LEGAL
Privacy Policy
Last Updated: 15 April 2025 · Effective: 15 April 2025
1. Introduction
Cermin Insight ("we", "us", "our") is committed to protecting the privacy of individuals who interact with our advisory practice. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with our website and our advisory services, in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
If you have questions about this policy or about how we handle your data, please contact us at [email protected].
2. Data Controller
The data controller for personal data collected through this website and through our advisory engagements is:
Cermin Insight
7-2 Bangsar Trade Centre, Jalan Maarof, 59000 Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3 2284 7541
3. Data We Collect
We collect personal data in the following circumstances:
Through our website contact form: name, email address, phone number (optional), and the content of your message.
Through advisory engagements: information shared during conversations and documented in engagement summaries and outputs. This may include professional background, organizational information, and other details relevant to the advisory work.
Through website analytics: technical data such as IP address, browser type, pages visited, and time on site — collected through cookies and analytics tools (subject to your cookie preferences).
4. Legal Basis for Processing
We process personal data on the following bases under the PDPA 2010:
- Consent: when you submit our contact form or accept our cookie policy.
- Contractual necessity: when data processing is necessary to deliver advisory services agreed under an engagement contract.
- Legitimate interests: for internal administrative purposes, improving our services, and communicating with existing clients.
- Legal compliance: where we are required to retain or process data under applicable Malaysian law.
5. How We Use Your Data
- Responding to enquiries submitted through our contact form
- Delivering advisory services under agreed engagement terms
- Producing and storing written engagement outputs (reflection documents, summaries, findings reports)
- Maintaining business records as required by Malaysian law
- Improving our website and services based on usage patterns
- Communicating with existing and former clients about relevant matters
We do not use personal data for marketing to third parties, and we do not sell personal data.
6. Data Retention
Contact form enquiries are retained for twelve months from the date of submission. Engagement-related data, including written outputs, is retained for five years from the conclusion of the engagement, after which it is securely deleted unless retention is required by law. Analytics data is retained for twenty-four months.
7. Data Sharing
We do not share personal data with third parties except in the following limited circumstances:
- Service providers: We use third-party services for website hosting and analytics. These providers process data on our behalf under appropriate data processing agreements.
- Legal requirements: We may disclose data where required by Malaysian law, court order, or regulatory authority.
- Client consent: We do not share engagement-specific data with any third party without the explicit consent of the client.
8. Data Security
We apply appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, loss, or destruction. These measures include access controls, secure data storage, and staff awareness of data protection obligations. In the event of a data breach that may affect your rights, we will notify affected individuals as required under applicable law.
9. Cookies
Our website uses cookies to function correctly and to understand how visitors use the site. Please refer to our Cookie Policy for detailed information about the cookies we use and how to manage your preferences.
10. Your Rights
Under the PDPA 2010, you have the following rights in relation to your personal data:
- Right to access: You may request a copy of the personal data we hold about you.
- Right to correction: You may request correction of inaccurate or incomplete data.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
- Right to limit processing: You may request that we limit how we use your data in certain circumstances.
- Right to complain: You have the right to lodge a complaint with the Personal Data Protection Commissioner Malaysia if you believe your data rights have been infringed.
To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.
11. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies independently.
12. Children's Privacy
Our services are intended for organizations and individuals aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us so we can delete it.
13. Updates to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Continued use of our website after any update constitutes acceptance of the revised policy.
14. Contact
For any privacy-related enquiries:
Email: [email protected]
Phone: +60 3 2284 7541
Address: 7-2 Bangsar Trade Centre, Jalan Maarof, 59000 Kuala Lumpur