By accessing our website at twenty7creatives.com or engaging our services, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services.
Twenty7 Creatives Privacy Policy Introduction
Who we are, what this policy covers, and why your privacy matters to us.
Twenty7 Creatives Sdn Bhd (“Twenty7 Creatives”, “we”, “us”, or “our”) is a full-service digital marketing and creative agency registered in Malaysia, with active operations spanning Malaysia, China, Singapore, and Thailand. We specialise in social media marketing, branding, web development, digital advertising, SEO, content production, influencer marketing, PR & media, CRM services, and business consulting.
We are committed to protecting the privacy and personal data of our clients, website visitors, business partners, influencers, and prospective clients. This Privacy Policy describes how we collect, use, store, disclose, and protect personal data in accordance with the Personal Data Protection Act 2010 (PDPA, Act 709) of Malaysia.
This policy applies to all personal data collected through our website (twenty7creatives.com), contact and enquiry forms, email communications, WhatsApp, social media platforms, and during the course of providing our services to clients.
Information We Collect
We collect only the information we need to deliver great work, communicate effectively, and improve our services.
We collect personal data in three main ways: information you provide to us directly, information collected automatically as you use our website, and information received from third-party platforms connected to your campaigns.
This includes data submitted when you fill out our contact form, reach out via email or WhatsApp, or engage us for a project:
- Identity data: Full name, job title, and company or brand name.
- Contact data: Email address, phone number, and WhatsApp number.
- Project data: Service requirements, budget range, project descriptions, timelines, and goals shared during onboarding.
- Communications: Any messages, emails, or documents shared with our team during enquiries or active projects.
- Financial data: Billing addresses, corporate tax registry details, payment method tokens, and historical invoice records for contracted services.
- Account credentials: Social media login credentials, advertising tokens, API keys, or administrative system access explicitly granted for platform setup and campaign management.
When you visit our website, certain technical data is collected automatically via cookies and analytics tools:
- Device & browser data: IP address, device hardware models, web browser configurations, software versioning, and operating system properties.
- Usage data: Sequential records of pages visited, standard time duration spent per asset, deep scroll tracking, navigation links followed, and interactive click paths.
- Referral data: The source external uniform resource locator (URL), organic marketing channel, or platform that directed your session to our site.
- Location data: Approximate macro geographic orientation derived via generic IP address mapping (strictly isolated to regional country or city tiers).
Where you authorise us to manage campaigns on your behalf, we may access data from:
- Meta Business Suite (Facebook & Instagram Advertising profile distributions).
- Google Ads, Google Merchant Center, and core Google Analytics data streams.
- TikTok for Business networks, including conversion tracking pixel structures.
- Xiaohongshu (XHS) enterprise account monitoring and Meituan Dianping performance analytics.
- Tripadvisor ecosystem datasets and related local business search listings.
All third-party platform data is accessed solely for the purpose of delivering your contracted services and is never used for unrelated purposes.
How We Use Your Information
Every piece of data we collect serves a specific, legitimate purpose — we never collect information we don't need.
We use the personal data we collect for the following clearly defined purposes:
- Responding to enquiries: Evaluation of structured contact submittals, delivery of customized service quotations, and follow-up communications.
- Service delivery: Setting up new accounts, coordinating project timelines, developing creative assets, and executing multi-channel digital campaigns.
- Billing & payments: Generating invoices, completing bank transfers, validating payment compliance, and managing corporate account settlements.
- Client communications: Sending recurring campaign performance summaries, delivering optimization insights, and scheduling necessary strategic operational syncs.
- Marketing communications: Distribution of corporate news, service structural announcements, and promotional newsletters.
- Website improvement: Measuring interface behavior trends, assessing page responsiveness, and refining layout designs to optimize user experience.
- Legal compliance: Processing regulatory reporting requirements, cooperating with tax reviews, and fulfilling active obligations under Malaysian law.
- Security: Monitoring infrastructure stability, investigating malicious traffic patterns, and protecting client digital architecture from potential exploitation.
