Privacy Policy
LOTOcontrol
Version: 1.0
Effective date: 1st October 2025
Last reviewed: 1st October 2025
Company: LOTOcontrol Sdn. Bhd. (202501037468 / 1638877-W)
Registered Office: Kuala Lumpur, Malaysia
Email: admin@lotocontrol.com
This Privacy Policy explains how LOTOcontrol Sdn. Bhd. (“LOTOcontrol”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information when you use our website, web and mobile applications, and other related services (collectively, the “Services”). It also describes your rights and choices under applicable data protection laws including Malaysia’s PDPA, the EU/UK GDPR, and California’s CCPA/CPRA.
1. Scope and Roles
This Privacy Policy applies to visitors, prospects, and end-users of our Services. We act as data controller for information collected through our website, and as data processor when we handle data on behalf of clients. We comply with the Personal Data Protection Act 2010 (PDPA), EU/UK GDPR, and CCPA/CPRA.
2. Categories of Personal Data We Collect
We may collect the following categories of data:
• Account and identity information such as name, business email, organization, and login credentials.
• Operational LOTO records including isolation requests, approvals, audit logs, and attachments.
• Device and usage data such as IP address, browser type, and telemetry.
• Support communications including helpdesk messages, calls, and chat history.
• Cookies for authentication, preferences, and limited analytics.
We do not intentionally collect sensitive personal data such as health or biometric information.
3. Sources of Personal Data
Data may come directly from you, from your employer or organization, automatically through our platform, or from trusted third-party providers such as hosting and security vendors.
4. Purposes and Legal Bases
We process personal data to provide and maintain our Services, enhance security, support users, improve functionality, comply with legal obligations, and communicate with you. Processing is based on contract, legitimate interests, consent (for optional marketing or cookies), or legal obligation.
5. Disclosure of Personal Data
We may disclose personal data to authorized users within your organization, subprocessors under contract, or legal authorities where required. We do not sell or share personal data for advertising purposes.
6. International Transfers
Our Services are primarily hosted on AWS Singapore (Southeast Asia). Data transfers outside Malaysia are safeguarded with Standard Contractual Clauses (SCCs) and equivalent protections. For on-premise or private-cloud clients, all data remains within the client’s infrastructure.
7. Data Retention
We retain data only as long as needed for legitimate purposes or legal compliance:
• Account data: duration of contract + 12 months
• Operational records: duration of contract + 7 years
• Security telemetry: 12–24 months
• Backups: rolling 90 days
We delete or anonymize data once retention limits are reached.
8. Security
We employ industry-standard safeguards including TLS encryption, access control, logging, and continuous monitoring. Clients are responsible for maintaining secure configurations and user access within their own environments.
9. Cookies and Similar Technologies
We use essential cookies for authentication, preference cookies for user settings, and anonymized analytics cookies for improving performance. Non-essential cookies require consent and can be managed through our CookieYes banner or browser settings.
10. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict processing of your data, and to withdraw consent. Requests can be made by contacting admin@lotocontrol.com. We will verify and respond within the timelines set by law.
11. California Privacy Rights (CCPA/CPRA)
We collect limited identifiers and usage data to operate our Services. We do not sell or share personal data. California residents can request access, correction, or deletion by contacting admin@lotocontrol.com.
12. Children’s Privacy
Our Services are not intended for minors under 16, and we do not knowingly collect their personal data.
13. Automated Decision-Making
LOTOcontrol automates certain workflow notifications but does not make legally significant decisions without human involvement.
14. Third-Party Links and Integrations
Our Services may link to or integrate with third-party tools such as EPMS or PTW systems. Their privacy practices are governed by their respective policies.
15. Subprocessors and Data Processing
We engage a limited number of subprocessors to provide infrastructure and support:
• Digital Ocean(Singapore) – hosting and databases
• Cloudflare – CDN and security
• HubSpot – email delivery
• Google Workspace – internal communications
• Sosene Technologies – contracted development partner
All subprocessors are bound by confidentiality and data protection agreements. The current list is available upon request.
16. Data Breach Notification
If a personal data breach occurs that may affect you, we will notify affected clients and relevant authorities as required by law.
17. Changes to this Policy
We may update this Privacy Policy to reflect legal or operational changes. The latest version will always be available at lotocontrol.com/privacy-policy. Continued use of the Services means you accept any updates.
18. Contact Us
For all privacy or data-related requests:
Email: admin@lotocontrol.com
Company: LOTOcontrol Sdn. Bhd. (202501037468 / 1638877-W)
Registered Office: Kuala Lumpur, Malaysia
19. Governing Law and Jurisdiction
This Privacy Policy is governed by the laws of Malaysia. Any disputes shall fall under the exclusive jurisdiction of the courts of Kuala Lumpur, Malaysia.