Privacy Policy
Andalan Business Consulting | Last Updated: 12 May 2025 | Effective: 12 May 2025
Andalan is committed to handling personal information with care and discretion. This policy explains what data we collect, why we collect it, how we use and store it, and what rights you hold in relation to it. It applies to information gathered through our website and through our advisory engagements.
This policy is written in accordance with the Personal Data Protection Act 2010 (PDPA 2010) of Malaysia, which governs the processing of personal data in commercial transactions.
1. Data Controller
The data controller responsible for your personal information is:
- Business name: Andalan Business Consulting
- Registered address: No. 21, Jalan Bestari 3/2, Taman Nusa Bestari, 81300 Skudai, Johor, Malaysia
- Privacy contact: [email protected]
- Phone: +60 7 521 8043
2. Personal Data We Collect
We collect personal data through the following means:
2.1 Information you provide directly
- Full name
- Email address
- Phone number (optional)
- Business name and general description of your business situation (when shared in sessions or via the contact form)
- Any additional information you choose to share during advisory sessions
2.2 Information collected automatically
- IP address and browser type (via analytics cookies, if consented)
- Pages visited and time spent on the website
- Referring website
2.3 Legal basis for processing
- Consent: where you have given explicit consent (e.g. contact form submission, cookie acceptance)
- Contractual necessity: where processing is required to deliver the advisory engagement you have engaged us for
- Legitimate interest: for the purpose of improving our service and maintaining client records
3. How We Use Your Personal Data
- To respond to your enquiries and schedule advisory sessions
- To deliver advisory services and produce written outputs as part of your engagement
- To maintain records of our advisory relationship, as required for continuity of service
- To send occasional service-related communications (e.g. session confirmations, written summaries)
- To improve our website and understand how visitors use it (analytics, if consented)
- To comply with legal obligations under Malaysian law
We do not send marketing communications without your explicit consent. We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
4. Data Retention
- Contact form enquiries (not resulting in an engagement): deleted after 12 months
- Client engagement records (session notes, written plans): retained for 5 years from the end of the engagement, then deleted
- Financial records (invoices, payment records): retained for 7 years as required by Malaysian tax law
- Website analytics data: retained for 26 months (aggregated and anonymised thereafter)
5. How We Protect Your Data
- Client session notes and written plans are stored in password-protected files with access limited to the responsible advisor
- Website data is transmitted over HTTPS (SSL encryption)
- Access to client records is restricted to Andalan staff directly involved in the engagement
- We do not store personal data on portable devices without encryption
- In the event of a data breach affecting your information, we will notify you within a reasonable timeframe and take steps to limit the impact
6. Cookies
Our website uses cookies to function correctly and to understand how it is used. Cookies include:
- Essential cookies: required for the site to operate. Cannot be disabled.
- Analytics cookies: help us understand site usage. Only set with your consent.
- Preference cookies: remember your settings. Only set with your consent.
You can manage your cookie preferences at any time via our Cookie Policy page.
7. Your Rights Under PDPA 2010
Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights in relation to your personal data held by Andalan:
- Right of access: you may request a copy of the personal data we hold about you
- Right of correction: you may request that inaccurate or incomplete data be corrected
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
- Right to limit processing: you may request that we restrict how we use your data in certain circumstances
- Right to make inquiries: you may contact us at any time with questions about how your data is handled
To exercise any of these rights, please write to us at [email protected]. We will respond within 21 days.
If you believe your data has been handled in breach of PDPA 2010, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my.
8. Third-Party Links
Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information to them.
9. Children's Privacy
Our advisory services are intended for business owners who are 18 years of age or older. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at [email protected] and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page. We recommend checking this page periodically. Continued use of our services after any update constitutes acceptance of the revised policy.
Privacy Enquiries
For any questions or requests relating to your personal data, please reach us through the following:
Email: [email protected]
Phone: +60 7 521 8043
Address: No. 21, Jalan Bestari 3/2, Taman Nusa Bestari, 81300 Skudai, Johor, Malaysia