i-IMS Integrated Integrity Management System
Home Features Modules Contact Get Started
Legal

Privacy Policy

How i-IMS and Ethos Principle Sdn Bhd collect, use, and protect personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).

Last updated: 07 July 2026

On This Page
  1. Introduction
  2. Personal Data We Collect
  3. How We Collect Your Data
  4. Purpose of Processing
  5. Legal Basis & Consent
  6. Disclosure of Personal Data
  7. Cross-Border Data Transfer
  8. Data Retention
  9. Data Security
  10. Your Rights Under the PDPA
  11. Cookies & Tracking Technologies
  12. Children's Privacy
  13. Third-Party Links
  14. Changes to This Policy
  15. Contact Us / Data Protection Officer

1.Introduction

Ethos Principle Sdn Bhd ("we", "us", "our", or the "Company") operates the Integrated Integrity Management System ("i-IMS", the "System", or the "Platform"), including this website and any associated portals used by our clients and their staff.

We are committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (Act 709) ("PDPA") of Malaysia and its related regulations and codes of practice, including the Personal Data Protection (Amendment) Act 2024. This Privacy Policy explains what personal data we collect, why we collect it, how it is used, disclosed, stored, and protected, and the rights available to you as a data subject.

By visiting this website, submitting an enquiry, subscribing to our services, or using i-IMS, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, please refrain from providing your personal data to us or using our services.

This Policy applies to personal data collected from: (a) visitors to this website; (b) individuals who contact us for sales, support, or partnership enquiries; (c) authorized users of i-IMS acting on behalf of a client organization ("Tenant"); and (d) individuals whose data is submitted into i-IMS by a Tenant in the course of using the System (for example, complainants, employees, or vendors named in a case record). Where a Tenant is the data controller for data entered into the System (such as complaint or case data), we act as a data processor on the Tenant's behalf and process such data strictly under the Tenant's instructions and our service agreement with them.

2.Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

CategoryExamples
Identification & contact dataName, job title, organization, work email address, phone number
Account & access dataUsername, encrypted password, login timestamps, IP address, device/browser information, role and permission assignments
Communication dataMessages, enquiries, or attachments submitted via our contact form, email, or phone
Billing dataCompany registration details, billing address, and invoicing information (payment card details are not collected or stored by us)
Usage dataPages visited, feature usage, audit logs, and system activity within i-IMS
Case-related data (processed on behalf of Tenants)Information submitted through complaint, conflict-of-interest, gift, or asset declaration modules — which may include sensitive personal data such as details of alleged misconduct

Where our whistleblowing / complaints module is configured for anonymous reporting, we do not require the complainant's identity, and identity fields (if voluntarily provided) are encrypted and access-restricted in accordance with the Tenant's configuration.

3.How We Collect Your Data

  • Directly from you, when you fill in our contact form, register for a demo, correspond with us by email or phone, or use i-IMS as an authorized user.
  • Automatically, through cookies and similar technologies when you browse this website (see Section 11).
  • From your employer or organization, where they engage us to deploy i-IMS and provide user account details for provisioning.
  • From third parties, such as publicly available business directories, where reasonably necessary for legitimate business development purposes.

4.Purpose of Processing

We collect and process personal data for the following purposes:

  • To respond to enquiries, provide product demonstrations, and process quotations or sales orders;
  • To create, provision, and manage user accounts and access rights within i-IMS;
  • To operate, maintain, secure, and improve the System, including troubleshooting and technical support;
  • To send service-related communications, including system notifications, maintenance updates, and (where consented) marketing communications;
  • To comply with our legal, regulatory, and contractual obligations, including billing, tax, and audit requirements; and
  • To detect, investigate, and prevent fraud, unauthorized access, or misuse of the System.

Where we process case-related personal data within i-IMS on behalf of a Tenant, such processing is carried out solely for the purposes instructed by that Tenant (for example, managing a complaint, conflict-of-interest declaration, or disciplinary case) and is governed by our data processing agreement with the Tenant.

5.Legal Basis & Consent

We rely on one or more of the following legal bases to process your personal data: (a) your consent, given at the point of data collection; (b) performance of a contract with you or your organization; (c) compliance with a legal obligation; or (d) our legitimate business interests, provided these do not override your fundamental rights.

