This Privacy Policy explains how Seckira Sdn. Bhd. (Co. No. 202401017441 / 1563291-W) (“Seckira”, “we”, “us”, “our”) collects, uses, discloses and protects personal data when you use our website at seckira.com, the Seckira client portal, our WhatsApp and email channels, and any related services (together, the “Services”).
We process personal data in accordance with Malaysia’s Personal Data Protection Act 2010 (“PDPA”), and where applicable, the EU General Data Protection Regulation and Singapore’s PDPA. By using the Services you consent to this Policy.
1. Who we are
Seckira is an SSM-licensed company secretary and accounting firm based in Selangor, Malaysia. We act as a data user for the personal data we collect from you, and as a data processor for personal data you share with us about your employees, directors and shareholders.
Our Data Protection Officer can be reached at info@seckira.com.
2. What we collect
Identification & contact data
- Full name, IC or passport number, date of birth, nationality
- Residential and correspondence address
- Email, phone number, WhatsApp handle
- Photograph and signature (for KYC and SSM filings)
Business & financial data
- Company name, SSM registration number, shareholding structure
- Bank statements, invoices, receipts, payroll records
- Tax identification numbers and prior filings
- Beneficial-ownership and source-of-funds information (required under AMLA 2001)
Communications & usage data
- Messages exchanged with us by email, WhatsApp, in-app chat or phone
- IP address, browser type, device identifiers, log-in timestamps
- Cookies and similar technologies (see our Cookie Policy)
3. Why we collect it
- Delivering the Services — incorporating your company, filing returns with SSM and LHDN, processing payroll, and similar professional services you engage us for.
- Verifying your identity — to satisfy KYC and customer due-diligence obligations under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA).
- Communicating with you — sending statutory reminders, filing acknowledgements, invoices and product updates.
- Improving our Services — analytics on how the dashboard is used, in aggregate and anonymised wherever possible.
- Complying with the law — including the Companies Act 2016, Income Tax Act 1967, AMLA, PDPA and any regulator request.
4. Legal basis for processing
We process personal data on one or more of the following bases:
- Your consent (which you can withdraw at any time);
- Performance of our engagement letter with you;
- Compliance with our legal obligations under Malaysian law;
- Our legitimate interests in operating, securing and improving the Services.
5. Who we share data with
We share only what is necessary, and only with:
- Malaysian regulators and authorities — SSM, LHDN, KWSP, PERKESO, Customs (RMCD), PSMB, Bank Negara Malaysia;
- Banking partners you engage through us (for bank account opening introductions);
- Sub-processors who help us operate the Services — including AWS (Singapore), Stripe, Twilio (WhatsApp Business), Google Workspace and DocuSign;
- Professional advisers, auditors and insurers under standard confidentiality obligations;
- Law-enforcement agencies and courts, where compelled by a valid order.
We never sell your personal data, and we don’t share it for third-party advertising.
6. Cross-border transfers
Some of our sub-processors are located outside Malaysia (chiefly Singapore and the United States). We rely on contractual safeguards — including the Standard Contractual Clauses where appropriate — to ensure your data receives a level of protection equivalent to Malaysian law.
7. How long we keep your data
- Accounting and tax records — 7 years after the end of the relevant financial year, as required by Section 82 of the Income Tax Act 1967 and Section 245 of the Companies Act 2016.
- AMLA / KYC records — 6 years after the end of our engagement, as required by Bank Negara Malaysia.
- Marketing data — until you unsubscribe, then deleted within 30 days.
- Server logs — 90 days.
8. Your rights under the PDPA
You have the right to:
- Access the personal data we hold about you;
- Correct any data that is inaccurate or out of date;
- Limit the processing of your data for direct marketing;
- Withdraw consent you previously gave us (subject to legal retention duties);
- Lodge a complaint with the Personal Data Protection Commissioner of Malaysia.
To exercise any right, email info@seckira.com with the subject “PDPA Request”. We will respond within 21 days.
9. How we protect your data
We use TLS 1.2+ encryption in transit and AES-256 encryption at rest. Banking credentials are never stored — we use read-only Open Banking integrations. Access to client data is role-based and audited. All staff sign confidentiality and PDPA-compliance undertakings.
10. Children
The Services are not directed at individuals under 18. We do not knowingly collect data from minors.
11. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified by email or by an in-app notice at least 14 days before they take effect.
12. Contact us
Seckira Sdn. Bhd. (Co. No. 202401017441 / 1563291-W)
No. 38-1, Jalan Aman Tiara 8, Triana, Bandar Tropicana Aman,
42500 Telok Panglima Garang, Selangor, Malaysia
Email: info@seckira.com · Tel: +60 10-204 9494