VenueNova
Highlighted items are being finalised and will be confirmed shortly.

VenueNova — Privacy Policy

Draft v1.0 · 07/07/2026 (KL) · Drafted by Astrid per the 06/07/2026 legal-approach decision. NOT formal legal advice. Placeholders in [BRACKETS] need Andrew's confirmation before publishing.

Effective date: [DATE OF PUBLICATION] Data user: [OPERATING ENTITY NAME + COMPANY NO — e.g. the Shockwave Group company that operates VenueNova] ("VenueNova", "we", "us"), operating https://venuenova.com. Contact for privacy matters: hello@venuenova.com [confirm final address]

This notice is issued in English and Bahasa Malaysia as required by section 7(3) of the Personal Data Protection Act 2010 ("PDPA"). If there is any inconsistency, the English version prevails.

1. What this covers

This policy explains how we collect, use, disclose and protect personal data processed through the VenueNova website — a free directory of event venues in Malaysia. "Personal data" means information about an identifiable individual, as defined in the PDPA.

2. Personal data we collect

a. Enquiry and AI-recommendation form data. When you send an enquiry or use the venue-recommendation form: your name, email address, phone number, and the details of your event brief (event type, guest numbers, dates, budget range, requirements).

b. Venue contact data. For venue listings we compile from publicly available sources (a venue's own website and public business listings), we may hold the business contact details of venue staff — a name, business email address, business phone number and job title. This data is collected indirectly, from the venue's own published materials, for the purpose of maintaining and verifying the venue's listing and inviting the venue to claim it.

c. Claim and account data. When a venue representative claims a listing: name, business email, phone number, and verification records.

d. Technical data and cookies. Standard server logs (IP address, browser type, pages visited, timestamps) and cookies as described in section 9.

We do not knowingly collect sensitive personal data (health, beliefs, biometrics) and do not need it — please do not include it in enquiry messages.

3. What we use it for

  • Passing your enquiry to the venue(s) you choose, so they can respond to you directly.
  • Generating venue recommendations from your brief and, if you request it, emailing you the shortlist.
  • Creating, maintaining, verifying and correcting venue listings, and inviting venues to claim their free listing.
  • Operating, securing and improving the website (analytics in aggregate, abuse prevention).
  • Meeting our legal obligations.

We do not sell personal data. We do not send consumer marketing emails unless you have opted in, and every such email carries an unsubscribe link.

4. Who we disclose it to

  • The venues you enquire with: your enquiry details are passed to the relevant venue(s) so they can respond — that is the purpose of an enquiry.
  • Service providers who host and run the site on our behalf: database and hosting providers (currently Supabase, hosted in Singapore, and Vercel), email delivery providers, and analytics providers — each only to the extent needed to run the service.
  • Authorities, where the law requires it.

We do not disclose venue contact data to third parties other than as part of the public listing content the venue itself has published or confirmed.

5. Overseas transfer

Our database and hosting infrastructure are located outside Malaysia (currently Singapore and the service regions of our hosting providers). We transfer personal data outside Malaysia only to providers under contractual safeguards consistent with the PDPA's cross-border requirements (as amended in 2024).

6. How long we keep it

  • Enquiry data: [24] months from your last activity, then deleted or anonymised.
  • Venue listing and provenance records: for as long as the listing is live, plus a reasonable archival period, because provenance is how we keep listings accurate and answer disputes.
  • Opt-out records: kept permanently — that is how we make sure we never contact you again.
  • Server logs: [90] days.

7. Your rights under the PDPA

You may at any time: request access to your personal data; request correction; withdraw consent to further processing; require us, by written notice, to stop processing your personal data for direct marketing (section 43 PDPA); and, under the 2024 amendments, request data portability where technically feasible. Venues may additionally request correction or removal of their listing at any time (see the Terms of Service — we honour takedown requests within 48 hours).

To exercise any right, email hello@venuenova.com with "Data Request" in the subject. We respond within 21 days as required by the PDPA. If you are unsatisfied, you may complain to the Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi).

8. Security and breach notification

Personal data is stored in access-controlled databases with row-level security; administrative access is limited and credentialed. No internet service can promise perfect security, but in the event of a personal data breach we will notify the Personal Data Protection Commissioner and affected individuals as required by the PDPA (as amended 2024).

9. Cookies

Malaysia has no separate cookie-consent statute; we tell you plainly here instead. We use: necessary cookies (session integrity, security) and analytics cookies (aggregate usage statistics, so we know which pages help people). We do not use advertising or cross-site tracking cookies. You can block cookies in your browser; the site will still work, though some conveniences may not.

10. Children

VenueNova is a business-and-events service not directed at children under 18. We do not knowingly collect children's personal data.

11. Changes

We may update this policy; the effective date above always reflects the current version, and material changes will be flagged on this page.

12. Contact

[OPERATING ENTITY NAME], [REGISTERED ADDRESS]. Email: hello@venuenova.com.