Privacy Policy
This policy describes how Tenurely ("we", "us", "our") collects, uses, stores, and protects personal data in connection with our record-keeping and organisational services. It applies to all visitors to this website and to clients who engage Tenurely for any of our services.
Tenurely operates in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). For questions about this policy, contact us at [email protected].
1. Who We Are
The data controller is Tenurely, operating from 3-1 Jalan PJU 8/5D, Damansara Perdana, 47820 Petaling Jaya, Selangor, Malaysia.
We provide organisational support for pension and retirement records. We are not a legal, financial, or medical service provider. Our processing of personal data is limited to what is necessary for delivering our record-keeping services.
2. Data We Collect
We collect personal data only when you provide it directly through our website contact form or during the course of an engagement. Categories of data we may collect include:
- Name and contact details (email address, telephone number)
- Business address and postal address (if provided)
- Employment history information (employer names, periods, reference numbers) — provided during sessions
- Document types and record status information — noted during organisational engagements
- Correspondence content — where you share copies of letters for format review during the Employer Records Reconstruction programme
We also collect non-personal technical data via cookies and analytics tools (see Section 5). We do not collect financial account information, identity document numbers, or health data.
Legal Basis for Processing
- Contract performance: processing necessary to deliver the service you have engaged us for
- Consent: for marketing communications, where you opt in
- Legitimate interests: for service administration, internal records, and fraud prevention
3. How We Use Your Data
Personal data collected is used for the following purposes:
- Responding to enquiries submitted through the website contact form
- Scheduling and conducting sessions (timeline, reconstruction, retainer)
- Maintaining tracking sheets, correspondence logs, and master registers during active engagements
- Producing end-of-engagement documents (written summaries, bound chronologies)
- Internal administrative records during and immediately after engagement
- Sending service-related communications where relevant to an active engagement
We do not use personal data for profiling, automated decision-making, or marketing to third parties. We do not sell, rent, or share personal data with external parties for their own commercial purposes.
Data Retention
Contact form enquiries are retained for twelve months from the date of submission or until the enquiry is resolved, whichever is sooner. Engagement-related records are retained for twenty-four months following the close of the engagement, then deleted. We do not retain digital copies of client archives after handover.
4. Data Protection Measures
We apply reasonable organisational and technical measures to protect personal data against unauthorised access, loss, or disclosure:
- Access to engagement records is restricted to the assigned coordinator and principal staff only
- Electronic documents are stored on password-protected systems
- Physical documents shared during sessions are handled only within our office premises
- No client data is transmitted by email without the client's explicit request
- In the event of a data breach affecting your personal data, we will notify you within seventy-two hours of becoming aware of it
We do not transfer personal data outside Malaysia. All processing occurs within Selangor, Malaysia.
5. Cookies
Our website uses cookies to understand how it is used and to store your cookie consent preference. We use essential cookies for site functionality and, where you consent, analytics cookies to understand page usage patterns.
For full details of the cookies used on this site, their purpose, and how to manage your preferences, see our Cookie Policy.
6. Your Rights Under the PDPA
Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to personal data we hold about you:
- Right of access: you may request a copy of the personal data we hold about you
- Right of correction: you may request that inaccurate or incomplete data be corrected
- Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time
- Right to limit processing: you may request that we limit how we use your data in certain circumstances
- Right to prevent processing for marketing purposes: you may object to your data being used for direct marketing at any time
To exercise any of these rights, contact us at [email protected]. We will respond within thirty days.
If you believe we have not handled your personal data appropriately, you may lodge a complaint with the Personal Data Protection Department (PDPD) of Malaysia, the national supervisory authority for data protection.
7. Third-Party Links
Our website may contain links to external websites, including Google Maps. We are not responsible for the privacy practices of those sites. We recommend reviewing the privacy policy of any external site you visit through a link from this website.
8. Children's Privacy
Our services are directed to adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, contact us at [email protected] and we will delete it promptly.
9. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the date at the top of this page. For clients in an active engagement at the time of an update, we will communicate material changes directly.
10. Contact
For data protection enquiries:
Tenurely
3-1 Jalan PJU 8/5D, Damansara Perdana, 47820 Petaling Jaya, Selangor
Email: [email protected]
Phone: +60 3-9057 4162