Anchor Global Consulting Sdn Bhd

Legal

Privacy Policy

This policy explains how Anchor Global Consulting Sdn Bhd collects, uses, protects, and manages personal data in line with Malaysia's Personal Data Protection Act 2010 and relevant APAC requirements.

Last Updated: May 2026

Anchor Global Consulting Sdn Bhd (AGC)

Registration No: 202101010264 | 1410563-A

Address: SS-21-11, Stellar Office Suites, Jln Puteri 4/7, Bandar Puteri Puchong, 47100 Puchong, Selangor, Malaysia

Email: adrianlee@anchorglobal.asia | Phone: +60 19-728 6285

1. Introduction

Anchor Global Consulting Sdn Bhd ("AGC", "we", "us", or "our") is committed to protecting your personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA) and applicable regional data protection laws across our APAC operations.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit www.anchorglobal.asia or engage our advisory services.

2. Data We Collect

2.1 Information You Provide Directly

  • Contact information: name, email address, phone number, company name, job title
  • Business information: organisation type, regulatory framework of interest
  • Project details: service scope, deadlines, current compliance status
  • Communications: email correspondence, meeting notes, engagement records

2.2 Information Collected Automatically

  • Website usage data such as IP address, browser type, pages visited, and referral source
  • Essential cookies for site functionality and analytics cookies where enabled
  • Device information such as operating system, screen resolution, and language preferences

2.3 Information from Third Parties

  • SNQA certification partners, with your consent
  • CPA firm partners under confidentiality obligations
  • Professional network information used for business development

3. How We Use Your Data

Purpose Legal Basis Data Categories
Service delivery Contract performance Contact, business, and project details
Regulatory compliance Legal obligation All categories as required
Business communications Legitimate interest Contact information
Website improvement Consent for non-essential cookies Usage data and analytics
Marketing Explicit consent Contact information and preferences
Conflict checks Legal obligation and legitimate interest Name, company, engagement history

We do not sell personal data, use it for automated profiling, or retain it longer than necessary.

4. Data Sharing & Disclosure

We may share data with authorised recipients such as SNQA, CPA firm partners, cloud service providers, legal or regulatory authorities, and professional advisers where needed for service delivery or compliance.

4.2 Cross-Border Data Transfers

As an APAC-focused firm, data may be transferred to Malaysia, Cambodia, Singapore, Thailand, Vietnam, Indonesia, and China for certification coordination.

  • PDPA Section 12(3) exceptions where contractually necessary
  • Standard contractual clauses where required
  • Encryption in transit and at rest
  • Vendor due diligence for APAC service providers

5. Data Retention

Data Category Retention Period Rationale
Client engagement records 7 years post-engagement Professional indemnity and audit trail requirements
Website inquiry data 2 years if no engagement follows Legitimate follow-up interest
Marketing communications Until opt-out Consent-based communication
Website analytics 14 months Privacy-preserving analytics
Cookie data Session-based or 12 months User preference retention

6. Your Rights

Under Malaysian law, you may request access, correction, withdrawal of consent, objection to direct marketing, portability where feasible, and complaint escalation.

How to exercise your rights: adrianlee@anchorglobal.asia

Response time: within 21 days, subject to PDPA requirements.

7. Cookies & Tracking

7.1 Essential Cookies

  • Session management for contact forms
  • Security cookies for CSRF protection
  • Load balancing

7.2 Analytics Cookies

  • Google Analytics 4 with anonymised IP and 14-month retention
  • Netlify analytics without personal data

8. Data Security

  • TLS 1.3 for data in transit and AES-256 for data at rest
  • Role-based access controls and MFA
  • PDPA-aligned vendor management
  • Incident response procedures and staff awareness training

9. Special Notice for CPA Firm Partners

  • Client data shared with AGC remains your client's data
  • AGC acts as processor under your instructions
  • Separate data processing agreements may be required
  • ISA 220 and ISA 315 confidentiality obligations apply

10. Changes to This Policy

We may update this policy for changes in law, new services, or improvements in our operating model. Material updates will be posted on this page with a revised date.

11. Contact & Complaints

Data Protection Contact: Adrian Lee, Managing Partner

Email: adrianlee@anchorglobal.asia | Phone: +60 19-728 6285

If you remain unsatisfied, you may contact the Personal Data Protection Commissioner Malaysia.

12. Jurisdiction

This policy is governed by Malaysian law. For APAC clients, AGC also considers applicable local data protection requirements where relevant.