Privacy Policy

Effective date: 17 September 2025

Whoosh Media respects your privacy and is committed to protecting personal data that we process in the course of providing our marketing and digital services. This policy explains what we collect, how we use it, whom we share it with, how long we keep it, and what rights you have.

Whoosh Media operates from Malaysia and Singapore and provides branding, content, web development, UI/UX, SEO/SEM, and digital marketing services. Contact details and office addresses are set out in the Contact section.

1. Who we are and how to contact us

Whoosh Media (Malaysia registration no. 002788903-D) provides creative and digital marketing services.
Email: support@whoosh-media.com
Malaysia office: No.16-7 Infinity Tower, Jalan SS6/3, 47301 Petaling Jaya, Selangor, Malaysia
Singapore office: 101 Kitchener Road #02-41, Jalan Besar Plaza, Singapore 208511
Telephone (MY): +60 12 287 5069
Telephone (SG): +65 9385 1869.

If you have questions about this policy or wish to exercise your rights, contact us at the email above.

2. Scope

This policy covers personal data we collect through our websites, forms, landing pages, and communications, as well as data we receive when we deliver services to clients and prospects.

3. The data we collect

We collect and process the following categories of data:

• Identification and contact data: name, email address, telephone number, company, role, country or city
  
  
• Business information: service interests, project details, budgets, timelines
  
  
• Technical data: IP address, device identifiers, browser type, pages viewed, session duration, referral sources
  
  
• Marketing preferences: subscriptions, consent choices, communication history
  
  
• Content you provide: enquiries, briefs, materials you upload or share with us
  
  

We collect data directly from you when you submit a contact form or speak with us, and automatically through cookies and similar technologies when you use our sites.

4. Lawful bases for processing

We process personal data on the following bases, as applicable:

• Contract: to take steps at your request before entering into a contract or to perform a contract with you
  
  
• Consent: where you have given clear consent, for example to receive marketing
  
  
• Legitimate interests: to operate and improve our services, secure our systems, prevent misuse, and grow our business in a way that does not override your rights
  
  
• Legal obligation: to comply with laws and regulatory requests
  
  

If we rely on consent you can withdraw it at any time using the contact details above.

5. How we use your data

We use personal data to:

• respond to enquiries and provide proposals
  
  
• deliver projects, manage accounts, and provide client support
  
  
• operate websites, diagnose issues, and keep services secure
  
  
• measure and improve performance, including through analytics
  
  
• personalise content and advertising where permitted
  
  
• manage marketing communications and event invitations
  
  
• comply with laws, handle disputes, and enforce agreements
  
  

Our websites showcase our services such as branding, content consultancy, web development, UI/UX, SEO/SEM, and digital and social media marketing, and provide a contact form for new business.

6. Cookies and similar technologies

We use necessary cookies to run our sites. With consent, we may use functional, analytics, and advertising cookies or pixels to understand site usage and improve marketing. You can control cookies through your browser settings. If you block certain cookies some features may not work as intended.

7. Disclosures to third parties

We share data only when needed and with safeguards:

• Service providers that host our sites, send emails, provide analytics, customer relationship tools, advertising platforms, payment or invoicing, and security services
  
  
• Partners and platforms used to deliver campaigns, landing pages, or integrations
  
  
• Professional advisers for legal, compliance, and financial purposes
  
  
• Authorities where required by law or to protect rights
  
  

Where relevant we may use infrastructure or services from providers such as website hosts, analytics, marketing and social platforms, payment or e-commerce partners named on our site. The presence of partners such as Meta, HubSpot, Exabytes, iPay88, TikTok, and others on our site indicates typical categories of services we may use in delivering work. Specific providers may change from time to time.

We do not sell personal data.

8. International transfers

Given our operations in Malaysia and Singapore and our use of global service providers, personal data may be transferred to countries with different data protection laws. When we transfer data internationally we use appropriate safeguards such as contractual protections and industry-standard security measures.

9. Data retention

We keep personal data only as long as needed for the purposes described in this policy:

• enquiries and sales records: up to 24 months after last interaction, unless you become a client
  
  
• client and project records: for the project term plus the period required by law or to establish or defend legal claims
  
  
• marketing data: until you unsubscribe or your consent is withdrawn, then placed on a suppression list to respect your choice
  
  
• technical logs and security records: for operational and security needs, typically no longer than 24 months unless required longer for investigation
  
  

10. Security

We use organisational, technical, and physical safeguards to protect personal data against unauthorised access, alteration, disclosure, or loss. No method of transmission or storage is fully secure. We maintain access controls, encryption in transit where appropriate, minimum-necessary access, and data handling procedures.

11. Your rights

Your rights depend on where you live. Subject to limits in local law you may have the right to:

• request access to your data and obtain a copy
  
  
• request correction of inaccurate or incomplete data
  
  
• request deletion of your data
  
  
• object to certain processing or request restriction
  
  
• withdraw consent where we rely on consent
  
  
• request data portability in a usable format
  
  
• lodge a complaint with your regulator
  
  

For Malaysia residents, you may contact the Personal Data Protection Department (JPDP). For Singapore residents, you may contact the Personal Data Protection Commission (PDPC). For UK and EEA residents, you may contact your national data protection authority.

To exercise rights contact us using the details in section 1. We may need to verify your identity and may ask for information to process your request.

12. Children

Our services are intended for business users. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate action.

13. Changes to this policy

We may update this policy to reflect changes in laws or our practices. We will post the new version with a new effective date. Material changes will be highlighted where practicable.