Luminos Back to home

Legal

Privacy Policy

Last updated: 14 April 2026  ยท  Luminos (Sole Proprietorship)  ยท  Penang, Malaysia

This Privacy Policy describes how Luminos ("we", "our", or "us"), a business consulting firm registered in Malaysia and operating from 33 Persiaran Gurney, 10250 George Town, Penang, collects, uses, stores, and protects personal data submitted through our website at luminosa.pro and through direct communication with us.

This policy is issued in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and related regulations. By submitting your personal data to us, you consent to the terms of this policy.

1. Who this policy applies to

This policy applies to individuals who visit our website, submit enquiries through our contact form, communicate with us by telephone or email, or engage us for professional consulting services. It does not apply to information about legal entities, nor to data that is publicly available or aggregated in a way that does not identify individuals.

2. Personal data we collect

We collect only the information that is necessary for the purposes described in this policy. This may include:

  • Your full name and job title
  • Your business name and industry
  • Your email address and telephone number
  • The content of enquiries or messages you send us
  • Technical information such as browser type, device type, and pages visited โ€” collected via analytics cookies where you have given consent
  • Any documents or information you share with us in the context of an advisory engagement

We do not collect sensitive personal data as defined under the PDPA (such as health information, religious beliefs, or political opinions) unless you choose to disclose such information voluntarily in the course of an engagement.

3. How we collect personal data

We collect personal data through the following means:

  • Our website contact form
  • Direct email correspondence to [email protected]
  • Telephone conversations
  • Pre-engagement questionnaires and workshop preparation documents
  • Cookies and web analytics tools, where consent has been given (see our Cookie Policy)

4. How we use your personal data

We use personal data for the following purposes:

  • Responding to enquiries and providing information about our services
  • Delivering advisory engagements you have contracted with us
  • Communicating updates relevant to your engagement
  • Sending occasional service-related communications where you have given consent
  • Improving the quality of our website and services through aggregated analytics
  • Complying with our legal obligations under Malaysian law

We do not use your personal data for automated decision-making or profiling.

5. Legal basis for processing

Under the PDPA, we rely on the following lawful grounds for processing personal data:

  • Consent โ€” for communications beyond the scope of an active enquiry or engagement
  • Contractual necessity โ€” to deliver services you have engaged us for
  • Legitimate interests โ€” for website analytics and service improvement, balanced against your rights
  • Legal obligation โ€” to comply with applicable Malaysian laws and regulations

6. Sharing your personal data

We do not sell, rent, or trade personal data to third parties. We may share data only in the following limited circumstances:

  • With service providers who assist us in delivering our services (for example, email hosting or document management tools), under appropriate data processing agreements
  • Where required by law, regulation, or a valid court order
  • In the event of a business transfer, such as a merger or acquisition, where personal data may be transferred as part of the business assets โ€” data subjects will be notified in advance

Any third party with whom we share data is required to handle it in accordance with applicable data protection laws.

7. Data retention

We retain personal data for as long as is necessary for the purpose for which it was collected, or as required by law. Specifically:

  • Enquiry data where no engagement follows: up to 12 months from the date of enquiry
  • Engagement-related data: up to 7 years from the conclusion of the engagement, in line with standard Malaysian commercial record-keeping requirements
  • Website analytics data: retained in aggregated, anonymised form with no fixed expiry

When data is no longer required, we delete or anonymise it securely.

8. Your rights under the PDPA

Under the Personal Data Protection Act 2010, you have the right to:

  • Access the personal data we hold about you
  • Correct personal data that is inaccurate, incomplete, or out of date
  • Withdraw consent for processing activities that rely on consent as their legal basis
  • Request the cessation of processing for direct marketing purposes

To exercise any of these rights, please contact us at the address below. We will respond within 21 days of receiving your request. We may need to verify your identity before processing a request.

9. Data security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include secure communication channels, access controls, and internal data handling procedures.

No method of electronic transmission or storage is completely secure. While we make every effort to protect your data, we cannot guarantee absolute security. We encourage you to avoid sending highly sensitive information by email without encryption.

10. International transfers

We primarily process data within Malaysia. Where data is transferred to service providers located outside Malaysia, we ensure that appropriate safeguards are in place, consistent with the PDPA and applicable regulations.

11. Third-party links

Our website may contain links to third-party websites. This policy does not apply to those websites. We encourage you to review the privacy policies of any external sites you visit.

12. Cookies

We use cookies on our website. For detailed information about the types of cookies we use, your choices, and how to manage your preferences, please see our Cookie Policy.

13. Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We recommend reviewing this page periodically. Continued use of our website or services after a policy update constitutes acceptance of the revised terms.

14. Contact us

If you have questions about this policy, wish to exercise your rights, or have a complaint about how we handle your personal data, please contact us:

Luminos

33 Persiaran Gurney, 10250 George Town, Penang, Malaysia

+60 4-2638 1745 [email protected]

If you are not satisfied with our response, you may contact the Department of Personal Data Protection (JPDP) at www.pdp.gov.my.