We may send you relevant updates, industry insights, or promotional content by email or WhatsApp. You can opt out at any time by replying “UNSUBSCRIBE” to any message or emailing us at admin@twenty7creatives.com. We will never sell your data to advertisers or use it for unsolicited third-party marketing.
Sharing of Information
Details on our restricted protocols and the trusted pathways we use when processing partner integrations.
Twenty7 Creatives will never sell, rent, or trade your personal data to any third party for commercial purposes. We may share limited data only in the following circumstances:
- Trusted service providers: Secure cloud-hosting providers, messaging automation software, payment settlement processing windows, and data compilation engines bound by data protection obligations.
- Advertising platforms: Data pass-through mechanics via conversion pixels to networks including Meta, Google, TikTok, Xiaohongshu, and Meituan Dianping strictly for paid campaign optimizations.
- Influencer & KOL network: Direct transfer of project-relevant communication details to vetted independent content creators who are bound by explicit non-disclosure conditions.
- Legal obligations: Direct disclosure requirements to law enforcement bodies, tax administrative bodies, or court jurisdictions upon presentation of statutory warrants or legal orders.
- Business transfers: Allocation of historical data pools during eventual corporate structural mergers, asset liquidation procedures, or ownership consolidation events.
In all cases, we take reasonable steps to ensure that third parties handle your data in a manner consistent with this structural Privacy Policy and applicable local data regulations.
Cookies & Tracking
We use cookies and tracking pixels to understand how our website is used and to support our digital marketing activities.
Our website uses cookies, pixels, and similar tracking technologies. A cookie is a small text file placed on your device when you visit a website. These technologies help us recognise returning visitors, analyse site performance, and run more effective advertising campaigns.
- Essential Cookies: Core operations support cookies required to navigate standard site paths and manage form submissions securely.
- Analytics Cookies: Anonymized analytical scripts (Google Analytics) mapped to aggregate performance trends, click metrics, and conversion funnels.
- Marketing & Retargeting Cookies: Interactive pixel scripts deployed for measuring ad performance and cross-channel optimization routines on Meta, Google, and TikTok.
- Functional Cookies: Persistent local preferences retention systems tailored to adjust localized language displays and interface visual configurations across recurring browsing occurrences.
You may manage or disable cookies at any time through your browser settings. Please note that disabling certain cookies may limit the functionality of our website. Continued use of our website after being informed of cookie usage constitutes your acceptance of our cookie practices表达.
Most browsers allow you to view, manage, and delete cookies via their settings menu. Visit www.aboutcookies.org for browser-specific instructions on managing cookie preferences.
Data Retention
We keep your data only for as long as necessary. Once the retention period expires, your data is securely deleted.
We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable Malaysian law and regulatory obligations.
- Client project records: Maintained for a duration of 7 years post-contract end to ensure administrative compliance with corporate audits and local fiscal inquiries.
- Enquiry & contact form data: Preserved for a standard period of 2 years from date of transmission for prospective client support, unless transitioned into an active contract.
- Marketing communications data: Retained indefinitely until an individual files a valid unsubscribe execution or requests data purging.
- Website analytics data: Programmatically configured to expire after 26 months following standard user profile analytical interaction baselines.
- Financial & billing records: Mandatorily kept for 7 years in compliance with standard record-keeping laws managed by the Inland Revenue Board of Malaysia (LHDN).
Upon expiry of the applicable retention period, personal data will be securely deleted, destroyed, or permanently anonymised using industry-standard methods.
Your Rights
Under Malaysia's PDPA 2010, you have clear rights regarding your personal data. We honour every request transparently.
As a data subject under the Personal Data Protection Act 2010 (Malaysia), you have the following rights with respect to your personal data held by Twenty7 Creatives:
- Right of Access: Formal entitlement to secure descriptive logs verifying if your data is under active processing, accompanied by structural context mapping the distribution loops.
- Right of Correction: Absolute right to enforce corrections regarding obsolete profile addresses, outdated metrics, or inaccurate identity listings.
- Right to Withdraw Consent: Unconditional power to recall promotional consents, rendering previous direct messaging approvals invalid for future application.
