Privacy Policy

Taqyid attaches great importance to the protection of your personal data. Taqyid is established in Belgium and provides a SaaS halal compliance platform to customers in the European Union and Malaysia. Our core infrastructure is hosted in the Asia-Pacific (Singapore) region to be close to our Malaysian users, with appropriate safeguards for international data transfers. This policy explains how we collect, use and protect your information in accordance with the EU General Data Protection Regulation (GDPR) and the Malaysian Personal Data Protection Act 2010 (PDPA), as amended in 2024–2025.

1. Data controller

The data controller is Taqyid, established in Belgium and contactable at contact@taqyid.com. A Data Protection Officer (DPO) is appointed to oversee compliance with GDPR and PDPA, including data subject requests and incident handling.

2. Data we collect

We collect only the data necessary when you register for the beta and use the platform:

• Full name
• Professional email address
• Company name
• Your role in the company
• Technical logs and usage data (analytics and diagnostics)

We do not intentionally collect sensitive personal data (such as racial or ethnic origin, religious beliefs, biometric data, health data, or political opinions) and we ask you not to submit such data via the platform unless explicitly requested for a clearly identified legal purpose.

3. Purposes of processing

Your data is used to:

• Manage your registration to the private beta
• Provide and administer access to the platform
• Communicate with you about the service and its evolution
• Improve our services, features and user experience
• Produce anonymised or aggregated usage and performance statistics

4. Legal basis

The processing of your data is based on:

• Your consent when registering for the beta and, where applicable, for analytics cookies
• Taqyid's legitimate interest in operating, securing and improving the service
• Performance of a contract for the provision and administration of the service
• Compliance with legal obligations under GDPR and PDPA where applicable

5. Data retention period

Your data is retained for the following periods:

• Beta registrations: 3 years after the last interaction
• Active customers: contract duration + 5 years (for legal and accounting obligations)
• Analytics cookies: maximum 13 months

6. Data recipients

Your data may be shared with:

• Taqyid internal team: authorised staff only, on a need-to-know basis
• Technical providers: hosting, authentication, database, email delivery and analytics service providers acting as data processors on our behalf
• Cloud infrastructure: reputable cloud providers located mainly in the Asia-Pacific (Singapore) region, which host our application, databases and backups

All processors are contractually required to comply with confidentiality, security, and data protection obligations aligned with GDPR and PDPA. Your data is not sold to third parties and is not used for behavioural advertising.

7. Your rights (GDPR & PDPA)

Under GDPR and, where applicable, PDPA, you have the following rights:

• Right of access: obtain confirmation and a copy of your personal data
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request deletion of your data where legally permitted
• Right to restriction: request limitation of processing in certain cases
• Right to data portability: receive your data in a structured, commonly used and machine-readable format and have it transmitted to another controller where technically feasible, in line with GDPR and PDPA requirements
• Right to object: object to certain types of processing based on legitimate interest
• Right to withdraw consent: withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

To exercise these rights, please contact our DPO at: dpo@taqyid.com.

We aim to respond to requests as soon as reasonably possible and, where required, within the time limits set by applicable data protection laws.

You also have the right to lodge a complaint with your competent data protection authority (for example, an EU supervisory authority) and/or the Personal Data Protection Department of Malaysia (PDPD).

8. Data security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration or disclosure, including:

• TLS/SSL encryption for data in transit
• Hosting on reputable cloud infrastructure in the Asia-Pacific (Singapore) region with strong physical and logical security controls
• Strict internal access control and role-based permissions
• Regular encrypted backups
• Periodic security reviews and monitoring of access logs

9. Cookies

We use cookies to operate the platform and improve your experience. You can disable non-essential cookies in your browser settings or via the consent banner. Types of cookies used:

• Essential cookies: necessary for the website and platform to function properly
• Analytics cookies: usage statistics which are anonymised or pseudonymised where possible and activated only with your consent

10. International transfers

Our core infrastructure (databases and application hosting) is located in the Asia-Pacific (Singapore) region. For EU-based users, this involves a transfer of personal data outside the European Economic Area.

Where your data is transferred to a country that is not subject to an adequacy decision, we implement appropriate safeguards (such as the European Commission's Standard Contractual Clauses and equivalent contractual protections, combined with technical and organisational measures) to ensure a level of protection consistent with GDPR and PDPA requirements. Some of our additional service providers (such as email and analytics tools) may also process data outside your country of residence under similar safeguards.

11. Data breach notification

In the event of a personal data breach that is likely to result in a significant risk to your rights and freedoms, Taqyid will notify the competent data protection authority as soon as practicable and, where required, within a maximum of 72 hours of becoming aware of the breach. Where the breach is likely to cause significant harm, affected individuals will also be informed without unnecessary delay and in accordance with applicable GDPR and PDPA obligations.

12. Changes to this policy

This policy may be updated from time to time. The date of the last update is shown at the top of this page. We will inform you in advance of any material changes that impact the way your data is processed.