Privacy Policy

1. Introduction

Sinar Compass ("we", "us", "our") is committed to handling personal data with care and transparency. This Privacy Policy explains what personal information we collect when you interact with our website or engage our services, how that information is used, and what rights you hold under the Personal Data Protection Act 2010 (PDPA) of Malaysia.

This policy applies to all personal data processed by Sinar Compass in connection with our website and our advisory, audit, and review services. By submitting a contact form or engaging our services, you acknowledge the practices described in this document.

2. Data We Collect

We collect personal data through the following means:

• Contact forms on this website (name, email address, phone number, message content)
• Direct email or telephone correspondence
• Information provided during service engagements (staff names, organisational details, workflow documentation)
• Website usage data collected via analytics cookies (pages visited, session duration, browser type)

We do not collect sensitive personal data (as defined under PDPA 2010) unless explicitly required by the scope of a specific engagement and with the informed consent of the relevant individuals.

3. Legal Basis for Processing

We process personal data on the following legal bases under PDPA 2010:

• Consent — when you submit a contact form or agree to our terms at the start of an engagement
• Contract performance — when processing is necessary to deliver the services you have engaged us for
• Legitimate interest — for website analytics used to understand how visitors use our site, where this does not override your rights
• Legal obligation — where processing is required to comply with Malaysian law

4. How We Use Your Data

• To respond to enquiries submitted via the contact form
• To deliver, document, and administer our advisory services
• To maintain records of completed engagements for quality purposes
• To send service-related communications (not marketing) where you are a current or recent client
• To analyse website usage in aggregate form to improve our online presence

We do not use your personal data for targeted advertising or sell it to third parties under any circumstances.

5. Data Sharing

We do not share personal data with third parties except in the following limited circumstances:

• Service providers who assist with website hosting and analytics, bound by data processing agreements
• Where required by law or court order under Malaysian jurisdiction
• With your explicit written consent in other circumstances

We do not transfer personal data outside Malaysia except where required by the technical infrastructure of our website hosting provider, and only to jurisdictions with adequate data protection standards.

6. Data Retention

We retain personal data for the following periods:

• Contact form enquiries: up to 12 months from the date of submission, unless an engagement commences
• Engagement documentation: up to 3 years from the conclusion of the engagement, for professional record purposes
• Website analytics data: up to 26 months in aggregate, anonymised form

After the applicable retention period, personal data is deleted or anonymised.

7. Data Protection Measures

We implement reasonable technical and organisational measures to protect personal data from unauthorised access, disclosure, or loss. These include:

• Encrypted transmission of data submitted through our website (HTTPS)
• Access controls limiting who within our team can access personal data
• Confidentiality obligations for any team members handling client information
• Prompt notification to affected individuals in the event of a data breach, in accordance with PDPA 2010

8. Cookies

Our website uses cookies to improve your browsing experience and to understand how the site is used. Essential cookies are required for basic functionality. Analytics and preference cookies are optional and activated only with your consent. For full details, please refer to our Cookie Policy.

9. Your Rights

Under PDPA 2010 and applicable Malaysian law, you have the right to:

• Access personal data we hold about you
• Request correction of inaccurate or incomplete data
• Withdraw consent to data processing at any time (subject to contractual obligations)
• Request deletion of your data, where no legal retention obligation applies
• Object to processing of your data for purposes other than service delivery
• Lodge a complaint with the Department of Personal Data Protection (PDPD) of Malaysia

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 working days.

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review their privacy policies independently before submitting any personal data.

11. Children's Privacy

Our services are directed at organisations and business professionals. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that such data has been collected without appropriate consent, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be published on this page with a revised "Last Updated" date. We encourage you to review this page periodically. Continued use of our website after a change constitutes acceptance of the updated policy.

13. Contact

For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact: