B
Bestari Group

Legal Documents

Privacy Policy

Last updated: 15 April 2026  ·  Effective from: 15 April 2026

Bestari Group ("we", "our", or "the practice") is committed to protecting the personal data of individuals who visit our website or engage with our consulting services. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have in relation to it.

This policy applies to data collected through this website (the "Site") and through direct engagement with Bestari Group in the course of business enquiries or consulting services. It is prepared in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

1. Data Controller

Bestari Group, with its principal place of business at 19 Jalan Dato Onn, 50480 Kuala Lumpur, Malaysia, is the data controller for personal data collected through this website and our consulting activities. For privacy-related enquiries, you may contact us at [email protected] or by telephone at +60 3-2694 3157.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Contact information — name, email address, telephone number, and company name, typically provided when you submit the contact form or enquire about our services.
  • Communication records — the content of messages you send us via the website contact form or by email.
  • Usage data — information about how you interact with our website, including pages visited, time spent, referring URLs, and browser or device type. This data is collected via cookies where you have consented to their use.
  • Engagement data — information provided by you in the course of a consulting engagement, including business documentation, financial summaries, and strategic materials shared as part of a programme. This data is subject to additional confidentiality protections.

We do not knowingly collect personal data from individuals under the age of 18. Our services are directed at business owners and management professionals.

3. How We Use Your Personal Data

We use personal data for the following purposes:

  • To respond to enquiries submitted through the contact form or sent directly to our email address.
  • To assess whether our consulting programmes are suitable for a prospective client's situation.
  • To conduct and deliver consulting engagements where a service agreement has been entered into.
  • To maintain records of communications for the purpose of following up on outstanding matters.
  • To understand how our website is used, for the purpose of improving its content and usability, where you have consented to analytics cookies.

We do not use personal data for unsolicited marketing communications. We do not sell, rent, or disclose personal data to third parties for their own marketing purposes.

4. Legal Basis for Processing

We process personal data on the following lawful bases under the PDPA:

  • Consent — for optional communications and for the use of non-essential cookies, where you have provided consent via our cookie notice.
  • Contractual necessity — where processing is required to enter into or fulfil a consulting services agreement with you or your organisation.
  • Legitimate interests — where processing is necessary for our legitimate business interests, such as responding to enquiries and maintaining records, and these interests are not overridden by your privacy rights.
  • Legal obligation — where we are required to retain or disclose data to comply with applicable law or regulatory requirements.

5. Data Sharing and Disclosure

We do not share personal data with third parties except in the following limited circumstances:

  • Service providers — we use third-party tools for website hosting, email delivery, and analytics (where consented). These providers are selected with care and are only given access to data necessary for their specific function.
  • Legal requirements — we may disclose data where required to do so by law, regulatory authority, court order, or where disclosure is necessary to protect the safety of persons or the integrity of our practice.
  • Business succession — in the event of a transfer of the business, personal data held by us may be transferred as part of that transaction, subject to equivalent privacy protections.

Engagement data — meaning business and financial information shared with us in the context of a consulting programme — is never shared with third parties without your explicit written consent. This is a firm professional commitment that applies independently of this Privacy Policy.

6. Data Retention

We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by law:

  • Contact form submissions are retained for up to 24 months from the date of receipt, unless they result in an engagement, in which case they are retained for the duration of the engagement and seven years thereafter.
  • Engagement records are retained for seven years following the completion of the relevant programme, in accordance with standard professional record-keeping practice.
  • Website usage data collected via analytics tools is retained for a maximum of 26 months, subject to your consent preferences.

7. Your Rights

Under the PDPA and applicable data protection principles, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that inaccurate or incomplete data be corrected.
  • Withdrawal of consent — withdraw consent to any processing based on consent, at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Objection — object to processing carried out on the basis of legitimate interests, where you have grounds relating to your particular situation.
  • Erasure — request that data be deleted where it is no longer necessary for the purpose for which it was collected, subject to legal retention obligations.

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days of receiving a valid request.

8. Cookies and Tracking Technologies

Our website uses cookies. A cookie is a small text file stored on your device when you visit a website. We use cookies to understand how the site is navigated and to improve its content. Please refer to our Cookie Policy for a full description of the cookies we use and how to manage your preferences.

Essential cookies required for the website to function are used without consent. Non-essential cookies (including analytics) are only placed with your consent, which you may provide or decline via the cookie notice displayed on your first visit.

9. Data Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, loss, or destruction. These include access controls, secure email transmission, and restricted physical access to data held in hardcopy form. While no system is completely secure, we take data security seriously and will notify affected individuals and the relevant authority promptly in the event of a data breach affecting their rights.

10. Third-Party Websites

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites, and this Policy does not apply to them. We encourage you to review the privacy policy of any external site before providing personal data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The current version will always be accessible on this page. Material changes will be noted by updating the "Last updated" date at the top of this document. Continued use of the website following an update constitutes acceptance of the revised policy.

12. Contact Us

For questions about this Privacy Policy, or to exercise your data rights, please contact:

Bestari Group
19 Jalan Dato Onn, 50480 Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3-2694 3157

Return to Homepage
Terms & Conditions Cookie Policy