B
Bumi Consult Strategic Planning

Legal

Privacy Policy

This policy explains how Bumi Consult collects, uses, discloses, and protects your personal data. It is written in plain language to make it easy to understand.

Last updated:  |  Governed by the Personal Data Protection Act 2010 (Malaysia)

1. Data Controller

Bumi Consult ("we", "our", "us") is the data controller responsible for the personal data collected through this website and in the course of our consulting services. We are registered as a business in Malaysia and operate from:

Bumi Consult
Level 12, Menara Bumi
No. 14 Jalan Sultan Ismail
50250 Kuala Lumpur, Malaysia

This Privacy Policy is issued in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. By using this website or engaging our services, you acknowledge the practices described in this policy.

2. Personal Data We Collect

We collect personal data only when you voluntarily provide it, or where it is generated automatically as part of your use of this website. The categories of personal data we may collect include:

Information You Provide

  • Your name and contact details (email address, telephone number)
  • Your company name, job title, and business sector
  • The content of messages you send us through our contact form
  • Information you share during initial consultation calls or in correspondence

Information Collected Automatically

  • IP address and approximate geographic location
  • Browser type, device type, and operating system
  • Pages visited on this website and time spent on those pages
  • Referral source (how you arrived at this website)
  • Cookie identifiers where consent has been given (see Section 7)

We do not collect sensitive personal data as defined under the PDPA (such as health information, political opinions, or religious beliefs) through this website.

3. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • To respond to enquiries submitted through our contact form
  • To assess whether our services are a suitable fit for your situation
  • To prepare and deliver consulting services where an engagement is agreed
  • To maintain records of client engagements and related correspondence
  • To send service-related communications (such as meeting confirmations and deliverable updates)
  • To improve the content and usability of this website using aggregated, anonymised analytics
  • To comply with legal obligations that apply to our business

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal Basis for Processing

Under the PDPA, we process your personal data on one or more of the following grounds:

  • Consent — where you have indicated your agreement by submitting the contact form or accepting cookies on this website
  • Contractual necessity — where processing is required to deliver services under an agreed engagement
  • Legal obligation — where we are required to retain or disclose data under Malaysian law
  • Legitimate interests — for example, to protect the security of our systems and to operate our business responsibly

5. Disclosure to Third Parties

We do not sell, rent, or trade your personal data. We may share data with the following categories of third parties where necessary:

  • Technology service providers — such as hosting, email, and analytics platforms that process data on our behalf under data processing agreements
  • Professional advisers — including legal counsel and accountants, where applicable
  • Regulatory authorities — where required by law or a competent authority in Malaysia

Any third party that processes personal data on our behalf is required to handle it with appropriate safeguards and only in accordance with our instructions.

Analytics data (including data from Google Analytics and similar tools, where consent has been obtained) may be processed on servers outside Malaysia. Where this applies, we rely on the respective provider's standard data transfer mechanisms and privacy commitments.

6. Data Retention

We retain personal data for as long as is necessary for the purposes described in this policy, or as required by applicable law. Our general approach is:

  • Enquiry data from non-clients: retained for up to 12 months, then securely deleted
  • Client engagement records: retained for 7 years from the end of the engagement, in accordance with Malaysian business record-keeping requirements
  • Website analytics data: retained in aggregated, anonymised form in accordance with the terms of the relevant analytics provider

You may request deletion of your personal data at any time, subject to any overriding legal obligations we are required to fulfil (see Section 8).

7. Cookies

This website uses cookies and similar tracking technologies. A cookie is a small file placed on your device when you visit a website. We use cookies for the following purposes:

  • Strictly necessary cookies — required for the website to function and cannot be disabled
  • Analytics cookies — used to understand how visitors use this website (only placed with your consent)
  • Marketing cookies — used to measure the effectiveness of advertising (only placed with your consent)

You can manage your cookie preferences at any time through the cookie consent tool on this website. For full details, please see our Cookie Policy.

8. Your Rights Under the PDPA

Under the Personal Data Protection Act 2010, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that inaccurate or incomplete data be corrected
  • Withdrawal of consent — withdraw consent for processing where consent is the legal basis
  • Limitation of processing — request that we limit the use of your data in certain circumstances
  • Complaint — raise a complaint with the Department of Personal Data Protection Malaysia (JPDP)

To exercise any of these rights, please contact us in writing using the details in Section 11. We will respond within 21 days. We may need to verify your identity before fulfilling any request.

Please note that some rights may be limited by our legal obligations — for example, we may be required to retain certain records for statutory purposes even after a deletion request.

9. Data Security

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, alteration, or disclosure. These include access controls, encrypted communications, and regular review of our data-handling procedures.

No transmission over the internet is entirely secure. If you have concerns about the security of information you have shared with us, please contact us directly.

In the event of a data breach that is likely to result in a risk to your rights or freedoms, we will notify you and the relevant authorities in accordance with applicable Malaysian law.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we do, we will revise the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of this website following a material update constitutes your acknowledgement of the revised terms.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights under the PDPA, or want to raise a concern about how we handle your personal data, please contact us:

Data Controller Contact

Bumi Consult

Level 12, Menara Bumi, No. 14 Jalan Sultan Ismail, 50250 Kuala Lumpur

[email protected]

+60 3 2741 8523

You also have the right to lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) if you believe your data has been handled in a manner inconsistent with the PDPA.

Back to Home