Privacy Policy

1. Data Controller

The data controller responsible for personal data collected through this website and in connection with our consulting services is:

References to "we," "us," or "our" throughout this policy refer to Bumi Advisors.

2. Personal Data We Collect

We may collect the following categories of personal data from you:

• Identity data: your full name and job title or position.
• Contact data: email address, telephone number, and business or personal address.
• Business data: information about your company, industry sector, and business challenges that you share with us during enquiries or engagements.
• Communication data: the content of messages you send us via our contact form, email, or telephone, including any supporting documents you attach.
• Technical data: IP address, browser type and version, operating system, time zone, and information about how you navigate our website, collected through cookies and similar technologies.
• Marketing preference data: your preferences for receiving communications from us, where you have given us consent to send them.

We do not intentionally collect sensitive personal data (as defined under Schedule 1 of the PDPA) unless you voluntarily provide it in the course of an engagement and we have obtained your explicit consent or are required to process it by law.

3. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

• To respond to your enquiries and communicate with you about our consulting services.
• To provide, manage, and deliver consulting engagements you have contracted with us.
• To fulfil our contractual and legal obligations, including invoicing and record-keeping.
• To send you service-related notices and updates directly relevant to an active engagement.
• To send you marketing communications about our services, where you have given consent or where permitted by applicable law.
• To improve our website, services, and client experience through analysis of usage patterns.
• To comply with legal and regulatory obligations, including any reporting required under Malaysian law.
• To protect the rights, property, or safety of Bumi Advisors, our clients, or others.

4. Legal Basis for Processing

Under the Personal Data Protection Act 2010, we process your personal data on the following bases:

• Consent: where you have given clear and voluntary consent for a specific purpose, such as subscribing to marketing communications.
• Contractual necessity: where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
• Legitimate interests: where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms.
• Legal obligation: where processing is necessary to comply with a legal or regulatory requirement applicable to us.

You may withdraw consent at any time where consent is the basis of processing. Withdrawal of consent does not affect the lawfulness of processing carried out before such withdrawal.

5. Disclosure of Personal Data

We do not sell, rent, or trade your personal data to third parties. We may share your personal data with:

• Service providers: trusted third-party companies that assist us in operating our website, conducting our business, or serving our clients, subject to confidentiality obligations. These include hosting providers, email service platforms, and accounting software providers.
• Professional advisors: lawyers, auditors, and financial advisors acting on our behalf, where they require access to data to provide their services.
• Regulatory or law enforcement authorities: where disclosure is required by Malaysian law, a court order, or a lawful request from a regulatory authority.
• Business successors: in the event of a merger, acquisition, or sale of all or part of Bumi Advisors, personal data may be transferred to the relevant successor entity, subject to equivalent data protection commitments.

Any transfer of personal data outside Malaysia will only be made where we have ensured adequate protection in accordance with the PDPA and applicable guidelines issued by the Minister responsible for personal data protection.

6. Data Retention

We retain personal data for as long as it is necessary for the purposes for which it was collected or as required by applicable law. In practice:

• Client engagement records are retained for a minimum of seven (7) years following the conclusion of an engagement to comply with Malaysian accounting and legal requirements.
• Contact enquiry data is retained for up to two (2) years from the date of the enquiry, unless it leads to an engagement.
• Marketing preference data is retained until you withdraw consent or request erasure.
• Technical and usage data collected through cookies is retained in accordance with our Cookie Policy.

When personal data is no longer required, we will securely delete or anonymise it.

7. Data Security

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, alteration, or destruction. These measures include encrypted data transmission (SSL/TLS), access controls, and periodic security reviews of our systems.

While we take data security seriously, no transmission over the internet or electronic storage method can be guaranteed to be completely secure. We encourage you to contact us promptly if you believe your personal data may have been compromised in connection with your interactions with us.

In the event of a personal data breach that is likely to result in significant harm to data subjects, we will take steps to notify affected individuals and, where required, report the breach to the relevant authorities in accordance with the PDPA.

8. Your Rights Under the PDPA

As a data subject under the Personal Data Protection Act 2010, you have the following rights in relation to the personal data we hold about you:

• Right of access: you may request access to the personal data we hold about you.
• Right to correct: you may request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to withdraw consent: where we rely on your consent to process data, you may withdraw that consent at any time.
• Right to prevent processing for direct marketing: you may request that we stop using your personal data for direct marketing purposes.
• Right to prevent processing likely to cause damage or distress: in certain circumstances, you may request that we limit our processing of your personal data.

To exercise any of these rights, please contact us at [email protected]. We will respond to requests within twenty-one (21) days or such other period as may be prescribed under the PDPA. We may need to verify your identity before processing your request.

Please note that some rights are subject to exceptions and limitations under applicable law, and we may be unable to fulfil a request in full where a legal exemption applies. We will explain any such limitation when responding to your request.

9. Cookies and Tracking Technologies

We use cookies and similar technologies on our website to improve functionality, analyse site usage, and support marketing activities. Our use of cookies is governed by our separate Cookie Policy, which contains detailed information about the cookies we use and how you can manage your preferences.

By continuing to use our website after being presented with our cookie consent notice, you consent to our use of non-essential cookies as described in the Cookie Policy.

10. Third-Party Links and Services

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices or the content of those sites. We encourage you to read the privacy notices of any third-party websites you visit. This Privacy Policy applies solely to personal data collected by Bumi Advisors through this website and in the course of our consulting services.

Where we embed third-party tools such as mapping services or analytics platforms, those providers may collect data subject to their own privacy policies. We take reasonable steps to ensure only reputable providers with adequate data protection practices are used.

11. Minors

Our website and services are directed at businesses and their representatives. We do not knowingly collect personal data from individuals under the age of eighteen (18). If you become aware that a minor has provided personal data to us without appropriate consent, please contact us at [email protected] and we will promptly remove that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or the services we offer. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify affected individuals by email or through a prominent notice on our website.

Your continued use of our website following the posting of changes constitutes your acknowledgment of the updated policy. We encourage you to review this page periodically to stay informed of how we protect your personal data.

13. Contact and Complaints

If you have any questions, concerns, or complaints regarding this Privacy Policy or our handling of your personal data, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP), the supervisory authority responsible for enforcing the PDPA. Contact details for JPDP are available at www.pdp.gov.my.