Data Deletion Request

Last updated: June 2026

1. Overview

This page explains how to request deletion of your personal data from Minilab. We comply with the Malaysian Personal Data Protection Act 2010 (PDPA 2010) and the Meta Platform Terms for businesses using WhatsApp Business Platform through Minilab.

2. Who Can Request Deletion

You can request deletion if you are:

  • A resident, owner, or tenant of a building that uses Minilab
  • A staff member (building manager, security guard, cleaner, technician, contractor)
  • A visitor whose details were recorded by a Minilab-managed guardhouse
  • A WhatsApp user who messaged a building's WhatsApp Business number powered by Minilab
  • A committee member, supplier, developer, or service provider with an account

3. How to Submit a Request

Send your request through any of the following channels:

Email (recommended)

[email protected]

WhatsApp

+60 11-2522 8592

Postal mail

Data Protection Officer, BCS HARDWARE (GOMBAK) SDN. BHD., MT12, Infinity8, L3-023, Level 3, MyTown Shopping Centre, No. 6, Jalan Cochrane, Seksyen 90, 55100 Kuala Lumpur, Malaysia.

To help us verify your identity and locate your records, include the following in your request:

  • Your full name as registered
  • The phone number used with Minilab or WhatsApp
  • The name of the building or company you are associated with
  • If applicable, the WhatsApp Business number you messaged
  • A brief description of what you want deleted

4. What Gets Deleted

Upon a verified request we will permanently delete:

  • Your profile (name, phone number, email, unit number, IC, role)
  • Your WhatsApp Business conversation history with the building
  • Telegram messages routed through Minilab bots
  • Email conversations stored against your contact record
  • Facial biometric data (face descriptors) used for attendance
  • Visitor entry records you submitted through QR or pre-registration
  • Uploaded photos, documents, payment proofs, and identification images
  • Push notification tokens and login session records

5. What May Be Retained

Some records may be retained where required by law or for legitimate operational reasons:

  • Financial transactions and invoices, retained for 7 years under the Malaysian Income Tax Act 1967
  • Anonymised, aggregated statistics used to operate the building (no personal identifiers)
  • Records subject to an active legal hold, dispute, or regulatory request
  • Building decisions or committee minutes where your name appears in an official capacity

Anything retained is locked down to authorised personnel only and cannot be used to contact you.

6. Timeline

  • We acknowledge every request within 2 business days
  • Identity verification typically completes within 7 days
  • Full deletion is completed within 30 days of verification
  • Facial biometric data is deleted within 7 days
  • Backup copies are purged on the next scheduled rotation, within 90 days

We will email you a confirmation once deletion is complete.

7. WhatsApp Business Users

If you messaged a building's WhatsApp Business number that is powered by Minilab and you want your conversation history removed:

  • Send your request from the same phone number you used to message the building, or include that number in your request
  • We will delete the inbound and outbound message history, any media you sent (photos, PDFs, voice notes), and any AI-generated replies linked to your phone number
  • Note that Meta's WhatsApp servers also store messages independently. To request deletion from Meta directly, see WhatsApp's Privacy Policy

8. If You Were a Resident or Tenant

Your building's Joint Management Body (JMB), Management Corporation (MC), or Property Management Company is the data controller for resident records. We will process your deletion request and notify the building. Where building bylaws require records to be kept (for example, unit ownership history), that specific record may remain with the building.

9. If You Were a Staff Member

Your employer (the building, security firm, cleaning firm, or contracting company) is the data controller for employment-related records. We will delete your Minilab profile, face enrolment, attendance history, and login credentials. Payroll-related records held by your employer are outside our scope.

10. Account Self-Service Options

Before submitting a deletion request you may want to use these self-service options:

  • Log into the Minilab resident app and tap Profile → Sign out to revoke this device
  • Ask your building manager to deactivate your unit access in the Minilab console
  • Reply STOP to any WhatsApp message from the building to opt out of further messages

These steps stop further contact but do not delete the data we already hold. For permanent deletion, submit a request through section 3.

11. Appeals

If we are unable to action your request, we will explain why in writing and tell you how to appeal. You also have the right to lodge a complaint with the Malaysian Personal Data Protection Commissioner.

12. Contact

Data Protection Officer: [email protected]

BCS HARDWARE (GOMBAK) SDN. BHD., MT12, Infinity8, L3-023, Level 3, MyTown Shopping Centre, No. 6, Jalan Cochrane, Seksyen 90, 55100 Kuala Lumpur, Malaysia.

13. Operating Entity

BCS HARDWARE (GOMBAK) SDN. BHD.

Company Registration No.: 201201006471 (979996-V)

Registered Office: MT12, Infinity8, L3-023, Level 3, MyTown Shopping Centre, No. 6, Jalan Cochrane, Seksyen 90, 55100 Kuala Lumpur

Email: [email protected]

Trading as: Minilab (minilab.my)