Khanthal
Legal & Compliance

Privacy Policy

This policy explains how Khanthal collects, uses, stores, and protects personal information provided to us through our website and in the course of our advisory engagements.

Last Updated: 14 April 2025 Governing Law: Malaysia (PDPA 2010)

1. Introduction

Khanthal (“we”, “us”, “our”) is an applied AI counsel firm operating from Block A, Level 6, Plaza Sentral, Jalan Stesen Sentral 5, 50470 Kuala Lumpur, Malaysia. We are the data controller for personal information collected via this website and through our advisory arrangements.

This policy applies to all visitors to our website and to individuals who engage with us in any advisory capacity. It is governed by the Personal Data Protection Act 2010 (PDPA) of Malaysia. By using our website or making an enquiry, you acknowledge that you have read and understood this policy.

If you have questions about this policy, please contact us at [email protected].

2. Data We Collect

We collect personal data only where it is provided directly by you, or where it arises from the ordinary course of visiting our website.

Information you provide:

  • Your name, when submitted via our contact form
  • Your email address, for correspondence purposes
  • Your telephone number, if voluntarily provided
  • The content of any message or enquiry you send to us

Information collected automatically:

  • IP address and approximate geographic location (derived from IP)
  • Browser type, version, and operating system
  • Pages visited and time spent on each page
  • Referring website or search terms, where available
  • Cookie identifiers where you have consented to their use

We do not collect sensitive personal data (such as data relating to race, health, political opinion, or religious belief) through our website.

Legal basis for processing: We process contact form data on the basis of your consent (given by submitting the form). Website analytics data is processed on the basis of our legitimate interest in understanding how visitors use our site, subject to your cookie preferences. Correspondence arising from an engagement is processed on the basis of the contract between us.

Retention periods: Enquiry data is retained for up to 24 months. Engagement correspondence and documents are retained for seven years following the conclusion of an engagement, in accordance with ordinary business record-keeping practice. Analytics data is retained for up to 26 months.

3. How We Use Your Data

We use personal data for the following purposes:

  • To respond to your enquiry and discuss whether our services may be of assistance
  • To deliver advisory services under the terms of an engagement
  • To communicate with you during and following an engagement
  • To understand how our website is used, so that we may improve it
  • To comply with our legal and regulatory obligations

We do not sell personal data to third parties. We do not use personal data for automated decision-making or profiling. We do not send marketing communications without your prior consent.

Data sharing: We may share data with third-party service providers who assist with website hosting, email delivery, and analytics. Each provider is bound by a data processing agreement and may not use your data for their own purposes. We may disclose data where required by law or to protect the rights of Khanthal or others.

4. Data Protection Measures

We take the security of personal data seriously and maintain appropriate technical and organisational safeguards, including:

  • Encrypted transmission of data in transit (TLS/HTTPS)
  • Access to personal data restricted to staff who require it for their work
  • Regular review of data holdings to identify and remove unnecessary data
  • Secure password and access management practices

In the event of a personal data breach that poses a risk to individuals, we will notify affected parties and, where required, the relevant supervisory authority without undue delay.

While we take all reasonable steps to protect personal data, no transmission over the internet can be fully guaranteed. By submitting information to us, you accept the residual risk inherent in online communication.

5. Cookies

Our website uses cookies — small text files placed on your device — to support its operation and to help us understand how it is being used.

  • Essential cookies are required for the website to function and cannot be disabled
  • Analytics cookies help us understand visitor behaviour in aggregate; these are only placed with your consent
  • Marketing cookies support the delivery of relevant advertising; these are only placed with your consent
  • Preference cookies remember settings you have chosen; these require your consent

You may manage your cookie preferences at any time via our Cookie Policy page. Withdrawing consent for optional cookies will not affect the lawfulness of processing carried out before withdrawal.

6. Your Rights

Under the Personal Data Protection Act 2010 (Malaysia) and, where applicable, the General Data Protection Regulation (GDPR), you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your data, subject to our legal retention obligations
  • Right to restrict processing — to ask that we limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interest
  • Right to withdraw consent — where processing relies on consent, you may withdraw it at any time

To exercise any of these rights, write to us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) if you believe your data has been handled improperly.

7. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices or the content of any website not operated by Khanthal. We encourage you to review the privacy policy of any external site you visit before providing personal information.

8. Children's Privacy

Our services are directed solely at organisations and individuals aged 18 and over. We do not knowingly collect personal data from persons under the age of 18. If you become aware that a minor has submitted data to us, please contact us at [email protected] so that we may take appropriate steps.

9. Policy Updates

We may revise this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make a material change, we will update the “Last Updated” date at the top of this page. Continued use of our website following any revision constitutes your acknowledgement of the updated policy.

We recommend reviewing this page periodically. We will not reduce your rights under this policy without your explicit consent.

10. Contact Us

For questions about this policy, requests to exercise your rights, or any other data-related matter, please contact the data controller:

Khanthal

Block A, Level 6, Plaza Sentral

Jalan Stesen Sentral 5, 50470 Kuala Lumpur

[email protected]

+60 3-2161 8472