Privacy Policy

1. About This Policy

This Privacy Policy applies to personal data collected by Nimbex Sdn Bhd ("Nimbex", "we", "us", "our") through our website at nimbexe.com and through our advisory service engagements. It explains how we collect, use, store, and protect your personal information and describes your rights as a data subject under the Personal Data Protection Act 2010 (PDPA) of Malaysia.

By using our website or engaging our services, you acknowledge that you have read and understood this policy.

2. Data We Collect

We collect the following categories of personal data:

• Contact information: full name, email address, telephone number
• Organisational information: company name, role or job title, industry sector
• Enquiry and correspondence content: information you share when contacting us or participating in an engagement
• Technical data: IP address, browser type, pages visited, session duration (collected via analytics cookies, if consented)
• Cookie preference data: your cookie consent choices stored in your browser's local storage

We do not collect sensitive personal data (as defined under the PDPA) through standard interactions. If sensitive information arises during an advisory engagement, it is handled under a separate confidentiality agreement.

Data retention: Contact and enquiry data is retained for up to 3 years from the date of last contact. Engagement-related data is retained for up to 7 years in line with Malaysian record-keeping requirements. Technical and analytics data is retained for 13 months.

3. How We Collect Data

• Contact forms on our website
• Email correspondence and telephone calls
• In-person or video-call sessions as part of an engagement
• Cookies and similar tracking technologies (with your consent, where applicable)
• Third-party referrals or introductions from professional contacts

Legal basis for processing: We process your personal data on the basis of (a) consent where you have provided it, (b) the performance of a service contract where an engagement is underway, and (c) our legitimate interest in managing our advisory practice and improving our services.

4. How We Use Your Data

• Responding to enquiries and communicating about potential or active engagements
• Delivering advisory services as agreed in the engagement scope
• Sending information about our services (only with your explicit consent)
• Improving our website and understanding how visitors use it (analytics, if consented)
• Complying with applicable Malaysian laws and regulations

We do not use your personal data for automated decision-making or profiling. We do not sell, rent, or lease your personal data to third parties for marketing purposes.

5. Data Sharing

We share personal data only in the following limited circumstances:

• With service providers who assist in operating our website (e.g., web hosting, analytics) — under data processing agreements
• With professional advisors (lawyers, accountants) where legally necessary — under confidentiality obligations
• With regulatory authorities or law enforcement where required by Malaysian law

We do not transfer personal data outside Malaysia without ensuring appropriate safeguards are in place.

6. Data Protection Measures

• Website served over HTTPS (TLS encryption)
• Access to client records restricted to engagement team members
• No client data stored in unprotected cloud file shares
• Internal access reviews conducted periodically
• In the event of a data breach affecting your personal data, we will notify you within the timeframes required by the PDPA

7. Cookies

We use cookies on this website for essential functionality and, with your consent, for analytics purposes. Cookie categories and how to manage your preferences are described in our Cookie Policy. You can adjust your cookie preferences at any time through that page.

8. Your Rights Under the PDPA

As a data subject under Malaysia's Personal Data Protection Act 2010, you have the following rights:

• Right to access: request a copy of personal data we hold about you
• Right to correction: request that inaccurate or incomplete data be corrected
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
• Right to prevent processing for direct marketing: you may opt out of any marketing communications
• Right to lodge a complaint: with the Personal Data Protection Commissioner of Malaysia

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.

9. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites. We recommend reviewing the privacy policy of any third-party site you visit.

10. Children's Privacy

Our services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data to us, please contact us and we will remove it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, the "Last Updated" date at the top of this page will be revised. Continued use of our website or services after any changes constitutes acceptance of the updated policy. For material changes, we will make reasonable efforts to notify clients directly.

12. Contact for Privacy Matters

For any questions, requests, or concerns relating to this Privacy Policy or the personal data we hold:

• Email: [email protected]
• Post: Nimbex Sdn Bhd, Suite 9-2, Wisma Mont Kiara, 1 Jalan Kiara, 50480 Kuala Lumpur, Malaysia
• Phone: +60 3-6201 5874

You may also contact the Personal Data Protection Commissioner of Malaysia at www.pdp.gov.my if you have an unresolved complaint.