Privacy Policy

Introduction

Numera Dusk respects the privacy of organizations and individuals who engage with our consulting services. This privacy policy explains how we collect, use, protect, and manage personal data in accordance with the Personal Data Protection Act 2010 of Malaysia and applicable data protection principles.

For questions regarding this policy or data management practices, contact us at [email protected].

Data Controller Information

Numera Dusk

16 Jalan Telawi, Bangsar

59100 Kuala Lumpur, Malaysia

Email: [email protected]

Data Collection

Information We Collect

We collect personal data through inquiry forms, engagement agreements, and during the course of consulting work. The types of data collected include:

Contact Information: Names, email addresses, phone numbers, business addresses, and job titles of individuals who inquire about or engage our services.

Business Information: Company names, industry sector, organizational structure, and business context relevant to consulting engagements.

Financial Information: For M&A due diligence or pricing strategy engagements, we may collect financial data, cost structures, pricing information, and related business records as necessary to deliver consulting services.

Operational Data: For operations consulting, we collect process documentation, operational metrics, and other information relevant to the engagement scope.

Technical Data

Our website collects standard technical information including IP addresses, browser types, device information, and pages visited. This is collected through server logs and cookies (see Cookie Policy for details).

Legal Basis for Processing

We process personal data on the following legal bases:

Contractual Necessity: Processing is necessary to perform consulting services under engagement agreements with clients.

Consent: For marketing communications, we process data based on explicit consent obtained through inquiry forms or direct communication.

Legitimate Interests: We process data where necessary for legitimate business interests, such as improving services, managing business relationships, and maintaining records for professional liability purposes.

Legal Obligations: We process data to comply with applicable legal and regulatory requirements in Malaysia, including tax obligations and professional standards.

Data Usage

Personal data is used for the following purposes:

Service Delivery: To conduct consulting engagements, communicate with clients, deliver analysis and recommendations, and fulfill contractual obligations.

Communication: To respond to inquiries, provide engagement updates, and deliver requested information about our services.

Business Operations: To maintain engagement records, manage invoicing and payments, and conduct internal quality review processes.

Marketing: With consent, to send information about services, insights, or professional updates. Recipients can withdraw consent at any time.

Legal Compliance: To maintain records required by professional standards, tax regulations, and applicable Malaysian legislation.

Data Sharing

We do not sell personal data. Data may be shared in the following circumstances:

Service Providers: We engage third-party service providers for website hosting, email communication, and document storage. These providers are bound by confidentiality obligations and data processing agreements.

Professional Advisors: In some cases, data may be shared with legal counsel, accountants, or professional indemnity insurers as necessary for business operations and risk management.

Legal Requirements: We may disclose data if required by Malaysian law, court order, or regulatory authority.

We do not transfer personal data outside Malaysia except where necessary for technical infrastructure (such as cloud hosting) and where appropriate safeguards are in place.

Data Security

We implement appropriate technical and organizational measures to protect personal data:

Access Controls: Personal data is accessible only to personnel who require it for their work responsibilities. Access is controlled through authentication systems and role-based permissions.

Encryption: Data transmitted over the internet is encrypted using industry-standard protocols. Sensitive data at rest is stored with encryption where appropriate.

Physical Security: Office premises are secured with access controls. Physical documents containing personal data are stored in locked facilities.

Confidentiality Agreements: All personnel and contractors are bound by confidentiality obligations regarding personal data.

While we implement reasonable security measures, no system is completely secure. In the event of a data breach affecting personal data, we will notify affected individuals and relevant authorities as required by law.

Data Retention

We retain personal data for the following periods:

Engagement Data: Client data related to consulting engagements is retained for seven years following engagement completion, consistent with professional liability requirements and Malaysian tax regulations.

Inquiry Data: Information from individuals who inquire but do not engage services is retained for two years, after which it is deleted unless consent for ongoing communication has been provided.

Marketing Consent: Records of marketing consent are retained until consent is withdrawn, plus a reasonable period to process withdrawal requests.

After retention periods expire, data is securely deleted or anonymized such that individuals cannot be re-identified.

Your Rights

Under Malaysian data protection law, individuals have the following rights:

Right to Access: You can request confirmation of whether we process your personal data and receive a copy of that data.

Right to Correction: You can request correction of inaccurate or incomplete personal data we hold.

Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing prior to withdrawal.

Right to Object: You can object to processing based on legitimate interests or for marketing purposes.

Right to Erasure: In certain circumstances, you can request deletion of your personal data, subject to legal retention requirements.

To exercise these rights, contact us at [email protected]. We will respond to requests within 21 days as required by Malaysian law.

Cookies and Tracking

Our website uses cookies for functionality and analytics purposes. For detailed information about cookie usage, types, and how to manage preferences, please refer to our Cookie Policy.

Children's Privacy

Our services are directed to businesses and professionals. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.

Third-Party Links

Our website may contain links to external sites operated by other organizations. We are not responsible for the privacy practices of these external sites. We recommend reviewing their privacy policies before providing personal data.

Policy Updates

We review and update this privacy policy periodically to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised "Last Updated" date. Material changes will be communicated to active clients through direct notification.

Complaints

If you have concerns about how we handle your personal data, please contact us at [email protected]. We will investigate and respond to complaints promptly.

You also have the right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia if you believe we have not adequately addressed your concerns.