← CRM BN

Privacy Notice

Last updated: 12 July 2026

This notice explains how CRM BN ("CRM BN", "we", "us") handles personal data when you visit this website, request a concept, communicate with us, or use our website services.

Privacy contact: For questions or requests about your personal data, email sage-digital@agentmail.to. We will verify requests before disclosing or changing personal data.

1. Laws and scope

We handle personal data with regard to the privacy and data-protection requirements that apply to our activities, including Brunei Darussalam's Personal Data Protection Order 2025 and Malaysia's Personal Data Protection Act 2010, as amended, where applicable. This notice applies to website visitors, prospective customers, customers, and authorized business representatives.

2. Personal data we collect

We collect only information reasonably needed to respond to an inquiry or provide the requested service. This may include:

Please do not submit passwords, payment-card details, identity documents, health information, or other unnecessary sensitive personal data.

3. How we collect it

We collect personal data directly from you through the website form, email, and service communications. We may also receive business information from an authorized representative or from public business sources when preparing a private outreach concept. We do not treat publicly available information as permission to use it for unrelated purposes.

4. Purposes and choice

We use personal data to:

Required form fields are needed to identify and respond to the request. Optional fields may be left blank. We do not use inquiry details for unrelated marketing, sell personal data, or publish an unofficial concept as the business's official page without approval.

5. Consent and withdrawal

When consent is the basis for processing, you may withdraw it by contacting us. Withdrawal does not affect processing already carried out lawfully and may prevent us from continuing an inquiry or service. Transactional and legal records may still be retained where reasonably required.

6. Disclosure and service providers

We disclose personal data only as needed for the stated purposes. Recipients may include website hosting and data-storage providers, email and communications providers, configured AI service providers used to help organize supplied information or draft content, professional advisers, and authorities where disclosure is required by law. Providers receive only the information reasonably necessary for their role and are expected to protect it. We do not sell or rent personal data.

7. AI-assisted preparation

We may use configured AI services to help organize business information and draft page copy. We minimize the information sent, avoid unnecessary sensitive data, and review AI-assisted output before publication. AI output is not treated as verified business fact; you approve the facts, claims, images, and contact details before launch.

8. International processing

Some hosting, email, and AI providers may process data outside Brunei Darussalam or Malaysia. Where cross-border processing occurs, we take reasonable steps to use reputable providers and protections appropriate to the information and applicable law.

9. Security and data breaches

Form submissions are stored in a private, owner-readable collection; website visitors cannot read them. We use access controls, data minimization, rate limits, and reasonable administrative and technical safeguards. No internet service is completely secure. If a personal-data breach occurs, we will assess it, contain it, keep appropriate records, and notify affected persons or regulators when applicable law requires it.

10. Retention

We keep inquiry data only while reasonably needed to respond, follow up, prevent duplicate or unwanted contact, establish or defend legal rights, and meet legal or accounting duties. We periodically review records and delete or anonymize data that is no longer needed. A minimal do-not-contact record may be retained so that an opt-out remains effective.

11. Accuracy and your rights

You may ask to access or correct your personal data, withdraw consent, object to or limit certain processing, request deletion where applicable, or ask how your data was used or disclosed. Rights depend on the law and circumstances. Contact us using the email above; describe your request and the email or phone number involved. We may request proportionate proof of identity or authority. You may also complain to the relevant data-protection authority.

12. Cookies and analytics

This site does not currently set advertising cookies or run behavioral advertising. Our hosting provider may process essential technical logs needed to deliver, secure, and diagnose the site. If we later add non-essential analytics or marketing technologies, we will update this notice and provide any choice required by applicable law.

13. Children

The service is intended for business owners and authorized business representatives, not children. Do not submit a child's personal data through the inquiry form.

14. Outreach and opt-out

If we contact a business about a private concept, the message identifies us and explains why we are writing. You may ask us not to contact you again. We will place the relevant contact detail on our suppression list and stop non-required outreach.

15. Changes to this notice

We may update this notice when our services or legal obligations change. The current version and update date will remain available on this page. Material changes affecting an active customer may also be communicated directly where appropriate.