Privacy Policy

1. Data Controller

The data controller for personal information collected through this website and in connection with our services is:

2. What Personal Data We Collect

We collect the following categories of personal data:

• Contact information: Name, email address, phone number, and organisation name — provided when you submit an enquiry through our website contact form.
• Correspondence: The content of messages you send to us, including any details you share about your organisation or project situation.
• Usage data: Anonymised or aggregated data about how visitors interact with our website, including page views, visit duration, and browser type — collected through analytics tools where consent is given.
• Cookie data: Preferences stored in your browser where you have accepted cookies. See our Cookie Policy for details.

We do not collect sensitive personal data such as financial account details, government identification numbers, or health information.

3. How We Collect Personal Data

• Directly from you when you complete and submit the contact form on our website.
• Through email or telephone correspondence when you reach out to us.
• Through cookies and analytics tools where consent is provided.
• In the course of providing advisory services, where you voluntarily share information relevant to the engagement.

4. Legal Basis for Processing

We process personal data under the following legal bases as applicable under Malaysia's PDPA:

• Consent: Where you have submitted a form or accepted cookies, we process data on the basis of consent you have provided.
• Contractual necessity: Where you engage our advisory services, processing your contact and engagement information is necessary to perform the services.
• Legitimate interest: We may process data where we have a legitimate interest in understanding how our website is used and in maintaining records of enquiries and client correspondence.

5. How We Use Your Data

• To respond to enquiries submitted through our website contact form.
• To provide and administer advisory services under an engagement arrangement.
• To maintain accurate records of client communications and engagement deliverables.
• To improve the usability and content of our website using aggregated analytics data.
• To comply with our legal and regulatory obligations as a registered Malaysian business.

We do not use personal data for direct marketing or advertising purposes without your explicit consent. We do not sell or rent your personal data to third parties.

6. Data Sharing

We do not share your personal data with third parties except in the following limited circumstances:

• Service providers: We use third-party services for website hosting and analytics (such as Google Analytics, where consent is given). These providers process data only as instructed by us and are subject to data processing agreements.
• Legal requirements: Where required by Malaysian law, court order or regulatory authority, we may be required to disclose personal data.
• Business transfers: In the event of a merger or business transfer, personal data held by us may be transferred as part of that process, with appropriate safeguards in place.

7. Data Retention

• Enquiry correspondence: retained for up to 24 months after the last contact, unless an engagement follows.
• Client engagement records: retained for seven years from the end of an engagement, in line with Malaysian record-keeping requirements for business documentation.
• Analytics data: retained in aggregated or anonymised form for up to 26 months.
• Cookie consent records: retained for up to 12 months.

8. Data Security

We take reasonable technical and organisational measures to protect personal data from unauthorised access, loss, or disclosure. These include:

• Use of encrypted connections (HTTPS) for all website communications.
• Access controls limiting who within Cindermark can view personal data.
• Secure storage of engagement documentation.
• Regular review of our data handling practices.

If we become aware of a data breach that may affect your personal data, we will take prompt steps to address it and will notify you where required under applicable law.

9. Cookies

We use cookies on this website to support basic functionality and, where you consent, to understand how the site is used. Essential cookies are always active. Optional analytics and preference cookies are only placed with your consent.

For full details on the cookies we use and how to manage them, please see our Cookie Policy.

10. Your Rights

Under Malaysia's Personal Data Protection Act 2010, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to correction: You may request that inaccurate or incomplete personal data be corrected.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to limit processing: In certain circumstances, you may request that we restrict how we process your data.
• Right to lodge a complaint: You may raise concerns with the Department of Personal Data Protection (JPDP) in Malaysia if you believe your data rights have been infringed.

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.

11. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and recommend reading their privacy policies before submitting any personal information to them.

12. Children's Privacy

Our services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will remove it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page with an updated date. Where changes are material, we will take reasonable steps to notify clients or website users. Continued use of our website or services after any update constitutes acceptance of the revised policy.

14. Contact

For any privacy-related enquiries, requests or concerns, please contact: