top of page

Data Protection
and Privacy Policy

1. Introduction

This Data Protection and Privacy Policy outlines the principles and procedures for protecting personal data at Athentura, including its brands "Samafen" and "Athentura". This policy applies to all employees, contractors, and partners across our offices in Miami, Kuala Lumpur, and the Maldives.

2. Scope

This policy covers all personal data collected, processed, and stored by the company, including but not limited to:

  • Customer data

  • Employee data

  • Marketing data

  • Analytics data

3. Legal Compliance

  • United States: Comply with federal and state data protection laws, including the Federal Trade Commission Act (FTC Act) and relevant state laws such as the California Consumer Privacy Act (CCPA)[1].

  • Maldives: Adhere to the Personal Data Protection Act, which governs the collection, use, and disclosure of personal data in the Maldives[2].

  • Malaysia: Follow the Personal Data Protection Act 2010 (PDPA), which regulates the processing of personal data in commercial transactions.

4. Data Collection and Use

  • Purpose Limitation: Collect personal data only for specified, explicit, and legitimate purposes. Ensure that data is not further processed in a manner incompatible with those purposes.

  • Data Minimization: Collect only the data necessary for the intended purpose.

  • Transparency: Inform individuals about the purposes for which their data is collected and how it will be used.

5. Data Protection Principles

  • Lawfulness, Fairness, and Transparency: Process personal data lawfully, fairly, and in a transparent manner.

  • Accuracy: Ensure that personal data is accurate and kept up to date.

  • Storage Limitation: Retain personal data only for as long as necessary for the purposes for which it was collected.

  • Integrity and Confidentiality: Implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

6. Individual Rights

  • Access: Individuals have the right to access their personal data and obtain information about how it is being processed.

  • Rectification: Individuals can request the correction of inaccurate or incomplete data.

  • Erasure: Individuals have the right to request the deletion of their personal data under certain conditions.

  • Restriction of Processing: Individuals can request the restriction of processing their data under certain circumstances.

  • Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format.

7. Data Security

  • Encryption: Use encryption to protect personal data during transmission and storage.

  • Access Controls: Implement strict access controls to ensure that only authorized personnel can access personal data.

  • Regular Audits: Conduct regular audits to assess data protection practices and identify potential vulnerabilities.

8. Data Breach Notification

  • Incident Response Plan: Establish a data breach response plan to address and mitigate the impact of data breaches.

  • Notification: Notify affected individuals and relevant authorities of data breaches in accordance with legal requirements.

9. Cross-Border Data Transfers

  • Adequate Protection: Ensure that personal data transferred across borders is protected in accordance with applicable data protection laws.

  • Standard Contractual Clauses: Use standard contractual clauses or other approved mechanisms for international data transfers.

10. AI and Analytics

  • Ethical Use: Ensure that AI and analytics tools are used ethically and in compliance with data protection laws.

  • Bias Mitigation: Implement measures to identify and mitigate algorithmic bias in AI systems.

  • Informed Consent: Obtain informed consent from individuals before collecting and processing their data for AI and analytics purposes.

11. Training and Awareness

  • Employee Training: Provide regular training to employees on data protection and privacy practices.

  • Awareness Programs: Conduct awareness programs to keep employees informed about data protection policies and procedures.

12. Review and Updates

This policy will be reviewed annually and updated as necessary to reflect changes in laws and business practices.

What to include in the Privacy Policy

Generally speaking, a Privacy Policy often addresses these types of issues: the types of information the website is collecting and the manner in which it collects the data; an explanation about why is the website collecting these types of information; what are the website’s practices on sharing the information with third parties; ways in which your visitors and customers can exercise their rights according to the relevant privacy legislation; the specific practices regarding minors’ data collection; and much, much more. 


To learn more about this, check out our article “Creating a Privacy Policy”.

bottom of page