Privacy Policy

1. Introduction

Mythara Advisory ("we", "us", "our") is committed to handling personal data responsibly and transparently. This Privacy Policy sets out how we collect, use, store, and protect personal information in connection with our positioning and writing consultancy services provided from our office at Suite 22-08, Menara Ansar, Jalan Trus, 80000 Johor Bahru, Johor, Malaysia.

This policy applies to all personal data we process in the course of operating our practice, including data submitted through our website and data exchanged during client engagements. If you have questions about this policy, please contact us at [email protected].

We process personal data in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA) and, where applicable, other relevant data protection legislation.

2. Data We Collect

We collect the following categories of personal data:

• Contact information: Name, email address, telephone number, and business address — submitted through our contact form or provided during initial enquiries.
• Engagement-related information: Business descriptions, written materials, correspondence, and notes shared during or in preparation for a consultancy engagement.
• Technical data: IP address, browser type, pages visited, and session duration — collected automatically when you visit our website.
• Communication records: Emails, written notes, and records of conversations related to service delivery.

We collect this data through the following means: our website contact form, direct email correspondence, telephone calls, and materials provided by clients as part of engagement work.

Legal basis for processing: Contractual necessity (to deliver our services), legitimate interest (to operate and improve our practice), and consent (for any optional communications or cookie usage).

Retention periods: Contact enquiry data is retained for up to 12 months from last contact. Engagement materials and correspondence are retained for up to 5 years from the close of an engagement, consistent with our professional record-keeping obligations. Technical data is retained for up to 12 months.

3. How We Use Personal Data

We use the personal data we collect for the following purposes:

• To respond to enquiries and determine whether an engagement is a suitable fit.
• To deliver our consultancy services — positioning sessions, workshop reviews, and written deliverables.
• To issue invoices and manage payment records.
• To send occasional service-related communications, such as follow-up review scheduling for Positioning Practice clients.
• To analyse website usage and improve the performance and content of our site.
• To comply with legal and regulatory obligations applicable to our practice in Malaysia.

We do not use personal data for automated decision-making or profiling. We do not send marketing communications without prior consent, and you may withdraw consent at any time by contacting us.

4. Data Sharing

We do not sell personal data to third parties. We may share data in the following limited circumstances:

• Service providers: We use secure third-party services for website hosting and email delivery. These providers are contractually required to handle data securely and only as instructed.
• Analytics: We may use anonymised analytics tools to understand how our website is used. No personal identifiers are shared with analytics providers.
• Legal obligation: We may disclose personal data if required to do so by Malaysian law or by a competent authority.

We do not transfer personal data outside Malaysia except where necessary and permitted under the PDPA, and where adequate protections are in place.

5. Data Protection Measures

We take reasonable steps to protect personal data against unauthorised access, loss, or misuse. These include:

• Secure, password-protected storage for client files and correspondence.
• Encrypted email for transmission of sensitive materials where agreed with clients.
• Restricted internal access — only the advisors directly involved in an engagement can access that engagement's materials.
• Regular review of data held, with deletion of materials no longer required.

In the event of a data breach that is likely to result in harm to data subjects, we will notify affected individuals and, where required, the relevant authority under the PDPA, within a reasonable timeframe.

6. Cookies

Our website uses cookies to store your preferences and to understand how the site is used. We use essential cookies (required for the site to function), preference cookies (to remember your choices), and analytics cookies (to understand usage patterns, used in anonymised form).

You can manage your cookie preferences through the cookie banner on our homepage or through your browser settings. For full details, please see our Cookie Policy.

7. Your Rights Under the PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to personal data we hold about you:

• Right of access: You may request a copy of the personal data we hold about you.
• Right of correction: You may request that inaccurate or incomplete data be corrected.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time.
• Right to limit processing: You may request that we restrict our use of your data in certain circumstances.
• Right to object: You may object to processing based on legitimate interest where this has a significant impact on you.

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days. If you are unsatisfied with our response, you may contact the Department of Personal Data Protection Malaysia (pdp.gov.my).

8. Third-Party Links

Our website may contain links to external sites or resources. This Privacy Policy applies only to our own website and services. We are not responsible for the privacy practices of any third-party websites. We encourage you to review the privacy policies of any external sites you visit.

9. Children's Privacy

Our services are directed at professionals and businesses. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly. If you believe we may have collected such data, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated policy will be posted on this page with a revised effective date. We will not apply material changes retroactively without notice. Continued use of our website after a policy update constitutes acceptance of the updated policy.

11. Contact

For any questions or requests relating to this Privacy Policy or our handling of your personal data, please contact: