Privacy Policy
Last Updated: 14 April 2025 · Effective Date: 14 April 2025
This Privacy Policy describes how Compass Loom ("we", "us", "our") collects, uses, and protects personal data in connection with our website and advisory services. It is written in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).
1. Data Controller
Compass Loom is the data controller for personal data collected through this website and through our advisory engagements. Our registered address is 2-1, Jalan Telawi 3, Bangsar Baru, 59100 Kuala Lumpur, Malaysia. For privacy-related questions, contact us at [email protected].
2. Data We Collect
We collect personal data in the following circumstances:
- Website enquiry forms: name, email address, telephone number (optional), and any information you include in the message field.
- Engagement onboarding: names and contact details of individuals at client organisations who participate in interviews or receive deliverables.
- Website analytics: anonymised usage data collected via cookies (see Section 5).
We do not collect sensitive personal data (as defined under the PDPA) through our website or in the ordinary course of our engagements.
3. How We Use Personal Data
We use personal data for the following purposes:
- Responding to enquiries submitted through the contact form.
- Conducting advisory engagements, including scheduling, document delivery, and follow-up.
- Improving our website through anonymised analytics.
- Meeting legal and regulatory obligations under Malaysian law.
We do not use personal data for direct marketing without explicit consent. We do not sell personal data to third parties.
Legal basis for processing: Processing is based on legitimate interest (responding to enquiries and delivering services), contract performance (for engagement participants), and consent (for analytics cookies).
4. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected:
- Website enquiries: up to 12 months from the date of submission if no engagement follows.
- Engagement materials: up to 36 months after engagement completion, unless the client requests earlier deletion.
- Analytics data: in anonymised or aggregated form only; no retention limit applies.
You may request deletion of your personal data at any time by contacting [email protected].
5. Cookies
Our website uses cookies to understand how visitors use the site and to remember consent preferences. We use the following cookie categories:
- Essential cookies: Required for basic site functionality. Always active.
- Analytics cookies: Collect anonymised information about page visits and navigation. Active only with consent.
- Preference cookies: Remember your cookie consent choice. Active once a choice is made.
You can manage your cookie preferences at any time through our Cookie Policy page.
6. Data Sharing
We do not sell, rent, or share personal data with third parties for their own marketing purposes. We may share data in the following limited circumstances:
- With service providers who assist with website hosting and analytics, under contractual data protection obligations.
- Where required by Malaysian law or a lawful order from a competent authority.
We do not transfer personal data outside Malaysia except where required to provide services to clients based abroad, in which case appropriate safeguards are applied.
7. Data Protection Measures
We apply the following measures to protect personal data:
- Website data is transmitted over HTTPS (TLS encryption).
- Engagement documents are stored in password-protected systems with restricted access.
- Access to personal data is limited to staff with a direct operational need.
- In the event of a data breach that is likely to result in harm, we will notify affected individuals and the relevant authority within 72 hours of becoming aware of it.
8. Your Rights
Under Malaysia's PDPA 2010 and as a matter of our practice, you have the following rights:
- Right of access: Request a copy of personal data we hold about you.
- Right of rectification: Request correction of inaccurate data.
- Right of erasure: Request deletion of personal data, subject to legal retention requirements.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
- Right to object: Object to processing based on legitimate interest.
To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.
If you are dissatisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at pdp.gov.my.
9. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and recommend reviewing their privacy policies before submitting personal data.
10. Children's Privacy
Our services are directed at organisations and their adult representatives. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that personal data has been submitted by a minor, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The revised version will be published on this page with an updated "Last Updated" date. Continued use of our website after changes are published constitutes acceptance of the revised policy.
12. Contact Us
For privacy-related questions or to exercise your rights:
- Email: [email protected]
- Address: 2-1, Jalan Telawi 3, Bangsar Baru, 59100 Kuala Lumpur, Malaysia
- Phone: +60 3-2287 5934