Privacy Policy

1. Introduction

Lumina Cyber (referred to in this document as "we", "us", or "our") is committed to handling the personal data of individuals who contact us or engage our services with care and in accordance with applicable Malaysian law. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have in relation to it.

If you have questions about this Policy or about how we handle your data, please contact us at [email protected].

2. Data Controller

The data controller for personal data collected through this website is Lumina Cyber, Suite 16-2, Menara Sapura Energy, Solaris Dutamas, 50480 Kuala Lumpur, Malaysia. Contact: [email protected].

3. Legal Framework

We process personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). This Policy is intended to satisfy the PDPA's requirements for transparency and consent. Where our services are provided to financial institutions, we also observe relevant guidance from Bank Negara Malaysia's Risk Management in Technology (BNM-RMiT) framework with respect to data handling practices within those engagements.

4. Data We Collect

We collect personal data in the following circumstances:

• Contact form submissions: Name, email address, and optional phone number and message content.
• Email correspondence: Contact details and content of any message you send to us directly.
• Engagement onboarding: For clients, we collect professional contact information (name, role, organisation, email, phone) necessary to deliver our services.
• Website analytics: If analytics cookies are accepted, aggregate data on page visits and interactions (no personally identifiable data is collected through analytics unless you submit a form).

5. How We Use Your Data

We use personal data for the following purposes:

• To respond to enquiries submitted through the contact form or by email.
• To deliver advisory services to clients who have engaged us.
• To send service-related communications (e.g., engagement status updates, document delivery).
• To maintain records for our own compliance and audit purposes.
• To improve the content and usability of this website, using aggregated, non-personal analytics data.

We do not sell personal data to third parties. We do not use personal data for automated decision-making or profiling.

6. Legal Basis for Processing

• Consent: For marketing communications and optional analytics cookies, where you have given consent.
• Contractual necessity: For personal data processed as part of delivering our advisory services.
• Legitimate interest: For responding to enquiries and maintaining internal records, where our interest does not outweigh your privacy rights.

7. Data Retention

Contact form enquiries and related correspondence are retained for up to 24 months. Client engagement records, including written briefs and usage policies produced during engagements, are retained for 7 years in accordance with standard professional practice and potential audit requirements. After the applicable retention period, data is deleted or anonymised.

8. Data Sharing

We do not share personal data with third parties except in the following limited circumstances:

• With service providers who process data on our behalf (e.g., email hosting, website analytics), under data processing agreements that restrict their use of your data.
• Where required by applicable law or a valid order from a competent authority.

9. Data Security

We maintain reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include access controls on internal systems, secure email practices, and restricted access to client engagement records. In the event of a data breach likely to affect your rights, we will notify affected individuals in accordance with PDPA requirements.

10. Cookies

This website uses cookies. Essential cookies are required for basic site functionality and cannot be disabled. Optional analytics and preference cookies are only set with your consent. Please see our Cookie Policy for full details.

11. Your Rights Under PDPA

Under Malaysia's PDPA, you have the following rights in relation to personal data we hold about you:

• Right of access: You may request a copy of the personal data we hold about you.
• Right of correction: You may request that inaccurate or incomplete data be corrected.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
• Right to limit processing: You may request that we limit the processing of your personal data in certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days. We may need to verify your identity before processing a request.

12. Third-Party Links

This website may contain links to external sites. We are not responsible for the privacy practices of those sites and recommend you review their privacy policies separately.

13. Children

Our services are directed at professionals and organisations. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted personal data through this website, please contact us at the address below and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be noted with an updated "Last Updated" date at the top of this page. Continued use of this website following a change constitutes acceptance of the revised Policy.

15. Contact

For privacy-related enquiries, data subject requests, or complaints:

Lumina Cyber
Suite 16-2, Menara Sapura Energy, Solaris Dutamas, 50480 Kuala Lumpur
Email: [email protected]
Phone: +60 17 815 4296

If you are not satisfied with our response, you may contact the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my.