Privacy Policy

1. Data Controller

The data controller responsible for personal data collected through this website and our services is:

2. What Personal Data We Collect

We collect personal data only where it is necessary for the purposes described in this policy. The categories of data we may collect include:

• Contact information: Full name, email address, phone number — collected when you submit a contact or enquiry form on this website.
• Technical data: IP address, browser type, device type, pages visited, and time of access — collected automatically through server logs and optional analytics cookies.
• Client engagement data: For clients who engage our services, we may process documents and data provided for the purpose of the agreed engagement. This is handled under a separate data handling agreement.

3. Legal Basis for Processing

Under the PDPA and general data protection principles, we process personal data on the following bases:

• Consent: For optional analytics cookies and marketing communications, where you have provided consent.
• Contract performance: Where processing is necessary to respond to your enquiry or to carry out a service engagement you have requested.
• Legitimate interests: For website security, fraud prevention, and improving our services, where our interests do not override your rights.
• Legal obligation: Where we are required to process or retain data to comply with applicable Malaysian law.

4. How We Use Personal Data

• To respond to enquiries submitted through the contact form
• To carry out service engagements agreed with clients
• To send project-related communications during and after an engagement
• To improve the functioning and content of this website (analytics, where consented)
• To comply with legal and regulatory obligations applicable in Malaysia

We do not sell personal data to third parties. We do not use personal data for profiling, automated decision-making, or targeted advertising.

5. Data Retention

Contact enquiry data is retained for up to 24 months from the date of last contact, after which it is securely deleted. Client engagement data is retained for the duration of the engagement and for up to 12 months after its conclusion, unless a shorter period is specified in the engagement data handling agreement. Technical log data is retained for up to 12 months.

6. Data Protection Measures

• Data in transit is encrypted using TLS (HTTPS)
• Access to personal data is restricted to staff with a specific operational need
• Client engagement data is processed in systems with access controls and activity logging
• In the event of a data breach affecting personal data, we will notify affected individuals and the relevant authority within the timeframes required under applicable Malaysian law

7. Cookies

This website uses essential cookies for basic functionality and optional analytics cookies to understand how the site is used. You can manage cookie preferences through the consent banner shown on your first visit, or at any time via our Cookie Policy page.

8. Your Rights

Under the PDPA and applicable data protection principles, you have the following rights in relation to your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data, subject to legal retention obligations
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
• Object: Object to processing based on legitimate interests
• Complaint: Lodge a complaint with the Personal Data Protection Commissioner of Malaysia (JPDP — Jabatan Perlindungan Data Peribadi)

To exercise any of these rights, contact us at [email protected]. We will respond within 14 working days.

9. Third-Party Links

This website may contain links to external websites. We are not responsible for the privacy practices of those sites and recommend you review their privacy policies independently.

10. Children's Privacy

Our services are directed at organisations, not individuals under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact [email protected] and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be indicated by an updated "Last Updated" date at the top of this page. We recommend checking this page periodically. Continued use of the website after a change constitutes acceptance of the revised policy.

12. Contact for Privacy Enquiries