Before you go...

Get a free, no-obligation destruction plan tailored to your organisation. We respond within one business day.

No spam. We will contact you once with your plan. Unsubscribe any time.

Legal

Privacy Policy & Cookie Notice

How Grass Stories Sdn Bhd collects, uses, and protects your personal data — in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).

Last updated: 1 December 2024

1. Introduction

Grass Stories Sdn Bhd ("Grass Stories", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information about you when you visit our website at grassstories.com or engage our services.

This policy is issued in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA) and applies to all personal data processed by Grass Stories Sdn Bhd, a company incorporated in Malaysia.

By using our website or submitting an enquiry, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of our website.

Data Controller: Grass Stories Sdn Bhd
Address: Lot 1781, Jalan Piasau Utara 4, Piasau Industrial Estate, 98000 Miri, Sarawak, Malaysia
Email: sales@grassstories.com
Phone: 012-652 7719

2. Personal Data We Collect

2.1 Information You Provide to Us

When you complete our contact form, we collect the following personal data:

  • Full name — to address you appropriately in our correspondence
  • Email address — to respond to your enquiry and send a confirmation
  • Phone number — to contact you regarding your enquiry
  • Company or organisation name — to understand your business context (optional)
  • Enquiry details — the service you require, estimated volume, and any additional information you choose to provide

You are not obligated to provide all information, but failure to provide required fields (name, email, phone) may prevent us from responding to your enquiry.

2.2 Information Collected Automatically

When you visit our website, we may automatically collect certain technical information, including:

  • IP address — used for security logging and spam prevention
  • Browser type and version
  • Pages visited and time spent on each page — via Google Analytics (only if you have consented to analytics cookies)
  • Referring website — how you arrived at our site
  • Device type (desktop, mobile, tablet)

2.3 Information We Do Not Collect

We do not collect payment card details (we have no online payment system), government identification numbers, or any sensitive personal data (as defined under the PDPA) through this website. We do not use our website to solicit personal data from minors.

3. How We Use Your Personal Data

We use the personal data you provide for the following purposes, all of which are necessary to respond to your enquiry and provide our services:

  • To respond to your enquiry — processing your contact form submission and replying by email or phone
  • To send a confirmation email — acknowledging receipt of your enquiry
  • To provide a service quotation — preparing and delivering a fee proposal relevant to your requirements
  • To fulfil our service agreement — if you engage our services, managing your account, collections, destructions, and issuing Certificates of Destruction
  • For internal record-keeping and audit — maintaining destruction records as required by applicable law
  • To improve our website — using anonymised analytics data (only with your consent) to understand how visitors use our site
  • To comply with legal obligations — retaining records as required under Malaysian law
We do not use your personal data for unsolicited marketing. We will not add you to a mailing list, send promotional emails, or share your contact details with third parties for advertising purposes.

Our legal bases for processing your personal data under the PDPA are: your consent (for analytics cookies), contractual necessity (for responding to and fulfilling your service enquiry), and legal obligation (for record retention).

4. Cookies & Analytics

4.1 What Are Cookies?

Cookies are small text files placed on your device by a website to enable certain functionality. They are widely used to make websites work more efficiently and to provide information to website owners.

4.2 Cookies We Use

Our website uses the following categories of cookies:

Cookie Type Purpose Consent Required?
Essential Session management, cookie consent preference storage (localStorage key: gs_cookie_consent) No — always active
Analytics Google Analytics 4 (GA4) — tracks page views, user interactions, and general site usage to help us improve our website. No personally identifiable information is shared with Google. Yes — consent required

4.3 Google Analytics

With your consent, we use Google Analytics 4 (GA4), a web analytics service provided by Google LLC. GA4 uses cookies to collect anonymised information about how visitors use our website. This data is aggregated and does not identify individual users. IP addresses are anonymised before being sent to Google's servers.

Google's privacy policy is available at policies.google.com/privacy. You may opt out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on.

4.4 Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner. You may:

  • Accept — to enable analytics cookies in addition to essential cookies
  • Decline — to use only essential cookies, with no analytics tracking

Your preference is stored locally on your device and can be reset by clearing your browser's local storage or site data. You may also control cookies directly through your browser settings — consult your browser's help documentation for instructions.

Please note that declining cookies does not affect your ability to use any feature of our website.

5. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to any third party for commercial purposes. Your data may be disclosed to the following parties only to the extent necessary to deliver our services:

  • Email service infrastructure — Our website's contact form sends data via our web hosting server (ServerFreak / cPanel) to our email inbox. This processing is governed by our hosting agreement.
  • Google Analytics — Anonymised, aggregated website usage data is shared with Google LLC (only if you have consented to analytics cookies).
  • Legal authorities — We may disclose personal data if required to do so by law, court order, or at the request of a regulatory authority.

All third parties we work with are required to handle your data securely and in accordance with applicable data protection law.

6. Data Retention

We retain personal data only for as long as is necessary for the purposes set out in this policy, or as required by applicable law.

  • Enquiry records — Retained for 3 years from the date of last contact, after which they are securely deleted.
  • Active client records — Retained for the duration of the client relationship plus 7 years, in compliance with Malaysian legal requirements for business records.
  • Destruction records and Certificates of Destruction — Retained for a minimum of 7 years as part of our compliance documentation.
  • Website analytics data — Aggregated and anonymised; Google Analytics retains raw event data for 14 months by default.

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you as an individual.