Where consent is the basis for processing (for example, marketing communications), you may withdraw your consent at any time by contacting us using the details in Section 15. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal, and may affect our ability to continue providing certain services to you.

6.Disclosure of Personal Data

We do not sell or rent personal data. We may disclose personal data to the following categories of recipients, strictly on a need-to-know basis and subject to appropriate confidentiality and security safeguards:

  • Authorized personnel of the relevant Tenant (for case-related data submitted into i-IMS), based on the role-based access controls configured for that Tenant;
  • Sub-processors and service providers, such as cloud hosting, email delivery, and payment processing providers, engaged to support our operations, bound by contractual confidentiality obligations;
  • Professional advisors, including auditors, lawyers, and insurers, where reasonably required;
  • Regulators, law enforcement, or courts, where required or permitted by Malaysian law, including under Section 17A of the Malaysian Anti-Corruption Commission Act 2009; and
  • A successor entity, in connection with a merger, acquisition, or sale of business assets, subject to equivalent privacy protections.

7.Cross-Border Data Transfer

Personal data is primarily hosted on infrastructure located within Malaysia. Where a Tenant requests a private or on-premise deployment, data resides within the Tenant's own designated infrastructure and jurisdiction.

If personal data must be transferred to, or processed in, a location outside Malaysia (for example, where a cloud or support sub-processor operates internationally), we will only do so in compliance with Section 129 of the PDPA — that is, where the recipient jurisdiction has been specified by the Minister as having substantially similar data protection laws, or where an applicable exception under the PDPA applies, or with your explicit consent.

8.Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Retention periods for case-related data within i-IMS (such as complaint or investigation records) are generally determined by the Tenant's internal governance policy and applicable regulatory retention requirements. Upon expiry of the applicable retention period, personal data is securely deleted or anonymized.

9.Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized or accidental access, processing, erasure, loss, or misuse, including:

  • Encryption of sensitive fields (such as whistleblower identity data) both in transit and at rest;
  • Role-based access control and separation of duties between case officers, investigating officers, and administrators;
  • Comprehensive audit logging of access to sensitive records;
  • Infrastructure hosted on ISO/IEC 27001-aligned environments; and
  • Periodic access reviews and staff confidentiality obligations.

While we take reasonable steps to safeguard personal data, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10.Your Rights Under the PDPA

Subject to the exceptions and procedures set out in the PDPA, you have the right to:

  • Access — request confirmation of, and access to, the personal data we hold about you;
  • Correction — request correction of personal data that is inaccurate, incomplete, or outdated;
  • Withdraw consent — withdraw consent previously given for a specific purpose (see Section 5);
  • Limit processing — request that we cease processing your personal data for direct marketing purposes; and
  • Data portability, where applicable and technically feasible.

To exercise any of these rights, please submit a request using the contact details in Section 15. We may require proof of identity before processing your request and may charge a nominal processing fee as permitted under the PDPA. We aim to respond within 21 days of receiving a complete request, as required under the PDPA's Access and Correction regulations.

If your personal data is held within i-IMS as part of a case managed by one of our Tenants (for example, you are named in a complaint record), please direct your request to that Tenant organization in the first instance, as they act as the data controller for that data.

11.Cookies & Tracking Technologies

This website uses cookies and similar technologies to operate core functionality (such as session management and security), remember preferences, and understand aggregate site usage. You may configure your browser to refuse cookies; however, some parts of this website may not function properly as a result.

12.Children's Privacy

Our website and i-IMS are intended for business use by adults acting in a professional capacity. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we will take steps to delete such data promptly.

13.Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of such third-party websites. We encourage you to review the privacy policy of any third-party website you visit.

14.Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational reasons. The updated version will be indicated by a revised "Last updated" date at the top of this page. We encourage you to review this Policy periodically.

15.Contact Us / Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, please contact us:

Ethos Principle Sdn Bhd

Attn: Data Protection Officer

info@ethosprinciple.com.my

+6019 800 3217

Cyberjaya, Malaysia

i-IMS

Integrated Integrity Management System

© 2026 i-IMS. All rights reserved. · Developed by Ethos Principle Sdn Bhd