Privacy Policy

Tessera Works ("we", "us", "our") is committed to handling personal information with care and in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). This policy explains what data we collect, why we collect it, how we use it, and your rights in relation to it.

If you have questions about this policy or about how we handle your data, you can contact us at [email protected].

1. Who We Are

Tessera Works is a digital transformation consultancy based at Unit 18-02, Q Sentral, 2A Jalan Stesen Sentral 2, 50470 Kuala Lumpur, Malaysia. We are the data controller for the personal data we process through our website and in connection with our consulting engagements.

2. Data We Collect

Through our website contact form:

• Name
• Email address
• Phone number (optional)
• Message content you choose to provide

Through our consulting engagements:

• Name, role, and contact details of individuals we interview or communicate with
• Notes and recordings (where consent is given) from interviews and sessions
• Documents and information shared by clients to facilitate our work

Automatically collected data:

• IP address and browser type (via server logs)
• Pages visited and time spent (via analytics cookies, if accepted)

3. Why We Collect and Use Your Data

We use personal data for the following purposes, each with a corresponding legal basis:

• Responding to enquiries — legitimate interest in communicating with prospective clients
• Delivering consulting services — performance of a contract or pre-contractual steps
• Maintaining client records — legitimate interest in managing business relationships
• Analytics and site improvement — consent (via cookie acceptance)
• Legal compliance — legal obligation where applicable

We do not use your data for automated decision-making or profiling.

4. How Long We Keep Your Data

• Enquiry data: retained for up to 12 months if no engagement follows
• Client engagement data: retained for 5 years from the end of the engagement, in line with standard business record-keeping
• Analytics data: retained for up to 26 months, consistent with standard analytics platforms

5. Data Sharing

We do not sell, rent, or trade personal data. We may share data with:

• Our email and document hosting providers (data processors operating under service agreements)
• Analytics service providers (only if you accept analytics cookies)
• Legal or regulatory authorities where required by law

We do not share client data with third parties for marketing purposes.

6. Data Protection Measures

• All data is stored on password-protected, access-controlled systems
• Email communications involving sensitive client information are handled with care; we do not transmit sensitive data over unencrypted channels
• Access to client files is restricted to the consultant(s) working on that engagement
• We conduct periodic reviews of our data handling practices

7. Cookies

We use essential cookies to keep our website functioning, and optional analytics cookies to understand how the site is used. You can manage your cookie preferences at any time via our Cookie Policy page.

8. Your Rights

Under Malaysia's PDPA and applicable principles, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Withdraw consent for data processing based on consent (this does not affect processing carried out before withdrawal)
• Request deletion of your data, subject to our legal obligations to retain certain records
• Object to processing based on legitimate interests, in certain circumstances

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days.

9. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.

10. Children

Our services are directed at business professionals aged 18 and above. We do not knowingly collect personal data from persons under 18.

11. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of our website after changes constitutes acceptance of the revised policy.

12. Contact

For privacy-related queries, please contact us at [email protected] or by post at Unit 18-02, Q Sentral, 2A Jalan Stesen Sentral 2, 50470 Kuala Lumpur, Malaysia.