LEGAL
Privacy Policy
Last Updated: 14 April 2025 ยท Mossridge Bureau
1. Introduction
Mossridge Bureau ("we", "us", "our") is committed to protecting the personal data of individuals who engage with our consulting practice. This Privacy Policy explains how we collect, use, store, and protect your personal information in connection with our services and this website. It is prepared in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA) and its subsidiary legislation.
If you have questions about this policy or about how we handle your data, please contact us at privacy@mossridgad.
2. Data We Collect
Information you provide directly
- Name, email address, and phone number submitted via our contact form
- Written briefs and background information shared as part of an engagement
- Any other information you choose to share in written correspondence or during sessions
Information collected automatically
- Standard web server logs (IP address, browser type, pages visited, time of visit)
- Cookie data as described in our Cookie Policy
- Analytics data from third-party analytics services if enabled
3. How We Use Your Data
We use your personal data for the following purposes:
- Responding to enquiries submitted through our contact form
- Administering and delivering consulting engagements
- Sending invoices and managing payment in connection with engagements
- Improving the quality and relevance of our work based on feedback
- Complying with applicable legal obligations in Malaysia
We do not use your personal data for unsolicited marketing. If you have agreed to receive updates from us, you may withdraw that agreement at any time by contacting privacy@mossridgad.
4. Legal Basis for Processing
Under the PDPA, we process your personal data on one or more of the following bases:
- Consent โ where you have submitted your details via our contact form or agreed to specific communications
- Contract โ where processing is necessary to enter into or perform a consulting engagement with you
- Legitimate interests โ where processing is necessary for the operation of our business in a way that does not override your rights
- Legal obligation โ where we are required to process data to comply with Malaysian law
5. Data Retention
We retain personal data only as long as necessary for the purpose for which it was collected:
- Contact form enquiries: up to 12 months from the date of first contact if no engagement follows
- Engagement records (including written briefs and session notes): up to 3 years from the end of the engagement
- Invoicing and payment records: 7 years in accordance with Malaysian tax and accounting requirements
- Website analytics data: up to 26 months as configured in our analytics tools
6. Data Sharing
We do not sell or rent your personal data. We may share data with:
- Payment processors who handle invoicing and bank transfers on our behalf
- Third-party analytics services (e.g. Google Analytics) subject to appropriate agreements
- Legal or regulatory authorities if required by Malaysian law
Any third party with whom we share data is required to handle it securely and only for the purpose specified.
7. Data Protection Measures
We take reasonable technical and organisational steps to protect personal data from unauthorised access, loss, or misuse. These include:
- Secure transmission of data via HTTPS
- Access controls limiting who within our practice can view engagement records
- Regular review of data handling practices
- Prompt notification procedures in the event of a data breach affecting your rights
8. Cookies
Our website uses cookies to function and to understand how visitors use the site. For detailed information, please see our Cookie Policy.
9. Your Rights
Under the PDPA, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Withdraw consent to processing where consent is the legal basis
- Request erasure of data we no longer have a legal basis to retain
- Lodge a complaint with the Department of Personal Data Protection Malaysia
To exercise any of these rights, contact us at privacy@mossridgad. We will respond within 21 days.
10. Third-Party Links
Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.
11. Children's Privacy
Our services are directed at adults aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted data to us, please contact us and we will remove it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of the page. Material changes will be communicated to active engagement clients by email.
13. Contact
For privacy-related enquiries, contact us at:
Mossridge Bureau
Level 23, Vista Tower, The Intermark
348 Jalan Tun Razak, 50400 Kuala Lumpur, Malaysia
Email: privacy@mossridgad