Privacy Policy

1. Introduction

Nadi ("we", "us", "our") is committed to protecting the personal information of everyone who visits our website or engages our consulting services. This policy explains what data we collect, how we use it, how long we keep it, and what rights you have over it.

Nadi operates from No. 27, Jalan Dato Onn, 80000 Johor Bahru, Johor, Malaysia. We are the data controller in relation to the personal data described in this policy.

This policy applies to all visitors to our website and to clients who engage our services. If you have questions, contact us at [email protected].

2. Data We Collect

We collect personal data in the following ways:

2.1 Information you provide directly

• Name and contact details (email address, phone number) submitted through our contact form
• Business information you share during consultations (workflows, processes, staffing — treated as confidential)
• Correspondence via email or phone

2.2 Information collected automatically

• Basic analytics data (page views, approximate location, device type) if analytics cookies are accepted
• Cookie preference data stored in your browser's local storage

2.3 Legal basis for processing (under Malaysia's Personal Data Protection Act 2010)

• Consent: where you have provided it (e.g. contact form submission, analytics cookies)
• Contract: where processing is necessary to deliver the services you have requested
• Legitimate interests: for basic operational purposes such as responding to enquiries and maintaining records

3. How We Use Your Data

• To respond to enquiries and schedule consultations
• To deliver consulting services under any engagement you have entered into
• To send service-related follow-up communication (not marketing)
• To improve our website based on aggregated, anonymous usage data (only if analytics cookies accepted)
• To comply with legal obligations applicable to our business in Malaysia

We do not sell personal data to third parties. We do not use your data for advertising profiling.

3.1 Data retention

• Contact form enquiries not resulting in an engagement: deleted after 12 months
• Client engagement records: retained for 7 years for legal and accounting purposes
• Analytics data: aggregated and anonymised within 26 months

4. Data Protection

• Our website uses HTTPS encryption for all data transmitted between your browser and our server
• Client files and correspondence are stored on access-controlled systems accessible only to Nadi staff
• In the event of a data breach affecting your personal information, we will notify you within a reasonable timeframe and take steps to mitigate harm

5. Cookies

Our website uses cookies for essential functionality and, with your consent, for analytics. For full details of cookie types and how to manage them, see our Cookie Policy.

6. Your Rights

Under Malaysia's Personal Data Protection Act 2010 (PDPA), you have the following rights regarding personal data we hold about you:

• Access: request a copy of the personal data we hold about you
• Correction: request that inaccurate data be corrected
• Withdrawal of consent: withdraw consent to processing where consent was the legal basis
• Prevent processing: request that we stop processing your data for direct marketing purposes
• Complaint: lodge a complaint with Malaysia's Department of Personal Data Protection (JPDP)

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.

7. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before sharing any personal data.

8. Children's Privacy

Our services are directed at business owners and are not intended for persons under 18 years of age. We do not knowingly collect personal data from minors.

9. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of our website following changes constitutes acceptance of the revised policy.