Chat on WhatsApp

Privacy Policy

Last Updated: March 11, 2026  ·  Effective Date: March 11, 2026

PDPA Compliant GDPR Compliant

This Privacy Policy applies to Angela Excellent Enterprise ("we", "us", "our"), operating the website at https://directorrisk.com.my. It explains how we collect, use, and protect your personal data in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA) and the European Union's General Data Protection Regulation (GDPR).

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

  • Company: Angela Excellent Enterprise
  • Website: https://directorrisk.com.my
  • Email: angela@directorrisk.com.my
  • Phone: +6014-3416439

2. What Data We Collect

When you use our Director Risk Calculator, we collect:

  • Identity Data: Full name
  • Contact Data: Email address, phone number
  • Business Data: Company name, role/position, company revenue, industry, number of shareholders, current insurance coverage status, key person value
  • Technical Data: IP address, browser type, device type, operating system, pages visited, time spent on site
  • Usage Data: Calculator inputs and results

We do not collect special category data (e.g. health, race, religion, biometric data).

3. Lawful Basis for Processing

We process your personal data on the following legal grounds:

  • Consent (GDPR Art. 6(1)(a) / PDPA): You have given explicit consent by submitting the calculator form. You may withdraw consent at any time.
  • Legitimate Interests (GDPR Art. 6(1)(f)): To follow up about your risk assessment results and relevant insurance information, where this does not override your rights.
  • Contract Performance (GDPR Art. 6(1)(b)): To deliver the risk report and any services you have requested.
  • Legal Obligation (GDPR Art. 6(1)(c) / PDPA): Where required to comply with applicable law.

4. How We Use Your Data

We use your data to:

  • Calculate your director liability risk score and generate a personalised report
  • Send you the risk assessment report by email immediately after submission
  • Send follow-up educational emails about director risk protection (you can unsubscribe anytime)
  • Contact you to offer a free insurance consultation (only if you request or consent)
  • Improve our website and calculator functionality
  • Comply with legal and regulatory obligations

5. Data Retention

We retain your personal data for a maximum of 24 months from the date of your last interaction with us. After this period, your data will be securely deleted, unless:

  • You have become an active client (data retained for the duration of the relationship plus 7 years for legal/tax compliance), or
  • We are required by applicable law to retain it for a longer period.

6. Cross-Border Data Transfers

Your personal data may be transferred to and processed in countries outside Malaysia and the European Economic Area (EEA), including the United States, where our service providers operate. We ensure such transfers are carried out with appropriate safeguards:

  • In compliance with Section 129 of the PDPA (Malaysia)
  • Under Standard Contractual Clauses (SCCs) or equivalent mechanisms approved under GDPR Chapter V

By submitting your data, you consent to this cross-border transfer.

7. Your Rights

You have the following rights regarding your personal data under both PDPA and GDPR (where applicable):

  • Right of Access: Request a copy of the personal data we hold about you (GDPR Art. 15 / PDPA s.30)
  • Right to Rectification: Request correction of inaccurate or incomplete data (GDPR Art. 16 / PDPA s.34)
  • Right to Erasure: Request deletion of your data where there is no legitimate reason for continued processing (GDPR Art. 17)
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances (GDPR Art. 18)
  • Right to Data Portability: Receive your data in a structured, machine-readable format (GDPR Art. 20)
  • Right to Object: Object to processing based on legitimate interests or for direct marketing (GDPR Art. 21)
  • Right to Withdraw Consent: Withdraw your consent at any time without affecting prior lawful processing
  • Right to Lodge a Complaint: File a complaint with your national data protection authority (see Section 11)

To exercise any of these rights, email us at angela@directorrisk.com.my with the subject line "Data Rights Request". We will verify your identity and respond within 21 business days (PDPA) or 30 calendar days (GDPR), whichever applies.

8. Email Communications

After submitting the calculator, you will receive:

  • Immediately: Your personalised risk assessment report
  • Over the following weeks: Educational emails about director risk protection

You can unsubscribe from all marketing emails at any time by clicking the Unsubscribe link in any email, or by emailing us directly. Transactional emails (e.g. your risk report) are not subject to unsubscribe as they are part of the service you requested.

9. Cookies

We use the following types of cookies:

  • Strictly Necessary Cookies: Required for the website to function. Cannot be disabled.
  • Analytics Cookies: Help us understand how visitors use our site (pages visited, time on site). Used in aggregate and anonymised form only.

You can control cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the site.

10. Third-Party Service Providers

We share data with the following third-party processors, who are contractually bound to protect your data and use it only as instructed:

  • Resend (Email Delivery): Your name and email are shared solely to deliver your risk report and follow-up emails.
  • Neon Technologies (Database Hosting): Stores your submitted data on encrypted PostgreSQL servers located in the United States.
  • Vercel Inc. (Web Hosting): Hosts our website and API functions on a global edge network. Servers may be located outside Malaysia.

We do not sell your personal data to any third party.

11. Supervisory Authority & Complaints

You have the right to lodge a complaint with the relevant data protection authority:

  • Malaysia (PDPA): Department of Personal Data Protection (JPDP) — pdp.gov.my | aduan@pdp.gov.my
  • European Union (GDPR): Contact the data protection authority in your EU member state — edpb.europa.eu

We would appreciate the opportunity to address your concerns before you contact a supervisory authority. Please reach out to us first at angela@directorrisk.com.my.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Access controls limiting who can view your data
  • Regular security reviews of our systems and third-party providers

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you and the relevant authority within the legally required timeframe.

13. Children's Privacy

Our services are intended for business professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email (if we hold your contact details) and update the "Last Updated" date at the top of this page. Continued use of our website after such changes constitutes acceptance of the updated policy.

15. Contact Us

For any privacy-related questions, requests, or concerns:

  • Company: Angela Excellent Enterprise
  • Email: angela@directorrisk.com.my
  • Phone: +6014-3416439
  • Website: https://directorrisk.com.my
← Return to Homepage