LEGAL
Privacy Policy
Last Updated: 12 May 2025 | Effective Date: 12 May 2025
1. Introduction
Meridian Stack ("we", "us", "our") is committed to protecting the personal data of individuals who interact with our advisory services and website. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have under applicable law.
This policy applies to all individuals who contact us, engage our services, or visit our website. It is governed by Malaysia's Personal Data Protection Act 2010 (PDPA).
If you have questions about this policy, contact us at [email protected].
2. Data We Collect
We collect personal data only to the extent necessary for the purposes described in this policy. The categories of data we may collect include:
- Contact information: name, email address, telephone number, organisation name, and business address — provided when you submit our contact form or initiate an engagement.
- Engagement data: documents shared with us during a review engagement (proposal documents, scope materials), and correspondence relating to the engagement.
- Website usage data: pages visited, browser type, approximate location (country/city level), time and duration of visit — collected via analytics tools subject to your cookie consent.
- Communication data: records of email or telephone communications between you and our team.
We do not collect sensitive personal data (as defined under the PDPA) unless strictly required and with your explicit consent.
Legal basis for processing: contractual necessity (to deliver our advisory services), legitimate interests (to improve our services and communicate with enquirers), and consent (for marketing communications and analytics cookies).
Retention: Contact and enquiry data is held for up to 24 months. Engagement documents are deleted within 30 days of engagement close unless retention is required by a signed agreement. Website analytics data is retained for 14 months.
3. How We Use Your Data
- To respond to enquiries and deliver the advisory service you have engaged us for.
- To prepare review notes, question panels, comparison matrices, and other deliverables within the scope of an engagement.
- To communicate with you about your engagement, including scheduling, delivery, and follow-up.
- To improve our website and understand how visitors use it (where analytics consent is given).
- To send occasional service updates or information about our offerings — only if you have opted in or are an existing client. You may opt out at any time.
- To comply with applicable legal obligations.
We do not use personal data for automated decision-making or profiling.
4. Data Sharing
We do not sell, rent, or trade your personal data. We may share data in the following limited circumstances:
- Service providers: Third-party tools we use to operate our website and communications (e.g. email delivery, analytics). These providers are bound by data processing agreements and may not use your data for their own purposes.
- Legal requirements: Where we are required by law, court order, or regulatory obligation to disclose personal data.
- Business transfer: In the event of a merger or acquisition, personal data may be transferred to a successor entity under equivalent protections.
Engagement documents shared with us are never disclosed to third parties, including the AI vendors whose proposals are being reviewed.
5. Data Protection Measures
- Data transmitted to us via our website is encrypted using TLS/SSL.
- Engagement documents are stored in access-controlled environments with role-based permissions.
- Internal access to personal data is restricted to team members who require it for the specific engagement.
- We conduct periodic reviews of our data handling practices.
- In the event of a data breach affecting your personal data, we will notify you and the relevant authority within the timeframe required under applicable law.
6. Cookies
Our website uses cookies to support site functionality and, where you consent, to collect analytics data. Essential cookies are always active. Optional analytics and preference cookies are only placed with your consent, which you can manage via the cookie banner on our homepage.
For a full explanation of how we use cookies and how to manage your preferences, please read our Cookie Policy.
7. Your Rights Under the PDPA
Under Malaysia's Personal Data Protection Act 2010, you have the following rights regarding your personal data held by us:
- Right of access: You may request a copy of the personal data we hold about you.
- Right of correction: You may request that inaccurate or incomplete data be corrected.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.
- Right to limit processing: You may request that we restrict how we use your data in certain circumstances.
- Right to lodge a complaint: You may submit a complaint to the Department of Personal Data Protection Malaysia (JPDP) if you believe your rights have been infringed.
To exercise any of these rights, email us at [email protected]. We will respond within 21 days of receiving your request.
8. Third-Party Links
Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and recommend that you review their privacy policies independently before providing any personal data.
9. Children's Privacy
Our services are directed at organisations and professionals aged 18 and above. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Where changes are material, we will notify active clients by email. Continued use of our services after changes are posted constitutes acceptance of the updated policy.
11. Contact Information
Data Controller: Meridian Stack