Xanthe Co ("we", "us", "our") respects the privacy of every person who visits this website or submits an enquiry. This policy describes what personal information we collect, why we collect it, how we use it, and the choices available to you. It applies to data processed through the website at xantheco.world and any related correspondence.
Our practices align with the Personal Data Protection Act 2010 (PDPA) of Malaysia. If you have questions about this policy, please write to [email protected].
1. Data We Collect
When you use this website or contact us, we may collect the following categories of information:
Contact details
Name, email address, and phone number provided through the enquiry form.
Enquiry content
The message text and details you share when asking about our advisory services.
Usage data
Pages visited, time spent on each section, and browser/device type, collected through analytics tools.
Cookie data
Preference and session data stored in browser cookies. See our Cookie Policy for full details.
We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor has submitted data, please contact us immediately.
2. Legal Basis for Processing
Under the PDPA 2010 and aligned data protection principles, we rely on the following grounds:
-
Consent — when you submit an enquiry form and acknowledge our privacy notice.
-
Contractual necessity — to respond to service requests and carry out an engagement if agreed.
-
Legitimate interest — to improve our website and understand how visitors engage with our content.
3. How We Use Your Data
Personal data is used only for purposes directly connected to the reason it was collected:
- Responding to enquiries and scheduling advisory sessions
- Delivering agreed advisory services and sharing related materials
- Sending service-related communications (session notes, summaries, follow-ups)
- Analysing website usage to improve content and navigation
- Complying with applicable legal and regulatory obligations
We do not use your data for unsolicited marketing. If we send any service-related updates, you can ask to stop at any time.
4. Data Sharing and Third Parties
We do not sell personal data. Limited sharing occurs in the following situations:
Hosting and infrastructure
Our website is served through third-party hosting providers who process server logs and form submissions on our behalf under data processing agreements.
Analytics tools
We use web analytics services (such as Google Analytics) to understand traffic patterns. These services may set their own cookies and have their own privacy policies.
Legal requirements
We may disclose data if required by Malaysian law, court order, or a lawful request from a regulatory authority.
5. Data Retention
We keep personal data only as long as necessary for its purpose:
| Data type | Retention period | Reason |
|---|---|---|
| Enquiry form submissions | 12 months | Follow-up and service continuity |
| Client engagement records | 5 years | Business records and legal compliance |
| Analytics data | 14 months | Website improvement |
| Cookie preferences | 12 months | Respecting your browser-side choice |
After the relevant period, data is deleted or anonymised.
6. Data Protection Measures
We take reasonable technical and organisational steps to protect personal data:
HTTPS encryption on all pages and form submissions
Access to personal data restricted to authorised team members only
Stored data held on servers with access controls and regular security reviews
In the event of a data breach, affected parties will be notified within a reasonable timeframe
7. Cookies
This website uses cookies for site functionality, analytics, and preference storage. You can manage your cookie settings at any time. See our Cookie Policy for a full breakdown of cookie types, purposes, and durations.
8. Your Rights
Under the PDPA 2010 and general data protection principles, you have the following rights in relation to your personal data:
Access
Request a copy of the personal data we hold about you.
Rectification
Ask us to correct inaccurate or incomplete data.
Erasure
Request deletion of your data where it is no longer needed for the original purpose.
Objection
Object to processing based on legitimate interest.
Portability
Receive a copy of your data in a structured, machine-readable format.
Withdraw consent
Withdraw consent at any time where processing is based on it, without affecting prior processing.
To exercise any right, email [email protected]. We will respond within 21 days. If you are unsatisfied with our response, you may contact the Department of Personal Data Protection Malaysia.
9. Third-Party Links
This website may contain links to external resources. We are not responsible for the privacy practices of third-party sites and recommend reviewing their policies before sharing any personal information.
10. Policy Updates
We may update this policy from time to time. When changes are material, we will revise the "last updated" date at the top of this page. Continued use of the website after an update indicates acceptance of the revised policy.
11. Contact and Data Controller
Xanthe Co
Level 8, Menara LGB, Jalan Wan Kadir, Taman Tun Dr Ismail, 60000 Kuala Lumpur
Phone: +60 3-7728 6045
Privacy enquiries: [email protected]