Legal
Privacy Policy
At Sandaran, handling your personal information with care is a responsibility we take seriously. This policy sets out plainly what data we collect, how we use it, and the choices you have. If anything here is unclear, please write to us and we will do our best to explain.
Last updated: 1 May 2025 · Effective date: 1 May 2025
1. Introduction & Scope
Sandaran ("we", "us", "our") is committed to protecting the personal data of everyone who contacts us or uses our website. This Privacy Policy applies to information collected through our website at sandaran.pro and through any direct correspondence with us.
We are the data controller for the purposes of Malaysia's Personal Data Protection Act 2010 (PDPA). By engaging with our website or services, you agree to the terms of this policy. If you do not agree, please refrain from using our services.
This policy does not cover information held by third-party services linked from our site. We recommend reviewing their own privacy notices separately.
2. Data We Collect
We collect personal data in the following ways:
2.1 Information you provide directly
- Full name
- Email address
- Phone number
- The subject matter of your enquiry
- Any details you share in messages or during consultations
2.2 Information collected automatically
- IP address and browser type
- Pages visited and time spent on each page
- Referral source (how you arrived at our website)
- Device and operating system information
- Cookie data (see Section 5)
2.3 Legal basis for processing
- Consent — where you have given clear agreement (e.g. submitting our contact form)
- Legitimate interest — for site analytics and service improvement
- Contract — where processing is necessary to provide a service you have requested
- Legal obligation — where we are required to retain records by Malaysian law
2.4 Retention periods
Enquiry and contact records are held for up to 3 years after our last interaction. Client engagement records are retained for 7 years to satisfy statutory requirements. Anonymised analytics data may be kept indefinitely.
3. How We Use Your Data
Your personal data is used to:
- Respond to your enquiries and arrange consultations
- Deliver the pension-related services you have engaged us for
- Keep you informed about the progress of your matter
- Improve our website and understand how visitors use it
- Meet our legal and regulatory obligations
3.1 Data sharing
We do not sell your personal data. We may share it in limited circumstances:
- With analytics providers (e.g. Google Analytics) under data processing agreements
- With advertising platforms (e.g. Meta Pixel, Microsoft Bing) where you have consented to marketing cookies
- Where required by Malaysian law, court order, or regulatory authority
3.2 Marketing communications
We do not send marketing emails without your prior consent. Where you have opted in, you may withdraw consent at any time by writing to [email protected].
4. How We Protect Your Data
- Encryption in transit: Our website uses TLS/HTTPS to protect data exchanged between your browser and our servers.
- Access controls: Only authorised staff have access to personal data, and only to the extent necessary for their role.
- Secure storage: Data is stored on servers with access logging and regular security reviews.
- Breach notification: In the event of a personal data breach that is likely to cause harm, we will notify the relevant authorities and affected individuals as required under the PDPA.
- Regular review: Our data handling practices are reviewed periodically to ensure they remain appropriate.
No method of transmission or storage over the internet is completely without risk. We take reasonable, practical steps to safeguard your information, but we cannot warrant absolute security.
6. Your Rights
Under Malaysia's Personal Data Protection Act 2010, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct data that is inaccurate or incomplete
- Erasure — request deletion of your data, where there is no lawful reason for us to keep it
- Withdrawal of consent — stop any processing based on your consent at any time
- Object to processing — object where we rely on legitimate interest as our basis
- Portability — receive your data in a structured, machine-readable format where applicable
- Lodge a complaint — contact the Department of Personal Data Protection Malaysia (JPDP) at pdp.gov.my if you feel your rights have not been respected
To exercise any of these rights, please write to [email protected]. We will respond within 21 days.
7. Third-Party Links
Our website may include links to external websites such as government portals, regulatory bodies, or professional resources. These are provided for your convenience only. We are not responsible for the privacy practices of those sites and encourage you to read their own privacy notices before sharing any personal information with them.
8. Children's Privacy
Our services are intended for adults aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with their information, please contact us promptly and we will take steps to remove it.
9. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we do, we will revise the "Last updated" date at the top of this page. For significant changes, we will make a notice visible on our homepage for a reasonable period.
Continuing to use our website after any update constitutes your acceptance of the revised policy.
10. Contact Us
If you have questions about this policy, wish to exercise your rights, or have a concern about how we handle your data, please reach us through any of the following:
Data enquiries: [email protected]
Phone: +60 3-2095 7413
Address: Sandaran, Suite 3A-7, Plaza Sentral, Jalan Stesen Sentral 5, 50470 Kuala Lumpur
We aim to respond to all data-related enquiries within 21 calendar days.