Legal
Privacy Policy
Last Updated: 10 March 2026 | Effective: 10 March 2026
Citra Digital (referred to in this document as "we", "us", or "our") is committed to handling personal data responsibly and in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you hold in relation to it.
If you have questions about this policy or about how your data is handled, contact us at [email protected].
1. Data Controller
Citra Digital operates as the data controller for personal data collected through this website and through our consulting engagement process. Our registered address is 12 Jalan Kemajuan, Seksyen 12, 46200 Petaling Jaya, Selangor, Malaysia.
2. What Personal Data We Collect
We collect personal data through our website contact form and through the course of client engagements. This includes:
- Name and professional title
- Business email address
- Phone number (where provided)
- Organisation name and sector
- Content of enquiries or messages submitted via our contact form
- Technical data collected automatically (IP address, browser type, pages visited) via analytics tools
We do not collect sensitive personal data as defined under the PDPA.
3. Legal Basis for Processing
Under the PDPA 2010, we process your personal data on the following grounds:
- Consent — when you submit our contact form or accept our cookie policy
- Legitimate interest — for business communications with individuals who have made enquiries
- Contractual necessity — where data processing is required to deliver agreed consulting services
- Legal obligation — where processing is required to comply with applicable Malaysian law
4. How We Use Your Data
Personal data collected is used for the following purposes:
- Responding to enquiries submitted through our contact form
- Scheduling and conducting consulting engagements
- Sending relevant service information where you have expressed interest
- Improving our website based on aggregated, anonymised analytics
- Maintaining records as required by Malaysian company law
We do not use your personal data for automated decision-making or profiling.
5. Data Sharing
We do not sell, rent, or trade personal data with third parties. We may share data with:
- Service providers — cloud hosting and email delivery providers engaged to support our operations, bound by data processing agreements
- Analytics platforms — such as Google Analytics, using anonymised data only
- Legal or regulatory authorities — where required by Malaysian law or lawful request
Any third-party service providers are selected on the basis of data security practices consistent with PDPA requirements.
6. Data Retention
We retain personal data for the following periods:
- Enquiry records: 24 months from the date of the last interaction
- Client engagement records: 7 years in accordance with Malaysian statutory requirements
- Analytics data: 26 months (standard Google Analytics retention)
After the applicable retention period, personal data is securely deleted or anonymised.
7. Data Security
We implement technical and organisational measures to protect personal data against unauthorised access, alteration, or disclosure. These include:
- HTTPS encryption across all website communications
- Access controls limiting data access to authorised personnel
- Regular internal reviews of data handling procedures
- Secure deletion practices for expired data
In the event of a data breach that may adversely affect your rights, we will notify the relevant parties in accordance with PDPA obligations.
8. Cookies
Our website uses cookies to support site functionality and analytics. For full details of the cookies we use and how to manage your preferences, please refer to our Cookie Policy.
9. Third-Party Links
Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their own policies before submitting any personal data.
10. Your Rights Under PDPA 2010
Under Malaysia's Personal Data Protection Act 2010, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Withdrawal of consent — withdraw consent to processing where consent was the legal basis
- Limit processing — request that we stop processing your data for direct marketing purposes
- Enquiry — submit questions about how your data is processed
To exercise any of these rights, contact us at [email protected]. We will respond within 21 days in accordance with PDPA requirements.
If you are unsatisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia (pdp.gov.my).
11. Children's Privacy
Our services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that data has been collected from a minor, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last Updated" date at the top of this page will be revised accordingly. Continued use of our website following a policy update constitutes acceptance of the revised terms.
13. Contact for Privacy Enquiries
For all data protection and privacy enquiries:
- Email: [email protected]
- Phone: +60 3-2587 4936
- Address: 12 Jalan Kemajuan, Seksyen 12, 46200 Petaling Jaya, Selangor, Malaysia