International Grafinity Association (IGA) · PDPA Compliant
Last updated: 1 Jan 2026
1. Introduction
1.1 This Privacy Policy sets out how the International Grafinity Association (IGA) (“IGA”, “we”, “our”, or “us”) collects, uses, discloses, and protects personal data in accordance with the Personal Data Protection Act 2010 (Malaysia) and its applicable amendments.
1.2 This Policy applies to all individuals who engage with IGA, including members, participants, applicants, parents or legal guardians, and users of any Grafinity-related services, platforms, or programs.
1.3 By providing personal data to IGA, you consent to the collection, use, and processing of such data in accordance with this Privacy Policy.
2. Types of Personal Data Collected
2.1 IGA may collect and process personal data including, but not limited to, the following:
- Full name
- Contact details, including telephone number and email address
- Identification details, including NRIC or passport number, where required
- Age or date of birth
- Parent or guardian details for individuals below eighteen (18) years of age
- Health or medical information, where necessary for participation in activities
- Photographs, video recordings, or other media
- Any other information provided through forms, registration, applications, or participation
3. Purpose of Data Collection
3.1 Personal data collected by IGA may be used for the following purposes:
- Membership registration and administration, including IGA, Legenz Club, and related ecosystem activities
- Event registration, coordination, and participation
- Communication of updates, notices, and relevant information
- Safety management, risk control, and emergency response
- Community engagement, program delivery, and operational execution
- Internal administration, record-keeping, and organisational purposes
- Marketing, communication, and promotional activities, including media usage
4. Consent
4.1 By providing personal data to IGA:
- You consent to the collection, use, and processing of your personal data in accordance with this Policy
- You confirm that the personal data provided is accurate, complete, and not misleading
4.2 In the case of individuals below eighteen (18) years of age, consent must be provided by a parent or legal guardian.
5. Disclosure of Personal Data
5.1 Personal data may be disclosed to the following parties where necessary for operational purposes:
- IGA team members and authorised personnel
- Event partners, venues, or collaborators
- Third-party service providers, including but not limited to data storage systems, communication platforms, payment processors, and form management tools
5.2 IGA shall take reasonable steps to ensure that any third party receiving personal data is subject to appropriate confidentiality and data protection obligations.
5.3 IGA does not sell, rent, or trade personal data to third parties.
6. Cross-Border Data Transfer
6.1 Personal data may be stored or processed outside Malaysia, including through cloud-based systems or third-party service providers.
6.2 IGA shall take reasonable steps to ensure that such data is handled securely and in accordance with applicable data protection laws and standards.
7. Data Protection and Security
7.1 IGA shall implement reasonable administrative, technical, and organisational measures to protect personal data from:
- Unauthorised access
- Loss, misuse, disclosure, alteration, or destruction
7.2 Notwithstanding Clause 7.1, IGA does not guarantee absolute security of personal data and shall not be liable for unauthorised access beyond its reasonable control.
8. Data Retention
8.1 Personal data shall be retained only for as long as necessary to:
- Fulfil the purposes set out in this Policy
- Comply with legal, regulatory, or operational requirements
8.2 IGA reserves the right to retain relevant personal data for administrative, audit, or legal purposes, even after membership or participation has ceased.
9. Access and Correction
9.1 Individuals have the right to:
- Request access to their personal data
- Request correction of inaccurate, incomplete, or outdated personal data
9.2 Such requests shall be subject to verification and may be declined where permitted under applicable law.
10. Withdrawal of Consent
10.1 Individuals may withdraw their consent to the processing of personal data by providing written notice to IGA.
10.2 Upon withdrawal of consent, IGA may no longer be able to provide membership access, program participation, or related services.
10.3 IGA reserves the right to suspend or terminate access where such withdrawal affects operational requirements.
11. Media and Recording
11.1 IGA may capture photographs, videos, or recordings during events, programs, or activities.
11.2 Such media may be used for:
- Community documentation
- Educational purposes
- Promotional and marketing materials
11.3 Individuals may request to opt out prior to participation, and IGA shall make reasonable efforts to accommodate such requests.
12. Data Breach Management
12.1 In the event of a data breach that may result in risk or harm, IGA shall take reasonable steps to:
- Contain and assess the breach
- Notify affected individuals where appropriate
- Notify relevant authorities where required under applicable law
13. Contact Information
13.1 For any inquiries, requests, or concerns relating to personal data, individuals may contact:
International Grafinity Association (IGA)
Email: admin@grafinity.org
14. Amendments
14.1 IGA reserves the right to amend or update this Privacy Policy at any time.
14.2 Any amendments shall be published through official communication channels and shall take effect upon publication.
15. Acceptance
15.1 By submitting personal data, registering for membership, or participating in any Grafinity activity, the individual acknowledges that they have read, understood, and agreed to this Privacy Policy.