1. About Us (Data Controller)
The data controller for personal information collected through this website and our services is Mutiara, located at Level 8, Menara Boustead Penang, Jalan Sultan Ahmad Shah, 10050 George Town, Pulau Pinang, Malaysia. You can reach us at [email protected] or by telephone at +60 4 226 7184.
2. Information We Collect
2.1 Information you provide to us
When you contact us through our website or by telephone, we may collect:
- Your name
- Email address
- Telephone number (if provided)
- The contents of any message you send us
- Information about your business that you choose to share in sessions or written correspondence
2.2 Information collected automatically
When you visit our website, certain technical information may be collected automatically, including your IP address, browser type, the pages you visit, and how long you spend on them. This is collected through cookies and analytics tools. Please see our Cookie Policy for details.
2.3 Legal basis for processing (PDPA Malaysia)
We process your personal data under the Personal Data Protection Act 2010 (Malaysia). The legal bases we rely on are: your consent (where you have provided it), the performance of a contract with you, our legitimate interests in operating and improving our advisory practice, and compliance with applicable legal obligations.
3. How We Use Your Information
We use the information we collect to:
- Respond to your enquiries and arrange consultations
- Deliver our advisory services to you
- Send written summaries, plans, and session notes as part of an engagement
- Improve the quality and relevance of our website content
- Comply with legal and regulatory obligations
- Maintain appropriate records of our professional engagements
We do not sell your personal information to any third party. We do not use your information for automated decision-making or profiling.
4. Data Sharing
We share your personal data only in the following limited circumstances:
- Service providers: We may use third-party tools such as email service providers or analytics platforms. These providers process data only on our instruction.
- Legal requirements: We may disclose information where required to do so by Malaysian law or a competent authority.
- Business advisors: In rare circumstances, our legal or financial advisors may need access to certain records, subject to professional confidentiality obligations.
5. Data Retention
We retain your contact information and enquiry records for up to 24 months after your last communication with us. If you become a client, engagement records (including session notes and written plans) are retained for up to 7 years from the end of the engagement, in line with standard professional practice obligations under Malaysian law. After these periods, information is securely deleted or anonymised.
6. Data Protection Measures
We take reasonable technical and organisational measures to protect the personal information we hold, including:
- Secure transmission of data via HTTPS encryption
- Password-protected storage systems with restricted access
- Limited access to personal data on a need-to-know basis within our small team
- Regular review of our data handling practices
In the event of a data breach that may affect your rights, we will notify relevant parties in accordance with the PDPA 2010 requirements.
7. Cookies
Our website uses cookies to understand how visitors use the site and to remember your preferences. You can control cookie settings at any time. Please see our Cookie Policy for a full explanation of the cookies we use and how to manage them.
8. Your Rights Under the PDPA 2010
Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Withdraw consent to processing (where consent is the legal basis)
- Request that we cease or limit the processing of your data
- Lodge a complaint with the Department of Personal Data Protection Malaysia (PDPDM)
To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days. We may need to verify your identity before processing a request.
9. Third-Party Links
Our website may contain links to external sites or resources. We are not responsible for the privacy practices or content of those external sites. We encourage you to review the privacy notices of any third-party websites you visit.
10. Children's Privacy
Our services are intended for adults aged 18 and over. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently done so, please contact us at [email protected] and we will promptly delete the relevant information.
11. International Data Transfers
Your data is primarily held and processed in Malaysia. If any third-party service providers process data outside Malaysia, we take steps to ensure an adequate level of protection is maintained, consistent with the PDPA 2010.
12. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will revise the "Last Updated" date at the top. We encourage you to review this page periodically. Continued use of our website after changes are posted constitutes your acceptance of the updated policy.
13. Contact Us
For any questions or concerns about this privacy policy, or to exercise your rights:
- Email: [email protected]
- Telephone: +60 4 226 7184
- Post: Mutiara, Level 8, Menara Boustead Penang, Jalan Sultan Ahmad Shah, 10050 George Town, Pulau Pinang, Malaysia