LEGAL DOCUMENT

Privacy Policy

This policy describes how Nilam Consult collects, uses, stores, and protects personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). We encourage you to read it at your convenience.

       Last updated: 1 January 2026
       Governing law: Malaysia
       PDPA 2010 compliant
    

1. Who We Are

The data controller responsible for your personal information is Nilam Consult, a business consultancy registered and operating in Malaysia. Our registered address is 42A, Lebuh Pantai, 10300 George Town, Penang.

Where this policy refers to "we," "us," or "our," it refers to Nilam Consult. Where it refers to "you" or "your," it refers to any individual whose personal data we process in connection with our website and services.

2. Data We Collect

We may collect the following categories of personal data:

CONTACT & IDENTITY

Your name, email address, telephone number, and the company you represent. This information is provided directly by you when you complete the contact form on our website or communicate with us by phone or email.

ENQUIRY CONTENT

The subject matter and body of any message you send to us, which may include information about your business circumstances, challenges, or needs.

TECHNICAL DATA

Browser type, device type, IP address, pages visited, and session duration. This data is collected automatically through analytics tools and cookies when you visit our website.

ENGAGEMENT DATA

If you become a client, we may collect additional professional and financial information relevant to the scope of the engagement. This data is governed by a separate client services agreement.

3. How We Use Your Data

We use personal data only for purposes that are necessary and proportionate. Specifically, we use your information to:

Respond to enquiries and schedule consultations
Deliver and manage contracted advisory services
Maintain internal records for legal and accounting obligations
Improve the usability and content of our website through aggregated analytics
Comply with applicable laws, regulations, and professional standards

We do not sell your personal data to third parties, and we do not use it for unsolicited marketing without your prior consent.

4. Legal Basis for Processing

Under the PDPA 2010, we process your personal data based on the following grounds, as applicable to each activity:

Consent: Where you have voluntarily submitted information through our contact form or by corresponding with us, you have consented to our processing of that data for the purpose of responding to you.

Contract performance: Where we have entered into a service agreement with you or your organisation, we process data as necessary to fulfil our contractual obligations.

Legal obligation: Certain data is processed to comply with statutory requirements, including those under Malaysian company law, tax regulations, and professional standards applicable to advisory firms.

5. Disclosure to Third Parties

We do not share your personal data with external parties except in the following limited circumstances:

Service providers: We engage a small number of third-party platforms to operate our website and manage communications. These include web hosting, analytics, and email delivery providers. All such parties are bound by data processing agreements and are only permitted to process your data on our behalf.

Professional advisors: We may share data with our auditors, legal counsel, or insurers where necessary to fulfil legal or professional obligations.

Regulatory bodies: We may disclose data to Malaysian regulatory authorities or law enforcement agencies where required by law or court order.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy. Our general retention guidelines are as follows:

Data Type	Retention Period
Website contact form submissions (no engagement)	12 months from submission
Client engagement records	7 years from end of engagement
Financial and billing records	7 years (Malaysian tax requirement)
Website analytics data (aggregated)	26 months (Google Analytics default)

Once data is no longer required, it is securely deleted or anonymised.

7. Data Security

We take reasonable and appropriate measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:

SSL/TLS encryption for all data transmitted via our website
Restricted access to personal data on a need-to-know basis
Password-protected and access-controlled internal systems
Regular reviews of our data handling practices

No method of electronic transmission or storage is completely secure. While we do our best to safeguard your information, we cannot offer an absolute guarantee of security.

8. Your Rights Under PDPA 2010

As a data subject under Malaysia's Personal Data Protection Act 2010, you have the following rights with respect to the personal data we hold about you:

Right of Access

You may request a copy of the personal data we hold about you, along with information about how it is used.

Right of Correction

You may request that we correct any inaccuracies in the personal data we hold about you.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. This will not affect the lawfulness of any processing carried out prior to withdrawal.

Right to Limit Processing

You may request that we limit our use of your personal data to storage only, pending the resolution of a concern about accuracy or legitimate purpose.

To exercise any of these rights, please write to us at [email protected]. We will respond within 21 days.

9. Cookies

Our website uses cookies and similar tracking technologies to support its operation and to help us understand how visitors engage with our content. You can read our full Cookie Policy for detailed information on the cookies we use and how to manage your preferences.

You may withdraw or adjust your cookie consent at any time using the consent banner on our website, or by adjusting your browser settings.

10. Children's Privacy

Our services are intended for business professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe that a minor's data has been submitted to us without appropriate authority, please contact us and we will take reasonable steps to address the matter.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the services we provide. Any material changes will be communicated by updating the "Last updated" date at the top of this page.

We encourage you to review this page periodically. Continued use of our website following the posting of changes constitutes your acknowledgment of those changes.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us through any of the following channels:

Nilam Consult, 42A, Lebuh Pantai, 10300 George Town, Penang

[email protected]

+60 4-2618 7034

If you are not satisfied with our response, you have the right to lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at pdp.gov.my.