Privacy Policy
Last updated: 12 May 2025 · Kettle & Cog Sdn Bhd, Kuala Lumpur, Malaysia
1. Introduction
Kettle & Cog ("we", "us", "our") is committed to protecting the personal data of individuals who engage with our services or visit our website. This Privacy Policy explains what data we collect, how it is used, how long it is retained, and what rights you have in relation to it.
This policy applies to data collected through our website at kettlea.biz, through contact forms, email correspondence, and in connection with our prototype session services. It is written in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA 2010).
If you have questions about this policy, please contact us at [email protected].
2. Data We Collect
We collect the following categories of personal data:
- Contact information: name, email address, phone number — submitted via our contact form or provided directly during a session booking
- Session-related information: details about your idea or business concept shared during pre-session briefings or the sessions themselves
- Technical data: IP address, browser type, pages visited, and session duration — collected automatically via analytics tools when you visit our website
- Cookie data: preference and consent data stored in your browser — see Section 6 for full details
We do not collect sensitive personal data (such as identity card numbers, financial account details, or health information) and do not require it for any of our services.
3. How We Use Your Data
Your personal data is used for the following purposes:
- Responding to enquiries submitted through our contact form or by email
- Scheduling and delivering prototype sessions booked through our website or directly
- Sending session summaries and follow-up documents relevant to your engagement
- Understanding how our website is used, in order to improve its content and structure (analytics, where consent is given)
- Meeting legal or regulatory obligations under Malaysian law
We do not use your personal data for automated decision-making, profiling, or the delivery of targeted advertising.
4. Legal Basis for Processing
Under Malaysia's PDPA 2010, we process your personal data on the following bases:
- Consent: where you submit a contact form or agree to cookie use
- Contract performance: where data is necessary to deliver a booked session or related service
- Legitimate interests: for internal analytics and service improvement, where these do not override your rights
5. Data Retention
We retain personal data only for as long as it is needed for the purpose it was collected:
- Contact enquiry data: up to 12 months from the date of last contact, unless a session is booked
- Session-related data (summaries, notes): up to 24 months from the session date
- Analytics data: aggregated and anonymised after 12 months
- Cookie consent records: retained for 12 months
After the applicable retention period, data is deleted or anonymised. You may request earlier deletion — see Section 8 for your rights.
6. Cookies
Our website uses cookies to remember your preferences and understand how visitors use the site. Cookie categories include:
- Essential cookies: required for basic website function — always active
- Analytics cookies: used to understand site usage patterns — active only with your consent
- Preference cookies: used to store your choices — active only with your consent
You can manage your cookie preferences at any time via our Cookie Policy page.
7. Data Sharing
We do not sell your personal data to third parties. We may share data with:
- Service providers who support our website or session operations (e.g. hosting, email delivery) — under data processing agreements
- Analytics platforms (Google Analytics) — where you have consented to analytics cookies
- Malaysian authorities — if required by law
Session content — including ideas, prototypes, and notes — is treated as confidential and is not shared with any third party without your explicit written consent.
8. Your Rights
Under Malaysia's PDPA 2010, you have the following rights in relation to your personal data:
- Right of access: request a copy of the personal data we hold about you
- Right of correction: request correction of inaccurate or incomplete data
- Right to withdraw consent: withdraw consent for processing at any time, where consent is the legal basis
- Right to limit processing: request that we limit how your data is used in certain circumstances
To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include access controls, encrypted communication channels, and restricted internal access to session records. In the event of a data breach affecting your rights, we will notify you as required under applicable Malaysian law.
10. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies separately.
11. Children's Privacy
Our services are intended for individuals aged 18 and above. We do not knowingly collect data from anyone under 18. If you believe we have inadvertently done so, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, the revised date at the top of this page will be updated. We encourage you to review this page periodically. Continued use of our services after a change constitutes acceptance of the updated policy.
13. Contact
For any questions about this policy or data-related matters, please write to:
- Email: [email protected]
- Address: Kettle & Cog, Unit 3-7, Common Ground, Jalan Kerinchi, Bangsar South, 59200 Kuala Lumpur, Malaysia