Privacy Policy

Summary

We are committed to protecting your privacy. This policy outlines how we collect, use, and protect your personal data in compliance with the Malaysian Personal Data Protection Act (PDPA) 2010. We collect data to provide our services, comply with legal obligations, and improve our website. We do not sell your data. You have rights over your data, including the right to access and correct it.

1. Our Role and Contact Details

Saifudin & Co. (\"SNCO\", \"we\", \"us\" or \"our\") is the data controller (data user) for personal data we collect via the Site or during client onboarding.
General Enquiries: enquiry@saifudinco.com
Postal Address: B-11-5, Plaza Mont Kiara 2, Jalan Kiara, Mont Kiara, 50480 Kuala Lumpur

2. Personal Data We Process

  • Client and Counterparty Data: Identification data (e.g., name, NRIC/passport number), contact details, financial information, tax details, and information required for Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) checks.
  • Website and Communications Data: IP address, device and browser type, cookie data, and information you provide through our website forms.
  • Sensitive Personal Data: We only process sensitive personal data (as defined by the PDPA) where it is lawful to do so and with appropriate safeguards and/or your explicit consent.

3. Legal Basis for Processing Your Data

We process your personal data based on the following legal grounds under the PDPA:

  • Contract: To perform our contractual obligations to you, such as providing professional services as set out in our engagement letter.
  • Legal Obligation: To comply with our legal and regulatory obligations, such as those under the Companies Act, Income Tax Act, and AMLA.
  • Consent: For specific purposes, such as marketing, where we will obtain your explicit consent.
  • Legitimate Interests: For our legitimate business interests, such as improving our services and website, provided that your rights and interests are not overridden.

4. Purposes of Processing

  • Service delivery and client onboarding.
  • Compliance with law and regulation (PDPA, AMLA, tax, company law, MIA).
  • Business operations (billing, IT, security, quality control).
  • Use of AI Tools: We may use secure artificial intelligence (AI) technologies, including large language models (LLMs), to assist in drafting, analysis, and support functions in our professional work processes. Such use is always supervised by qualified professionals and does not replace professional judgment. Personal and client information processed through AI tools is handled in accordance with the PDPA 2010 and our confidentiality obligations. By engaging our services, you consent to the use of AI tools in the delivery of our professional services. If you prefer that your data is not processed through AI tools, please notify us in writing, and we will accommodate your request.
  • Marketing and communication (with your consent).
  • Website analytics and improvement (with your consent).

5. Data Sharing and International Transfers

We share data only with trusted service providers, professional advisers, and regulatory authorities, subject to strict confidentiality and data protection safeguards. We do not sell your data. If we transfer your data outside of Malaysia (e.g., for cloud storage), we will ensure it is protected in accordance with Malaysian law.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our data retention periods are as follows:

  • Client Records: For at least 7 years from the end of our engagement, as required by law.
  • Website and Communications Data: Typically for 12–24 months.
  • Marketing Data: Until you withdraw your consent.

7. Your Rights Under the PDPA

You have the following rights over your personal data:

  • Right to Access: You have the right to access a copy of your personal data that we hold.
  • Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Withdraw Consent: Where we process your data based on consent, you have the right to withdraw your consent at any time.
  • Right to Prevent Processing: You have the right to prevent the processing of your personal data for direct marketing purposes.

To exercise any of these rights, please contact us at enquiry@saifudinco.com.

8. Children's Data

We do not knowingly collect personal data from children under the age of 18.

9. Data Breach Notifications

In the event of a data breach, we will assess the risk and notify the Personal Data Protection Commissioner (JPDP) and affected individuals as required by law.

10. How to Make a Complaint

If you have any concerns about our privacy practices, please contact us first. You also have the right to lodge a complaint with the JPDP.

Last reviewed: 15 October 2025