Legal
Privacy Policy
Last revised: 14 March 2026
1. Who we are
This policy is issued by Hubernal Advisory Sdn. Bhd. (Company Reg. No. 202301043721 (1528417-V)), Suite 21-03, Level 21, Menara Permata, 12 Jalan Ampang, 50450 Kuala Lumpur, Malaysia ("Hubernal", "we", "us"). It explains how we handle personal data collected through the website hubernal.com and in the course of providing advisory, tax and accounting services, in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
2. Data we collect
Through the website we collect only what you choose to give us: your name, email address, phone number and the contents of your message when you use the contact form. During an engagement we may additionally collect identification details, financial statements, tax records and other documents necessary to perform the services you have appointed us for.
3. Why we collect it
We use your data to respond to enquiries, deliver contracted services, meet statutory obligations (including those owed to LHDN, SSM and other Malaysian authorities), maintain internal records, and — only with your consent — send occasional updates about regulatory changes relevant to you. We do not sell, rent or trade personal data, and we do not use it for automated decision-making.
4. Legal basis and consent
By submitting the contact form you consent to the processing described here. Where processing is required to perform a contract with you or to meet a legal obligation, we rely on those grounds. You may withdraw consent for non-essential processing at any time by writing to [email protected].
5. Disclosure to third parties
We disclose personal data only to: (a) regulators and authorities where required by law; (b) service providers such as secure hosting and cloud accounting platforms, bound by confidentiality obligations; and (c) professional advisers engaged on your file with your knowledge. Any transfer outside Malaysia is made only to jurisdictions with adequate protection or under contractual safeguards.
6. Retention
Enquiry data is retained for up to twenty-four months after our last contact. Engagement records are retained for seven years to satisfy Malaysian statutory record-keeping requirements, after which they are securely destroyed.
7. Security
Client files are stored on access-controlled systems with encryption at rest and in transit. Physical documents are kept in locked storage at our Kuala Lumpur office. Access is limited to staff working on your engagement, and our data-handling practices are audited internally each year.
8. Your rights
Under the PDPA you may request access to your personal data, ask us to correct inaccurate data, and limit or withdraw consent to processing. Requests should be sent to [email protected] or posted to our office address; we respond within twenty-one days.
9. Cookies
Our use of cookies is described separately in the Cookie Policy.
10. Changes to this policy
We may update this policy as our services or the law change. The revision date at the top of this page always reflects the current version, and material changes will be highlighted on this page for thirty days.
11. Contact
Questions about this policy or our data practices can be directed to our data protection contact at [email protected] or +60 3-2181 4276.