Privacy Policy

Kenanga ("we", "us", "our") is committed to handling personal information responsibly. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have in relation to it.

This policy applies to information collected through our website at kenangamy.cyou and through our business consulting engagements. It is written to reflect our obligations under the Personal Data Protection Act 2010 (PDPA) of Malaysia.

If you have questions about this policy or how we handle your data, you can contact us at [email protected].

The data controller for the purposes of this policy is:

• Business name: Kenanga
• Address: No. 14, Jalan Sultan Idris Shah, 30000 Ipoh, Perak, Malaysia
• Email: [email protected]
• Phone: +60 5-241 8736

We are a business consulting firm working with small businesses in Malaysia. We are registered as a data user under the PDPA and take our obligations under that Act seriously.

We collect personal data in the following ways:

Via our website contact form:

• Full name
• Email address
• Phone number (optional)
• Message content you choose to send us

During consulting engagements:

• Business contact details
• Business financial and operational information you share with us
• Notes and records from working sessions

Automatically via our website:

• Cookies and similar tracking data (subject to your consent — see Section 6)
• General analytics data such as page visits and browser type

We do not collect sensitive personal data (such as race, religion, health information or financial account numbers) unless you explicitly provide it in written correspondence and it is necessary for the engagement.

We use personal data only for the purposes for which it was collected:

• To respond to enquiries — when you contact us via the website, we use your details to reply and to assess whether we can help.
• To deliver consulting services — during an engagement, we use information you share to conduct reviews, produce recommendations, and provide advisory support.
• To manage our client relationship — scheduling, invoicing, and follow-up communication.
• To improve our website — analytics data (where consented) helps us understand how the site is used.

The legal basis for processing is, depending on context: your consent (for cookies and analytics), the performance of a contract (for consulting engagements), or our legitimate interest in responding to business enquiries.

We do not use your data for automated decision-making and we do not sell personal data to third parties.

Data retention: Enquiry data is retained for up to 12 months if no engagement follows. Client engagement records are retained for up to 5 years from the end of the engagement for professional and legal compliance purposes, after which they are securely deleted.

We do not sell, rent, or trade your personal information. We may share data with the following categories of third parties in limited circumstances:

• Analytics providers (e.g. Google Analytics) — aggregated, anonymised usage data where you have consented to analytics cookies. These providers operate under their own privacy policies.
• Email service providers — to deliver correspondence. These providers process data on our behalf under data processing agreements.
• Legal or regulatory bodies — if we are required to disclose information by law, court order, or regulatory authority in Malaysia.

We take reasonable steps to ensure that any third party handling personal data on our behalf does so in accordance with the PDPA and applicable standards.

• Our website uses HTTPS encryption for all data transmitted between your browser and our server.
• Client engagement records are stored in access-controlled systems limited to staff with a need to access them.
• Physical documents containing personal data are kept securely and disposed of by secure means when no longer required.
• We review our data handling practices periodically and update them as needed.

In the event of a data breach that is likely to cause significant harm to individuals, we will notify affected persons and, where required, report the breach to the relevant authority in Malaysia within a reasonable timeframe.

We use cookies on this website. Cookies are small text files stored on your device that help the site function and, where you consent, allow us to understand how the site is used.

• Essential cookies — necessary for the site to work correctly. These cannot be disabled.
• Analytics cookies — used to understand visitor behaviour in aggregate. Only placed with your consent.
• Preference cookies — used to remember choices you make on the site. Only placed with your consent.

You can manage your cookie preferences at any time via our Cookie Policy page.

Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights in relation to personal data we hold about you:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to correct — you may request that inaccurate or incomplete data be corrected.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time. This does not affect processing that took place before withdrawal.
• Right to limit processing — in certain circumstances, you may request that we restrict how we use your data.

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days. We may need to verify your identity before processing your request.

If you believe we have not handled your data correctly, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my.

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policy of any external site before submitting personal information.

Our services are directed at business owners and are not intended for persons under the age of 18. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected data from a minor, contact us at [email protected] and we will delete it promptly.

We may update this policy from time to time to reflect changes in our practices or legal requirements. The updated date at the top of this page will indicate when the most recent revision was made. Continued use of our website or services after a change constitutes acceptance of the updated policy.

For significant changes, we will take reasonable steps to notify existing clients directly.

For any questions or requests relating to this policy or your personal data:

• Email: [email protected]
• Post: Kenanga, No. 14, Jalan Sultan Idris Shah, 30000 Ipoh, Perak, Malaysia
• Phone: +60 5-241 8736