This Privacy Policy explains how HH PixelMind Sdn Bhd ("Company", "we", "us", or "our") collects, uses, stores, processes, discloses and protects personal data when users access or use ooroos PIBG Management ("ooroos", "Platform", "System", or "Service") through our website, web application, mobile application, or any related services.
ooroos is a digital management platform designed to assist schools, Parent-Teacher Associations / PIBG, administrators, teachers, committee members, parents, guardians and related users in managing PIBG-related operations such as membership records, announcements, payment records, contribution tracking, event management, financial records, documentation, reporting and communication.
By accessing or using ooroos, you acknowledge that you have read and understood this Privacy Policy.
For any privacy-related questions, please contact us at:
HH PixelMind Sdn Bhd
Email: admin@ooroos.my
Website: www.ooroos.my
Email: admin@ooroos.my
Website: www.ooroos.my
1. Scope of This Privacy Policy
This Privacy Policy applies to:
Schools, PIBG organisations, administrators and authorised representatives using ooroos;
Parents, guardians, teachers, students, committee members and users whose information is entered into the system;
Visitors to our website;
Users who make payments, register accounts, submit enquiries, access reports or interact with our platform;
Any person whose personal data is processed through ooroos.
Parents, guardians, teachers, students, committee members and users whose information is entered into the system;
Visitors to our website;
Users who make payments, register accounts, submit enquiries, access reports or interact with our platform;
Any person whose personal data is processed through ooroos.
This Privacy Policy does not apply to third-party websites, external payment gateways, banking platforms or other services that are not owned or controlled by HH PixelMind Sdn Bhd.
2. Types of Personal Data We May Collect
Depending on your role and usage of the platform, we may collect and process the following types of personal data:
2.1 Personal Identification Information
This may include:
Full name;
Identification number, passport number or student identification number, where applicable;
Date of birth;
Gender;
Nationality;
Relationship to student, such as parent, guardian or authorised representative;
Profile photo, where uploaded by the user or school administrator.
Identification number, passport number or student identification number, where applicable;
Date of birth;
Gender;
Nationality;
Relationship to student, such as parent, guardian or authorised representative;
Profile photo, where uploaded by the user or school administrator.
2.2 Contact Information
This may include:
Email address;
Mobile phone number;
Home address;
Emergency contact details;
Communication preferences.
Mobile phone number;
Home address;
Emergency contact details;
Communication preferences.
2.3 School and PIBG-Related Information
This may include:
School name;
Class, year, form or student group;
Student name and related academic grouping;
Parent or guardian relationship to student;
PIBG membership status;
Committee role or position;
Attendance records for meetings or programmes;
Records of participation in school or PIBG activities;
Announcements, notices, circulars and related acknowledgements.
Class, year, form or student group;
Student name and related academic grouping;
Parent or guardian relationship to student;
PIBG membership status;
Committee role or position;
Attendance records for meetings or programmes;
Records of participation in school or PIBG activities;
Announcements, notices, circulars and related acknowledgements.
2.4 Payment and Transaction Information
This may include:
Payment amount;
Payment date and time;
Payment reference number;
Invoice number;
Receipt number;
Payment status;
Contribution or fee category;
Transaction history;
Refund request records;
Limited payment-related information returned by payment gateway providers.
Payment date and time;
Payment reference number;
Invoice number;
Receipt number;
Payment status;
Contribution or fee category;
Transaction history;
Refund request records;
Limited payment-related information returned by payment gateway providers.
We do not intentionally store full credit card numbers, debit card numbers, online banking passwords or full banking credentials. Payment processing may be handled by third-party payment gateway providers.
2.5 Account and Login Information
This may include:
Username or account ID;
Email login;
User role and access level;
Password in encrypted or hashed format;
Login date and time;
Device and session information;
Account activity logs;
Security and audit logs.
Email login;
User role and access level;
Password in encrypted or hashed format;
Login date and time;
Device and session information;
Account activity logs;
Security and audit logs.
2.6 Technical and Usage Data
When you use our website or platform, we may collect technical information such as:
IP address;
Browser type;
Device type;
Operating system;
Pages viewed;
Features accessed;
Date and time of access;
Error logs;
Cookies or similar tracking technologies;
System performance and usage analytics.
