Privacy Policy

Last Updated: 15 April 2025

Mahkota Advisory ("we", "us", "our") is committed to protecting the personal data of those who contact us, engage our services, and visit our website. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).

By submitting an enquiry, entering an engagement, or using our website, you acknowledge this policy. If you have questions, please contact us at [email protected].

1. Data Controller

The data controller for personal information processed in connection with this website and our advisory engagements is Mahkota Advisory, Level 28, The Vertical Corporate Tower B, Bangsar South, 59200 Kuala Lumpur, Malaysia.

2. Data We Collect

Information You Provide

• Name, email address, phone number submitted via our contact form
• Information shared during enquiry conversations and engagement discussions
• Organisational information relevant to advisory engagements
• Documentation shared by clients during the course of engagements

Information Collected Automatically

• Browser type, device, and IP address when visiting our website
• Pages visited and time spent (where analytics are enabled)
• Cookie data (see our Cookie Policy)

3. How We Use Your Data

We use personal data for the following purposes, each supported by an appropriate legal basis under the PDPA:

• Responding to enquiries — to communicate with you about whether an advisory engagement may be suitable
• Conducting engagements — to perform the advisory services agreed with you
• Improving our services — to understand how our website is used and where it can be improved
• Legal compliance — to meet our obligations under Malaysian law

We do not use your data for unsolicited marketing. We do not sell personal data to third parties.

4. Data Sharing

We do not share personal data with third parties except where required by law, or where a client has explicitly consented to a specific arrangement. Engagement information is treated as strictly confidential and is not disclosed to other clients or to the public.

We may use limited third-party services (such as analytics tools) that may process website usage data. These are listed in our Cookie Policy.

5. Data Retention

Enquiry data is retained for six months from the date of the enquiry, or for the duration of an engagement and up to three years after its conclusion. Engagement documentation is retained for five years after the engagement concludes, after which it is securely deleted unless legal obligations require longer retention.

6. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These include access controls, secure handling of documents, and data security practices aligned with PDPA requirements. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required by law.

7. Cookies

Our website uses cookies. Please refer to our Cookie Policy for full information on the cookies we use and how to manage them.

8. Your Rights Under the PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to your personal data:

• Right of access — to request a copy of the personal data we hold about you
• Right of correction — to request that inaccurate or incomplete data be corrected
• Right to withdraw consent — where processing is based on consent
• Right to object — to object to the processing of your data in certain circumstances
• Right to limit processing — to request that we limit how we process your data in certain circumstances

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days.

If you have a concern about how we handle your personal data that we have not resolved to your satisfaction, you may contact the Personal Data Protection Department (PDPD) of Malaysia.

9. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.

10. Children's Privacy

Our services are directed at organisations and their senior leaders, and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via our website. Continued use of our website or engagement of our services following changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related enquiries:
Mahkota Advisory
Level 28, The Vertical Corporate Tower B, Bangsar South, 59200 Kuala Lumpur
Email: [email protected]
Telephone: +60 3 2278 6394