Legal Document
Privacy Policy
Last Updated: 15 March 2025 | Normalis | 25 Jalan Sultan Ismail, 50250 Kuala Lumpur, Malaysia
1. Introduction
Normalis ("we", "us", "our") is committed to handling personal data with care and in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This Privacy Policy describes what personal data we collect, how we use it, with whom we share it, and what rights you have in relation to it. It applies to all personal data collected through our website at normalis.pro, through our contact forms, and in the course of providing our advisory services.
By using our website or engaging our services, you acknowledge that you have read and understood this policy. If you have questions, please contact us at [email protected].
2. Data We Collect
We may collect the following categories of personal data:
- Identity data: full name, date of birth (where required for tax or compliance work)
- Contact data: email address, phone number, postal address
- Financial data: income information, tax reference numbers, company registration numbers — collected only when necessary to provide advisory services
- Correspondence data: records of communications with Normalis
- Technical data: IP address, browser type, pages visited, cookies — collected automatically when you use our website
We do not collect sensitive personal data (such as health, biometric, or racial data) in the ordinary course of our advisory practice.
3. How We Collect Data
- Directly from you: through our website contact form, email, phone calls, or meetings
- From third parties: from referrers, from companies whose officers engage our services, or from publicly available regulatory records
- Automatically: through cookies and similar technologies when you visit our website (see Section 9)
4. Legal Basis and Purpose of Processing
We process personal data on the following legal bases under the PDPA 2010:
- Consent: where you have provided explicit consent, such as through submission of our contact form
- Contractual necessity: where processing is necessary to provide services you have engaged
- Legitimate interests: for maintaining records, improving our services, and communicating relevant information to existing clients
- Legal compliance: where we are required to retain or disclose data under Malaysian law
Purposes for which we use personal data include:
- Responding to enquiries and assessing client needs
- Providing tax advisory, company secretarial, and anti-corruption compliance services
- Preparing submissions to regulatory authorities (IRBM, SSM, MACC) on your behalf
- Maintaining engagement and billing records
- Sending service-related communications (not marketing without consent)
- Improving our website and services
5. Data Sharing
We share personal data only in the following circumstances:
- Regulatory authorities: IRBM, SSM, or MACC when submissions are made on your behalf, with your explicit instruction
- Professional advisors: external lawyers or accountants engaged on your matter, subject to confidentiality obligations
- Service providers: technology and hosting providers who process data on our behalf under appropriate data processing terms
- Legal obligation: where disclosure is required by Malaysian law, court order, or regulatory authority
We do not sell personal data to third parties. We do not share data for marketing purposes without explicit consent.
6. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected. Typical retention periods:
- Client engagement records: 7 years from conclusion of the engagement (in line with general record-keeping standards under Malaysian law)
- Website enquiry data: 2 years from date of enquiry if no engagement follows
- Financial and tax records: 7 years as required under the Income Tax Act 1967
- Website technical data (cookies, analytics): up to 2 years
On expiry of the applicable retention period, personal data is securely deleted or anonymised.
7. Data Protection Measures
- Access to client data is restricted to authorised personnel on a need-to-know basis
- Electronic files are stored on encrypted systems with access controls
- Physical documents are stored securely and disposed of by shredding
- All staff are required to maintain confidentiality as a condition of their engagement
- In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required under applicable law
8. Your Rights Under the PDPA 2010
Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights:
- Right of access: to request a copy of the personal data we hold about you
- Right of correction: to request correction of inaccurate or incomplete data
- Right to withdraw consent: to withdraw consent to processing at any time, subject to legal or contractual limitations
- Right to prevent processing: to request that we cease processing your data for certain purposes
To exercise any of these rights, contact us at [email protected]. We will respond within 21 days. We may request verification of your identity before processing your request.
If you are not satisfied with our response, you may contact the Personal Data Protection Department of Malaysia (JPDP) at pdp.gov.my.
9. Cookies
Our website uses cookies to ensure functionality and understand how visitors use our content. For detailed information, please see our Cookie Policy. You can manage your cookie preferences at any time through our cookie preferences panel.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We recommend reviewing the privacy policy of any site you visit through a link from our website.
11. Children's Privacy
Our services are directed at businesses and adults. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that personal data has been collected from a minor, we will delete it promptly.
12. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or applicable law. The "Last Updated" date at the top of this page indicates when the most recent changes were made. We recommend reviewing this policy periodically. Where changes are material, we will notify affected clients by email where we hold contact details.
13. Contact
For privacy-related enquiries, data access requests, or any questions about this policy, please contact:
Normalis
25 Jalan Sultan Ismail, 50250 Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3-6184 3972