Privacy Policy

1. Introduction

Mentari ("we", "us", "our") is a business advisory practice registered and operating in Penang, Malaysia. We take the handling of personal information seriously and are committed to protecting the privacy of anyone who contacts us or uses our website at mentarid.biz.

This policy explains what personal information we collect, why we collect it, how we use and protect it, and the rights you have in relation to your data. It applies to all personal information collected through our website and through direct contact with our practice.

If you have any questions about this policy or how we handle your data, please contact us at [email protected].

2. Data We Collect

We may collect the following categories of personal data:

• Contact information: name, email address, phone number — submitted when you use the contact form on our website or when you contact us directly.
• Business information: details about your business that you choose to share in enquiries or advisory sessions.
• Usage data: anonymous technical information about how visitors interact with our website, collected via analytics cookies if you consent.
• Session notes: summaries and observations created during advisory engagements, with your knowledge and for the purpose of providing the service.

We do not collect sensitive personal data (as defined under the Personal Data Protection Act 2010 of Malaysia) unless it is voluntarily provided and relevant to the advisory service requested.

3. Legal Basis and How We Use Your Data

We process personal data on the following legal bases under the Personal Data Protection Act 2010 (PDPA) of Malaysia:

• Consent: for optional communications such as periodic updates or service announcements.
• Contractual necessity: to deliver the advisory services you have engaged us for.
• Legitimate interest: to respond to enquiries and to improve our services.

We use your data to respond to enquiries, to carry out the advisory service you have requested, to send you session summaries and agreed correspondence, and to maintain records required for professional practice purposes.

We do not sell your personal data. We do not share it with third parties for marketing purposes.

4. Data Retention

We retain contact and enquiry data for up to 12 months from the date of last contact if no engagement follows. For clients who proceed with an advisory service, session notes and related records are retained for up to 5 years from the end of the engagement, to support any follow-on work and to meet professional record-keeping expectations.

You may request deletion of your data at any time (see Your Rights below), subject to any legal or professional retention obligations.

5. Data Protection Measures

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

• Access to client files restricted to named team members involved in your engagement
• Secure password-protected systems for storing digital records
• Physical office security for paper records
• Regular review of access permissions

In the event of a data breach that may affect your rights, we will notify you and, where required, the relevant Malaysian regulatory authority, within a reasonable timeframe.

6. Cookies

Our website uses cookies. These include essential cookies (necessary for the website to function) and optional analytics cookies (which help us understand how visitors use the site). You can manage your cookie preferences at any time via our Cookie Policy page.

7. Your Rights

Under the Personal Data Protection Act 2010 of Malaysia, you have the right to:

• Request access to the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data, subject to our legal obligations
• Withdraw consent to processing at any time (where processing is based on consent)
• Object to processing for direct marketing purposes
• Lodge a complaint with the Personal Data Protection Commissioner of Malaysia if you believe your data has been mishandled

To exercise any of these rights, please write to [email protected]. We will respond within a reasonable timeframe, typically within 14 working days.

8. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and recommend that you read their privacy policies before submitting any personal data. This policy applies only to information collected through Mentari's own website and direct communications.

9. Children's Privacy

Our services are intended for business owners and are not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently received data from a minor, please contact us and we will delete it promptly.

10. Updates to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page will reflect the most recent revision. Continued use of our website or services after a policy update constitutes acceptance of the revised terms.

11. Contact

Data Controller: Mentari Business Advisory

Address: No. 15, Lebuh Pantai, 10300 George Town, Pulau Pinang, Malaysia

Email: [email protected]

Phone: +60 4 261 8053