Privacy Policy

1. Data Controller

The data controller responsible for your personal information is:

2. What Personal Data We Collect

We collect the following categories of personal data through this website and our service engagements:

Information you provide directly

• Full name and professional title
• Business email address
• Phone number (where provided)
• Company name and business address
• Project descriptions and enquiry content submitted via our contact form

Information collected automatically

• IP address and approximate geographic location (city level)
• Browser type and version
• Pages visited and time spent on each page
• Referring website or search query that brought you here
• Cookie identifiers (where consent has been given)

3. Legal Basis for Processing

We process your personal data on the following legal bases under the Personal Data Protection Act 2010 (PDPA) of Malaysia:

• Consent — where you have provided explicit permission (e.g., by submitting our contact form or accepting analytics cookies)
• Contractual necessity — where processing is needed to fulfil a service engagement you have entered into with us
• Legitimate interests — for purposes such as improving our website, understanding how visitors use our services, and responding to general enquiries
• Legal obligation — where we are required to retain records for compliance purposes

4. How We Use Your Data

Personal data collected through this website and our services is used for the following purposes:

• Responding to enquiries submitted through our contact form
• Planning, scoping, and delivering data engineering engagements
• Sending project-related updates and documentation during an active engagement
• Improving our website content and user experience based on aggregate usage patterns
• Meeting statutory and regulatory obligations applicable in Malaysia

We do not use your personal data for automated decision-making that produces legal or similarly significant effects on you.

5. Data Sharing

We do not sell, rent, or trade personal data to third parties. Data may be shared in the following limited circumstances:

• Cloud infrastructure providers — our website and internal tools are hosted on services that may store data in Singapore or the European Economic Area, with appropriate data processing agreements in place
• Analytics services — anonymised usage data may be processed by third-party analytics tools (only where consent has been granted)
• Professional advisors — solicitors or auditors where legally required
• Law enforcement — where we are under a legal duty to disclose information

Any third party receiving personal data from us is required to keep it confidential and use it solely for the purposes for which it was shared.

6. Data Retention

We retain personal data only for as long as reasonably necessary:

• Contact form enquiries: up to 24 months from the date of last contact
• Active client engagement records: for the duration of the engagement plus 7 years (for statutory compliance)
• Analytics data: retained in anonymised, aggregated form for up to 26 months
• Cookie consent records: retained for 13 months from the date consent was given or withdrawn

When data is no longer required, it is deleted or anonymised in a manner that prevents re-identification.

7. Cookies and Tracking

This website uses cookies to understand how visitors interact with our content and to remember certain preferences. We use:

• Essential cookies — required for basic website functionality; these are always active
• Analytics cookies — used to understand page visits and user journeys; activated only with your consent
• Preference cookies — used to remember your cookie consent choices

For full details on the cookies we use, please refer to our Cookie Policy. You can manage your cookie preferences at any time from that page.

8. Data Security

We take reasonable technical and organisational measures to protect personal data from unauthorised access, loss, or disclosure. These include:

• Encrypted transmission of data via HTTPS/TLS
• Access controls that limit which team members can view client data
• Regular review of our internal data handling practices
• Use of reputable cloud infrastructure with security compliance certifications

While we take these steps seriously, no transmission over the internet can be completely secure. If you believe your data may have been compromised, please contact us promptly at [email protected].

9. Your Rights Under Malaysian PDPA

Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request corrections to inaccurate or incomplete data
• Withdrawal of consent — withdraw consent for processing at any time, where processing is based on consent
• Restriction — request that we limit the processing of your data in certain circumstances
• Complaint — lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia if you believe your rights have been violated

To exercise any of these rights, please contact us in writing at [email protected]. We will respond within 21 days of receiving your request. Identity verification may be required before we process access or correction requests.

10. International Data Transfers

Where personal data is processed or stored outside Malaysia, we ensure that appropriate safeguards are in place. Our primary cloud infrastructure is located in Singapore and the Asia-Pacific region. Where data is transferred further afield, we rely on contractual clauses or equivalent mechanisms consistent with PDPA obligations.

11. Third-Party Links

Our website may contain links to external sites for reference purposes. We are not responsible for the privacy practices of those websites and recommend reviewing their privacy policies independently before submitting any personal information.

12. Children's Privacy

Our services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted information through our website, please contact us and we will remove it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last Updated" date at the top of this page will reflect the most recent revision. Continued use of our website following any update constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or about how your personal data is handled, please contact: