This Privacy Policy explains how OnTime Cloud and Septarian Sdn Bhd collect, use, disclose, retain, and protect personal data when you visit ontime.com.my, submit an enquiry, request a demo, communicate with us, or use OnTime Cloud services through an authorised customer account.
OnTime Cloud is a B2B cloud attendance, workforce management, visitor management, reporting, compliance, and integration platform. This policy is written with Malaysia Personal Data Protection Act 2010 principles in mind, including notice, consent, access, correction, withdrawal, retention, security, and cross-border transfer considerations.
Important: This policy should be read together with any quotation, order form, subscription agreement, service agreement, data processing terms, or other written contract that applies to your organisation.
OnTime Cloud is operated by Septarian Sdn Bhd in Malaysia. This Privacy Policy applies to the OnTime Cloud website, business enquiries, demo requests, communications, support interactions, and OnTime Cloud services made available to authorised business customers.
Our privacy role depends on the context in which personal data is processed.
| Situation | Usual Role |
|---|---|
| Website enquiries, demo requests, WhatsApp messages, email, calls, analytics, sales follow-up, and business communications. | Septarian / OnTime generally acts as data controller for this data. |
| Customer account administration, subscription management, billing records, authorised user contacts, and support coordination. | Septarian / OnTime may act as data controller or in a controller-like role for account and business contact data. |
| Employee, contractor, visitor, attendance, biometric/photo, location, device, reporting, and payroll-ready data processed inside OnTime Cloud for a customer. | The customer generally controls the purpose and lawful basis. Septarian processes the data as a service provider or data processor according to the applicable agreement and configuration. |
When you contact us, request information, arrange a demo, use our website, or communicate with our team, we may collect business and technical data such as:
Where OnTime Cloud is used by a customer, the platform may process workforce and operational data selected, uploaded, configured, or authorised by that customer. This may include:
Some OnTime Cloud features may involve more sensitive workforce data, depending on customer configuration, selected devices, and internal workplace policy.
Customers are responsible for providing employee, contractor, and visitor notices and obtaining consent or other lawful authorisation where required before enabling photo, biometric-related, location, monitoring, visitor, or access-control features.
We may use personal data for the following purposes, depending on the relationship and service configuration:
When you submit personal data to us through the website, email, phone, WhatsApp, demo forms, or other communications, you provide that data voluntarily for us to respond, communicate, and manage the relevant business purpose.
For customer-controlled employee, contractor, visitor, attendance, biometric/photo, location, device, reporting, and payroll-ready data, the customer is generally responsible for determining the lawful basis, providing notices, obtaining consent or authorisation where required, and configuring OnTime Cloud in line with applicable law and workplace policy.
We may share personal data only where reasonably required for the purposes described in this policy, the applicable customer agreement, or law. Recipients may include:
OnTime Cloud may transmit or receive data through customer-authorised integrations, APIs, scheduled exports, file exchange, attendance devices, biometric terminals, access-control systems, payroll systems, HR systems, SAP, ERP, finance, or reporting tools. Such processing depends on the customer configuration, agreed scope, technical readiness, credentials, data mapping, and third-party system availability.
Some cloud infrastructure, analytics tools, support tools, communication platforms, or service providers may be hosted or operated outside Malaysia. Where cross-border transfers occur, we take reasonable steps to protect personal data through applicable law, contractual safeguards, access controls, and security measures.
Our website may use cookies, analytics scripts, tags, or similar technologies to understand website usage and improve performance. These technologies may process IP address, browser type, device information, pages visited, referral source, approximate location, and interaction data. You may disable or manage cookies through your browser settings, although some website functions may not work as intended.
We use reasonable administrative, technical, and organisational measures designed to protect personal data. These may include access controls, user authentication, role-based permissions, audit logs, secure transmission where applicable, infrastructure controls, backup and monitoring processes, support access controls, and internal security procedures.
No website, cloud service, network, or transmission method can be guaranteed to be completely secure. Customers and users must also maintain appropriate account security, device security, and internal access controls.
We retain personal data only as long as reasonably required for the relevant purpose, customer agreement, legal requirement, administrative requirement, security purpose, or authorised deletion instruction.
| Data Category | Retention Direction |
|---|---|
| Website enquiry and business contact data | Retained as needed for enquiry response, follow-up, business records, and legal or administrative purposes. |
| Customer account and administration data | Retained during the customer relationship and for a reasonable period after termination where required. |
| Attendance, workforce, visitor, and reporting data | Retained according to customer configuration, agreement, legal or administrative requirements, or authorised deletion instructions. |
| Photo and biometric-related data | Retained according to customer configuration, workplace policy, applicable law, and relevant service terms. |
| Security, technical, and audit logs | Retained for security, audit, troubleshooting, compliance, and service integrity purposes. |
You may contact us to request access to, correction of, or withdrawal of consent for personal data that we control, subject to applicable law, identity verification, and legitimate retention requirements.
If your request relates to employee, contractor, visitor, attendance, biometric/photo, location, device, reporting, or payroll-ready data controlled by your employer or another OnTime Cloud customer, we may direct the request to the relevant customer administrator because that customer generally controls the purpose and handling of such data.
Customers using OnTime Cloud are responsible for:
If we become aware of a data security incident involving personal data processed by OnTime Cloud, we will assess the incident and take reasonable steps according to applicable law, customer agreements, and internal incident response procedures. Where required, we may notify affected customers, regulators, or individuals.
Our website or communications may link to third-party websites, platforms, or tools. Those third parties are not controlled by OnTime Cloud and may have their own privacy policies and terms. You should review those policies before providing personal data to third parties.
We may update this Privacy Policy from time to time to reflect service, legal, operational, or business changes. The updated version will be posted on this page with a revised last updated date.
For privacy enquiries or requests, please contact Septarian Sdn Bhd / OnTime Cloud: