Privacy Policy

Halcyon Forge ("we", "us", "our") is committed to protecting the personal data of individuals who interact with us. This Privacy Policy describes how we collect, use, store, and protect your information, in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA) and applicable data protection principles.

If you have questions about this policy or wish to exercise your rights, please contact us at privacy@halcyonfad.

1. Data Controller

The data controller responsible for your personal data is Halcyon Forge, Unit 4-5, Wisma Cosway, 88 Jalan Raja Chulan, 50200 Kuala Lumpur, Malaysia. Contact: privacy@halcyonfad

2. What Personal Data We Collect

Data you provide directly

• Name and contact details (email address, phone number)
• Business information shared in enquiry forms or pre-session briefs
• Financial or operational details shared as part of an engagement
• Correspondence exchanged via email or written briefs

Data collected automatically

• Website usage data via analytics cookies (if accepted)
• IP address and browser type for security and performance purposes
• Pages visited and session duration

3. How We Use Your Data

We use personal data for the following purposes:

• Service delivery: To conduct consultancy engagements and provide deliverables you have requested.
• Communication: To respond to enquiries, schedule sessions, and exchange written briefs.
• Administration: To manage invoicing, record-keeping, and engagement documentation.
• Website improvement: To understand how visitors use our site (analytics only, with consent).
• Legal compliance: To meet our obligations under Malaysian law and respond to lawful requests.

We do not use personal data for automated decision-making or profiling. We do not sell or rent personal data to third parties.

4. Legal Basis for Processing

We process personal data on the following bases under the PDPA 2010 and applicable principles:

• Consent: For cookies and marketing communications, where you have opted in.
• Contract performance: To deliver services you have engaged us to provide.
• Legitimate interests: For internal administration, security, and service improvement, where these interests are not overridden by your rights.
• Legal obligation: Where we are required to process data to comply with applicable law.

5. Data Retention

We retain personal data for as long as is necessary to fulfil the purposes for which it was collected:

• Client engagement records: 7 years from completion of the engagement (for accounting and legal purposes)
• Enquiry and pre-engagement correspondence: 2 years from last contact
• Website analytics data: Up to 26 months from collection (where applicable)
• Cookie consent records: 1 year

After these periods, data is securely deleted or anonymised.

6. Sharing Your Data

We do not sell, rent, or trade your personal data. We may share data in the following limited circumstances:

• Service providers: Third-party tools used in our operations (e.g. secure email, document storage) who are bound by confidentiality obligations.
• Legal requirements: If required by a court order or regulatory authority under Malaysian law.
• Business transfer: If the firm is transferred to new ownership, subject to equivalent privacy protections.

We do not use third-party advertising platforms or share data with social media networks for marketing purposes unless you have explicitly consented.

7. Cookies

We use cookies on our website. Essential cookies are necessary for the site to function. Analytics and preference cookies are optional and require your consent. Please see our Cookie Policy for full details.

8. Data Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:

• Encrypted email communications for sensitive client exchanges
• Access controls limiting data access to staff who need it
• Secure document storage with access logging
• Regular review of our data handling practices

In the event of a data breach that may affect your rights, we will notify you and the relevant authority as required by law.

9. Your Rights

Under the Malaysian Personal Data Protection Act 2010, you have the right to:

• Access: Request a copy of personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Withdrawal of consent: Withdraw consent for optional processing at any time.
• Objection: Object to processing based on legitimate interests in certain circumstances.
• Limit processing: Request that we limit use of your data in certain circumstances.

To exercise any of these rights, contact us at privacy@halcyonfad. We will respond within 21 days.

10. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.

11. Children's Privacy

Our services are directed at business owners and professionals. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have done so inadvertently, we will delete that data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website following a change constitutes acceptance of the updated policy.

13. Contact and Complaints

For privacy-related enquiries, contact our data protection point of contact at privacy@halcyonfad.

If you believe your data has been handled improperly, you may lodge a complaint with the Department of Personal Data Protection Malaysia (PDPD). Information is available at pdp.gov.my.