Information on this site is advertising in nature

GDPR Compliance

Last updated: June 16, 2026

Our Commitment to Data Protection

prairie oryx is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page outlines how we comply with GDPR requirements and your rights as a data subject.

Data Controller Information

For the purposes of GDPR, the data controller is:

prairie oryx
Level 12, Menara Binjai
2 Jalan Binjai
50450 Kuala Lumpur, Malaysia
Email: [email protected]

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you have given explicit consent for us to process your data for specific purposes
  • Contractual Necessity: When processing is necessary to fulfill a contract with you or to take steps at your request before entering into a contract
  • Legal Obligation: When we must process your data to comply with legal requirements
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies requested.

Right to Rectification

You have the right to request correction of any information you believe is inaccurate or incomplete.

Right to Erasure

You have the right to request deletion of your personal data under certain conditions, including when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict processing of your personal data under certain circumstances.

Right to Object to Processing

You have the right to object to our processing of your personal data under certain conditions, particularly for direct marketing purposes.

Right to Data Portability

You have the right to request transfer of your data to another organization or directly to you, in a structured, commonly used, and machine-readable format.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates data protection laws.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with the subject line "GDPR Request". Please include:

  • Your full name and contact information
  • A clear description of the right you wish to exercise
  • Any relevant information to help us locate your data

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and updates
  • Restricted access to personal data on a need-to-know basis
  • Staff training on data protection principles
  • Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, and in any case within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in such risk.

International Data Transfers

When we transfer your personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Other legally approved transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the purpose of processing.

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

Updates to This Notice

We may update this GDPR compliance notice from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated notice on our website.

Contact Us

For any questions or concerns regarding GDPR compliance or our data protection practices, please contact us at:

Email: [email protected]
Address: Level 12, Menara Binjai, 2 Jalan Binjai, 50450 Kuala Lumpur, Malaysia