Privacy Policy

1. Introduction

Mahkota ("we", "us", "our") is a Malaysian company registered in Shah Alam, Selangor. We take the handling of personal data seriously and operate in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

This Privacy Policy explains what personal data we collect when you use this website or engage our services, how we use it, and the rights available to you. It applies to data collected through this website and through our engagement activities with estate operators and their staff.

For questions about this policy, contact us at [email protected].

2. Personal Data We Collect

We collect personal data in the following circumstances:

2.1 Website contact form

When you submit an enquiry through our website we collect your name, email address, and phone number if provided. We also collect the content of your message. This data is used solely to respond to your enquiry.

2.2 Engagement activities

When we conduct an Estate Process Review or Records & Reporting Pilot, we work with estate records that may contain personal data relating to estate staff (names, roles, contact details in handover notes or HR records). This data is accessed under a written data handling protocol agreed with the estate operator before work begins and is not retained by Mahkota beyond the engagement period without explicit written consent.

2.3 Cookies and analytics

We use cookies to understand how visitors use this website. See our Cookie Policy for details. Analytics data does not identify individual visitors.

2.4 Legal basis for processing

Under the PDPA 2010, we process personal data on the basis of consent (website enquiries), contract performance (engagement activities), and legitimate interest (website analytics and service improvement).

3. How We Use Your Data

• To respond to enquiries submitted through the website contact form
• To deliver engagement services as agreed in written scope documents
• To send service-related communications during active engagements
• To analyse website usage and improve our online presence (analytics data only)
• To comply with applicable Malaysian laws and regulations

We do not sell personal data to third parties. We do not use personal data for unsolicited marketing communications without your consent.

3.1 Data retention

Website enquiry data is retained for up to 24 months for correspondence reference. Engagement data (records accessed under the data handling protocol) is deleted or returned within 30 days of engagement close unless a longer retention period has been agreed in writing.

4. How We Protect Your Data

We apply the following measures to protect personal data:

• Access to personal data is restricted to named Mahkota staff who require it for their engagement role
• Digital records and correspondence are stored on encrypted services with access controls
• Estate records accessed during engagements are held in read-only form and are not modified
• In the event of a data breach affecting personal data, we will notify affected individuals and the relevant authority in accordance with PDPA requirements

5. Cookies

This website uses essential cookies for site operation and optional analytics cookies to understand site usage. You can manage your cookie preferences through the consent banner displayed on your first visit or through the Cookie Policy page.

6. Your Rights Under the PDPA 2010

Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights in relation to your personal data held by Mahkota:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to correct: You may request correction of inaccurate or incomplete data.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. This does not affect processing already carried out.
• Right to prevent processing for direct marketing: You may notify us that you do not consent to use of your data for direct marketing.

To exercise these rights, write to us at [email protected]. We will respond within 21 days. Supervisory authority for data protection matters in Malaysia is the Department of Personal Data Protection (JPDP) under the Ministry of Communications and Digital.

7. Third-Party Links

This website may contain links to external sites, including industry body websites and regulatory portals. We are not responsible for the privacy practices of those sites. We recommend reading the privacy policy of any external site before providing personal data.

8. Children's Privacy

Our services are directed at agricultural estate operators and their management staff. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data through this website, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects when it was last revised. Continued use of this website after a policy update constitutes acceptance of the revised terms.