Privacy Policy

1. Who We Are

Verdantis Consulting Sdn. Bhd. ("Verdantis", "we", "our", or "us") is a business consulting firm registered in Malaysia and operating from 18-3 Jalan Tun Razak, 50400 Kuala Lumpur. We provide strategic planning advisory, operations diagnostic, and leadership alignment services to organisations in Malaysia.

This Privacy Policy describes how we collect, use, store, and protect personal data that you provide to us, or that we obtain through your use of our website at verdantisa.info (the "Website"), and through the course of our consulting engagements.

For the purposes of the PDPA 2010, Verdantis Consulting Sdn. Bhd. is the data user in respect of the personal data we process.

2. Personal Data We Collect

We may collect the following categories of personal data:

Contact and Identity Data

• Full name
• Job title and organisation name
• Business email address and telephone number
• Business mailing address

Enquiry and Communication Data

• The content of messages or enquiries submitted via our contact form or by email
• Records of correspondence between you and Verdantis
• Notes or information shared during introductory consultations

Engagement Data

• Organisational information shared in the course of a consulting engagement, which may incidentally include personal data about your employees or associates
• Signed agreements, proposals, and related documentation

Technical Data

• IP address and general geographic location (country/city level)
• Browser type, operating system, and device type
• Pages visited, time on site, and referral source
• Cookie identifiers (see Section 10)

We do not knowingly collect sensitive personal data as defined under the PDPA 2010 (such as health data, financial account information, or political opinions) unless it is directly relevant to a specific engagement and you have provided it with full awareness.

3. How Personal Data Is Collected

We collect personal data through the following means:

• Website contact form — when you submit an enquiry through our Website
• Direct communication — by email, telephone, or in-person meeting
• Engagement onboarding — through agreements, questionnaires, and pre-engagement documentation
• Referrals — when an existing contact provides your details to introduce you to us; in such cases, we will inform you of this at the earliest practical opportunity
• Website analytics — automatically collected when you browse our Website (see Section 10)

4. Purposes for Which We Process Personal Data

We process personal data for the following purposes:

• To respond to your enquiry or consultation request
• To assess whether an engagement is appropriate for your organisation's needs
• To administer and perform consulting engagements, including facilitation, reporting, and follow-up
• To fulfil contractual obligations and manage invoicing and payment
• To maintain records required for legal and regulatory compliance
• To improve the quality and relevance of our services
• To understand how our Website is used, in aggregate and anonymised form where possible
• To send relevant service communications, where you have consented or where it is in our legitimate interests to do so

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Legal Basis for Processing

Under the PDPA 2010, we rely on the following grounds for processing your personal data:

• Consent — where you have submitted an enquiry via our Website or agreed to the processing in the course of an engagement
• Contract performance — where processing is necessary to fulfil our obligations under a consulting agreement
• Legitimate interests — where processing is reasonably necessary for our business operations, provided it does not override your rights and interests
• Legal obligation — where processing is required to comply with applicable Malaysian law

6. Disclosure to Third Parties

We do not sell, rent, or trade personal data. We may share personal data with the following categories of third parties, strictly for the purposes described in this Policy:

• Technology service providers — including website hosting, email, and analytics providers who process data on our behalf under appropriate data processing agreements
• Professional advisors — including legal counsel, auditors, or accountants, where required
• Regulatory and law enforcement authorities — where required by Malaysian law, court order, or regulatory directive

Any third party processing data on our behalf is required to maintain confidentiality and process data only in accordance with our instructions.

7. Data Retention

We retain personal data for as long as is reasonably necessary for the purposes described in this Policy, or as required by applicable law. Our general retention guidelines are:

• Enquiry data (no engagement) — 12 months from the date of last contact
• Engagement-related data — 7 years from the completion of the engagement, in accordance with standard Malaysian business record-keeping practice
• Website analytics data — 26 months from the date of collection, in anonymised or aggregated form thereafter
• Signed agreements and invoices — 7 years from the date of the document

When data is no longer required, it is securely deleted or anonymised.

8. Data Security

We take reasonable steps to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encrypted communication channels, access controls, and secure storage practices.

No method of electronic transmission or storage is entirely secure. If you have reason to believe that your personal data held by us has been compromised, please contact us at the address in Section 13.

9. Your Rights Under the PDPA 2010

Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to personal data we hold about you:

• Right of access — to request a copy of the personal data we hold about you
• Right of correction — to request that inaccurate or incomplete personal data be corrected
• Right to withdraw consent — to withdraw consent for processing where consent was the basis, without affecting the lawfulness of prior processing
• Right to limit processing — to request that we limit the use of your personal data to storage only in certain circumstances
• Right to prevent processing for direct marketing — to opt out of direct marketing communications at any time

To exercise any of these rights, please contact us using the details in Section 13. We will respond within the timeframe required under the PDPA 2010.

Please note that certain rights may be limited where processing is necessary for our legal obligations or for the performance of a contract with you.

10. Cookies and Website Analytics

Our Website uses cookies and similar technologies to support its functionality and to collect analytical data. A detailed description of the cookies we use and your choices in relation to them is available in our Cookie Policy.

You may manage your cookie preferences at any time through the cookie settings available on our Website. Please note that disabling certain cookies may affect the functionality of the Website.

11. Children

Our Website and services are directed at businesses and their representatives. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently received personal data from a minor, please contact us and we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. The revised policy will be posted on this page with an updated effective date. We encourage you to review this page periodically.

Where changes are material, we will take reasonable steps to notify you directly where we hold contact details for you.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we have handled your personal data, please contact us:

You also have the right to lodge a complaint with the Department of Personal Data Protection (JPDP), the statutory body responsible for administering the PDPA 2010 in Malaysia.