Advertisement

Privacy Policy – Broadsheet Asia

Effective Date: May 4, 2025

Broadsheet Asia (“we,” “us,” or “our”) is committed to protecting the privacy of our readers, subscribers, and website visitors (“you” or “your”) in compliance with applicable data protection laws in Malaysia, Singapore, Thailand, Philippines, Vietnam, Indonesia, Laos, Cambodia, Myanmar, and Brunei. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you access our website (https://broadsheet.asia), engage with our services, or interact with our content.

1. Who We Are

Broadsheet Asia is an online newspaper providing news and stories about Malaysia, Indonesia, Laos, Cambodia, Brunei, Myanmar, Singapore, Thailand, Philippines, and Vietnam (South East Asia). Our website address is https://broadsheet.asia. For inquiries regarding this Privacy Policy, please contact our Data Protection Officer at privacy@broadsheet.asia.

2. Personal Data We Collect

We collect personal data to provide and improve our services, deliver relevant content, and fulfill our journalistic and business purposes. The types of personal data we may collect include:

  • Information You Provide: Name, email address, postal address, phone number, or other details when you register, subscribe to newsletters, submit comments, participate in surveys, or complete forms (e.g., feedback, reader submissions, or engagement forms).
  • Comments and Contributions: Data provided in comment forms, including your IP address and browser user agent string, to detect spam and moderate content.
  • Media Uploads: Images or other media you upload, which may contain metadata (e.g., EXIF GPS data). We recommend removing such metadata before uploading to protect your privacy.
  • Automatically Collected Data: IP addresses, browser type, operating system, device information, geolocation data (if enabled), and usage data (e.g., pages visited, time spent, click patterns) via cookies, analytics tools, or server logs.
  • Cookies and Tracking: We use cookies to enhance your experience, such as saving comment details (name, email, website) for one year, login cookies (two days or two weeks if “Remember Me” is selected), and temporary cookies to check browser compatibility. Analytics cookies may track usage patterns. You may opt out via browser settings or our cookie consent tool.
  • Embedded Content: Interactions with third-party content (e.g., videos, social media embeds) may result in data collection by those third parties, subject to their privacy policies.
  • Sensitive Data: In limited cases, we may collect sensitive personal data (e.g., political opinions or religious beliefs) if you voluntarily provide it in comments or submissions, subject to stricter safeguards.

3. Purposes of Data Processing

We process personal data for the following legitimate purposes:

  • To deliver news content, newsletters, and personalized services.
  • To moderate and publish comments or reader contributions.
  • To analyze website usage and improve our services through analytics tools.
  • To manage subscriptions, registrations, or user accounts.
  • To communicate with you, including responding to inquiries or feedback.
  • To comply with legal obligations or protect our legal interests (e.g., fraud prevention).
  • To serve targeted advertisements, where permitted, based on your interests.
  • To ensure ongoing business operations, including technical maintenance and security.
  • To conduct reader surveys or research to enhance journalistic content.

We process personal data based on one or more of the following lawful bases, as permitted by applicable laws in Malaysia, Singapore, Thailand, Philippines, Vietnam, Indonesia, Laos, Cambodia, Myanmar, and Brunei:

  • Consent: Where you provide informed consent (e.g., for cookies, newsletters, or sensitive data processing).
  • Contract Performance: To fulfill our obligations under agreements, such as subscriptions or account management.
  • Legitimate Interests: For purposes like analytics, content moderation, fraud prevention, or improving services, provided these do not override your rights.
  • Legal Obligations: To comply with laws in the jurisdictions where we operate, including Malaysia’s Personal Data Protection Act 2010, Singapore’s Personal Data Protection Act 2012, Thailand’s Personal Data Protection Act 2019, Philippines’ Data Privacy Act 2012, Vietnam’s Law on Personal Data Protection 2023, and Indonesia’s Personal Data Protection Law 2022.
  • Public Interest: For journalistic purposes, where applicable, in accordance with exemptions under data protection laws.

5. Data Sharing and Transfers

We may share your personal data with:

  • Service Providers: Third-party vendors (e.g., hosting, analytics, spam detection, or payment processors) that process data on our behalf under strict confidentiality agreements.
  • Third-Party Content Providers: Embedded content providers (e.g., YouTube, social media platforms) when you interact with such content.
  • Legal Authorities: When required by law, court order, or to protect our rights, safety, or property.
  • Business Partners: Entities we collaborate with to provide products or services, or where you provide data in exchange for a product or service.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity, subject to equivalent protections.

Your data may be transferred to countries outside your jurisdiction, including for hosting or analytics (e.g., to the United States or EU). We ensure such transfers comply with applicable laws in Malaysia, Singapore, Thailand, Philippines, Vietnam, Indonesia, Laos, Cambodia, Myanmar, and Brunei by using safeguards like explicit consent, standard contractual clauses, or ensuring recipient countries provide adequate protection. For example, we comply with Malaysia’s PDPA Section 129, Thailand’s PDPA Section 28, Philippines’ DPA Rule VIII, Vietnam’s PDPA Article 24, and Indonesia’s PDP Law Article 56 for cross-border transfers.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined, unless a longer period is required by law or for legitimate business purposes (e.g., archiving for journalistic records):

  • Comments and metadata are retained indefinitely to manage follow-up comments and maintain journalistic records, unless deletion is requested and legally permissible.
  • User profile data is retained while your account is active and for up to one year after account deletion to comply with legal or audit requirements.
  • Cookies expire as described in Section 2.
  • Analytics data is retained in anonymized form for up to 26 months, unless otherwise required by law.

We securely delete or anonymize data when no longer needed, in accordance with secure data disposal standards.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption for data in transit (e.g., TLS/SSL) and at rest.
  • Access controls to limit data access to authorized personnel.
  • Firewalls and intrusion detection systems across relevant OSI layers (Transport, Session, Presentation, Application).
  • Regular security audits and vulnerability assessments.

However, no system is completely secure, and we cannot guarantee absolute security. We promptly notify you and relevant authorities of any data breaches, as required by law (e.g., within 72 hours under Singapore’s PDPA, Thailand’s PDPA, and Indonesia’s PDP Law).

8. Your Rights

Subject to applicable laws, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request corrections to inaccurate or incomplete data.
  • Deletion: Request deletion of your data, subject to legal or legitimate business needs (e.g., retaining comments for journalistic purposes).
  • Objection: Object to processing based on legitimate interests, where permitted.
  • Restriction: Request restriction of processing in certain circumstances (e.g., while a correction request is pending).
  • Data Portability: Request a machine-readable copy of your data, where applicable.
  • Withdraw Consent: Withdraw consent at any time, without affecting prior processing.

To exercise these rights, contact us at privacy@broadsheet.asia. We will respond within the timeframes required by law (e.g., 21 days in Malaysia, 30 days in Singapore, Thailand, and Vietnam, 45 days in the Philippines, 60 days in Indonesia). Note that rights may be limited where data is necessary for legal compliance, journalism, or other legitimate purposes (e.g., public interest exemptions under Malaysia’s PDPA or Indonesia’s PDP Law).

If you are dissatisfied with our response, you may lodge a complaint with the relevant data protection authority in your jurisdiction (see Section 13).

9. Cookies and Tracking

Our website uses cookies to enhance functionality and analyze usage. These include:

  • Essential Cookies: For site functionality (e.g., login, comment forms).
  • Analytics Cookies: To track usage patterns (e.g., Google Analytics).
  • Advertising Cookies: For targeted ads, where permitted.

You can manage cookie preferences through your browser settings or our cookie consent tool (available at https://broadsheet.asia/cookies). For details, see our Cookie Policy [link to be created if applicable].

Our website may include links to third-party sites or embedded content (e.g., videos, social media posts). These third parties may collect data under their own privacy policies, over which we have no control. We recommend reviewing their policies before interacting.

11. Children’s Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If we learn such data has been collected, we will delete it promptly. Contact us at privacy@broadsheet.asia if you believe we have inadvertently collected data from a child.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. Updates will be posted on this page with a revised effective date. Significant changes will be communicated via email or website notice, where required by law (e.g., under Thailand’s PDPA, Philippines’ DPA, or Indonesia’s PDP Law). We encourage you to review this policy periodically.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Data Protection Officer
Broadsheet Asia
Email: privacy@broadsheet.asia

For specific complaints regarding personal data processing, you may contact the relevant data protection authorities in your jurisdiction:

  • Indonesia: Personal Data Protection Agency (Badan Perlindungan Data Pribadi, BPDP). Contact: https://bpdp.go.id (website under development as of 2025).
  • Malaysia: Personal Data Protection Commissioner, Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi, JPDP). Contact: https://www.pdp.gov.my.
  • Philippines: National Privacy Commission (NPC). Contact: https://www.privacy.gov.ph.
  • Singapore: Personal Data Protection Commission (PDPC). Contact: https://www.pdpc.gov.sg.
  • Thailand: Personal Data Protection Committee (PDPC), Office of the Personal Data Protection Committee. Contact: https://www.pdpc.or.th.
  • Vietnam: Department of Cybersecurity and High-Tech Crime Prevention (A05), Ministry of Public Security, or Ministry of Information and Communications (MIC). Contact: http://www.mic.gov.vn.
  • Brunei, Cambodia, Laos, Myanmar: These jurisdictions currently lack dedicated data protection authorities. Complaints may be directed to relevant telecommunications or consumer protection bodies, such as the Authority for Info-communications Technology Industry (AITI) in Brunei (https://www.aiti.gov.bn), the Ministry of Posts and Telecommunications in Cambodia (https://www.mptc.gov.kh) and Laos (https://www.mpt.gov.la), or general regulatory channels in Myanmar. We will assist in directing your complaint where possible.

14. Language

This Privacy Policy is provided in English. To ensure accessibility and compliance with local requirements, a translated version in the official language(s) of each jurisdiction (e.g., Bahasa Indonesia for Indonesia, Bahasa Malaysia for Malaysia, Filipino for the Philippines, Thai for Thailand, Vietnamese for Vietnam, Khmer for Cambodia, Lao for Laos, Burmese for Myanmar, Malay for Brunei, and English or Chinese for Singapore) may be provided upon request, subject to applicable laws. Contact privacy@broadsheet.asia to request a translation.