Legal

Privacy Policy

This policy describes how Brackish collects, uses, and safeguards personal information provided through our website and advisory engagements.

Last Updated: 25 April 2025  ·  Effective: 25 April 2025

1. Introduction

Brackish ("we", "us", "our") is a business continuity planning advisory practice based in Kuala Lumpur, Malaysia. We are committed to handling personal data responsibly and in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). This policy applies to individuals who contact us through our website, enquire about our services, or engage us as clients.

If you have questions about this policy or wish to exercise your data rights, contact us at privacy@{{DOMAIN}}.

2. Data We Collect

Information you provide directly

  • Name and contact details (email address, phone number) submitted through the contact form
  • Organisation name and role, where you choose to include them
  • Content of messages or enquiries sent to us
  • Information shared during advisory sessions

Information collected automatically

  • Browser type, device type, and operating system
  • Pages visited and time spent on each page
  • Referring website or search query
  • IP address (stored in anonymised or aggregated form where analytics tools permit)

Cookies and similar technologies

We use cookies to support basic website functionality and, where you consent, to understand how visitors use the site. See Section 6 and our Cookie Policy for details.

3. How We Use Your Data

We use personal data for the following purposes, each supported by a legal basis under the PDPA:

  • Responding to enquiries — to reply to messages submitted through our contact form (legitimate interest / consent)
  • Delivering advisory services — to fulfil the scope of an engagement once contracted (contractual necessity)
  • Improving our website — to understand how the site is used and identify areas for improvement (legitimate interest)
  • Sending service-related communications — such as session summaries or follow-up notes agreed during an engagement (contractual necessity)
  • Complying with legal obligations — where we are required to retain or disclose data by law (legal obligation)

We do not use your data for unsolicited marketing. We do not sell personal data to third parties.

4. Data Retention

  • Enquiry data not leading to an engagement: retained for up to 12 months, then deleted
  • Client engagement records: retained for 7 years from the end of the engagement in line with standard Malaysian business record-keeping obligations
  • Analytics and website usage data: retained in aggregated or anonymised form; raw data deleted after 26 months
  • Cookie consent records: retained for 12 months from the date of consent

5. Data Sharing

We share personal data only in the following circumstances:

  • Service providers — third-party tools used for email, website hosting, or analytics, each bound by data processing agreements
  • Legal requirements — where we are required to disclose data to comply with Malaysian law or a court order
  • Professional advisers — such as lawyers or accountants, where strictly necessary and bound by confidentiality

We do not transfer personal data outside Malaysia except where necessary to use third-party cloud services subject to adequate data protection standards.

6. Cookies

Our website uses the following categories of cookies:

  • Essential cookies — required for basic site functionality; cannot be disabled
  • Analytics cookies — help us understand how visitors navigate the site; only set with your consent
  • Preference cookies — remember settings you have chosen; only set with your consent

You can manage your cookie preferences at any time on our Cookie Policy page.

7. Data Security

  • All data transmitted via our website is encrypted using TLS
  • Access to personal data is limited to personnel with a need to access it for legitimate business purposes
  • We review our data handling procedures regularly
  • In the event of a data breach that affects your rights and freedoms, we will notify affected individuals without undue delay as required under Malaysian law

8. Your Rights

Under Malaysia's Personal Data Protection Act 2010, you have the right to:

  • Access — request a copy of personal data we hold about you
  • Correction — ask us to correct inaccurate or incomplete data
  • Withdrawal of consent — withdraw consent for processing based on consent, without affecting prior processing
  • Objection — object to processing for direct marketing purposes
  • Erasure — request deletion of data no longer necessary for the purpose it was collected, subject to our legal retention obligations

To exercise any of these rights, email privacy@{{DOMAIN}}. We will respond within 21 days. If you are unsatisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia.

9. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policy of any site you visit via an external link.

10. Children's Privacy

Our services are directed at organisations and their representatives. We do not knowingly collect personal data from individuals under 18 years of age. If you believe we have inadvertently done so, contact us and we will delete the data promptly.

11. Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. We will notify active clients of material changes by email. Continued use of the website after any revision constitutes acceptance of the updated policy.

12. Contact

For questions or requests relating to this policy or personal data we hold: