Privacy Policy

1. Introduction

Mawar Business Consulting ("Mawar", "we", "us", "our") is committed to handling personal data responsibly. This Privacy Policy describes how we collect, use, store, and protect information provided to us by clients, prospective clients, and visitors to our website at mawarmy.cyou.

This policy is written in plain language. If any part is unclear, please contact us at [email protected] and we will explain it to you directly.

This policy is governed by the laws of Malaysia, including the Personal Data Protection Act 2010 (PDPA).

2. Data We Collect

2.1 Information You Provide Directly

When you complete our contact form, email us, or engage in a consulting relationship with us, we may collect:

• Full name
• Email address
• Phone number (if provided)
• Business name and nature of business
• Any information shared in the course of sessions or written communications

2.2 Information Collected Automatically

When you visit our website, we may collect basic usage data through analytics cookies (if you have consented), including pages viewed, time spent on the site, and browser type. We do not collect this data if you decline analytics cookies.

2.3 Legal Basis for Processing

We process personal data on the basis of: (a) your consent where required; (b) the performance of a contract for consulting services; and (c) our legitimate interests in communicating with enquirers and improving our services.

2.4 Data Retention

Contact form submissions and enquiry records are retained for up to 12 months unless a consulting engagement begins, in which case records are retained for the duration of the engagement plus 3 years. Session notes from consulting engagements are retained for 3 years after the engagement ends, then permanently deleted.

3. How We Use Your Data

• To respond to your enquiry or provide the consulting services you have engaged
• To schedule and document sessions and follow-up communications
• To prepare written summaries and reflection documents as part of your engagement
• To comply with legal or regulatory obligations
• To improve how our website and services operate (aggregated, anonymised data only)

We do not use your data for marketing purposes without your explicit consent. We do not sell, rent, or share your personal data with any third party for commercial purposes.

4. Data Sharing

We do not share your personal data with third parties except in the following limited circumstances:

• Service providers: We use trusted third-party tools for email delivery and website hosting. These providers process data only as instructed by us and are bound by appropriate data handling agreements.
• Legal requirements: We may disclose information if required by law, court order, or government authority in Malaysia.

Session content and client information is never shared with other clients or with any advisory network.

5. Data Protection Measures

We take reasonable steps to protect personal data against unauthorised access, loss, or misuse. These measures include:

• Encrypted email communications where possible
• Access to client records restricted to the adviser working directly with that client
• Password-protected storage for all digital records
• Written notes stored securely and not shared across engagements

In the event of a data breach that affects your personal data, we will notify you within a reasonable timeframe in accordance with our obligations under Malaysian law.

6. Cookies

Our website uses cookies to function correctly and, where you have consented, to understand how visitors use the site. For full details of the cookies we use and how to manage your preferences, please see our Cookie Policy.

7. Your Rights Under Malaysian Law

Under the Personal Data Protection Act 2010, you have the right to:

• Access the personal data we hold about you
• Correct any inaccurate or incomplete data
• Withdraw consent to the processing of your personal data
• Request deletion of data we no longer need to retain
• Object to processing where our legal basis is legitimate interest

To exercise any of these rights, please write to us at [email protected]. We will respond within 21 days. If you believe your rights have been infringed, you may lodge a complaint with the Department of Personal Data Protection Malaysia (PDPDM).

8. Third-Party Links

Our website may occasionally reference or link to external resources. We are not responsible for the privacy practices of those sites and encourage you to review their policies separately.

9. Children's Privacy

Our consulting services are intended for business owners aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently done so, please contact us immediately.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with a revised "Last Updated" date. Continued use of our website or services after a change constitutes acceptance of the updated policy. For significant changes, we will notify active clients by email.

11. Contact

For any questions about this policy or how we handle your personal data, please contact:

• Data Controller: Mawar Business Consulting
• Email: [email protected]
• Address: No. 50, Jalan Dato Keramat, 10150 George Town, Pulau Pinang, Malaysia