Privacy Policy

1. About Kilauan

Kilauan is a business advisory practice registered and operating in Malaysia. Our registered office is at Level 19, Menara Aspire, Jalan Yap Kwan Seng, 50450 Kuala Lumpur. We provide AI integration advisory services to analytics teams and enterprises. For data privacy matters, contact us at [email protected].

2. What Personal Data We Collect

We collect personal data when you contact us through our website, enquire about our services, or engage us for advisory work. The categories of data we may collect include:

• Full name and professional title
• Work email address and phone number
• Employer name, industry, and role
• Information you include in enquiry messages
• Technical data such as IP address, browser type, and pages visited (via cookies — see Section 8)

We do not collect sensitive personal data as defined under the PDPA unless you voluntarily provide it, and we have no reason to request it for the purposes of our services.

3. How We Collect Personal Data

We collect personal data through the following means:

• Contact and enquiry forms on our website
• Email correspondence initiated by you
• Telephone conversations
• Cookies and website analytics (with your consent)
• Business cards or professional introductions at events

4. Legal Basis for Processing

Under the PDPA, we process personal data on the following bases:

• Consent — where you have provided explicit consent, such as through our contact form or cookie acceptance
• Contractual necessity — where processing is necessary to deliver advisory services you have engaged us for
• Legitimate interests — for activities such as responding to enquiries and maintaining our business records, where your interests do not override ours
• Legal obligation — where we are required to process data to comply with applicable Malaysian law

5. How We Use Personal Data

We use personal data for the following purposes:

• Responding to enquiries and scheduling consultations
• Delivering advisory services you have engaged
• Sending information about our services where you have consented
• Improving our website and service quality
• Maintaining records required for legal or accounting purposes
• Complying with applicable Malaysian legislation

We do not sell, rent, or trade personal data to third parties for marketing purposes.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by Malaysian law:

• Enquiry data: Up to 12 months from last contact, if no engagement follows
• Client engagement records: 7 years from engagement completion, for legal and accounting compliance
• Website analytics data: As defined in our cookie policy; typically 12–26 months
• Email correspondence: Up to 3 years from last correspondence

After retention periods expire, personal data is securely deleted or anonymised.

7. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including:

• Encrypted data transmission (TLS/HTTPS) for all website communications
• Access controls limiting data access to personnel who need it
• Regular review of data handling procedures
• No storage of client analytics data beyond session boundaries in our Pilot engagements

In the event of a personal data breach, we will notify affected individuals and the relevant authority as required under Malaysian law and within a reasonable timeframe.

8. Cookies

Our website uses cookies to understand how visitors use the site and to improve the experience. We use essential cookies (required for the site to function) and, with your consent, analytics cookies. We do not use marketing or tracking cookies without explicit consent. For full details, see our Cookie Policy.

9. Third-Party Services

We use a limited number of third-party services that may process personal data on our behalf:

• Google Analytics — website usage analytics (analytics cookies, with consent)
• Email service providers — for sending and receiving email correspondence
• Website hosting providers — for operating our website infrastructure

We do not share personal data with third parties for their own marketing or commercial purposes.

10. Your Rights Under PDPA

As a data subject under Malaysia's PDPA, you have the following rights:

• Right of access — to request a copy of personal data we hold about you
• Right of correction — to request correction of inaccurate personal data
• Right to withdraw consent — to withdraw consent for processing where consent is the legal basis
• Right to limit processing — to request that we limit processing in certain circumstances
• Right to lodge a complaint — with the Department of Personal Data Protection (PDPD), the supervisory authority in Malaysia

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days as required under the PDPA.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We recommend reviewing the privacy policy of any external site you visit.

12. Children's Privacy

Our services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected personal data from a minor, we will delete it promptly.

13. International Data Transfers

Our primary operations are in Malaysia. Where personal data is processed using services hosted outside Malaysia (for example, cloud-based email or analytics services), we take steps to ensure such processing meets appropriate standards and is in accordance with the PDPA.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. Material changes will be communicated through a notice on our website. Continued use of our website after changes are posted constitutes acceptance of the updated policy.

Contact for Privacy Matters

For any questions about this Privacy Policy or how we handle your personal data: