◈ Legal
Privacy Policy
Last Updated: 14 April 2025 · Mentari Consult, George Town, Penang, Malaysia
Mentari Consult ("we", "us", "our") is committed to protecting the personal data of the individuals who visit this website, enquire about our services, or engage us as clients. This policy explains what data we collect, how we use it, how we protect it, and what rights you have under the Personal Data Protection Act 2010 (Malaysia) ("PDPA").
1. Data Controller
Mentari Consult is the data controller for personal data collected through this website and through our advisory engagements. Our address is 14B Lebuh Bishop, 10200 George Town, Penang, Malaysia. For data-related enquiries, contact us at [email protected].
2. Data We Collect
We collect personal data in the following circumstances:
- Contact form submissions: name, email address, phone number (optional), and message content.
- Advisory engagements: contact details, organisational information, and information about your technology estate shared during the course of an engagement.
- Website analytics: anonymised usage data collected via cookies (see Section 6).
We do not collect sensitive personal data (as defined under the PDPA) unless explicitly required for an engagement and with your agreement.
3. Legal Basis for Processing
We process your personal data under the following legal bases as recognised by the PDPA:
- Consent: for marketing communications and optional cookies.
- Contract: to deliver services you have commissioned from us.
- Legitimate interest: to respond to enquiries made through this website.
- Legal obligation: where we are required to retain records by law.
4. How We Use Your Data
- To respond to enquiries submitted through our contact form.
- To deliver advisory services you have engaged us to provide.
- To send engagement-related communications (scope letters, output documents, invoices).
- To improve our website based on anonymised analytics data.
- To comply with legal obligations applicable to our business in Malaysia.
We do not use your personal data for unsolicited marketing unless you have given explicit consent. You may withdraw consent at any time by writing to [email protected].
5. Data Sharing
We do not sell personal data to third parties. We may share data in the following limited circumstances:
- Service providers: hosting, email and document management services that process data on our behalf under contractual obligations.
- Legal requirements: where we are required to disclose data by law, court order or regulatory authority.
- Business transfers: in the event of a merger or acquisition, personal data may be transferred as part of that transaction with appropriate notice to affected individuals.
6. Data Retention
Enquiry data from the contact form is retained for up to twelve months. Client engagement data is retained for seven years following the conclusion of the engagement, in accordance with standard commercial record-keeping requirements under Malaysian law. You may request earlier deletion where data is no longer necessary for the purpose it was collected.
7. Data Protection Measures
- Data is stored on secured servers with access restricted to authorised personnel.
- Email communications containing sensitive engagement information are transmitted using encrypted channels.
- Access controls and password policies are reviewed periodically.
- In the event of a data breach affecting your personal data, we will notify you within seventy-two hours of becoming aware of it, where required by applicable law.
8. Cookies
This website uses cookies to understand how visitors navigate its pages. Essential cookies are required for basic functionality. Optional analytics and preference cookies are used only with your consent. For full details, see our Cookie Policy.
9. Your Rights Under the PDPA
Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:
- Access personal data we hold about you.
- Correct inaccurate or incomplete personal data.
- Withdraw consent to the processing of your personal data at any time.
- Request deletion of your personal data where it is no longer required for the purpose it was collected.
- Object to processing for direct marketing purposes.
- Lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia if you believe your rights have been infringed.
To exercise any of these rights, write to us at [email protected]. We will respond within thirty days.
10. Third-Party Links
This website may contain links to external websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before sharing personal data.
11. Children's Privacy
Our services are directed at organisations and professionals. We do not knowingly collect personal data from individuals under the age of eighteen. If we become aware that we have received such data, we will delete it promptly.
12. Changes to This Policy
We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of this website following an update constitutes acceptance of the revised policy.
13. Contact
For any questions about this policy or to exercise your rights, contact us: