Malaysia PDPA Compliance
Personal Data Protection Act 2010 (Amended 2024)
Operated by Altream Sdn Bhd, Kuala Lumpur, Malaysia
Last updated: March 2026
Our Commitment
Altream Sdn Bhd (formerly known as Streamz Holding Sdn Bhd, SSM Registration No: 202501005010 (1606424-P)) operates NeurometriX in full compliance with the Malaysia Personal Data Protection Act 2010 (PDPA) as amended by the Personal Data Protection (Amendment) Act 2024. As a neuroscience-based hiring assessment platform that processes cognitive and behavioral data, we take our obligations under the PDPA seriously and have implemented comprehensive data protection measures that meet or exceed all statutory requirements.
Key PDPA Principles We Follow
| Principle | Description | How We Apply It |
|---|---|---|
| General | Lawful processing only | Consent obtained before every assessment |
| Notice | Inform data subjects | Privacy notice shown at registration and before assessment |
| Disclosure | Limited sharing | Data shared only as disclosed to you |
| Security | Protect personal data | AES-256 encryption at rest, TLS 1.3 in transit |
| Retention | Don't keep longer than needed | 330-day assessment validity, deletion on request |
| Data Integrity | Keep data accurate | Candidates can request corrections at any time |
| Access | Allow subject access | 21-day response to all access requests |
PDPA Amendment 2024 Compliance
We comply with all provisions of the Personal Data Protection (Amendment) Act 2024:
- ✓Data Protection Officer appointed (effective June 2025)
- ✓Data breach notification within 72 hours to PDP Commissioner
- ✓Individual notification within 7 days if significant harm
- ✓Right to erasure (right to be forgotten) honored
- ✓Data portability rights supported
- ✓Biometric and behavioral data treated as sensitive personal data
- ✓Cross-border transfer compliance with new guidelines
Sensitive Personal Data
Under PDPA Amendment 2024, behavioral biometric data captured during assessments (response timing, interaction patterns, cognitive performance metrics) is classified as sensitive personal data. We apply enhanced protections:
- • Obtain explicit consent before processing any assessment data
- • Apply enhanced security measures including AES-256 encryption
- • Never sell or share assessment data without explicit consent
- • Delete all data upon request within 30 days
Data Protection Officer
Altream Sdn Bhd has appointed a Data Protection Officer as required under PDPA Amendment 2024 (effective June 2025):
Your Rights Under PDPA
Right to Access
Section 30 PDPARequest a copy of all personal data we hold about you. We respond within 21 days.
Right to Correction
Section 34 PDPARequest correction of any inaccurate or incomplete personal data.
Right to Withdraw Consent
Section 38 PDPAWithdraw your consent to data processing at any time.
Right to Erasure
Amendment 2024Request complete deletion of your personal data (right to be forgotten).
Right to Data Portability
Amendment 2024Receive your data in a structured, machine-readable format (JSON or CSV).
Data Breach Notification
Per PDPA Amendment 2024 Section 12B:
- • We notify the PDP Commissioner within 72 hours of discovering a breach
- • We notify affected individuals within 7 days if there is risk of significant harm
- • We maintain breach records for a minimum of 2 years
- • Security incidents: security@neurometrix.io
Cross-Border Transfers
We transfer data outside Malaysia only when:
- • The destination country has equivalent data protection laws
- • Standard Contractual Clauses are in place
- • The data subject has given explicit consent
- • Transfer is compliant with PDPA Amendment 2024 cross-border guidelines
Contact & Complaints
Internal Contact
Regulator
Jabatan Perlindungan Data Peribadi (JPDP)
Personal Data Protection Department Malaysia
Level 8, Galeria PjH, Jalan P4W
Persiaran Perdana, Precinct 4
62100 Putrajaya, Malaysia
Tel: 03-7456 3888
Website: pdp.gov.my