- Right to Limit Processing: Authority to instruct structural blocks holding data fields from distribution while preventing total system erasure.
- Right to be Informed: Upfront disclosure protections specifying the reasons and methods behind any active data collection.
To exercise any of the above rights, please submit a written request to admin@twenty7creatives.com. We will acknowledge your request within 5 business days and respond fully within 21 business days. In certain cases, we may require proof of identity before processing your request.
Twenty7 Creatives Sdn Bhd processes all personal data in accordance with the Personal Data Protection Act 2010 (Act 709) of Malaysia. Where our operations extend to Singapore, China, and Thailand, we take reasonable steps to align with the applicable data protection legislation of those jurisdictions, including Singapore's PDPA (2012), China's PIPL (2021), and Thailand's PDPA (2019).
Data Security
We take data security seriously and implement high-level technical and organisational measures to protect your logs.
Twenty7 Creatives implements a range of security measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:
- Enforcement of standard Transport Layer Security (TLS 1.3) protocols covering data transmissions.
- Deployment of role-based authorization barriers restricting core customer profiles only to essential engineering and account teams.
- Routine structural security reviews and firewall threat monitoring across database storage nodes.
- Mandatory compliance training and binding confidentiality statements signed by internal staff.
- Implementation of secure cryptographic deletion procedures once retention periods expire.
- Implementation of Multi-Factor Authentication (MFA) across internal corporate platforms and customer marketing management integrations.
While we take all reasonable precautions, no method of data transmission or storage over the internet is 100% secure. In the unlikely event of a data breach that poses a risk to your rights or freedoms, we will notify affected individuals and the relevant authorities as required under Malaysian law.
Third-Party Links
Our website may link to external platforms. Once you leave our site, this Privacy Policy no longer applies.
Our website contains links to third-party websites and platforms, including but not limited to Meta (Facebook & Instagram), Google, TikTok, Xiaohongshu (XHS), LinkedIn, Tripadvisor, and Meituan Dianping. These external sites operate independently under their own privacy policies, which we have no control over.
We strongly encourage you to review the privacy policies of any third-party websites you visit via links on our site. The inclusion of a link on twenty7creatives.com does not constitute an endorsement of that website, its content, or its data practices. Twenty7 Creatives accepts no responsibility or liability for the privacy practices of third-party sites.
Children's Privacy
Our services are designed for business professionals. We do not knowingly collect data from minors under 18.
The website and services of Twenty7 Creatives are intended solely for use by business professionals, brand owners, and individuals aged 18 years and above. We do not knowingly collect, process, or store personal data from children under the age of 18.
If you believe that a child has provided us with personal data without parental consent, please contact us immediately at admin@twenty7creatives.com. Upon verification, we will take prompt steps to delete such information from our records.
Changes to This Privacy Policy
We review and update this policy periodically to reflect changes in our services and applicable legal standards.
Twenty7 Creatives reserves the right to update or amend this Privacy Policy at any time. Changes may be made to reflect updates to our services, new legal or regulatory requirements, feedback from users, or improvements in our data practices.
When we make material changes to this policy, we will update the “Last Updated” date displayed at the top of this page. For significant changes, we may also notify clients directly via email or through a notice on our website.
Your continued use of our website or services after any such changes constitutes your acknowledgement and acceptance of the updated Privacy Policy. We encourage you to review this page periodically to stay informed of how we are protecting your data.
Contact Our Privacy Team
Have a question about this policy or how we handle your data? Reach out to our legal department directly.
If you have any questions, concerns, complaints, or requests relating to this Privacy Policy or the personal data we hold about you, please do not hesitate to contact us. We take all data-related enquiries seriously and will respond promptly.
Email: admin@twenty7creatives.com
Phone / WhatsApp: +6016-366 2772
Website: www.twenty7creatives.com
Operating Markets: Malaysia · China · Singapore · Thailand
We aim to acknowledge all data-related enquiries within 5 business days and provide a full response within 21 business days of receipt. If you are unsatisfied with our response, you have the right to escalate your complaint to the Personal Data Protection Commissioner of Malaysia.