N
Novalith
Legal

Privacy Policy

Last updated: April 2026

This Privacy Policy describes how Novalith ("we", "our", or "us") collects, uses, stores, and discloses personal data in connection with our business consulting services and website at novalitha.pro. It is prepared in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

1. Who We Are

Novalith is a business consulting firm operating in Malaysia, with registered offices at 14 Lorong Haji Taib, 50300 Kuala Lumpur. We provide advisory services in sustainability integration, ESG reporting readiness, and green operations review to organisations in Malaysia and the broader region.

For the purposes of the PDPA, Novalith acts as the data user responsible for the personal data collected through this website and through our client engagement process.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Contact and identification data: name, job title, company name, email address, and phone number — provided when you complete our contact form or enquire about our services.
  • Communication data: messages, correspondence, and notes from interactions with our team.
  • Technical and usage data: IP address, browser type, pages visited, and session duration — collected automatically through cookies and standard web server logs when you use this website.
  • Engagement data: information related to scoping discussions, proposal reviews, and service delivery where you or your organisation is involved.

We do not collect sensitive personal data as defined by the PDPA (such as health information, political opinions, or religious beliefs) through this website.

3. How We Collect Personal Data

Personal data is collected through:

  • the contact and enquiry form on our website;
  • email or telephone correspondence initiated by you;
  • meetings, calls, or written exchanges during a consulting engagement;
  • cookies and web analytics tools (see our Cookie Policy for detail).

4. Purposes of Processing

We process personal data for the following purposes:

  • to respond to enquiries submitted through the contact form or via email;
  • to assess suitability for our consulting services and prepare proposals;
  • to deliver agreed consulting services and communicate progress;
  • to send relevant updates about services, publications, or events where you have consented to receive such communications;
  • to improve the functionality and content of this website;
  • to comply with applicable legal and regulatory obligations in Malaysia.

We process personal data only for the purposes described above and do not use it for unrelated activities without seeking fresh consent where required.

5. Legal Basis for Processing

Under the PDPA, we rely on the following grounds for processing personal data:

  • Consent: where you have actively provided your information through our contact form or opted in to communications;
  • Contract: where processing is necessary to perform a consulting engagement or to take steps prior to entering into one;
  • Legal obligation: where we are required to retain or disclose information under Malaysian law;
  • Legitimate interests: for website analytics and improving our service — balanced against your rights and reasonable expectations as a website visitor.

6. Disclosure of Personal Data

We do not sell, rent, or trade your personal data. We may share it only in the following limited circumstances:

  • Service providers: trusted third parties who assist with website hosting, analytics, or email delivery — under contractual obligations consistent with the PDPA;
  • Professional advisors: lawyers or accountants where necessary for our legal or compliance obligations;
  • Regulatory authorities: where disclosure is required by Malaysian law or a lawful direction from a competent authority.

Any third party receiving personal data from us is required to maintain appropriate security measures and to use the data only for the purpose for which it was shared.

7. Transfers Outside Malaysia

Some of our website infrastructure and analytics tools operate on servers located outside Malaysia. Where personal data is transferred outside Malaysia, we take reasonable steps to ensure that the receiving jurisdiction provides a comparable level of protection, or that appropriate safeguards are in place, consistent with Section 129 of the PDPA.

8. Retention of Personal Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Enquiry and contact data: up to 24 months from last interaction, unless a consulting engagement follows;
  • Engagement and delivery records: up to 7 years from project completion, consistent with standard Malaysian business record-keeping practice;
  • Website analytics data: retained in aggregated or anonymised form after 14 months.

When personal data is no longer required, it is securely deleted or anonymised.

9. Your Rights Under the PDPA

Under the Personal Data Protection Act 2010, you have the right to:

  • Access the personal data we hold about you;
  • Correct any inaccurate, incomplete, or out-of-date personal data;
  • Withdraw consent to processing at any time, where processing is based on consent — without affecting the lawfulness of prior processing;
  • Limit processing for direct marketing purposes by notifying us at any time.

To exercise any of these rights, please contact us at [email protected] or by phone at +60 3-2694 8153. We will respond within 21 days of receiving your request. We may need to verify your identity before processing the request.

10. Security

We implement technical and organisational measures proportionate to the nature of the personal data we hold. These include access controls, encrypted data transmission (HTTPS), and restricted internal access. No method of electronic transmission is completely secure; while we take reasonable precautions, we cannot warrant absolute security.

11. Cookies

This website uses cookies to support basic functionality and to understand how visitors use our pages. You can manage your cookie preferences through our Cookie Policy page. Disabling non-essential cookies will not prevent you from accessing the content of this website.

12. Links to Other Websites

This website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated through a notice on our website. Continued use of this website after such changes constitutes acceptance of the revised policy.

14. Contact Us

For any questions, access requests, or concerns relating to this Privacy Policy or the handling of your personal data, please contact us:

If you are not satisfied with how we have handled your concern, you may file a complaint with the Personal Data Protection Commissioner of Malaysia via the Ministry of Communications and Digital.

Terms & Conditions Cookie Policy Contact Us