Privacy Policy

1. Introduction

Lestari ("we", "us", "our") is a business consulting practice based at No. 9, Lebuh Light, 10200 George Town, Pulau Pinang, Malaysia. We are committed to handling your personal information responsibly and in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website at lestarimy.cyou or engage our services. By using our website or submitting an enquiry, you acknowledge that you have read and understood this policy.

Questions about this policy may be directed to [email protected].

2. What Personal Data We Collect

We collect personal data only where it is necessary for a clear purpose. The types of data we may collect include:

• Contact information: your name, email address, and phone number when submitted via our enquiry form
• Communication records: messages you send us and records of our correspondence
• Engagement information: details about your business situation that you share during a consulting engagement
• Usage data: pages visited, time spent on pages, and browser type, collected automatically via analytics cookies where you have consented
• Technical data: IP address, browser version, and device information for security and operational purposes

We collect this data through our website contact form, direct email and telephone communication, and notes taken during consulting sessions.

Legal basis: We process your data under your consent (for enquiries and marketing), to fulfil a consulting engagement you have engaged us for (contractual necessity), and for our legitimate interests in operating our practice securely and improving our service.

Retention: Contact enquiries are retained for 24 months. Engagement records for active clients are retained for the duration of the engagement plus five years for accounting and professional liability purposes.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

• Responding to your enquiries and scheduling initial conversations
• Delivering consulting engagements you have contracted with us
• Sending written outputs, session summaries, and roadmaps as part of your engagement
• Sending occasional service-related communications (e.g. appointment confirmations)
• Analysing website usage to improve our site's content and usability
• Complying with legal and regulatory obligations

We do not send unsolicited marketing emails. If you have consented to receiving updates from us, you may withdraw that consent at any time by contacting [email protected].

Third-party sharing: We do not sell your personal data. We may share data with trusted service providers — including our email hosting provider and website analytics provider — under contractual obligations that require them to protect your data. We do not share client engagement information with any third party without your explicit consent.

4. How We Protect Your Data

We take reasonable technical and organisational steps to protect your personal data from unauthorised access, disclosure, alteration, or loss. These include:

• HTTPS encryption on all website communications
• Access controls limiting data access to team members who require it
• Password-protected systems and secure file storage for engagement records
• Regular review of our data handling practices

In the event of a data breach that is likely to affect your rights or interests, we will notify you within a reasonable time and take steps to contain and remediate the breach.

5. Cookies

Our website uses cookies to improve your experience and understand how visitors use the site. We use essential cookies (necessary for the site to function) and, with your consent, analytics cookies to understand usage patterns.

You can manage your cookie preferences at any time on our Cookie Policy page. Withdrawing consent for non-essential cookies will not affect the core functionality of the site.

6. Your Rights

Under Malaysia's Personal Data Protection Act 2010, you have the following rights regarding your personal data:

• Right of access: you may request a copy of the personal data we hold about you
• Right to correction: you may request correction of inaccurate or incomplete data
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
• Right to limit processing: you may request that we limit how we use your data in certain circumstances
• Right to object: you may object to processing based on legitimate interests

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days. For unresolved complaints, you may contact the Department of Personal Data Protection Malaysia (JPDP) at pdp.gov.my.

7. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of any external site you visit.

8. Children's Privacy

Our services are intended for business owners and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted personal data to us, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by a revised "Last Updated" date at the top of this page. Where changes are significant, we will notify active clients directly. Continued use of our website or services following an update constitutes acceptance of the revised policy.

10. Contact

For questions about this policy or to exercise your data rights:

• Email: [email protected]
• Address: No. 9, Lebuh Light, 10200 George Town, Pulau Pinang, Malaysia
• Phone: +60 4-261 5390