Legal
Privacy Policy
This policy explains how Nusa Minda collects, uses, stores, and protects personal information provided through our website and consulting engagements.
1. Introduction
Nusa Minda ("we", "our", "us") is a business consulting practice registered and operating in Malaysia, with our principal office at 11 Jalan Tun Razak, 50400 Kuala Lumpur. We are committed to handling personal data with care, in line with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
This Privacy Policy applies to personal information collected through our website at nusa-minda.info, through our contact and enquiry forms, and in the course of our consulting engagements. By using our website or submitting information to us, you acknowledge that your data will be handled as described here.
If you have questions about this policy, contact us at [email protected].
2. Data We Collect
2.1 Information You Provide Directly
When you use our contact form, request a consultation, or correspond with us by email or phone, we may collect:
- Full name
- Email address
- Phone number (if provided)
- Company name and job title (if provided)
- Content of your enquiry or message
2.2 Information Collected Automatically
When you visit our website, we may collect technical information including your IP address, browser type and version, pages viewed, time and date of your visit, and referring URL. This information is collected through cookies and similar tracking technologies. See Section 5 for details.
2.3 Information from Consulting Engagements
During a consulting engagement, we may receive business data and documents from your organisation. This is governed separately by the engagement agreement and is treated as strictly confidential. Personal data relating to your employees or customers that is shared with us in the course of consulting work will not be used for any purpose other than delivering the services described in our agreement.
3. How We Use Your Data
We use the personal data we collect for the following purposes:
3.1 Responding to Enquiries
When you submit a contact form or send us an email, we use your contact details to respond to your enquiry and to follow up as appropriate. The legal basis is our legitimate interest in responding to business communications.
3.2 Delivering Consulting Services
Where you engage our services, we use relevant data to deliver the consulting work described in the engagement agreement. The legal basis is contractual necessity.
3.3 Website Analytics
We use anonymised and aggregated analytics data to understand how our website is used and to improve its content and structure. We do not use analytics data to identify individual visitors.
3.4 Service Communications
We may contact you with information relevant to your enquiry or engagement — for example, to confirm meeting arrangements, share deliverables, or request clarifying information. We do not send unsolicited marketing communications without your consent.
4. Data Protection Measures
We take reasonable technical and organisational steps to protect personal data against unauthorised access, loss, or misuse. These include:
- Encrypted data transmission via HTTPS on all pages of our website
- Access controls limiting who within our organisation can access personal data
- Secure cloud storage with reputable providers operating in or compliant with Malaysian data protection standards
- Regular review of data access practices
In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify affected individuals and the relevant authority in accordance with applicable law and without undue delay.
6. Data Sharing
We do not sell personal data to third parties. We may share personal data in the following limited circumstances:
6.1 Service Providers
We work with trusted third-party service providers who may process data on our behalf — for example, cloud storage providers, email service providers, and analytics platforms. These providers are contractually obligated to handle data only as we instruct and to maintain appropriate security standards.
6.2 Legal Requirements
We may disclose personal data where required to do so by Malaysian law, court order, or government authority. We will inform you where permitted to do so before complying.
6.3 Business Transfers
In the event of a merger, acquisition, or change of ownership of Nusa Minda, personal data held by us may form part of the transferred assets. Affected individuals will be notified in advance where practicable.
7. Retention Periods
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law.
- Enquiry data (contact form submissions, email correspondence): up to 24 months from last contact, unless an engagement begins
- Client engagement data: retained for 7 years from the end of the engagement, in line with standard Malaysian business record requirements
- Analytics data: aggregated and anonymised after 26 months
- Cookie consent records: retained for 12 months from the date consent was recorded
Following these periods, data is securely deleted or anonymised. You may request earlier deletion of your data — see Section 8.
8. Your Rights
Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights regarding your personal data held by us:
Right of Access
You may request a copy of the personal data we hold about you. We will respond within 21 days of receiving a valid request.
Right of Correction
You may ask us to correct personal data that is inaccurate or incomplete.
Right to Withdraw Consent
Where we process data on the basis of consent (such as optional analytics cookies), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Right to Limit Processing
You may ask us to stop processing your personal data for direct communications purposes at any time.
How to Exercise These Rights
To exercise any of these rights, contact us at [email protected] with a description of your request. We may ask for reasonable verification of your identity before proceeding.
If you are not satisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP).
9. Third-Party Links
Our website may contain links to external websites that are not operated by Nusa Minda. We have no control over the content or privacy practices of those sites and are not responsible for them. We encourage you to review the privacy policy of any third-party website you visit through links on our site.
10. Children's Privacy
Our consulting services and this website are directed exclusively at business organisations and adults aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently received information from a minor, contact us at [email protected] and we will delete it promptly.
11. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, service offerings, or applicable law. When we make changes, we will update the "Last Updated" date at the top of this page. For material changes, we will take reasonable steps to notify individuals whose data we hold — for example, by email where we have a current address on record.
Continued use of our website following the publication of an updated policy constitutes acceptance of the changes.
12. Contact Us
For any privacy-related questions, requests, or concerns, please contact:
Nusa Minda — Data Queries
+60 3-2162 7493
11 Jalan Tun Razak, 50400 Kuala Lumpur, Malaysia