7. Your Rights Under the PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the following rights with respect to your personal data held by us:

  • Right to access — You may request a copy of the personal data we hold about you.
  • Right to correction — You may request that we correct any inaccurate or incomplete personal data.
  • Right to withdraw consent — Where processing is based on your consent (e.g. analytics cookies), you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • Right to limit processing — You may request that we limit how we use your personal data in certain circumstances.
  • Right to enquire — You may contact us to enquire about what data we hold and how it is used.
To exercise any of these rights, please contact us in writing at sales@grassstories.com or by post to our address above. We will respond within 21 days of receiving your request, as required under the PDPA.

Please note that certain rights may be limited where we are required by law to retain or process your data, or where your request would adversely affect the rights of other individuals.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

  • HTTPS encryption for all data transmitted between your browser and our website
  • Server-side input sanitisation and validation on all form submissions
  • Rate limiting on our contact form to prevent automated abuse
  • Access controls limiting who within our organisation can access enquiry records
  • Secure email infrastructure hosted on Malaysian-based servers (ServerFreak / cPanel)

While we take all reasonable steps to protect your data, no transmission over the internet or electronic storage system is completely secure. If you have concerns about a specific data security matter, please contact us at sales@grassstories.com.

9. Third-Party Links

Our website contains links to third-party websites and platforms, including our Facebook and Instagram pages, and WhatsApp. These external sites are governed by their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices or content of any third-party website.

10. Children's Privacy

Our website and services are directed exclusively at businesses and organisations, not individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at sales@grassstories.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we do, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acceptance of the updated policy. For material changes, we will make reasonable efforts to notify users via a notice on our website.

12. Contact & Data Protection Enquiries

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact us:

  • Email: sales@grassstories.com
  • Phone: 012-652 7719
  • Post: Grass Stories Sdn Bhd, Lot 1781, Jalan Piasau Utara 4, Piasau Industrial Estate, 98000 Miri, Sarawak, Malaysia

We aim to respond to all data protection enquiries within 21 days. If you are not satisfied with our response, you have the right to lodge a complaint with Malaysia's Personal Data Protection Department (JPDP) at www.pdp.gov.my.

Pricing

Transparent Pricing, Tailored to You

We don't believe in one-size-fits-all pricing. Every quote is based on your actual requirements — volume, service type, and frequency. Every client's situation is different, so we don't list prices online — a detailed quote takes one business day and is always completely free.

Our Services

What Affects Your Quote

Our pricing is straightforward — based on the factors below. Submit an enquiry and we will respond with a clear, itemised quote within 1 business day.

Off-Site Destruction

Collection and certified destruction of paper documents and materials at our secure facility.

  • Volume — estimated weight or number of boxes / bags of material
  • Location — collection address within Miri and surrounding areas
  • Type of materials — standard paper, files, bound volumes, or mixed media
  • Witnessing / remote monitoring — if you wish to observe the destruction
One-off collection: Ideal for archive clear-outs, office moves, or periodic purges. Priced per collection.
Most Popular

Scheduled Collection Plan

An ongoing collection programme on your chosen frequency — weekly, fortnightly, or monthly.

  • Collection frequency — weekly, fortnightly, or monthly
  • Volume per cycle — estimated volume per collection visit
  • Number of locations — single or multiple collection points
  • Reporting requirements — standard or consolidated certificates
Best value: Regular clients on scheduled plans benefit from consistent service, priority scheduling, and consolidated documentation for compliance.

Hard Drive & Media Destruction

Physical destruction of hard drives, SSDs, USB drives, tapes, optical discs, and other digital storage media.

  • Quantity — number of drives or media items for destruction
  • Media type — HDDs, SSDs, tapes, optical media, USB drives
  • Serial number logging — per-device certificate documentation
  • Witnessing / remote monitoring — optional for high-security requirements
IT asset disposal: Particularly suitable for companies upgrading hardware, decommissioning servers, or clearing end-of-life IT equipment.
What to Expect

How Our Quoting Process Works

We keep it simple. No hidden charges, no confusing packages — just a fair price based on what you actually need.

01

Submit Your Enquiry

Use our contact form or call us directly. Tell us your service type, estimated volume, and location. No commitment required.

02

We Assess & Quote

Within 1 business day, we will review your requirements and provide a clear, itemised quote — no vague estimates.

03

You Decide

Accept the quote on your own timeline. There is no pressure and no obligation. We are here when you are ready.

04

We Handle Everything

Collection, destruction, documentation — we manage the entire process and deliver your Certificate of Destruction promptly.

Common Questions

Pricing FAQs

No. We do not impose a minimum volume. Whether you have a single box of documents or an entire archive room, contact us and we will recommend the most cost-effective approach for your situation.

No. Our quotes are fully itemised and transparent. The Certificate of Destruction is included in every service — it is not an add-on. If serial number logging per device is required for hard drive destruction, we will include this in the quote so you know exactly what you are paying for.

Never. All consultations, site assessments, and quotes are completely free of charge with no obligation whatsoever. We believe in earning your trust before asking for your business.

Yes. Clients on scheduled collection plans or those with consistently high volumes benefit from more favourable rates. When you submit your enquiry, let us know your expected frequency and volume and we will factor this into your quote.

Quote Estimator

Get a Ballpark Figure

Not ready to call yet? Use our estimator to get a rough sense of cost before you enquire. Every quote is confirmed free within one business day.

RM —
Select your options above to see an estimate.

Ready for a Free Quote?

No obligation. No pressure. Just a clear, honest price based on what you need.

Chat with us