Privacy Policy

Saujana Group ("we", "us", or "our") is a business advisory practice registered and operating in Cyberjaya, Selangor, Malaysia. This Privacy Policy describes how we collect, use, store, and protect personal information when you visit our website or engage with our advisory services.

We handle personal data with care and only collect what is necessary for the purposes described below. If you have questions about this policy or how your information is handled, please write to us at [email protected].

This policy is governed by the Personal Data Protection Act 2010 (PDPA) of Malaysia and applies to all individuals whose data we process in connection with our services and website.

1. Personal Data We Collect

We collect personal data through the following means:

• Contact enquiry forms: Name, email address, phone number, and the content of your message.
• Service engagements: Business contact details, role and organisation name, communication records, and notes relevant to advisory work.
• Website analytics: Aggregated and anonymised data about how visitors use our site, including pages viewed, session duration, and referring sources.
• Cookies and local storage: Preference data stored in your browser to remember your cookie consent choice. See Section 5 and our Cookie Policy for details.

We do not collect sensitive personal data (such as health information, financial records, or identification documents) through our website. Where such information is shared during an engagement, it is handled under a separate confidentiality arrangement.

2. How and Why We Use Your Data

We process personal data on the following legal bases under the PDPA 2010:

• Consent: Where you have provided your information through a contact form or agreed to receive communications from us.
• Legitimate interests: To maintain records of professional correspondence and to improve our website and services.
• Contractual necessity: Where we hold an engagement agreement with your organisation, we process contact data to fulfil that arrangement.

Specifically, we use personal data to:

• Respond to enquiries submitted through our contact form.
• Conduct and manage advisory engagements.
• Send occasional communications about our practice, where you have opted in.
• Understand how our website is used and where it can be improved.
• Meet any applicable legal or regulatory obligations.

We do not sell personal data to third parties, and we do not use it for automated decision-making or profiling.

3. Sharing Your Information

We share personal data only where strictly necessary:

• Service providers: We use a small number of third-party tools — including email and website hosting — whose providers may process data on our behalf under appropriate data processing agreements.
• Analytics: Aggregated, anonymised website usage data may be processed by analytics platforms such as Google Analytics. No personally identifiable information is shared for this purpose.
• Legal requirements: We will disclose personal data where required to do so by Malaysian law or a competent authority.

We do not share personal data with advertising networks or social media platforms for tracking purposes.

4. How Long We Keep Your Data

We retain personal data for as long as it is necessary for the purposes it was collected:

• Contact enquiries: Up to 12 months from the date of initial contact, unless an engagement follows.
• Engagement records: Up to 7 years from the conclusion of an engagement, in line with general record-keeping practice.
• Analytics data: Aggregated data may be retained indefinitely; identifiable session data is not retained beyond 26 months.
• Cookie preferences: Stored in your browser until you clear them or withdraw consent.

When data is no longer required, it is deleted or anonymised in a secure and orderly manner.

5. Cookies

Our website uses cookies and similar technologies to support basic functionality and to understand how the site is being used. We ask for your consent before placing non-essential cookies.

For a full explanation of the cookies we use, how long they persist, and how to manage your preferences, please read our Cookie Policy.

6. Security Measures

We take reasonable steps to protect personal data against loss, misuse, and unauthorised access:

• Our website is served over HTTPS with current TLS encryption.
• Access to personal data within our practice is limited to those with a direct need to see it.
• We use reputable, security-conscious hosting and communication providers.
• Where a data incident occurs that affects your rights or interests, we will notify you and the relevant authority as required by applicable law.

No method of digital transmission is entirely without risk, and we cannot warrant absolute security. We encourage you to contact us immediately at [email protected] if you have reason to believe your data has been affected.

7. Your Rights Under Malaysian Law

Under the Personal Data Protection Act 2010, you have the following rights in relation to personal data we hold about you:

• Right to access: You may request a copy of the personal data we hold about you.
• Right to correction: You may ask us to correct inaccurate or incomplete data.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.
• Right to limit processing: In certain circumstances, you may ask us to restrict how we use your data.
• Right to object: You may object to processing based on legitimate interests.

To exercise any of these rights, please write to us at [email protected]. We will respond within 21 days. Where a request cannot be fulfilled, we will explain why.

If you are dissatisfied with how we have handled your request, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at pdp.gov.my.

8. Links to Other Websites

Our website may from time to time contain references or links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their respective policies. This Privacy Policy applies solely to information collected by Saujana Group.

9. Children's Privacy

Our services are directed at businesses and professional individuals aged 18 and above. We do not knowingly collect personal data from persons under 18. If we become aware that we hold such data, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practice or applicable law. When we do, we will update the "Last updated" date at the top of the page. We encourage you to revisit this page periodically.

Material changes that significantly affect how we handle your data will be communicated by a prominent notice on our website for a reasonable period.

11. Contact Us

For questions, requests, or concerns relating to this Privacy Policy or how we handle personal data, please contact: