1. Introduction

This Personal Data Protection Notice explains how Corporate FinEdge Management Services and, where relevant, its related corporations, affiliated businesses, associated firms, representatives and service providers involved in providing services to you (collectively, “Corporate FinEdge Malaysia”, “we”, “us” or “our”) collect, use, disclose, store, transfer and otherwise process your personal data in accordance with the Personal Data Protection Act 2010 of Malaysia and its subsidiary legislation, amendments, standards, regulations and applicable guidance issued by the Personal Data Protection Commissioner or the Department of Personal Data Protection.

This Notice applies to personal data collected through our website, contact forms, email communications, telephone calls, messaging applications, social media, physical meetings, engagement onboarding documents, events, business relationships and any other interactions with Corporate FinEdge Malaysia.

If you provide personal data to us, access our website, submit an enquiry, engage our services, or otherwise interact with us, you acknowledge that you have read and understood this Notice and agree to the collection, use, disclosure and processing of your personal data in the manner described in this Notice, subject always to your rights under applicable law.

2. Data User and Contact Details

For the purposes of this Notice, the principal data user is:

Corporate FinEdge Management Services
No. 15-02, Jalan Molek 1/42,
Taman Molek, 81100 Johor Bahru, Johor, Malaysia

Tel: +60 10-711 5229

Email: cliff.goh@corporatefinedge.com

If you have any request, complaint, query or feedback relating to your personal data or this Notice, you may contact our designated person in charge of personal data matters at the contact details above.

3. What Personal Data We May Collect

The personal data we collect depends on the nature of your relationship with us, the services requested, and the legal and regulatory requirements applicable to the engagement. Depending on the circumstances, we may collect and process the following categories of personal data:

• Identification and profile information, such as your name, NRIC number, passport number, nationality, date of birth, gender, job title, employer, photographs, signatures, and other identity-related details.
• Contact information, such as your residential or business address, email address, telephone number and messaging application details.
• Business and professional information, such as company name, role, shareholding details, directorships, employment history, financial interests, tax residency, business relationships and transaction information.
• Financial, tax and compliance information, such as bank details, income information, accounting records, source-of-funds information, beneficial ownership information, tax reference numbers, and documents required for due diligence, know-your-client, anti-money laundering, sanctions screening or regulatory compliance purposes.
• Website and technical information, such as IP address, browser type, device identifiers, pages visited, date and time of access, cookie data, analytics data and other online identifiers collected through our website or systems.
• Communications and records, such as correspondence, enquiry submissions, call records, meeting notes, WhatsApp or other messaging records, feedback, complaints and instructions.
• Any other personal data that you or your authorised representatives voluntarily provide to us or that is reasonably required for the purposes stated in this Notice.
  
  

4. Sources of Personal Data

We may collect your personal data directly from you or indirectly from various lawful sources, including:

• when you contact us, submit an enquiry, request a quotation, subscribe to updates, or use our website or forms;
• when you engage us for accounting, tax, advisory, compliance, corporate secretarial, cross-border, MM2H, single family office or other professional services;
• when you provide information or documents during onboarding, due diligence, compliance reviews or service delivery;
• from your employer, company, directors, shareholders, authorised signatories, representatives, family members or professional advisers acting on your behalf;
• from publicly available sources, lawful databases, regulators, government agencies, corporate registries, sanctions databases, screening systems and other third-party sources where permitted by law;
• from cookies, analytics tools and similar technologies used on our website, subject to applicable legal requirements.
  
  

If you provide us with personal data relating to another individual, you represent and warrant that you have obtained the necessary consent or are otherwise legally permitted to disclose that person’s personal data to us and for us to process it in accordance with this Notice.

5. Purposes of Processing

We may collect, use, disclose and process your personal data for one or more of the following purposes, to the extent applicable to our relationship with you:

5.1 Core service and relationship purposes

• to identify you, verify your identity, conduct customer due diligence, screening and onboarding;
• to evaluate whether to accept or continue an engagement or business relationship;
• to provide our services, including accounting, bookkeeping, tax, SST, e-invoicing, payroll, corporate secretarial, business advisory, cross-border advisory, restructuring, MM2H-related support, family office-related support, compliance support and other related professional services;
• to prepare, review, process, submit or maintain documents, filings, applications, returns, records and correspondence for or on your behalf;
• to communicate with you regarding our services, your enquiries, meetings, updates, instructions, transactions, documents and support requests;
• to administer and manage our relationship with you, including billing, collections, account management, service delivery, quality assurance and internal reporting.
  
  

5.2 Legal, regulatory and risk management purposes

• to comply with applicable laws, regulations, guidelines, professional obligations, court orders and lawful requests from regulators, authorities or law enforcement agencies;
• to comply with anti-money laundering, counter-terrorism financing, sanctions, fraud prevention, conflict checks, audit, tax, accounting and corporate governance requirements;
• to establish, exercise or defend legal rights, investigate complaints, manage disputes, and protect our business, staff, clients, users and systems;
• to maintain internal records, governance controls, security monitoring, business continuity arrangements and incident management processes.
  
  

5.3 Operational and improvement purposes

• to operate, administer, maintain and improve our website, systems, forms, digital channels, user experience and service delivery;
• to conduct analytics, statistical review, internal research, management reporting and service improvement, using personal data or aggregated / anonymised data as appropriate;
• to engage third-party vendors, cloud providers, IT service providers, payment service providers, document management providers and professional advisers in connection with our operations and services.
  
  

5.4 Marketing and communications purposes

Subject to applicable law and your choices, we may use your personal data to send you legal, tax, compliance, regulatory, corporate, advisory or business updates, newsletters, event invitations, service announcements, publications and other marketing or thought leadership materials that may be relevant to you.

You may opt out of marketing communications at any time by following the unsubscribe instructions in the communication or by contacting us using the details stated in this Notice.

6. Mandatory and Voluntary Personal Data

Certain personal data requested by us is mandatory because it is required for us to identify you, comply with legal obligations, assess and accept an engagement, provide services to you, or carry out a transaction you have requested. If you do not provide mandatory personal data, or if you withdraw consent for processing that is necessary for the engagement or required by law, we may be unable to establish or continue the business relationship, provide the relevant services, respond to your request, or comply with our legal and regulatory obligations.

Other personal data may be voluntary. Where appropriate, we will indicate whether the provision of personal data is mandatory or optional.

7. Disclosure of Personal Data

We may disclose your personal data, for the purposes stated in this Notice, to such parties as may be appropriate in the circumstances, including:

• our related corporations, affiliated entities, associated firms and business partners, including those involved in providing services across Singapore, Malaysia or other jurisdictions where relevant to your engagement;
• our employees, officers, representatives, consultants and authorised personnel on a need-to-know basis;
• external professional advisers, such as lawyers, auditors, tax advisers, corporate service providers, payroll providers, compliance providers and other specialists engaged in connection with the services;
• third-party service providers and data processors, such as IT providers, website hosts, cloud storage providers, communication tools, analytics providers, payment or banking channels, document management vendors and other administrative support providers;
• regulators, statutory bodies, public authorities, government agencies, law enforcement agencies, courts, tribunals or other parties where disclosure is required or permitted by law;
• counterparties, financial institutions, insurers, investors, agents, immigration-related service providers, or transaction participants where disclosure is reasonably necessary for the purposes of the engagement and lawful to do so.
  
  

Where appropriate, we take reasonable steps to ensure that third parties processing personal data on our behalf are subject to duties of confidentiality and data protection obligations consistent with applicable law.

8. Transfer of Personal Data Outside Malaysia

In the course of our business, your personal data may be transferred to, stored in, accessed from or processed in jurisdictions outside Malaysia, including Singapore and other jurisdictions where our related entities, service providers, advisers, data centres or counterparties are located.

Where personal data is transferred outside Malaysia, we will take reasonable steps to ensure that the personal data is protected by appropriate contractual, organisational or technical safeguards and handled in a manner consistent with the PDPA and applicable legal requirements.

9. Security of Personal Data

We take practical steps to protect personal data from loss, misuse, unauthorised or accidental access, disclosure, alteration or destruction. Such steps may include administrative, physical and technical safeguards, access controls, staff confidentiality obligations, secure storage, password controls, network security, document protection and vendor management measures.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we do not warrant or guarantee the absolute security of information transmitted to us or stored by us, to the extent permitted by law.

10. Retention of Personal Data

We retain personal data only for as long as necessary to fulfil the purposes stated in this Notice or as required or permitted by law, regulation, contractual requirement or professional obligation. In assessing retention periods, we may consider the nature of the data, the purpose for which it was collected, the sensitivity of the data, legal limitation periods, tax and regulatory retention requirements, audit requirements and the need to establish, exercise or defend legal claims.

Where personal data is no longer required, we may securely delete, destroy, anonymise or aggregate it, subject to applicable legal or operational requirements.

11. Accuracy and Data Integrity

You are responsible for ensuring that the personal data you provide to us is accurate, complete, not misleading and kept up to date. Please notify us promptly if there are any changes to your personal data so that our records can be updated.

We will take reasonable steps to ensure that personal data processed by us is accurate, complete, not misleading and kept up to date, having regard to the purpose for which it is used.

12. Your Rights

Subject to the PDPA and any applicable exceptions, you may have the right to:

• request access to your personal data held by us and information about how it is processed;
• request correction of inaccurate, incomplete, misleading or outdated personal data;
• withdraw consent for processing of personal data where such processing is based on your consent;
• limit or object to the processing of personal data in certain circumstances, including direct marketing communications, where permitted by law.
  
  

Any request to access or correct your personal data should be made in writing using the contact details stated in this Notice. We may take reasonable steps to verify your identity and request sufficient information to process the request.

We may charge a reasonable fee, if permitted by law, for processing an access request. If a fee is payable, we will inform you before processing the request. We may also refuse a request, wholly or partly, where permitted under applicable law, and we will inform you of the basis for the refusal where required.

13. Website, Cookies and Analytics

Our website may use cookies, web beacons, pixels, scripts, analytics tools and similar technologies to operate the website, improve performance, remember preferences, understand visitor behaviour, measure traffic, maintain security and support communications or marketing activity.

The information collected through such technologies may include IP address, browser type, device type, referring pages, pages visited, duration of visit, date and time of visit, and similar usage data.

We may use third-party tools such as website analytics services. These providers may process usage data in accordance with their own privacy terms. You may manage cookies through your browser settings, although disabling cookies may affect the functionality of the website.

Where the law requires consent for certain cookies or tracking technologies, such technologies should only be activated in accordance with the applicable consent mechanism implemented on the website.

14. Links to Third-Party Websites

Our website may contain links to third-party websites or external platforms. We are not responsible for the privacy, security or content practices of those third-party websites or platforms. You should review their privacy notices before providing personal data to them.

15. Personal Data of Children

Our website and services are not intended for children, and we do not knowingly collect personal data from children through the website unless such collection is lawful, necessary and appropriately authorised. If you believe that personal data relating to a child has been provided to us improperly, please contact us so that we may take appropriate action.

16. Changes to this Notice

We may amend, revise or update this Notice from time to time to reflect changes in law, regulation, business operations, technology or data handling practices. The updated version will be posted on our website and will take effect from the date stated in the revised Notice unless otherwise specified.

17. Bahasa Malaysia Version

If this Notice is made available in both English and Bahasa Malaysia, both versions are intended to assist understanding. In the event of inconsistency, the Bahasa Malaysia version may be prepared and maintained to meet applicable local requirements, and the version adopted by Corporate FinEdge Malaysia for compliance purposes shall prevail to the extent required by applicable law.

Last updated: 30 April 2026