Privacy Policy

1. Data Controller

The data controller for information collected through this website and our services is:

2. Personal Data We Collect

We collect personal data when you interact with our website or engage our services:

• Contact enquiries: name, email address, phone number, and message content submitted via our contact form.
• Service engagements: name, job title, organisation name, contact details, and project-related information provided during scoping and delivery.
• Website usage: IP address, browser type, pages visited, and time on site collected via analytics cookies (where consented).
• Communications: records of email or phone interactions you initiate with us.

We do not collect sensitive personal data such as identification numbers, financial account details, or health information through our website.

3. Legal Basis and Purpose of Processing

Under the PDPA 2010, we process your data on the following bases:

• Consent: for analytics and marketing cookies, and for optional marketing communications.
• Contract performance: to respond to service enquiries and deliver contracted engagements.
• Legitimate interests: to improve our website, prevent fraud, and maintain accurate business records.
• Legal obligation: where required by Malaysian law or regulatory authority.

Data retention: contact enquiry data is held for up to 24 months. Engagement records are retained for 7 years for legal and accounting purposes. Analytics data is retained per the analytics provider's standard retention period.

4. How We Use Your Data

• Responding to contact form submissions and service enquiries
• Delivering scoped services and communicating during engagements
• Sending relevant service updates or information (where consented)
• Improving website content and usability through analytics data
• Maintaining internal records and meeting legal obligations

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal effects.

5. Data Sharing

We share personal data only where necessary:

• Analytics providers: aggregated and anonymised usage data to improve our site (subject to your cookie preferences).
• Professional advisors: legal, accounting, or insurance advisors under confidentiality obligations where relevant to our business obligations.
• Regulatory authorities: where required by Malaysian law or a lawful request from a competent authority.

6. Data Protection Measures

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include access controls limiting data to authorised personnel, secure communications for transmitting personal data, regular review of data handling practices, and prompt internal escalation in the event of a suspected breach. In the event of a data breach affecting your rights, we will notify you as required under applicable law.

7. Cookies

Our website uses cookies to support basic functionality and, with your consent, analytics. For a full description of the cookies we use and how to manage your preferences, please read our Cookie Policy.

8. Your Rights Under the PDPA 2010

Under the Personal Data Protection Act 2010 of Malaysia, you have the following rights:

• Right of access: request a copy of the personal data we hold about you.
• Right of correction: request correction of inaccurate or incomplete personal data.
• Right to withdraw consent: withdraw consent to processing at any time where consent is the legal basis.
• Right to limit processing: request that we stop using your data for direct marketing.
• Right to complain: lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) if you believe your rights have been infringed.

To exercise any of these rights, please write to [email protected]. We will respond within 21 days.

9. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

10. Children's Privacy

Our services are directed at organisations and individuals aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently received data from a minor, please contact us immediately at [email protected].

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. Continued use of our website or services after a policy update constitutes acceptance of the revised policy.

12. Contact

For any questions, requests, or concerns relating to this privacy policy or our data handling practices, please contact: