Section 01
Who We Are
Auric Den is a risk management consulting practice registered and operating in Malaysia. Our registered address is Suite 10-4, Menara Standard Chartered, 30 Jalan Sultan Ismail, 50250 Kuala Lumpur. We are the data controller in respect of personal information processed through this website and our consulting engagements.
This policy applies to information collected through the website at auricden.biz, through our enquiry and contact forms, and in the course of client engagements. It does not apply to third-party websites that may be linked from our pages.
Section 02
Information We Collect
We collect only what is necessary for the purpose for which it is being used. The categories of personal information we may collect include:
Information you provide directly
- Your name and professional title
- Your organisation name and business address
- Your email address and telephone number
- The content of messages you send via our contact form or email
- Information shared in the course of an engagement — including documentation, meeting notes, and interview responses
Information collected automatically
- IP address and approximate geographic location
- Browser type, operating system, and device identifiers
- Pages visited, time spent, and navigation paths on this site
- Referral sources (how you arrived at the site)
- Cookie and tracking identifiers, subject to your consent
We do not collect sensitive personal data (such as health information, financial account details, or identity document numbers) through this website. Where such information is shared in the context of an advisory engagement, it is handled under separate confidentiality terms agreed with the client.
Section 03
How We Use Information
Information collected through this website and in the course of our work is used for the following purposes:
- Responding to enquiries and requests submitted through our contact form
- Delivering the consulting services agreed with a client organisation
- Preparing written reports, framework documents, and other engagement outputs
- Communicating about ongoing or potential engagements
- Maintaining records of completed work for professional and regulatory purposes
- Understanding how our website is used, so that it can be improved
- Meeting legal and regulatory obligations under Malaysian law
We do not use personal information for automated decision-making or profiling. We do not use it for unsolicited marketing purposes without your consent.
Section 04
Legal Basis for Processing
Our processing of personal information rests on the following legal grounds under the Personal Data Protection Act 2010 (PDPA) of Malaysia:
- Consent — where you have submitted a form, accepted cookies, or otherwise agreed to a specific use
- Contractual necessity — where processing is needed to deliver services you have engaged us to provide
- Legitimate interests — where we have a reasonable professional interest in maintaining records or improving our practice, and that interest is not overridden by your rights
- Legal obligation — where processing is required by law or professional regulation
Section 05
Sharing Information
We do not sell personal information to any third party. We do not share personal information with organisations for their own marketing purposes.
We may share information in the following limited circumstances:
- Service providers — organisations that assist with website hosting, analytics, or communication tools, who are bound by confidentiality obligations
- Professional advisers — legal or accounting professionals engaged in relation to our business, under confidentiality obligations
- Regulatory bodies or courts — where disclosure is required by law, court order, or regulatory authority
Any third party that processes personal data on our behalf does so only on our instructions and under appropriate data processing terms.
Section 06
Retention
We retain personal information only for as long as is necessary for the purpose for which it was collected, or as required by law or professional standards.
- Enquiry records not resulting in an engagement: up to 12 months
- Client engagement records and outputs: up to 7 years, in accordance with standard professional practice
- Website analytics data: up to 26 months, or shorter periods as determined by applicable tools
When personal information is no longer required, it is securely deleted or anonymised.
Section 07
Your Rights
Under the Personal Data Protection Act 2010 and applicable data protection law, you have rights in relation to your personal information. These include:
- The right to request access to personal information we hold about you
- The right to request correction of inaccurate or incomplete information
- The right to withdraw consent where processing is based on consent
- The right to request that we cease processing your information in certain circumstances
- The right to lodge a complaint with the relevant data protection authority
To exercise any of these rights, please contact us in writing at [email protected]. We will respond within a reasonable time and no later than the period required by applicable law.
Section 09
Security
We take reasonable and appropriate technical and organisational measures to protect personal information against unauthorised access, disclosure, alteration, or loss. These include access controls, encrypted transmission, and regular review of our data handling practices.
No method of transmission over the internet is entirely without risk. While we take our obligations seriously, we are unable to warrant that any information transmitted to or from our website is absolutely secure.
Section 10
Contact Us
Questions or concerns about this policy or about how we handle your personal information may be directed to us at:
Auric Den
Suite 10-4, Menara Standard Chartered
30 Jalan Sultan Ismail, 50250 Kuala Lumpur
This policy may be updated from time to time. Changes will be posted on this page with a revised date at the top. Continued use of the website following any changes constitutes acceptance of the updated policy.