Your information should move through the project as carefully as the design does.
This notice explains the intended handling of information submitted through the Cema HaiSic public website and later provided during a consultation or project.
Version 1.0 · Published 17 July 2026 · Malaysia1. Scope and responsible organisation
This notice applies to the Cema HaiSic website, consultation workflow and project records. The Cema organisation named in your enquiry acknowledgement, proposal or contract is responsible for the personal data it collects for that interaction.
2. Information we may collect
Depending on the stage, information may include your name, business or household details, contact information, property address, TNB bill data, roof or site imagery, design inputs, quotations, approvals, contract and payment status, communications, device and security logs. Sensitive documents should only be provided through an approved, access-controlled project channel.
3. Why information is used
Information is used to respond to enquiries, prepare and verify energy designs, calculate planning scenarios, produce proposals and contracts, coordinate payment and delivery, support customer service, protect accounts, keep audit records and meet legal obligations. We do not treat an enquiry as consent to unrelated marketing.
4. Legal basis and consent
Where applicable, processing is based on steps requested before a contract, performance of a contract, legal obligations, legitimate operational and security interests, or consent. Consent can be withdrawn for future processing where consent is the basis, without affecting processing already carried out lawfully.
5. Sharing and service providers
Access is limited by role and organisation. Information may be shared with authorised Cema personnel, an appointed broker or installer, and vetted providers for hosting, identity, mapping, OCR, payment, messaging, customer management, analytics or professional advice, only to the extent needed for the service. Live integrations must be configured and reviewed before use.
6. Storage, transfer and retention
Records are retained only as long as required for the enquiry, project, warranty, dispute, audit or legal purpose. Production data may be processed in Malaysia or another location used by an approved service provider, with contractual and technical safeguards appropriate to the transfer. Retention rules may differ by record category.
7. Security
We use access controls, secure sessions, audit trails, encryption in transit, protected storage, backups and operational monitoring. No online system can guarantee absolute security. Suspected misuse or accidental disclosure should be reported promptly through the consultation contact channel.
8. Your choices and rights
Subject to applicable Malaysian law, you may request access to or correction of personal data, ask about processing, withdraw a consent, object to certain uses, or request deletion where no overriding retention duty applies. We may need to verify identity and authority before acting on a request.
9. Cookies and public tools
The public ROI calculator is designed to work without contact details. Essential cookies may be used for security, language and session functions. Protected application pages use authentication cookies. Non-essential analytics or advertising technologies should remain disabled until the relevant notice and controls are enabled.
10. Contact and updates
Use the consultation form and state that your message concerns privacy. We may update this notice when services, providers or legal requirements change; the publication date and version will be revised on this page.