Privacy Policy

1. Introduction

Teratai ("we", "us", "our") is a business consulting firm registered in Malaysia, with its principal office at Unit 9, Jalan PJU 7/3, Mutiara Damansara, 47810 Petaling Jaya, Selangor. We take the privacy of our clients and website visitors seriously.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have in relation to it. It applies to all personal data collected through our website at terataimy.biz and through our consulting engagements.

Our practices are governed by the Personal Data Protection Act 2010 (PDPA) of Malaysia. If you have any questions about this policy, please contact us at [email protected].

2. Personal Data We Collect

We collect personal data in the following ways:

2.1 Data you provide directly

• Your name and email address (required when submitting our contact form)
• Your phone number (optional, if provided on the contact form)
• Information about your business that you share during consultations or in written correspondence
• Any other information you choose to include in messages sent to us

2.2 Data collected automatically

• Browser type, device type, and operating system
• Pages visited and time spent on our website (via analytics cookies, if consent is given)
• IP address and general geographic location (country or city level)
• Referring website or search terms used to find our site

2.3 Legal basis for processing

• Consent — when you submit a contact form or accept optional cookies
• Legitimate interests — to respond to enquiries and improve our website
• Contractual necessity — when processing data required to deliver a consulting engagement you have agreed to
• Legal obligation — where required by applicable Malaysian law

2.4 Data retention

Contact form submissions are retained for up to 24 months. Client engagement records are retained for 7 years in line with standard Malaysian business record-keeping requirements. Analytics data is aggregated and retained for up to 26 months. You may request deletion of your personal data at any time (see Section 6).

3. How We Use Your Personal Data

We use personal data collected from you for the following purposes:

• To respond to your enquiries and determine whether our services are a suitable fit
• To deliver consulting engagements you have entered into with us
• To send you written deliverables (plans, reviews, correspondence) related to your engagement
• To maintain our records as required by law
• To understand how our website is used and improve its content and usability (analytics only with consent)

We do not use your personal data for unsolicited marketing. We do not sell your data to third parties. We do not use your data for automated decision-making or profiling.

3.1 Third-party service providers

We may share limited personal data with third-party providers who assist in operating our website and communications, including:

• Website hosting and infrastructure providers
• Email delivery services (for sending responses to your enquiries)
• Analytics platforms (Google Analytics, if cookies are accepted)

These providers are bound by data processing agreements and are not permitted to use your data for their own purposes.

4. Data Protection Measures

• Our website uses HTTPS encryption for all data in transit
• Access to personal data is limited to staff who require it to perform their duties
• Client engagement records are stored securely with access controls in place
• We conduct periodic reviews of our data handling practices
• In the event of a data breach that affects your personal data, we will notify you and the relevant authorities as required under the PDPA within the prescribed timeframes

5. Cookies

We use cookies on our website. Essential cookies are required for the site to function correctly and are always active. Optional cookies (analytics, marketing, and preference cookies) are only activated if you give your consent via the cookie banner when you first visit our site.

For full details on the types of cookies we use and how to manage your preferences, please see our Cookie Policy.

6. Your Rights Under the PDPA

As a data subject under Malaysia's Personal Data Protection Act 2010, you have the following rights:

• Right of access — you may request a copy of the personal data we hold about you
• Right of correction — you may request that inaccurate personal data be corrected
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
• Right to prevent processing — in certain circumstances, you may object to how we process your data
• Right to erasure — you may request deletion of your personal data where we have no lawful basis to retain it

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days. If you are unsatisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my.

7. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any site you visit through a link from our pages.

8. Children's Privacy

Our services are intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted personal data to us, please contact us at [email protected] and we will delete it promptly.

9. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the "Last Updated" date at the top of this page. Continued use of our website after any changes constitutes acceptance of the revised policy. For significant changes, we will endeavour to notify active clients directly by email.