Privacy Policy

1. Introduction

Orin Strand ("we", "us", "our") is committed to handling personal data with care and transparency. This policy sets out what personal information we collect, why we collect it, how we use and protect it, and what rights you have over it.

This policy applies to all personal data processed in connection with the Orin Strand website and consulting services. By using our website or engaging our services, you acknowledge having read and understood this policy.

Our services are conducted in Malaysia, and we comply with the Personal Data Protection Act 2010 (PDPA) of Malaysia. For questions about this policy, contact us at [email protected].

2. Personal Data We Collect

Information you provide directly

• Name and email address (from the contact form)
• Phone number (optional, if provided in the contact form)
• Message content submitted via our contact form
• Information shared during consulting sessions or email correspondence

Information collected automatically

• Browser type, device type, and operating system
• Pages visited and time spent on each page
• Referring URL (how you arrived at our website)
• IP address (anonymised where possible)

Legal basis for processing

We process your personal data on the following legal bases: your consent (for marketing communications and optional cookies); the performance of a contract or pre-contractual steps (for service delivery); and our legitimate interests in operating a professional consulting practice and improving our website.

Retention periods

Contact form submissions are retained for up to 12 months unless they result in an ongoing client relationship, in which case data is retained for the duration of that relationship plus 7 years for legal and accounting purposes. Analytics data is retained for up to 26 months.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

• Responding to enquiries submitted via the contact form
• Delivering consulting services and maintaining client relationships
• Sending service-related communications (invoices, scheduling)
• Improving our website based on aggregated usage data
• Complying with legal obligations under Malaysian law

Marketing communications

We do not send marketing emails without your explicit consent. If you opt in to communications, you may withdraw that consent at any time by emailing [email protected].

Data sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share data with service providers who assist in website hosting and analytics, under contractual confidentiality obligations. We may disclose data where required by Malaysian law or a court order.

4. How We Protect Your Data

We take reasonable technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or destruction. These include:

• HTTPS encryption for all website traffic
• Access restrictions — only designated personnel access client data
• Secure email and document storage with strong access controls
• Regular review of data handling practices

In the event of a personal data breach that is likely to affect your rights, we will notify you and, where required, the relevant Malaysian supervisory authority, within the timeframes required by the PDPA.

5. Cookies

Our website uses cookies to support basic functionality and understand how the site is used. We use essential cookies (necessary for the site to work), analytics cookies (to understand aggregate usage), and preference cookies (to remember your settings). We do not use cookies for targeted advertising.

You can manage your cookie preferences at any time via our Cookie Policy page.

6. Your Rights

Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights in relation to your personal data:

• Right of access — you may request a copy of the personal data we hold about you
• Right to correction — you may request that inaccurate data be corrected
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
• Right to prevent processing — in certain circumstances, you may object to how your data is used
• Right to limit processing — you may request that we restrict use of your data in certain cases

To exercise any of these rights, email [email protected]. We will respond within 30 days. We may need to verify your identity before acting on a request.

If you are dissatisfied with how we handle your data, you may raise a complaint with the Department of Personal Data Protection Malaysia (pdp.gov.my).

7. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices or content of those sites and recommend you review their privacy policies separately.

8. Age Restriction

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from minors. If you believe a minor has submitted personal data to us, please contact us at [email protected] and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will update the date at the top of this page. Continued use of our website after an update constitutes acceptance of the revised policy. We recommend reviewing this page periodically.

10. Contact

For privacy-related questions or to exercise your rights:

• Email: [email protected]
• Address: Lorong Bukit Aman, 50480 Kuala Lumpur, Malaysia
• Phone: +60 3 2148 3697