Browser type;
Device type;
Operating system;
Pages viewed;
Features accessed;
Date and time of access;
Error logs;
Cookies or similar tracking technologies;
System performance and usage analytics.
2.7 Support and Communication Data
When you contact us, we may collect:
Name and contact details;
Organisation or school name;
Support ticket details;
Email messages;
Chat or enquiry records;
Attachments submitted for support purposes;
Feedback, complaints or service requests.
Organisation or school name;
Support ticket details;
Email messages;
Chat or enquiry records;
Attachments submitted for support purposes;
Feedback, complaints or service requests.
3. Sources of Personal Data
We may collect personal data from the following sources:
Directly from you when you register, submit forms, make payment or contact us;
From school administrators, PIBG representatives or authorised personnel who enter data into ooroos;
From parents, guardians, teachers or committee members using the platform;
From payment gateway providers after a payment transaction is made;
From cookies, analytics tools and server logs;
From official records uploaded by authorised users;
From communications with our customer support team.
From school administrators, PIBG representatives or authorised personnel who enter data into ooroos;
From parents, guardians, teachers or committee members using the platform;
From payment gateway providers after a payment transaction is made;
From cookies, analytics tools and server logs;
From official records uploaded by authorised users;
From communications with our customer support team.
Where a school, PIBG or administrator uploads personal data of students, parents, guardians, teachers or members, the school, PIBG or administrator is responsible for ensuring that it has the necessary authority, consent or lawful basis to provide such data to ooroos.
4. Purposes of Collecting and Processing Personal Data
We may collect and process personal data for the following purposes:
To create and manage user accounts;
To provide access to the ooroos PIBG Management platform;
To manage PIBG membership records;
To manage school, student, parent and guardian records;
To process payments, invoices, receipts, contributions and related transactions;
To generate reports, financial summaries and administrative records;
To send announcements, notifications, circulars and reminders;
To support communication between school, PIBG, parents, guardians and authorised users;
To manage events, activities, meetings and attendance;
To verify payment status and transaction history;
To respond to enquiries, support requests, complaints or technical issues;
To improve system performance, security, features and user experience;
To detect, prevent and respond to fraud, misuse, unauthorised access or security incidents;
To comply with legal, regulatory, accounting, audit, tax or reporting obligations;
To maintain internal administrative records;
To enforce our Terms of Service, Refund Policy and other applicable policies;
To carry out system updates, maintenance and service improvements;
To send service-related notices such as password reset, system maintenance and account updates;
To analyse usage trends and improve product functionality;
For any other purpose directly related to the use of ooroos.
To provide access to the ooroos PIBG Management platform;
To manage PIBG membership records;
To manage school, student, parent and guardian records;
To process payments, invoices, receipts, contributions and related transactions;
To generate reports, financial summaries and administrative records;
To send announcements, notifications, circulars and reminders;
To support communication between school, PIBG, parents, guardians and authorised users;
To manage events, activities, meetings and attendance;
To verify payment status and transaction history;
To respond to enquiries, support requests, complaints or technical issues;
To improve system performance, security, features and user experience;
To detect, prevent and respond to fraud, misuse, unauthorised access or security incidents;
To comply with legal, regulatory, accounting, audit, tax or reporting obligations;
To maintain internal administrative records;
To enforce our Terms of Service, Refund Policy and other applicable policies;
To carry out system updates, maintenance and service improvements;
To send service-related notices such as password reset, system maintenance and account updates;
To analyse usage trends and improve product functionality;
For any other purpose directly related to the use of ooroos.
We will not sell your personal data to third parties.
5. Processing of Children's and Student Data
ooroos may process student-related data because the platform is designed for school and PIBG management.
Student data may include name, class, student identification, parent or guardian details, payment status, event participation and other school-related information.
We treat student data with additional care. Student data should only be entered, uploaded or processed by authorised school representatives, PIBG administrators, teachers, parents or guardians.
Where required, the school, PIBG or authorised administrator is responsible for obtaining appropriate consent or authorisation from parents, guardians or relevant parties before uploading student-related data into ooroos.
We do not knowingly collect student data directly from minors for marketing purposes.
6. Disclosure of Personal Data
We may disclose personal data only when necessary and only to relevant parties, including:
Authorised school administrators;
Authorised PIBG committee members;
Parents, guardians, teachers or users according to their permitted access level;
Payment gateway providers;
Banks or financial institutions involved in transaction processing;
Cloud hosting, server, database and technology service providers;
Email, SMS, WhatsApp or notification service providers;
System maintenance and technical support providers;
Professional advisers such as auditors, lawyers, tax agents or consultants, where necessary;
Government authorities, regulators, law enforcement agencies or courts, where required by law;
Successors or assignees in the event of a business transfer, merger, acquisition, restructuring or sale of assets.
Authorised PIBG committee members;
Parents, guardians, teachers or users according to their permitted access level;
Payment gateway providers;
Banks or financial institutions involved in transaction processing;
Cloud hosting, server, database and technology service providers;
Email, SMS, WhatsApp or notification service providers;
System maintenance and technical support providers;
Professional advisers such as auditors, lawyers, tax agents or consultants, where necessary;
Government authorities, regulators, law enforcement agencies or courts, where required by law;
Successors or assignees in the event of a business transfer, merger, acquisition, restructuring or sale of assets.
We will take reasonable steps to ensure that third-party service providers process personal data securely and only for the purposes required to provide their services.
7. Data Access and User Roles
ooroos may use role-based access control. This means that users may only access information according to their assigned role, such as:
Super administrator;
School administrator;
PIBG administrator;
Treasurer;
Teacher;
Parent or guardian;
Committee member;
Viewer or limited-access user.
School administrator;
PIBG administrator;
Treasurer;
Teacher;
Parent or guardian;
Committee member;
Viewer or limited-access user.
Schools and PIBG administrators are responsible for assigning correct user roles and removing access when a user is no longer authorised.
8. Security of Personal Data
We take reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, unauthorised disclosure, alteration or destruction.
These measures may include:
Password protection;
Encrypted password storage;
Secure server configuration;
Role-based access control;
Access logs and audit trails;
Regular system monitoring;
Data backup procedures;
Security updates and maintenance;
Restriction of internal access to authorised personnel only;
Use of secure payment gateway providers for payment processing.
Encrypted password storage;
Secure server configuration;
Role-based access control;
Access logs and audit trails;
Regular system monitoring;
Data backup procedures;
Security updates and maintenance;
Restriction of internal access to authorised personnel only;
Use of secure payment gateway providers for payment processing.
However, no system or method of transmission over the internet is completely secure. While we take reasonable steps to protect personal data, we cannot guarantee absolute security.
Users are responsible for keeping their login credentials confidential and for notifying us immediately if they suspect unauthorised access to their account.
9. Retention of Personal Data
We will retain personal data for as long as necessary to fulfil the purposes described in this Privacy Policy, including for legal, accounting, audit, tax, operational and dispute-resolution purposes.
The retention period may depend on:
The duration of the school or PIBG subscription;
The purpose for which the data was collected;
Legal or regulatory requirements;
Financial and accounting record requirements;
Dispute, refund, audit or investigation requirements;
Backup and disaster recovery requirements.
The purpose for which the data was collected;
Legal or regulatory requirements;
Financial and accounting record requirements;
Dispute, refund, audit or investigation requirements;
Backup and disaster recovery requirements.
When personal data is no longer required, we will take reasonable steps to delete, anonymise or securely archive the data, unless retention is required by law or for legitimate business purposes.
Schools and PIBG administrators may also request data export or deletion, subject to verification, contractual obligations and legal requirements.
10. Accuracy of Personal Data
We rely on users, schools, PIBG administrators, parents, guardians and authorised representatives to provide accurate and updated personal data.
You should ensure that the personal data submitted to ooroos is accurate, complete and up to date.
If your personal data changes, please update your account or contact the relevant school/PIBG administrator. You may also contact us at admin@ooroos.my for assistance.
11. Access, Correction and Deletion Requests
Subject to applicable laws and verification requirements, you may request to:
Access your personal data;
Correct inaccurate or outdated personal data;
Update your contact details;
Withdraw consent, where applicable;
Request deletion of personal data, where legally permissible;
Request clarification on how your data is used.
Correct inaccurate or outdated personal data;
Update your contact details;
Withdraw consent, where applicable;
Request deletion of personal data, where legally permissible;
Request clarification on how your data is used.
