Legal

Privacy Policy

Last Updated: 28 April 2025

1. Who We Are

Suria Advisory operates from 27 Jalan SS 21/35, Damansara Utama, 47400 Petaling Jaya, Selangor, Malaysia. We provide AI adoption advisory services to Malaysian organisations. For data protection enquiries, please write to [email protected].

2. Data We Collect

We collect personal data in the following circumstances:

• Enquiry forms: Name, email address, telephone number, and any information you include in your message when you contact us via our website or by email.
• Engagement correspondence: Communications, documents, and organisational information shared during an advisory engagement.
• Website analytics: Anonymised usage data (pages visited, session duration, browser type) collected via analytics cookies, where consent has been given.
• Cookies: See our Cookie Policy for details of cookie data collected.

We do not collect sensitive personal data (as defined under the PDPA) in the ordinary course of our advisory work.

3. Legal Basis for Processing

We process personal data on the following bases under Malaysia's PDPA 2010:

• Consent: Where you have submitted an enquiry form or opted in to receive communications from us.
• Contractual necessity: Where data processing is necessary to deliver the advisory engagement you have engaged us for.
• Legitimate interest: For the purposes of improving our services, managing our client relationships, and ensuring the security of our systems — where these interests are not overridden by your rights.
• Legal obligation: Where processing is required to comply with applicable Malaysian law.

4. How We Use Your Data

• To respond to your enquiry and determine whether and how we might assist your organisation.
• To deliver advisory engagements you have contracted us for, including preparing documents and conducting sessions.
• To send occasional service-related communications relevant to your engagement.
• To analyse anonymised website usage for the purpose of improving our website (where analytics consent has been given).
• To comply with Malaysian legal and regulatory obligations.

We do not use your personal data for direct marketing unless you have explicitly opted in to receive such communications, and you may withdraw that opt-in at any time.

5. Data Retention

• Enquiry data: Retained for twelve months from the date of your enquiry, or until you request deletion, whichever comes first.
• Engagement data: Retained for three years from the conclusion of an engagement, to support any queries arising from the advisory work delivered.
• Analytics data: Retained in anonymised form for up to twenty-four months.

Data is deleted or anonymised once the applicable retention period has elapsed.

6. Data Sharing

We do not sell personal data. We share personal data only in the following limited circumstances:

• Service providers: Third-party service providers who assist with website hosting, email delivery, or analytics, operating under data processing agreements and bound by confidentiality obligations.
• Legal requirements: Where disclosure is required by Malaysian law, court order, or regulatory authority.
• With your consent: In any other circumstance where you have given explicit written consent.

We do not transfer personal data outside Malaysia without ensuring appropriate protections are in place.

7. Data Protection Measures

• All personal data is stored on secure servers located in Malaysia or with providers operating under adequate data protection standards.
• Access to personal data is restricted to personnel who require it for the purposes described in this policy.
• Communications containing personal data are sent via encrypted channels where technically feasible.
• In the event of a data breach affecting your personal data, we will notify you and, where required, the relevant Malaysian regulatory authority, within the timeframes prescribed by applicable law.

8. Cookies

Our website uses cookies to support basic functionality and, where consent has been given, to collect anonymised analytics data. Full details of cookies used and how to manage your preferences are set out in our Cookie Policy.

9. Your Rights Under the PDPA 2010

Under Malaysia's Personal Data Protection Act 2010, you have the following rights in respect of your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right of correction: You may request that inaccurate or incomplete personal data be corrected.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• Right to prevent processing for direct marketing: You may notify us at any time that you do not wish to receive direct marketing communications.
• Right to limit processing: In certain circumstances, you may request that we limit our processing of your personal data.

To exercise any of these rights, please write to [email protected]. We will respond within twenty-one days of receiving your request.

If you believe your rights under the PDPA have not been respected, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP).

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those websites, and this policy does not apply to them. We encourage you to review the privacy policies of any external sites you visit.

11. Children's Privacy

Our advisory services are directed at organisations and professional individuals. We do not knowingly collect personal data from individuals under the age of eighteen. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or applicable law. We will post the revised policy on this page with an updated "Last Updated" date. Where changes are material, we will notify active clients by email. Your continued use of our website after any such change constitutes your acceptance of the revised policy.

13. Contact for Privacy Matters

For any questions, requests, or concerns relating to this policy or the handling of your personal data, please contact: