your choices about our use of such personal data. Before providing us with personal data we recommend that you read this Policy which governs our services. If you have any questions, comments or complaints, please contact us through the contact information provided in Clause 20.

HOW WE COLLECT AND USE YOUR PERSONAL DATA

Personal data means any information saved in electronic form or otherwise that can be used independently or together with other information to identify a natural person or reflect the activities of a natural person.

1. We generally do not collect your personal data unless 

a. it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after

i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and

ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or

b. collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

2. When you use the Official Website, we will collect and use the personal data necessary for the provision of relevant services as follows; if you do not use the services, we will not collect the corresponding information.

a. Browse the Official Website

When you browse the Official Website through a computer or mobile device, we will collect your following information:

i) Technical information, such as Internet Protocol (IP) addresses, browser types and versions, time zone settings and locations, browser plug-in types and versions, operating systems and platforms, and other technologies you use on your device to access and browse Official Websites.

ii) Use information, such as information about how you use our website, products and services.

b. Apply for trial of our products and services

When you request to try our products and services on Official Website, we need to collect your name, position, email address, contact number, company name, company address, industry, and key requirement description to understand your specific requirements.

We may also use the above information for (i) handling and replying your or your organization’s questions and opinions; (ii) providing information about products and services that you or your organization may be interested in; and (iii) seeking information and feedback from you or your organization, including through surveys and questionnaires.

c. Business cooperation

When you apply for business cooperation with us, we need to collect your name, position, email address, contact number, country or region, industry, company name, specific requirements of business cooperation, etc. to understand your specific needs and contact you for business cooperation.

We may also use the above information for (i) handling and replying your or your organization’s questions and opinions; (ii) providing information about products and services that you or your organization may be interested in; and (iii) seeking information and feedback from you or your organization, including through surveys and questionnaires.

d. Apply for our jobs

When you choose to send us your resume to apply for our positions online. We need to collect your identity information and resume information, such as your name, date of birth, gender and native place, your education background, work experience and contact information, to initially understand your situation.

e. Use of anonymized information

Please note that we also collect, use and share aggregated information, such as statistics or structural data. Aggregate data is not personal data but may be derived from your personal data, because it does not directly or indirectly show your identity, and we have the right to use it for any legitimate purpose (for example, we may aggregate your usage information to find out how many users visit specific website functions, study consumer and market preferences, improve existing products and services, and conduct financial forecasting and modeling). If we combine or associate the aggregate data with your personal data so that it can directly or indirectly identify you, we will treat the combined information as personal data and will process it in accordance with the provisions of this Policy.

3. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us as a user has been terminated or altered in anyway, for a reasonable period thereafter (including, where applicable, a period to enable is to enforce our rights against you).

HOW WE SHARE, TRANSFER, AND PUBLICLY DISCLOSE YOUR PERSONAL DATA

4. Share

We will not share your personal data except in the following circumstances:

a. with your explicit consent, we will share your personal data with other parties.

b. we may share your personal data with others in accordance with laws and regulations, the needs of litigation dispute settlement, or the requirements of administrative and judicial authorities.

c. to the extent permitted by laws and regulations, it is necessary to share your personal data in order to protect us, our affiliates or partners, you or other users of SenseTime or the public interest, property or security from damage.

d. In order to provide services to you, we may share your personal data with our affiliates. However, we will only share necessary personal data, and the use of your personal data by our affiliates is subject to this Policy, or the affiliate’s policy which you authorized and consented to and provides your personal data with substantially the same level of protection as this Policy. Our affiliates and we will strictly comply with this Policy and other security policies of SenseTime.

5. Transfer

We will not transfer your personal data to any other company, organization or individual except:

a. obtain your explicit consent or authorization in advance;

b. provide such data in accordance with the applicable laws and regulations, requirements of legal procedures, mandatory administrative or judicial requirements;

c. provide such data in accordance with the relevant agreements entered between you and us (including the electronic agreements signed online and the corresponding platform rules);

d. with the development of our business, it is possible for us and our affiliates to carry out merger, acquisition, asset transfer or other similar transactions. If the relevant transaction involves the transfer of your personal data, we will require the company, organization and individual acquiring your personal data to continue to be bound by this Policy, otherwise we will require the company, organization and individual to obtain your consent again.

6. Publicly disclose

We may only publicly disclose your personal data under the following circumstances:

a. after obtaining your explicit consent; and

b. disclosure under the law: we may publicly disclose your personal data as required by laws, under legal procedures, in lawsuits or upon compulsory requirements of competent authorities under the government.

WHAT IS OUR BASIS FOR PROCESSING PERSONAL DATA OF USERS TO WHOM GDPR APPLIES

7. For personal data collected about users to whom GDPR applies, our basis for processing is as follows:

a. in order to communicate adequately with you and to respond to your requests, we need to process data about you and therefore we have a legitimate interest in processing this data.

b. in order to engage in transactions with customers, suppliers and business partners, and to process purchases and downloads of our products and services, we need to process your personal data as necessary to enter into or perform a contract with you.

c. we process personal data for marketing and sales activities based on your consent where so indicated on our websites at the time your personal data was collected, or further to our legitimate interest to market and promote our products and services. We may also collect sensitive personal data upon your explicit consent for one or more specified purposes.

d. we rely on our legitimate interest to analyze, develop, improve and optimize our products, services and websites, and to maintain the security of our products, services, websites, networks and systems.

e. In order to comply with applicable laws, such as to comply with a subpoena or other legal process, or to process an opt-out request.

HOW WE PROTECT YOUR PERSONAL DATA

We have taken security protection measures in line with industry standards to protect the personal data you provide, so as to prevent unauthorized access, public disclosure, use, modification, damage or loss of data.

8. We utilize blockchain technology and unique key management to ensure auditable protection, strictly limiting access to your personal data for necessary purposes as outlined above.

9. We implement security measures with close supervision from our team to handle all matters related to Aye’s products and services that may involve users’ personal data. This includes planning and formulating the company’s policies, as well as reviewing the data protection policies for each product.

10. We will encrypt the transmission and storage of the identifiable sensitive personal data, and the encryption intensity meets the security requirements to ensure the confidentiality of the data. Our application system provides identity authentication, user identity uniqueness verification, role-based access control and other functions, and uses HTTPS security protocol for communication. We deploy the access control mechanism on the server side, adopt the principle of minimum authorization for the staff who may contact your personal data, and regularly check the logs of visitors and access. Our operating system and database system have password complexity requirements, adopt SSH security protocol for remote management and strictly restrict access to the default account. We keep comprehensive audit records for our systems which cover all users.

11. Our server systems for storing user’s personal data are all operating systems with security hardening. We will audit and monitor the account of the server operation. If we find the server operating system has any security loopholes, we will upgrade the server security in time to ensure the security of all server systems and applications.

12. We hold regular training on laws and regulations related to personal data protection for our staff to enhance their awareness of personal privacy protection.

13. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your personal data and are constantly reviewing and enhancing our information security measures.

YOUR RIGHTS TO PERSONAL DATA

When you use our products and services, you may at any time exercise certain rights with regard to your personal data you may have under applicable law and regulation, including the following rights:

14. Access and rectify your personal data

a. If you wish to make: 

i) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or

ii) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Team at the contact details provided in Clause 20.

b. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

c. We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) working days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) working days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

15. Delete your personal data

Under any of the following circumstances, you may raise a request for deletion of your personal data:

a. When our collection of personal data does not obtain your consent and violates laws and regulations

b. When our processing of personal data violates laws or regulations.

c. When our use and processing of personal data violates our agreement with you.

d. When you no longer use our products or services.

e. When we no longer provide you with any products or services.

You can contact us to delete your personal data through the contact information provided in Clause 20, and we will reply to you within thirty (30) working days. When we delete your personal data from the server, we may not delete the corresponding data from the backup system immediately, but we will delete this information when the backup is updated.

16. Withdraw your consent

Our services can only be provided with certain basic personal data. In terms of the collection and use of additionally collected personal data, you may grant or withdraw your authority and consent at any time.

a. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email at the contact information provided in Clause 20.

b. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within thirty (30) days of receiving it.

c. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in Clause 16(a) above.

d. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

17. Accounts Cancellation

You may cancel the account you registered for employment. You can contact us to cancel your account through the contact information provided in Clause 20.

RETENTION OF PERSONAL DATA

18. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

19. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

CONTACT US

10. You may contact our Data Protection Team if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:

Email Address  : privacy@aye-ai.org

EFFECTIVENESS OF THIS POLICY AND CHANGES TO POLICY

21. This Privacy Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.

22. We may revise this Privacy Policy from time to time without any prior notice. We will not reduce your rights due under this Policy, without your explicit consent. 

23. You may determine if any such revision has taken place by referring to the date on which this Privacy Policy was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Effective date:   20/12/2023

Last updated:  20/12/2023