Privacy Policy

1. Personal Data We Collect

We collect personal data when you contact us through our website or in the course of conducting our advisory engagements. The categories of personal data we collect include:

• Contact details: Full name, email address, phone number, and job title as provided via our enquiry form or direct communication.
• Organisation details: Agency or company name, department, and role — provided voluntarily when requesting an engagement.
• Website usage data: Browser type, pages visited, and session duration collected through analytics cookies (where consent has been given).

Note on engagement data: During advisory engagements, Pelita advisers may review citizen correspondence files provided by the client agency under authorisation. Such files are handled under a separate data processing agreement and are not stored by Pelita beyond the engagement period.

2. How We Use Personal Data

We use personal data for the following purposes:

• To respond to enquiries submitted through our website contact form
• To arrange and conduct advisory engagements with client agencies
• To send correspondence related to ongoing engagements
• To improve our website and understand how it is used (with consent, via analytics cookies)
• To comply with applicable legal obligations

Data retention: Personal data provided through website enquiries is retained for a maximum of 24 months after last contact. Engagement correspondence records are retained for 7 years in line with standard professional practice and Malaysian record-keeping requirements.

Marketing: We do not send unsolicited marketing emails. If you have engaged with us and would prefer not to receive our periodic advisory updates, you may opt out at any time by writing to [email protected].

3. How We Protect Personal Data

• Our website uses HTTPS encryption for all data in transit.
• Access to personal data is restricted to Pelita team members who require it to perform their functions.
• Engagement files reviewed by Pelita advisers are not stored on Pelita systems beyond the period necessary for the engagement.
• In the event of a personal data breach that poses a risk to affected individuals, we will notify the relevant parties as required under the PDPA and applicable regulations.
• We review our data handling practices periodically and update this policy as required.

4. Cookies

Our website uses cookies to understand how it is accessed and to support basic functionality. Essential cookies cannot be declined as they are necessary for the site to operate. Optional analytics and preference cookies are used only where you have given consent.

For full details on the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

5. Third-Party Services and Links

We use a small number of third-party services to operate our website, including analytics providers (where consent is given). These providers process data in accordance with their own privacy policies.

Our website may contain links to external websites. Pelita is not responsible for the privacy practices of those sites, and we encourage you to review their policies before submitting personal data to them.

6. Your Rights Under the PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the right to:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request that inaccurate or incomplete personal data be corrected.
• Withdrawal of consent — Withdraw consent to the processing of your personal data at any time, where processing is based on consent. This will not affect the lawfulness of processing before withdrawal.
• Limitation of processing — Request that we stop processing your personal data in certain circumstances.
• Complaint — Lodge a complaint with the Department of Personal Data Protection (PDPD), Malaysia, if you believe your personal data rights have been infringed.

To exercise any of these rights, please write to [email protected]. We will respond within 21 days.

7. Children's Privacy

Our services are directed exclusively at organisations and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided personal data through our website, please contact us at [email protected] so we can take appropriate action.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated version will be published on this page with a revised Last Updated date. We encourage you to review this page periodically. Continued use of our website after changes are posted constitutes acceptance of the updated policy.

9. Contact for Data Enquiries

For questions about this Privacy Policy or to exercise your data rights, please contact our data responsibility officer: