Sepadu Advisory Contact Us

Legal Document

Privacy Policy

Last updated: 14 May 2025  ·  Effective: 14 May 2025

This policy describes how Sepadu Advisory (referred to as "we", "us" or "the firm") collects, processes and protects personal data in connection with our website and advisory services. It is issued in accordance with the Personal Data Protection Act 2010 (Malaysia) ("PDPA").

1. Data Controller

The data controller for the purposes of this policy is:

Sepadu Advisory

19 Jalan Burmah, 10350 George Town, Penang, Malaysia

Email: [email protected]

Telephone: +60 4 218 7493

2. Personal Data We Collect

We collect personal data in the following circumstances:

  • Enquiry forms: When you contact us via our website, we collect your name, email address and, if you provide it, your telephone number and a description of the transaction you are enquiring about.
  • Engagement correspondence: During the course of an advisory engagement, we may receive personal data relating to individuals at the client organisation and, in some cases, individuals at the target company. This data is handled under the non-disclosure agreement that governs each engagement.
  • Website analytics: We use cookies and analytics tools to understand how visitors use our website. The data collected is aggregated and does not identify individual visitors without their consent. Please refer to our Cookie Policy for detail.

3. Legal Basis for Processing

  • Consent: Where you submit an enquiry form, you are consenting to us contacting you in response to your enquiry.
  • Contractual necessity: Where we hold an engagement letter with you or your organisation, processing of relevant personal data is necessary to perform that contract.
  • Legitimate interests: We process limited website analytics data on the basis of our legitimate interest in understanding how our website is used, provided this does not override your fundamental rights and interests.

4. How We Use Personal Data

  • To respond to enquiries submitted via our website
  • To perform advisory services under an engagement letter
  • To communicate with you regarding ongoing or proposed engagements
  • To maintain records required for business and regulatory purposes
  • To analyse website usage in aggregate, for the purpose of improving the site

We do not use personal data submitted via our website for marketing purposes without your express consent, and we do not sell or share personal data with third parties for their own commercial use.

5. Data Retention

  • Enquiry data: Retained for up to twelve months from the date of last correspondence, after which it is deleted unless an engagement has commenced.
  • Engagement records: Retained for seven years from the close of the engagement, in accordance with Malaysian commercial record-keeping requirements.
  • Analytics data: Retained in aggregated, anonymised form for up to twenty-four months.

6. Data Protection Measures

We take reasonable steps to protect personal data from unauthorised access, disclosure or loss. These measures include:

  • Encryption of data in transit via HTTPS
  • Restricted access to personal data — limited to advisors with a direct need for the information
  • Non-disclosure agreements with all advisors and contractors
  • Deletion of working files from advisor devices at engagement close
  • Where a personal data breach occurs that is likely to affect individuals adversely, we will notify the relevant individuals and, where required, the relevant regulatory authority, within the period prescribed by applicable law.

7. Cookies

Our website uses cookies. Essential cookies are necessary for the site to function. Optional analytics and preference cookies are only activated with your consent. You may withdraw consent at any time via our Cookie Policy page.

8. Your Rights Under the PDPA

Under the Malaysian Personal Data Protection Act 2010, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that inaccurate or incomplete data be corrected.
  • Withdraw consent: Withdraw any consent you have given to the processing of your personal data, where consent is the legal basis for processing.
  • Cease processing: Request that we cease processing your personal data for direct marketing purposes, if applicable.
  • Complaints: Lodge a complaint with the Personal Data Protection Commissioner of Malaysia if you believe your rights have been infringed.

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days of receiving a valid request.

9. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and recommend that you read their privacy policies separately.

10. Children's Privacy

Our services are directed at organisations and individuals engaged in corporate transactions. We do not knowingly collect personal data from persons under the age of 18. If you believe we have inadvertently received such data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Where changes are material, we will post a notice on our website. Continued use of the website after the effective date of a revised policy constitutes acceptance of the changes. The current version is always available at this page.

12. Contact for Data Enquiries

All data protection enquiries should be directed to:

[email protected]
Sepadu Advisory · 19 Jalan Burmah, 10350 George Town, Penang, Malaysia