1. Who We Are
Suria is an advisory firm registered in Malaysia, providing AI integration services for finance and accounting teams. Our registered address is Suite 21-08, Menara Hap Seng, Jalan P. Ramlee, 50250 Kuala Lumpur. For the purposes of the PDPA 2010, Suria is the data user in relation to personal data we process.
If you have questions about this notice, you may contact us at [email protected] or call +60 7 332 5849.
2. Data We Collect
We collect only the personal data that is reasonably necessary for the purpose described in Section 3. The table below outlines the categories, sources, and whether each field is required or optional.
| Category | Examples | Source | Required |
|---|---|---|---|
| Contact details | Name, email address, phone number | Provided by you via contact form or email | Name & email required; phone optional |
| Enquiry content | Message text, service of interest | Provided by you | Optional |
| Device & usage data | IP address, browser type, pages visited, referrer | Collected automatically via server logs and analytics | Collected automatically |
| Cookie data | Analytics identifiers, session tokens | Set by this website (see Section 9) | Subject to your consent |
| Engagement data | Records of meetings, call notes, correspondence | Generated during service delivery | Necessary for service |
We do not knowingly collect personal data from individuals under the age of 18.
3. How We Use Your Data
We use personal data for the following purposes only. We do not use it for automated profiling or solely automated decision-making.
-
01
Responding to enquiries
When you submit a contact form or email us, we use your contact details and message to reply and discuss your requirements.
-
02
Delivering contracted services
Once an engagement begins, we use your contact and organisational details to coordinate work, share deliverables, and fulfil our advisory obligations.
-
03
Billing and record-keeping
We retain invoices, contracts, and payment records as required under Malaysian accounting standards and tax regulations.
-
04
Improving our services
We review aggregated and anonymised usage data to understand how visitors navigate our website and how we can make it more useful.
-
05
Legal and regulatory compliance
Where required by law or a competent authority, we may use or disclose personal data to meet our legal obligations.
4. Legal Basis for Processing
Under the PDPA 2010, we process personal data on the following grounds depending on context.
| Purpose | Legal basis |
|---|---|
| Responding to your enquiry | Your consent, given when submitting the form |
| Delivering services | Necessary for the performance of a contract with you |
| Billing and accounting records | Legal obligation (Income Tax Act 1967, MFRS requirements) |
| Analytics cookies (if accepted) | Your consent, via the cookie preference tool |
| Regulatory disclosure | Compliance with a legal obligation |
6. Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, or as required by law. The table below gives our standard retention periods.
| Data category | Retention period | Reason |
|---|---|---|
| Enquiry records (no contract formed) | 12 months from last contact | Business correspondence |
| Client engagement records | 7 years from engagement close | LHDN / Income Tax Act requirement |
| Invoices and financial records | 7 years | Statutory accounting obligation |
| Website analytics data | 26 months (aggregated thereafter) | Performance analysis |
When the retention period expires, personal data is securely deleted or anonymised so that it can no longer be attributed to you.
7. Your Rights
Under the PDPA 2010 and, where applicable, other data protection frameworks, you have the following rights in relation to your personal data.
| Right | What it means | How to exercise it |
|---|---|---|
| Access | Request a copy of the personal data we hold about you | Email [email protected] |
| Correction | Ask us to correct inaccurate or incomplete data | Email us with details of the correction required |
| Withdrawal of consent | Withdraw consent where processing is based on consent | Email us or use the cookie preference tool |
| Restriction of processing | Ask us to limit how we use your data in certain circumstances | Email us with your request |
| Complaint | Lodge a complaint with the Personal Data Protection Commissioner | Via the PDPC website |
We will respond to access and correction requests within 21 days. We may ask you to verify your identity before fulfilling a request. There is no charge for a first access request in any 12-month period.
8. Security
We take reasonable technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, and destruction. These measures include TLS encryption for data in transit, access controls limiting data to authorised personnel, and periodic review of our security practices.
No method of transmission over the internet is entirely secure. While we work to protect your data, we cannot give an absolute assurance against all threats. In the event of a data breach that is likely to result in significant harm to you, we will notify the Personal Data Protection Commissioner and, where required, affected individuals in accordance with the PDPA 2010.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this notice periodically. Continued use of our website or services after a change has been posted constitutes acceptance of the revised policy.
11. Contact Us
For questions about this Privacy Policy, to exercise your rights, or to raise a concern, please contact us using the details below.
Suria — Data Privacy
Suite 21-08, Menara Hap Seng
Jalan P. Ramlee, 50250 Kuala Lumpur