Privacy Policy

1. Introduction

Verdua ("we", "us", "our") is committed to handling personal data with care and in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA). This policy explains what personal data we collect, how we use it, and the rights you have in relation to it.

This policy applies to all personal data collected through our website at verdua.biz, through our contact forms, and during the delivery of our advisory services to clients.

Questions about this policy may be directed to: [email protected]

2. Personal Data We Collect

We collect personal data in the following ways:

• Contact forms: name, email address, phone number (optional), and message content when you submit an enquiry through our website.
• Service delivery: business contact details, organisational information and operational data provided by clients during advisory engagements.
• Cookies and analytics: website usage data collected through essential and optional analytics cookies (see Section 5).

Legal basis for processing

We process personal data on the following bases under the PDPA 2010: (a) consent, where you have provided it; (b) performance of a contract, where data is necessary to deliver agreed advisory services; and (c) legitimate interests, where we have a genuine business need that does not override your rights.

Retention periods

Contact enquiry data is retained for up to 24 months from the date of collection. Client engagement data is retained for up to 7 years from the end of an engagement for legal and audit purposes, after which it is securely deleted.

3. How We Use Your Data

• To respond to enquiries and proposals submitted through our contact form
• To deliver advisory services under a client engagement agreement
• To send relevant updates or information where you have consented to receive these
• To improve our website based on aggregated analytics data
• To comply with legal obligations under Malaysian law

We do not sell personal data to third parties. We do not use personal data for automated decision-making.

Third-party data sharing

We may share data with third-party service providers who assist us in operating our website or delivering services (for example, website hosting providers or communication platforms). These parties are bound by confidentiality obligations and may only use data as instructed. We may also disclose data where required by Malaysian law or a court order.

4. Data Protection Measures

• Website data is transmitted over encrypted HTTPS connections
• Internal systems are access-controlled and restricted to relevant team members
• Client engagement files are stored in password-protected environments
• In the event of a data breach, we will notify affected individuals and the relevant authorities as required under the PDPA 2010
• We conduct periodic reviews of our data handling practices

5. Cookies

Our website uses essential cookies necessary for basic site operation, and optional analytics cookies to understand how the site is used. You can manage your cookie preferences at any time. For full details, please see our Cookie Policy.

We may use Google Analytics or similar services to collect aggregated, anonymised usage data. This data does not identify individual visitors.

6. Your Rights

Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to personal data we hold about you:

• Right of access: to request a copy of the personal data we hold about you
• Right of correction: to request correction of inaccurate personal data
• Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time
• Right to limit processing: to request that we stop using your data for certain purposes
• Right to lodge a complaint: with the Department of Personal Data Protection Malaysia if you believe your rights have been breached

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days as required under the PDPA 2010.

7. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and recommend reviewing their policies independently before providing personal data.

8. Children's Privacy

Our services are directed exclusively at businesses and their representatives. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted personal data to us, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be noted on this page with an updated date. Continued use of our website after changes are posted constitutes acceptance of the revised policy.