O
Orryx Contact Us

Legal

Privacy Policy

Last Updated: 28 May 2025  ·  Effective Date: 28 May 2025

Orryx is committed to protecting the personal data of individuals who interact with our advisory practice. This Privacy Policy explains how we collect, use, store, and protect personal information in connection with our infrastructure planning advisory services. It applies to all clients, enquirers, and visitors to our website at orryx.live.

Our practices are guided by Malaysia's Personal Data Protection Act 2010 (PDPA). If you have questions about this policy, you may contact us at [email protected].

1. Data We Collect

When you interact with Orryx — whether by submitting our contact form, corresponding with us by email, or engaging us for advisory services — we may collect the following types of personal data:

  • Name and job title
  • Business email address and phone number
  • Company name and industry sector
  • Information you provide describing your infrastructure planning context
  • Website usage data via analytics cookies (if consented)

We do not collect sensitive personal data as defined under the PDPA (such as health, financial account, or biometric data) in the ordinary course of our advisory practice.

2. How We Use Your Data

Personal data collected through our website or during an engagement is used for the following purposes:

  • Responding to enquiries and providing information about our services
  • Scoping, delivering, and administering advisory engagements
  • Communicating updates relevant to an ongoing engagement
  • Improving our website and understanding how visitors use it (analytics only with consent)
  • Meeting legal and regulatory obligations

We do not use your data for unsolicited marketing or pass it to third parties for their own marketing purposes.

3. Legal Basis for Processing

Under the PDPA 2010, we process personal data based on:

  • Consent — where you have provided data through our contact form or agreed to analytics cookies
  • Contractual necessity — where processing is necessary to deliver an advisory engagement you have commissioned
  • Legitimate interests — where we have a genuine business interest in processing (such as record-keeping for past engagements) that does not override your rights

4. Data Retention

We retain personal data only as long as necessary for the purpose for which it was collected:

  • Enquiry data not leading to an engagement: deleted within 12 months
  • Engagement records (client contact data, scope documents, deliverables): retained for 5 years after engagement close, then deleted
  • Website analytics data: retained for up to 26 months as per standard analytics provider settings

5. Cookies

Our website uses cookies to support basic functionality and, with your consent, to understand visitor behaviour through analytics. You can manage your cookie preferences at any time through our Cookie Policy page.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties for commercial purposes. Limited sharing may occur in the following circumstances:

  • With service providers who support our operations (email hosting, website analytics) under data processing agreements
  • Where required by Malaysian law or a lawful government request
  • With your explicit consent in any other circumstance

7. Data Security

We maintain reasonable technical and organisational measures to protect your personal data against unauthorised access, disclosure, or loss. These include encrypted email communication for sensitive engagement data and restricted access to client records within our team. If a data breach occurs that is likely to affect your rights, we will notify you and the relevant supervisory authority within the required timeframe.

8. Your Rights

Under the PDPA 2010 and applicable data protection principles, you have the following rights regarding your personal data held by Orryx:

  • Right of access — to request a copy of the personal data we hold about you
  • Right of correction — to request correction of inaccurate or incomplete data
  • Right to withdraw consent — to withdraw consent for processing where consent is the legal basis
  • Right to object — to object to processing based on our legitimate interests
  • Right of erasure — to request deletion of your data where there is no continuing legitimate basis for retention

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days of receiving a valid request.

9. Third-Party Links

Our website may include links to external resources. We are not responsible for the privacy practices of third-party websites and encourage you to review their policies separately.

10. Children's Privacy

Our services are directed at business organisations and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be noted on this page with an updated effective date. Continued use of our website or services following a policy update constitutes acceptance of the revised terms.

12. Contact

For data-related enquiries or to exercise your rights under this policy, contact our data handling point of contact:

  • Email: [email protected]
  • Address: Lebuh Light 22, 10200 George Town, Pulau Pinang, Malaysia
  • Business: Orryx — Infrastructure Planning Advisory