Privacy Policy

1. Data Controller

The data controller for personal data processed in connection with this website and our advisory services is:

Harmoni Partners
Suite 20-3, The Gardens South Tower, Mid Valley City, 59200 Kuala Lumpur, Malaysia
Email: [email protected]
Telephone: +60 3-2297 6483

2. What Personal Data We Collect

We may collect the following personal data in connection with our website and services:

• Identification data: Full name, organisation name, and job title provided through our contact form or during consultations.
• Contact data: Email address, telephone number, and business address.
• Communication data: Content of messages or enquiries submitted via our contact form or by email.
• Technical data: IP address, browser type, and website usage information collected through cookies and analytics tools.
• Engagement data: Information about your organisation's data handling practices, provided by you in the course of an advisory engagement.

We collect personal data directly from you through our website contact form, by telephone, by email, and in the course of delivering advisory services. We do not purchase or obtain personal data from third-party data brokers.

3. How We Use Personal Data

We use personal data for the following purposes:

• Responding to enquiries submitted through our contact form or by telephone
• Delivering advisory services you have engaged us to provide
• Issuing invoices and managing payment for services
• Maintaining records of engagements for quality and legal compliance purposes
• Improving the content and functionality of this website using aggregated analytics data
• Complying with legal obligations applicable to professional advisory practices in Malaysia

We do not use personal data for direct marketing unless you have specifically requested to receive information from us. We do not sell personal data to third parties.

4. Legal Basis for Processing

Under the PDPA 2010, we rely on the following bases to process your personal data:

• Consent: Where you have voluntarily provided personal data through our contact form or in the course of enquiring about our services.
• Contractual necessity: Where processing is required to deliver the advisory services you have engaged us to provide.
• Legal obligation: Where processing is necessary to comply with applicable Malaysian law, including professional and tax obligations.
• Legitimate interests: For purposes of website analytics and improving the quality of our services, where our legitimate interests do not override your interests or rights.

5. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Our general retention periods are:

• Enquiry data: 12 months from the date of enquiry if no engagement is entered into.
• Engagement records: 7 years from completion of the engagement, in accordance with professional record-keeping requirements in Malaysia.
• Invoice and payment records: 7 years for tax and accounting compliance.
• Website analytics data: 26 months in aggregated form, in accordance with analytics provider retention settings.

6. How We Protect Your Data

We take the security of personal data seriously and maintain appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure. These include:

• Encrypted storage of digital records and encrypted transmission of data via TLS/SSL
• Access controls limiting data access to authorised staff with a legitimate need
• Confidentiality obligations binding all staff and advisors who handle client information
• Periodic review of data handling practices within our own operations
• A documented data breach response procedure

In the event of a personal data breach that is likely to affect your rights and interests, we will notify you and, where required, the Personal Data Protection Commissioner in accordance with applicable obligations.

7. Cookies and Website Analytics

This website uses cookies to ensure basic functionality and to understand how visitors use it. We use:

• Essential cookies: Required for the website to function correctly. These cannot be disabled.
• Analytics cookies: Used to understand aggregated visitor behaviour and improve the website. You may decline these via our cookie consent notice.

For more detail, please see our Cookie Policy.

8. Sharing Personal Data

We do not sell personal data. We may share it in limited circumstances:

• Service providers: Third-party providers who assist us in delivering our services (e.g., cloud storage, email, accounting software), subject to written data processing agreements.
• Regulatory authorities: Where required by Malaysian law, court order, or lawful request from the Personal Data Protection Commissioner.
• Professional advisors: Legal counsel or professional advisors assisting us, subject to confidentiality obligations.

Where any sharing involves cross-border data transfer to a jurisdiction not whitelisted under the PDPA, we ensure appropriate contractual safeguards are in place.

9. Your Rights

Under the Personal Data Protection Act 2010, you have the following rights in relation to your personal data:

• Right of access: To request a copy of the personal data we hold about you.
• Right of correction: To request correction of inaccurate or incomplete personal data.
• Right to withdraw consent: To withdraw consent for processing where consent is the basis for processing, without affecting prior processing.
• Right to limit processing: To request that we limit our use of your personal data in certain circumstances.
• Right to inquire: To submit questions about our data practices to our privacy contact.

To exercise any of these rights, please contact us at [email protected]. We will respond within a reasonable time and in accordance with our obligations under the PDPA.

If you are dissatisfied with our handling of a privacy concern, you may contact the Personal Data Protection Commissioner at www.pdp.gov.my.

10. Children's Privacy

Our services are directed at business organisations and individuals aged 18 and above. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected personal data from someone under 18, please contact us so that we can take appropriate steps.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices or applicable law. Where changes are material, we will post the updated policy on this page with a revised "Last Updated" date. Continued use of our website or services after a policy update constitutes acceptance of the revised terms.

12. Privacy Contact

For any questions, concerns, or requests relating to this Privacy Policy or our data handling practices, please contact:

Privacy Officer, Harmoni Partners
Email: [email protected]
Telephone: +60 3-2297 6483
Suite 20-3, The Gardens South Tower, Mid Valley City, 59200 Kuala Lumpur