Privacy Policy — Responsible AI Solutions

Effective date: 24 June 2026

1. Introduction and scope

This Privacy Policy explains how Responsible AI Solutions Sdn Bhd (“Responsible AI Solutions”, “we”, “us”, “our”) collects, uses, discloses, and protects personal data when you visit our website at responsible-ai-solutions.com or otherwise interact with us. It is designed to comply with the Personal Data Protection Act 2010 of Malaysia, as amended (“PDPA Malaysia”), the Personal Data Protection Act 2012 of Singapore (“PDPA Singapore”), the Privacy Act 1988 (Cth) of Australia and the Australian Privacy Principles, and the European Union General Data Protection Regulation 2016/679 (“GDPR”) and UK GDPR, in each case to the extent applicable to you.

2. Personal data we collect

Information you provide to us directly:

Identification: full name, job title, organisation, and country of operation
Contact: work email address, and telephone number where you provide it
Professional context: industry, organisation size, and any details you choose to share about the AI systems or engagement you are enquiring about
Communications: your correspondence with us

Information collected automatically when you visit our website:

Server log data: IP address, request timestamp, page requested, and browser user agent, collected by our hosting infrastructure for operational and security purposes
Content delivery: the website loads fonts and static assets from a third-party content delivery network, which may receive your IP address in order to deliver them

We do not currently use website analytics, tracking pixels, advertising tags, or personalisation technologies.

3. Purposes for which we use your personal data

We use your personal data to:

Respond to your enquiries and discuss a potential engagement
Assess whether our services are a fit for your organisation
Send service updates and, where you have agreed, marketing communications
Operate, maintain, secure, and improve our website
Comply with legal, regulatory, and accounting obligations
Establish, exercise, or defend legal claims

4. Legal basis for processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on:

Consent (Article 6(1)(a)) for marketing communications
Steps prior to a contract (Article 6(1)(b)) for responding to your enquiry and discussing a possible engagement
Legitimate interests (Article 6(1)(f)) for operating and securing our website, business-to-business outreach to professional contacts, and protecting our legal rights
Legal obligation (Article 6(1)(c)) where required by law

5. Disclosure and recipients

We do not sell your personal data. We disclose personal data only to:

Service providers acting on our behalf, such as cloud hosting, email infrastructure, form processing, and customer relationship management, under contractual confidentiality and data protection obligations
Professional advisers, including legal, accounting, audit, and insurance
Government, regulatory, or law enforcement authorities where required by law
Third parties in connection with a corporate transaction such as a merger, acquisition, or restructuring, subject to appropriate confidentiality

6. International transfers

Responsible AI Solutions is established in Malaysia and works across Malaysia, Singapore, and Australia. Personal data may be transferred to and processed in these jurisdictions, and in other jurisdictions in which our service providers operate.

For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses or other appropriate safeguards under Articles 44 to 50 GDPR
For transfers from Malaysia, we comply with the cross-border transfer requirements of the PDPA Malaysia
For transfers from Singapore, we ensure recipient organisations provide a standard of protection comparable to the PDPA Singapore
For transfers from Australia, we take reasonable steps to ensure recipients handle personal information consistently with the Australian Privacy Principles

7. Retention

We retain personal data only for as long as necessary for the purposes set out in this policy, to comply with legal and accounting obligations, and to resolve disputes. Enquiry and engagement-discussion data is retained for 24 months from last meaningful contact, after which it is deleted or anonymised, unless we are required by law to retain it for longer.

8. Your rights

Subject to applicable law and verification of your identity, you have the following rights:

Access to the personal data we hold about you
Correction of inaccurate or incomplete personal data
Erasure of personal data, where applicable
Restriction of processing (GDPR / UK GDPR)
Portability of personal data in a structured, machine-readable form (GDPR / UK GDPR)
Objection to processing based on legitimate interests or for direct marketing
Withdrawal of consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal
Lodging a complaint with your supervisory authority, including the Personal Data Protection Commissioner Malaysia, the Personal Data Protection Commission Singapore, the Office of the Australian Information Commissioner, the Information Commissioner’s Office in the United Kingdom, or your relevant European Union data protection authority

To exercise any right, contact us using the details in section 13. We will respond within the timeframe required by the applicable law.

9. Cookies and tracking technologies

We do not use cookies, web beacons, or similar technologies for analytics, tracking, advertising, or personalisation on our website, and we do not deploy website analytics.

Strictly necessary cookies set by our hosting and form-processing infrastructure may be used to deliver core website functionality, including form submission and basic security. These are not used to track or identify you across other websites or sessions, and your consent is not required for them under applicable law.

If we introduce analytics, marketing cookies, or other tracking technologies in the future, we will update this Privacy Policy and, where consent is required, request it before deploying them.

10. Security

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit, access controls, logging, and incident response procedures. No system can be guaranteed completely secure.

11. Data breach notification

Where required by applicable law, we will notify the relevant regulator and affected individuals of personal data breaches that meet the applicable notification thresholds, including under the PDPA Malaysia, the PDPA Singapore, the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth) of Australia, and Articles 33 and 34 GDPR.

12. Children

Our services and this website are directed exclusively to professional and business contacts. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it.

13. Contact

The data controller is Responsible AI Solutions Sdn Bhd (Registration No. 202601013263 (1675361-T)). For any privacy question, or to exercise your rights, contact us at [email protected].

We have not appointed a representative under Article 27 GDPR or its United Kingdom equivalent, on the basis that our processing does not meet the threshold criteria. We will appoint a representative if and when our processing falls within scope.

14. Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top reflects the most recent revision. Material changes will be notified through our website or by direct communication where appropriate.

15. Governing law

This Privacy Policy is governed by the laws of Malaysia, without prejudice to mandatory rights and remedies available to you under the data protection law of your country of residence.

Questions about this page? Email [email protected].