LegalLast updatedMay 2026

Privacy Policy

This Privacy Policy explains how Tixlah collects, uses, stores, and shares personal data when you browse events, create an account, or register for an event through our platform. It also serves as our Personal Data Protection Notice under Section 7 of Malaysia's Personal Data Protection Act 2010 (PDPA), including the 2024 amendments, and is published in both English and Bahasa Malaysia.

01

Data Controller

Tixlah is operated by EC Pixels Asia Sdn. Bhd., which acts as the data user (data controller) for participant accounts, payment coordination, and event registration workflows under the PDPA. Event organizers may also act as separate data users for event-specific processing. For data protection inquiries, contact our designated data protection contact at support@tixlah.com.

02

Information We Collect

We collect the following categories of personal data:

Information you provide directly — your name, email address, phone number, emergency contact details, date of birth, gender, nationality, and event registration preferences.

Information from Organizers — event-specific fields that Organizers may require during registration, such as t-shirt size, dietary requirements, or team affiliations.

Technical data — device type, browser type, IP address, session activity, and platform interaction data needed to secure the platform and troubleshoot issues.

Payment data — transaction records related to your event registrations. Payment details are processed by our third-party payment providers and are not stored directly on our servers.

Some information you provide, such as health-related details disclosed through emergency contact information or event-specific medical declarations, may constitute sensitive personal data under Section 40 of the PDPA. Where sensitive personal data is processed, we obtain your explicit consent and apply additional safeguards.

03

How We Use It

We process your personal data for the following purposes:

  • Operating event registrations and managing participant accounts
  • Verifying eligibility and processing payments
  • Sending event updates, service notifications, and customer support communications
  • Supporting Organizer operations and logistics
  • Preventing fraud and maintaining platform security
  • Improving the reliability and performance of the Tixlah platform
  • Complying with regulatory and legal obligations

We do not use your personal data to train artificial intelligence or machine learning models.

05

Data Sharing

We do not sell your personal data.

We share relevant registration and participant information with the following categories of recipients when reasonably necessary:

  • Event Organizers — to manage your registration, logistics, and event communication.
  • Payment providers — to process your payments securely.
  • Email service providers — to send transactional and event-related communications.
  • Analytics providers — such as Google Analytics, to help us understand platform usage and improve our services.
  • Professional advisers — including legal, financial, and compliance advisers where necessary.
  • Regulators and authorities — where required by law, regulation, or court order, or to protect the safety of users.

All third-party data processors are bound by data processing agreements that require them to protect personal data to equivalent standards and to comply with the PDPA.

06

Cookies

We use cookies and similar technologies for the following purposes:

  • Essential cookies — to keep you signed in, remember your language preferences, protect forms against cross-site request forgery, and maintain session integrity during registration and checkout.
  • Analytics cookies — to measure platform performance, understand usage patterns, and improve the service. We use Google Analytics for this purpose.

You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

07

Cross-Border Data Transfers

Some of our service providers operate outside of Malaysia. Your personal data may be transferred to and processed in countries where our analytics providers (such as Google, based in the United States), payment processors, and email service providers are located.

In accordance with Section 129 of the PDPA and the 2024 amendments, before transferring personal data overseas we:

  • Assess the data protection standards of the receiving country or organization.
  • Enter into contractual arrangements that require equivalent levels of data protection.
  • Ensure that appropriate technical and organizational safeguards are in place.
08

Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, modification, or accidental disclosure, including:

  • Role-based access controls limiting data access to authorized personnel
  • Encrypted data transmission (TLS/SSL) for all platform communications
  • Session management controls and automatic timeout
  • Audit trails for data access and system changes
  • Provider-level infrastructure safeguards including firewalls and intrusion detection
09

Data Retention

In accordance with Principle 5 (Retention) of the PDPA, we retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Our retention periods are:

  • Active accounts — for the duration of your account plus two (2) years after your last activity on the platform.
  • Inactive accounts — account data is retained for up to two (2) years from the date of last activity, after which it is deleted or anonymized.
  • Financial and transaction records — for up to seven (7) years as required by Malaysian tax and financial regulations.
  • Event registration data — for the duration required by the Organizer's obligations, subject to a maximum of two (2) years after the event.

After the applicable retention period, personal data is securely deleted or anonymized.

10

Your Rights

Subject to applicable law, you have the following rights regarding your personal data under the PDPA:

  • Right of access — request a copy of the personal data we hold about you (Section 30).
  • Right of correction — request correction of personal data that is inaccurate, incomplete, or misleading (Section 34).
  • Right to deletion — request deletion of your personal data where retention is no longer necessary.
  • Right to withdraw consent — withdraw your consent at any time where processing is based on consent, subject to legal and contractual restrictions (Section 38).
  • Right to data portability — under the 2024 amendments, request a copy of your personal data in a structured, commonly used, machine-readable format.

To exercise any of these rights, contact us at support@tixlah.com and mark your message for data protection review. We will respond to your request within twenty-one (21) days of receipt, subject to identity verification. In certain circumstances, we may decline a request where permitted by law, such as where the request is frivolous, would compromise the privacy of others, or conflicts with a legal obligation.

11

Data Breach Notification

In the event of a personal data breach, Tixlah will notify the Personal Data Protection Commissioner within seventy-two (72) hours of becoming aware of the breach, in accordance with Section 12B of the PDPA (as amended in 2024). Where the breach is likely to result in harm to affected individuals, we will also notify those individuals without unreasonable delay, providing details of the nature of the breach, the data affected, and the steps we are taking to address it.

12

Children's Privacy

Tixlah does not knowingly collect personal data from children under the age of 18 without the consent of a parent or legal guardian. Where event registration involves a minor, we require the parent or guardian to complete the registration and provide consent on the child's behalf. If you believe we have collected data from a child without appropriate consent, please contact us at support@tixlah.com and we will take steps to delete the data promptly.

13

Changes to This Policy

We may update this Privacy Policy from time to time to reflect platform changes, legal obligations, or operational improvements. For material changes, we will provide advance notice by posting the updated policy on the Platform and, where practicable, notifying you by email. Non-material changes take effect immediately upon posting. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

14

Contact

For privacy-related questions, requests, or PDPA complaints, contact us at support@tixlah.com and mark your message for data protection review. If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commissioner.