LEGAL · PRIVACY
Privacy Policy
Cairn Bureau respects the privacy of every person who contacts us, visits our website, or engages our consulting services. This policy explains what personal information we collect, why we collect it, and how we handle it.
1. Introduction
Cairn Bureau ("we", "us", "our") is a business consulting practice registered and operating in Petaling Jaya, Selangor, Malaysia. We are the data controller for the personal information described in this policy.
This policy applies to personal information collected through our website at cairnbu.sbs, through our contact form, and in the course of delivering consulting engagements to clients. By using our website or contacting us, you acknowledge that you have read this policy.
Our data practices are guided by the Personal Data Protection Act 2010 (PDPA) of Malaysia, which governs the processing of personal data in commercial transactions.
2. Data We Collect
We collect only the personal information that is reasonably necessary for the purposes described below. The categories of data we may collect include:
Information you provide directly
- Your name and the name of your organisation
- Your business email address and telephone number
- The content of any message or enquiry you send us
- Information shared during consulting engagements, working sessions, or written correspondence
Information collected automatically
- Browser type, device type, and operating system (via analytics cookies)
- Pages visited on our site, time on page, and referral source
- IP address (anonymised where technically possible)
Legal basis for processing
- Consent — where you submit a contact form or agree to non-essential cookies
- Legitimate interest — for website analytics and service improvement
- Contract performance — where data is necessary to deliver a consulting engagement you have requested
Retention periods
Contact enquiry data is retained for up to 24 months. Engagement-related records are retained for up to 7 years in line with standard commercial record-keeping requirements in Malaysia. Analytics data is retained for no more than 14 months.
3. How We Use Your Data
Personal data collected is used for the following purposes:
- Responding to enquiries and scheduling initial conversations
- Delivering consulting services you have requested, including written deliverables and facilitation
- Sending service-related communications, such as session confirmations and follow-up notes
- Improving the content and usability of our website through aggregated analytics
- Maintaining records for accounting, tax, and regulatory compliance purposes
Marketing communications
We do not send unsolicited marketing emails. If you have previously engaged our services, we may occasionally share relevant updates. You may opt out of these at any time by contacting [email protected].
Data sharing
We do not sell personal data to third parties. Data may be shared with service providers who support our operations — including cloud storage, email, and analytics services — where those providers are bound by appropriate data processing agreements. We may also disclose personal data where required by Malaysian law or a lawful authority.
4. Protection Measures
We take reasonable technical and organisational steps to protect personal information against unauthorised access, disclosure, or loss. Measures in place include:
- Encrypted data transmission via HTTPS across our website
- Access controls limiting personal data to staff and contractors with a need to handle it
- Secure, access-controlled storage for engagement records
- Periodic review of our data handling practices
In the event of a personal data breach that poses a risk to affected individuals, we will take appropriate steps in line with the PDPA 2010 and notify affected parties as required.
6. Your Rights
Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights in relation to your personal data that we hold:
- Access — request a copy of the personal data we hold about you
- Correction — request that inaccurate or incomplete data is corrected
- Withdrawal of consent — withdraw consent to processing at any time, where consent is the legal basis
- Objection — object to the use of your data for direct marketing purposes
- Erasure — request deletion of your personal data where it is no longer necessary for the original purpose and no legal retention obligation applies
To exercise any of these rights, please write to us at [email protected]. We will respond within 21 days. We may need to verify your identity before processing a request.
If you are not satisfied with our response, you may raise a complaint with the Department of Personal Data Protection Malaysia (JPDP), the supervisory authority under the PDPA 2010.
7. Third-Party Links
Our website may contain links to external sites or resources not operated by Cairn Bureau. We are not responsible for the content or privacy practices of those sites. We encourage you to review the privacy notices of any external site you visit.
8. Children's Privacy
Our consulting services are directed at business professionals and organisational clients. We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor has submitted personal data to us, please contact us so that we may promptly remove it.
9. Policy Updates
We may update this privacy policy from time to time to reflect changes in our practices or in applicable law. When we do, we will revise the "Last updated" date at the top of this page. Continued use of our website following any update constitutes acceptance of the revised policy. For material changes, we will take reasonable steps to inform relevant parties.
10. Contact Us
If you have questions about this policy or wish to exercise your data rights, please contact us:
Cairn Bureau
16, Persiaran Tropicana, Tropicana Golf, 47410 Petaling Jaya, Selangor, Malaysia
Email: [email protected]
Phone: +60 3-7843 2169