Proposed Privacy Policy for Aton Group


Aton Group and its subsidiaries ("the Company") are committed to protecting the privacy of individuals in compliance with the Personal Data Protection Act 2010 (PDPA) and the latest 2024 amendments. This Privacy Policy is in compliance with the Personal Data Protection Act 2010 ("PDPA") and serves to inform you of how Aton Group and its subsidiaries collects, processes, stores, and protects your personal data in compliance with the statutory requirements.

This Privacy Policy outlines our policies and procedures regarding the collection, processing, storage, and disclosure of personal data, whether obtained through this website or other business interactions, including but not limited to contractual engagements, communications, and regulatory obligations.

Information We Collect

The Purchaser’s personal data will be processed by the Developer or by parties acting on the Developer’s behalf. Such personal data will include (but will not be limited to) the Purchaser’s name, identity card number, passport number, nationality, race, birth date, age, gender, address, telephone number, e-mail address, religious beliefs, medical records, criminal records, affiliations, and any other information relating directly or indirectly to the Purchaser or which may be used to identify the Purchaser.

We may collect and process the following categories of personal data, depending on the nature of our relationship with you:

  • General identification and contact details: Full name, address, email, telephone number, and other contact information.
  • Government-issued identification numbers: National Identification Number (NRIC), passport number, tax identification number, or any other identifiers required by law
  • Financial and transactional data: Bank details, payment records, and relevant financial history related to engagements with us.
  • Service-related data: Information regarding preferences, transaction history, and feedback for service enhancement.
  • Marketing preferences and correspondence data: Communications and records of interactions with our representatives.
  • Sensitive personal data: Where required by law or necessary for service provision, we may collect sensitive data such as biometric data, or financial status, subject to your explicit consent and regulatory compliance.
Any failure to provide such personal data may have effects on the Developer’s provision of the products and/or services (such effects may include the non-provision of the products and/or services) to the Purchaser.


Purposes for Processing Personal Data

We process personal data based on the following legal grounds:

  • Contractual necessity: To facilitate transactions and fulfill contractual obligations.
  • Legal compliance: To adhere to statutory obligations, regulatory requirements, and law enforcement directives.
  • Legitimate interests: To manage business operations, improve services, prevent fraud, and ensure cybersecurity.
  • Consent: For direct marketing activities and where explicit consent is required under PDPA.

Personal data may be used for the following purposes:

  • Managing customer relationships, providing services and facilitate the Purchaser’s usage of said services.
  • Sending policy updates, administrative notices, and service-related communications.
  • Conducting research, analytics, and satisfaction assessments.
  • Ensuring regulatory compliance and legal enforcement.
  • Preventing fraudulent activities and maintaining business integrity.
  • Facilitating legal proceedings and dispute resolution where necessary.
  • To achieve any other purpose which, in the Developer estimation, is necessary and/or reasonable in the circumstances.



Disclosure and Sharing of Personal Data

Personal data may be shared under the following circumstances:

  • Intra-group sharing: Among Aton Group subsidiaries for administrative, compliance, and operational purposes.
  • Third-party service providers: Including auditors, legal advisors, accountants, IT service providers, and other external professional consultants.
  • Regulatory and legal authorities: To comply with statutory requirements and respond to lawful government, court, or enforcement requests.
  • Business transactions: In cases of mergers, acquisitions, restructuring, or business transfers, subject to compliance with applicable data protection regulations.
  • Marketing and strategic partners

The Developer may disclose the Purchaser’s personal data to the following parties:-

  1. A party to whom disclosure is provided for under law or required by an authority;
  2. A company related to the Developer;
  3. The Developer’s business partners, agents, employees, contractors, sub-contractors, service providers, and suppliers;
  4. Auditors, consultants, accounts, lawyers or advisors; and
  5. Any other party to whom disclosure is, in the Developer’s estimation, necessary and/or reasonable in the circumstances.

Data Security and Protection Measures

The Company implements stringent security measures to protect your personal information from unauthorized use or disclosure. Despite our best efforts, no security system is completely infallible. Individuals are encouraged to take appropriate steps to protect their own personal data.


Data Retention and Storage

Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected or as required by legal and regulatory obligations.


Your Rights


  • Right to access: Request a copy of the personal data we hold about you.
  • Right to correction: Request rectification of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of personal data, subject to legal and contractual constraints.
  • Right to restrict processing: Request limitations on how your data is used in certain circumstances.
  • Right to withdraw consent: Withdraw consent for data processing at any time where applicable.
  • Right to data portability: Where applicable, request a structured format transfer of your personal data to another entity.

To exercise this right, please contact the Developer using the contact information provided in this document. Please note that the Purchaser’s exercise of the aforesaid right may have effects on the Developer’s provision of the products and/or services (such effects may include the non-provision of the products and/or services) to the Purchaser and the Developer is not liable for any loss, damage, or any other liability resulting directly or indirectly from such effects. Requests must be submitted in writing and may be subject to verification and applicable fees as permitted under PDPA.

Amendments to This Privacy Policy

This Privacy Policy may be revised periodically to reflect changes in legal and regulatory requirements, business operations, or data protection practices. Updates will be published on our official website, and where material changes occur, affected individuals will be notified accordingly.


Contact Us

For any questions, please contact us at:

  1. Email: info@aton.com.my
  2. Phone: +6 015 4876 1999
  3. Address:
  4. Lot 4-1, Level 4, Aru Suites, Off
  5. Jalan Tanjung Aru, Tanjung Aru,
  6. 88100 Kota Kinabalu, Sabah

Aton logo