Privacy Policy
Greyvane is committed to handling personal data with care and transparency. This policy explains what information we collect, how we use it, and the rights you hold as a data subject under Malaysian law.
1. Introduction
Greyvane ("we", "us", "our") operates from Level 14, Menara Prestige, Jalan Pinang, 50450 Kuala Lumpur, Malaysia. We provide business growth advisory services and are committed to protecting the personal data of every person who interacts with us.
This Privacy Policy applies to personal data collected through our website at {{DOMAIN}}, through our contact forms, and in connection with any advisory engagement. It is written in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA).
If you have questions about this policy at any time, please write to privacy@{{DOMAIN}}.
2. Data Collection
What we collect
- Name and contact details (email address, phone number)
- Company name and role, where provided voluntarily
- The content of any message you submit through our contact form
- Website usage data gathered through cookies and analytics tools (see Section 5)
- IP address and browser type, captured automatically by web server logs
How data is collected
- Directly from you when you fill in our contact form or email us
- Automatically when you browse our website (analytics and functional cookies)
- Through telephone or in-person interactions during an advisory engagement
Legal basis for processing
We process personal data on the basis of your consent (for marketing communications and non-essential cookies), contractual necessity (to deliver the advisory services you have engaged us for), and our legitimate interest in managing and improving our business operations.
Retention periods
Contact enquiry data is retained for up to 24 months from the date of last interaction. Engagement records relating to completed advisory work are held for seven years in line with standard commercial record-keeping practice. Analytics data is retained for 26 months before being deleted.
3. How We Use Your Data
Service delivery and communication
We use your contact details to respond to enquiries, schedule advisory sessions, and send session-related documents. We do not use your data for any purpose unrelated to the service you have requested without seeking your separate consent.
Marketing communications
If you have provided consent, we may send you periodic updates about our advisory programmes and publications. You may withdraw this consent at any time by contacting privacy@{{DOMAIN}} or using the unsubscribe link in any email we send.
Analytics and site improvement
Aggregated, anonymised usage data helps us understand how visitors navigate our site so we can improve its structure and content. This data is not used to identify individuals.
Legal compliance
We may disclose personal data where required by law, court order, or regulatory authority, or to protect the rights and safety of Greyvane, its staff, and clients.
Data sharing
We do not sell personal data. We may share it with trusted service providers (such as email platform operators and web hosting providers) who process it on our behalf under binding data processing agreements. These providers are not permitted to use the data for their own purposes.
4. Data Protection Measures
We apply technical and organisational measures proportionate to the nature of the data held:
- All data in transit is encrypted using TLS/HTTPS
- Access to personal data is restricted to staff who require it to perform their duties
- Our web hosting environment applies server-side access controls and regular security patching
- We conduct periodic reviews of our data handling practices
Breach notification
In the event of a data breach likely to result in risk to affected individuals, we will take prompt remedial action and notify relevant parties in accordance with our obligations under the PDPA and any applicable guidance from the Personal Data Protection Commissioner of Malaysia.
6. Your Rights
Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request that inaccurate or incomplete data be corrected
- Withdrawal of consent — withdraw any consent you have given, at any time
- Restriction of processing — ask us to limit how we use your data in certain circumstances
- Objection — object to processing based on legitimate interest
- Erasure — request deletion of your data where there is no lawful basis for continued retention
To exercise any of these rights, please email privacy@{{DOMAIN}} with your full name and the nature of your request. We will acknowledge your request within five working days and aim to respond fully within 21 days.
If you believe your data rights have been infringed, you may lodge a complaint with the Personal Data Protection Department (JPDP), the supervisory authority for personal data protection in Malaysia.
7. Third-Party Links
Our website may contain links to external websites operated by third parties. We are not responsible for the privacy practices of those sites and we encourage you to review their respective privacy policies before providing any personal data.
8. Children's Privacy
Our services are directed exclusively at organisations and individuals who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If we become aware that a minor has submitted data through our website, we will delete it promptly.
9. Policy Updates
We may revise this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated by a notice on our website homepage for a reasonable period. Continued use of our website after a revision has been posted constitutes acceptance of the updated policy.
10. Contact
For any questions, requests, or concerns relating to this Privacy Policy or the handling of your personal data, please contact us: