Privacy Policy
Last Updated: 25 June 2025 · Effective: 25 June 2025
1. Introduction
Emberkeep ("we", "us", "our") is a records information support practice based at 58 Jalan Perak, 10450 George Town, Pulau Pinang, Malaysia. We provide clerical and educational services relating to pension and retirement records organisation.
This Privacy Policy explains how we collect, use, store, and protect personal data you provide to us, and describes your rights under Malaysian law, including the Personal Data Protection Act 2010 (PDPA). Please read this policy carefully. If you have questions, contact us at [email protected].
2. Data We Collect
We collect personal data in two circumstances: when you submit an enquiry through our website contact form, and when you attend an in-person appointment.
2.1 Contact Form Data
- Full name (required)
- Email address (required)
- Phone number (optional)
- Message content (optional)
2.2 Appointment Data
During appointments, coordinators may note the types of documents you bring (by category, such as "EPF statements 2001–2010") in order to produce gap lists and indexes. We do not copy, photograph, or retain the content of personal financial documents beyond the session. Original documents are returned to you before the session closes.
2.3 Website Cookies
Our website uses essential cookies for basic functionality and, with your consent, analytics cookies to understand how visitors use the site. See our Cookie Policy for details.
2.4 Legal Basis for Processing
- Contact form submissions: your consent, given when you submit the form
- Service delivery data: performance of a contract for clerical services
- Analytics cookies: your consent, given through the cookie banner
3. How We Use Your Data
- To respond to your enquiry and arrange appointments
- To communicate about your booked service, including scheduling and follow-up notes
- To issue invoices for completed services
- To improve our website and services through aggregated, anonymised analytics
- To comply with legal obligations under Malaysian law
We do not use your data for marketing purposes without explicit consent. We do not sell personal data to third parties. We do not share client data with the practitioners listed in our directory.
4. Data Retention
- Contact enquiries not resulting in a booking: deleted within 30 days of the last communication
- Service records (invoices, appointment notes): retained for 7 years for accounting and legal compliance, then deleted
- Website analytics data: retained in aggregated form; individual session data deleted after 12 months
5. Data Sharing
We do not share personal data with third parties except in the following limited circumstances:
- Our web hosting provider, for the purpose of operating this website — data is processed under a data processing agreement
- Where required by Malaysian law, court order, or government authority
- With your explicit written consent
We do not transfer personal data outside Malaysia without appropriate safeguards.
6. Data Protection Measures
- Our website uses HTTPS encryption for all data transmitted through the contact form
- Appointment notes are stored on password-protected, locally held systems not connected to the internet
- Access to client data is restricted to the coordinator involved in your service and the office manager
- In the event of a data breach, we will notify affected individuals and the relevant authorities within 72 hours of becoming aware of the breach, where required by applicable law
- Physical documents handled during appointments are not removed from the office premises
7. Your Rights Under the PDPA 2010
Under the Malaysian Personal Data Protection Act 2010, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete personal data
- Request that we stop processing your data for direct marketing purposes
- Withdraw consent to processing (where processing is based on consent)
- Lodge a complaint with the Department of Personal Data Protection Malaysia
To exercise any of these rights, contact us in writing at [email protected]. We will respond within 14 days.
8. Cookies
We use essential cookies to make our website function, and optional analytics cookies with your consent. You can manage your cookie preferences at any time through our Cookie Policy page.
9. Third-Party Links
Our website may contain links to external sites, including the websites of practitioners listed in our directory. Emberkeep is not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any external sites you visit.
10. Children's Privacy
Our services are directed at adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted personal data through our website, please contact us at [email protected] so we can remove it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Where changes are material, we will post a notice on our website. The date at the top of this page reflects the most recent update. Continued use of our services after any change constitutes acceptance of the updated policy.
12. Contact Us
For any questions about this policy or about how we handle your personal data, contact our data officer: