Legal
Privacy Policy
Last Updated: 28 April 2025 | Effective: 28 April 2025
1. Introduction
Caltrop Advisory ("we", "us", "our") is committed to protecting the personal data of individuals who interact with our website and services. This Privacy Policy explains what information we collect, how we use it, and the rights you have in relation to it.
This policy applies to all personal data processed by Caltrop Advisory in connection with the operation of our website at caltropa.sbs and the delivery of our consulting services from our registered office at Suite 12-03, Menara Hap Seng, 1 Jalan P. Ramlee, 50250 Kuala Lumpur, Malaysia.
We process personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). By using our website or engaging our services, you acknowledge the practices described in this policy.
2. Data We Collect
We collect the following categories of personal data:
- Contact information: Name, email address, phone number submitted through our contact form or enquiry communications.
- Engagement data: Information you provide during scoping conversations and consulting engagements, including organisational information and business process details. This is subject to separate confidentiality agreements.
- Website usage data: IP address, browser type, pages visited, and time on site, collected through analytics tools where consent has been given.
- Cookie data: Preferences stored via cookies as described in our Cookie Policy.
We do not collect sensitive personal data (as defined under the PDPA) through our website forms.
3. How We Use Your Data
We use your personal data for the following purposes:
- Responding to enquiries: To respond to messages submitted through our contact form and to arrange introductory conversations.
- Service delivery: To plan and deliver consulting engagements where you or your organisation has engaged us.
- Service communications: To send relevant information about your engagement, including meeting confirmations and output delivery.
- Website improvement: To understand how visitors use our website and to improve its content and performance, using aggregated and anonymised data where possible.
- Legal compliance: To meet obligations under applicable Malaysian law.
We do not sell personal data to third parties. We do not use personal data submitted through our contact form for unsolicited marketing communications.
4. Legal Basis for Processing
Under the PDPA, we process personal data on the following bases:
- Consent: Where you have submitted data through our contact form or agreed to cookies.
- Contract: Where processing is necessary for the performance of a consulting engagement you have entered into with us.
- Legitimate interest: For website analytics and improving our services, where this does not override your rights.
- Legal obligation: Where we are required to process data to comply with applicable law.
5. Data Retention
We retain personal data for the following periods:
- Contact form submissions: Up to 12 months from the date of submission if no engagement results.
- Engagement-related data: For the duration of the engagement and up to 3 years after completion, unless a shorter period is agreed in the engagement confidentiality agreement.
- Analytics data: Up to 26 months, in line with standard analytics tool defaults.
After retention periods expire, data is securely deleted or anonymised.
6. Data Sharing
We may share personal data with the following categories of third parties, only to the extent necessary:
- Technology providers: Cloud storage and email service providers used to operate our business, subject to data processing agreements.
- Analytics services: Where you have consented to analytics cookies, usage data may be processed by third-party analytics tools.
- Legal authorities: Where required by Malaysian law or a valid legal process.
We do not share engagement-related organisational data with any third parties outside the engagement team.
7. Data Protection Measures
We take the following measures to protect personal data:
- Secure, encrypted connections (HTTPS) on our website.
- Access controls limiting data access to authorised personnel only.
- Secure deletion procedures for data no longer required.
- Regular review of data handling practices.
In the event of a personal data breach that poses a risk to affected individuals, we will notify the relevant parties as required under applicable law.
8. Cookies
Our website uses cookies to function correctly and, where consent is given, to analyse usage. For full details of the cookies we use and how to manage your preferences, please see our Cookie Policy.
9. Your Rights
Under the PDPA and as a matter of our practice, you have the following rights in relation to your personal data:
- Right of access: To request a copy of the personal data we hold about you.
- Right to correction: To request that inaccurate or incomplete data is corrected.
- Right to withdraw consent: Where processing is based on consent, to withdraw that consent at any time.
- Right to object: To object to processing based on legitimate interests.
- Right to erasure: To request deletion of personal data in certain circumstances.
To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days.
If you are unsatisfied with how we handle your request, you may direct a complaint to the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their policies independently.
11. Children's Privacy
Our services are directed at business operators and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from persons under 18. If you believe a minor has submitted data through our website, please contact us so we can delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last Updated" date. Continued use of our website after changes are posted constitutes acceptance of the revised policy.
13. Contact
For privacy-related questions or requests:
- Email: [email protected]
- Address: Caltrop Advisory, Suite 12-03, Menara Hap Seng, 1 Jalan P. Ramlee, 50250 Kuala Lumpur, Malaysia