To make a request, please contact us at:
Email: admin@ooroos.my
We may require proof of identity before processing your request. Some requests may also need to be referred to the relevant school or PIBG administrator if the data is managed under their account.
We may decline or limit a request where permitted or required by law, such as where the data is required for legal, audit, accounting, security or dispute-resolution purposes.
12. Withdrawal of Consent
Where processing is based on consent, you may withdraw your consent by contacting us or the relevant school/PIBG administrator.
However, withdrawal of consent may affect your ability to use certain features of ooroos. For example, if certain personal data is required for payment records, membership management or account access, we may not be able to continue providing the relevant services without that data.
13. Cookies and Tracking Technologies
Our website and platform may use cookies or similar technologies to:
Keep users logged in;
Remember user preferences;
Improve website performance;
Analyse usage patterns;
Monitor security;
Improve platform features.
Remember user preferences;
Improve website performance;
Analyse usage patterns;
Monitor security;
Improve platform features.
You may disable cookies through your browser settings. However, some parts of the website or system may not function properly if cookies are disabled.
14. Third-Party Links and Services
ooroos may contain links to third-party websites or services, such as payment gateways, banking portals, school websites or external resources.
We are not responsible for the privacy practices, content or security of third-party websites or services. You should review their respective privacy policies before submitting any personal data.
15. Payment Gateway and Financial Data
Payments made through ooroos may be processed by third-party payment gateway providers.
We may receive limited transaction information such as payment status, transaction ID, reference number, amount paid and payment date. We do not intentionally store full card details, online banking passwords or sensitive banking credentials.
Any payment processing is also subject to the terms, conditions and privacy policies of the relevant payment gateway provider.
16. Cross-Border Data Transfer
Where necessary, personal data may be stored or processed using cloud servers, hosting providers or technology service providers located inside or outside Malaysia.
Where personal data is transferred outside Malaysia, we will take reasonable steps to ensure that the data continues to be protected in accordance with applicable data protection requirements and this Privacy Policy.
17. Data Breach and Security Incident
In the event of a suspected or confirmed data breach or security incident, we will take reasonable steps to:
Investigate the incident;
Contain and reduce potential impact;
Notify affected parties where appropriate;
Notify relevant authorities where required by law;
Improve security measures to prevent recurrence.
Contain and reduce potential impact;
Notify affected parties where appropriate;
Notify relevant authorities where required by law;
Improve security measures to prevent recurrence.
Users should immediately contact us at admin@ooroos.my if they suspect unauthorised account access, suspicious activity or data misuse.
18. Responsibilities of Schools and PIBG Administrators
Schools, PIBG organisations and administrators using ooroos are responsible for:
Ensuring that personal data uploaded into ooroos is accurate and lawfully obtained;
Obtaining necessary consent or authorisation from parents, guardians, teachers, committee members or relevant individuals;
Assigning correct access levels to users;
Removing access for users who are no longer authorised;
Ensuring that data is used only for legitimate school or PIBG purposes;
Informing users about how their personal data may be processed through ooroos;
Complying with applicable laws, regulations and internal school/PIBG policies.
Obtaining necessary consent or authorisation from parents, guardians, teachers, committee members or relevant individuals;
Assigning correct access levels to users;
Removing access for users who are no longer authorised;
Ensuring that data is used only for legitimate school or PIBG purposes;
Informing users about how their personal data may be processed through ooroos;
Complying with applicable laws, regulations and internal school/PIBG policies.
19. Marketing Communications
We may send service-related emails or notifications about ooroos, such as account updates, payment reminders, system maintenance, security alerts and administrative notices.
We may also send marketing or promotional communications about our products or services where permitted by law or where consent has been given.
You may opt out of marketing communications by following the unsubscribe instructions or contacting us at admin@ooroos.my. However, you may still receive important service-related communications.
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, technology, business operations or security practices.
The updated version will be posted on our website with the latest "Last Updated" date.
Your continued use of ooroos after any update means you acknowledge the revised Privacy Policy.
21. Contact Us
For questions, requests or complaints relating to this Privacy Policy or your personal data, please contact:
HH PixelMind Sdn Bhd
Email: admin@ooroos.my
Website: www.ooroos.my
Email: admin@ooroos.my
Website: www.ooroos.my