NMR-LEGAL-PP
Privacy Policy
Last Updated: 10 June 2025 | Effective Date: 10 June 2025
This policy describes how Northmere (registered business address: 36 Jalan Datoh, 30350 Ipoh, Perak, Malaysia) collects, uses, and protects personal data in connection with its records education classes and document services. If you have questions, write to [email protected].
1. What Personal Data We Collect
When you contact us by telephone, email, or the enquiry form on our website, we collect:
- Name
- Email address
- Telephone number (if provided)
- Any information you include in your message
For the Records Digitisation and Indexing service, we also hold physical documents under a signed handling agreement. Those documents are not personal data in the sense of this policy; they are handled under the terms of the handling agreement and are not retained by Northmere after handover.
We collect website usage data through cookies. See Section 6 below and our Cookie Policy for details.
2. How and Why We Use Personal Data
We use contact information for the following purposes:
- Responding to enquiries about our services
- Issuing written scopes, quotations, and confirmations
- Delivering the agreed service (class enrolment, digitisation scheduling, engagement coordination)
- Following up on completed engagements (for example, the six-month follow-up in the Workplace Practice Review)
Legal basis (Malaysia PDPA 2010): We process personal data on the basis of consent, which you provide when you submit an enquiry, and on the basis of contract performance, when a service has been agreed. We do not use personal data for marketing unless you have separately agreed to receive communications from us.
Retention: Contact records related to completed enquiries that did not lead to a service engagement are held for twelve months and then deleted. Records related to completed service engagements are held for three years after the end of the engagement and then deleted, unless a longer period is required by applicable law.
3. Data Sharing
Northmere does not sell or share personal data with third parties for marketing purposes. We may share data in the following limited circumstances:
- Service delivery: Where a third-party supplier is necessary to deliver a service (for example, encrypted drive procurement), only the minimum data necessary is shared, under confidentiality terms.
- Legal obligation: Where required by Malaysian law or a lawful order from a competent authority.
We use standard website hosting and email services. These providers are located in Malaysia or operate under data protection agreements consistent with Malaysian PDPA requirements.
4. Data Protection Measures
- Contact records are held in password-protected systems with access limited to Northmere staff who need them for their role.
- Physical documents handled under the digitisation service are stored in a locked area during the engagement period and are not accessible to persons outside the digitisation team.
- All copies of digitised files are deleted from Northmere systems upon handover, and deletion is confirmed in writing to the client.
- Northmere reviews access controls annually and following any significant change to staffing or systems.
In the event of a data breach that affects personal data, Northmere will notify affected individuals and, where required by law, the relevant Malaysian authority, within the timeframes prescribed by applicable legislation.
5. Your Rights Under the Personal Data Protection Act 2010 (Malaysia)
As a data subject under Malaysian law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Withdraw consent for processing (where consent is the legal basis)
- Request restriction of processing in certain circumstances
- Lodge a complaint with the Department of Personal Data Protection Malaysia
To exercise any of these rights, write to [email protected]. We will respond within fourteen days.
6. Cookies
This website uses essential cookies required for basic functionality, and optional analytics cookies to understand how pages are used. You can manage your cookie preferences at any time via our Cookie Policy page. We do not use marketing cookies or pass cookie data to advertising networks.
7. Third-Party Links
Where this website links to external resources (for example, public government publications cited in class materials), Northmere is not responsible for the privacy practices of those sites. We recommend reading the privacy notices of any external sites you visit.
8. Children
Northmere's services are intended for adults aged 18 and over. We do not knowingly collect personal data from persons under 18. If you believe a minor has provided personal data to us, please contact [email protected] and we will delete it promptly.
9. Changes to This Policy
If we make material changes to this policy, we will update the date at the top of this page. Where changes affect how we use data you have already provided, we will notify you by email if we hold your contact details. Continued use of our services after a policy update constitutes acceptance of the revised terms.
10. Contact for Data Enquiries
Data controller: Northmere
Address: 36 Jalan Datoh, 30350 Ipoh, Perak, Malaysia
Email: [email protected]
Telephone: +60 5 2538 4671
Supervisory authority: Department of Personal Data Protection Malaysia (JPDP) — www.pdp.gov.my