Privacy Policy

1. Data We Collect

We collect personal data when you submit an enquiry through our website contact form, when you engage us for a service, and through standard website analytics tools. The types of data we may collect include:

• Full name and contact details (email address, telephone number)
• Business name, type of business, and approximate size
• Information you share during our sessions or written communications
• Technical data such as IP address, browser type, and pages visited (via analytics cookies)

We do not collect sensitive personal data such as identity card numbers, financial account details, or health information unless you specifically provide this in the course of an engagement and it is relevant to the advisory work.

2. How and Why We Use Your Data

We use your personal data for the following purposes:

• Service delivery: to respond to your enquiry, schedule sessions, and conduct the advisory engagement you have requested
• Communication: to send you the written outputs from your engagement (recap notes, plan documents, quarterly summaries)
• Business administration: to issue invoices, maintain records of our engagements, and manage our client relationships
• Website improvement: to understand how visitors use our site and improve its content and usability

The legal basis for processing your data is primarily contract performance (when you have engaged us for a service) and legitimate interest (for enquiry responses and website analytics). Where we seek your consent, we will do so clearly and you may withdraw it at any time.

We do not use your personal data for unsolicited marketing and do not share it with third parties for marketing purposes.

3. Data Retention

We retain your personal data for as long as is necessary for the purposes described above:

• Contact enquiries not resulting in an engagement: up to 12 months
• Client engagement records (notes, plans, summaries, correspondence): up to 7 years from the end of the engagement, for legitimate business and regulatory reasons
• Website analytics data: as configured by the analytics service, typically up to 26 months

After these periods, personal data is deleted or anonymised.

4. Data Protection Measures

We take reasonable steps to protect your personal data from unauthorised access, loss, or misuse. These include:

• Storing electronic records on password-protected systems with access limited to those directly involved in your engagement
• Using secure, encrypted communication channels for transmitting engagement documents
• Maintaining physical security for any paper records
• Reviewing our data handling practices periodically

In the event of a data breach that is likely to affect your rights, we will notify you and the relevant authority as required under the PDPA.

5. Cookies

Our website uses cookies to support basic site functionality and to collect anonymous analytics data. You can manage your cookie preferences at any time through our Cookie Policy page. Essential cookies cannot be disabled as they are required for the site to function correctly.

6. Third-Party Services

We may use the following third-party services that may process data as part of their operation:

• Google Analytics: for website usage statistics (anonymised)
• Google Maps: to display our office location on the website
• Email service providers: for transmitting written communications to clients

We do not sell your data to any third party and do not permit third parties to use your data for their own marketing purposes.

7. Your Rights Under the PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the following rights regarding your personal data held by Setia Bina:

• Right of access: you may request a copy of the personal data we hold about you
• Right of correction: you may ask us to correct inaccurate or incomplete data
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
• Right to limit processing: you may ask us to restrict how we use your data in certain circumstances

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days. If you are unsatisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP).

8. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and this policy does not apply to them. We encourage you to review the privacy policies of any external sites you visit.

9. Children's Privacy

Our services are intended for business owners and adults aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. Continued use of our website or services after changes are posted constitutes acceptance of the updated policy. For material changes, we will make reasonable efforts to notify active clients directly.

11. Contact Us

For any questions about this Privacy Policy or your personal data, please contact: