01
Key definitions
The following definitions explain terms used in this policy. They clarify the scope of personal data and processing activities referred to throughout the document and help you understand your relationship with StartupHubBiz as a user, client, or website visitor.
Personal data means any information that identifies or can reasonably be used to identify an individual, including name, email address, phone number, government identifiers, and any client business data linked to an identified natural person.
Processing refers to any operation performed on personal data, whether automated or manual, including collection, storage, use, disclosure, erasure, and transfer.
User refers to any individual who interacts with StartupHubBiz services or website, including prospective clients, registered clients, and visitors seeking information.
Service denotes the legal consulting platform and related advisory services provided by StartupHubBiz, including consultations, document drafting, and subscription access to legal resources.
Cookies are small text files placed on a device to store preferences, support authentication, and collect analytics data to improve the website experience.
02
Data we collect
We collect personal data that is necessary to deliver our services, maintain client relationships, comply with legal obligations, and improve our platform. Data collection is limited to what is relevant for those purposes and handled with strict access controls.
03
Data you provide directly
Data you provide directly is used to establish and manage the professional relationship, perform legal work, and communicate about services. We request only information needed to deliver the requested legal assistance.
- Identification details: full name, date of birth where required for verification, government-issued IDs and Business ID information when relevant
- Contact information: email address, telephone number, postal address including business addresses
- Company information: company name, registration numbers, partner data, and corporate documentation necessary for incorporation and advisory work
- Engagement materials: contracts, term sheets, IP records and other documents you upload for review and drafting
- Billing and payment details required to process invoices and maintain business records
- Communications: records of calls, emails and meeting notes related to the provision of legal services
04
Data collected automatically
When you visit our website or use digital services, we automatically collect technical and usage data to operate the service, protect the platform and improve functionality and content relevance.
- Device and browser information, including IP address, browser type, and device identifiers
- Usage data such as pages visited, time spent on pages, click paths and referral sources
- Analytics data used to measure and improve website performance and service delivery
- Security and diagnostic logs related to platform access and error reporting
- Location data at a coarse level when needed to present relevant regulatory information
- Cookie identifiers and similar tracking vouchers for preference management and analytics
05
Data from third parties
We may receive personal data about you from third parties such as payment processors, business registries, and trusted partners. We only accept such data where necessary and with appropriate safeguards.
- Business registries (e.g., SSM) for verification of corporate details
- Payment providers for transaction processing and fraud detection
- Analytics and hosting providers that process website logs and performance metrics
06
Purposes of processing
We process personal data to provide professional legal services, manage the client relationship, fulfill contractual obligations, comply with legal requirements, and maintain platform operations.
- To provide, manage and deliver legal consulting services requested by clients
- To perform identity and anti-fraud checks required by regulatory or risk management practices
- To communicate about engagements, billing and service updates
- To analyze platform usage and improve features, content and documentation
- To maintain administrative and business records for accounting, tax and compliance purposes
- To respond to legal requests, judicial process or regulatory inquiries
- To enforce our terms of service and protect against misuse or security threats
- To manage subscriptions, newsletters and client preferences when consent has been provided
07
Legal basis for processing
We rely on appropriate legal grounds for processing. These include performance of a contract, compliance with legal obligations, legitimate interests and explicit consent where required by law.
- Contractual necessity: processing required to deliver the requested legal services and contractual obligations
- Legal compliance: processing necessary to comply with statutory duties, court orders or regulatory requirements
- Legitimate interests: processing for platform security, fraud prevention, and business operations where balanced against individual rights
- Consent: where applicable, for marketing communications or optional features beyond core service delivery
08
Cookies and similar technologies
Cookies and similar technologies are used to provide essential site functionality, remember preferences, and collect analytics. You can control cookie preferences through your browser and our cookie settings interface.
We use session cookies, persistent cookies, and third-party analytics cookies. Session cookies are necessary for site navigation; persistent cookies store preferences; analytics cookies collect aggregated usage information.
Categories include necessary cookies, preference cookies, analytics cookies and marketing cookies. We minimize use of marketing cookies and only deploy them with user consent where required.
You can manage cookies via your browser settings or the cookie consent tool presented on the site. Disabling non-essential cookies may affect functionality such as saved preferences or analytics.
Read our cookie policy for technical details and opt-out options.
09
Data sharing and disclosure
We share personal data only with service providers and partners who act on our behalf or where disclosure is required by law. All third-party relationships are governed by contractual safeguards to protect personal data.
- External legal or regulatory authorities when required by law or legitimate process
- Payment processors and business institutions to process transactions and invoices
- Third-party service providers such as cloud hosting, analytics and document storage providers
- Professional advisors or auditors engaged to support our business operations under confidentiality terms
- Partners in referral or collaboration arrangements, only with your consent or where necessary to perform contracted services
- Prospective acquirers or transaction counterparties in the event of a business sale or corporate reorganization, with appropriate confidentiality protections
10
International transfers
Personal data may be transmitted to service providers or partners in jurisdictions outside Malaysia. We assess transfer recipients and implement contractual and technical safeguards to maintain an adequate level of protection.
Safeguards include standard contractual clauses, data processing agreements, and conducting due diligence on processors. Where available, we rely on legal transfer mechanisms recognized by relevant authorities.
11
Data retention
We retain personal data only as long as necessary for the purposes set out in this policy, to satisfy legal obligations, or to resolve disputes. Retention durations are documented and reviewed periodically.
Client account information is retained for the duration of the engagement and for a period thereafter to satisfy tax and regulatory recordkeeping requirements, typically no less than seven years where applicable.
Communications related to legal advice and service delivery are retained as long as necessary to support the engagement and any subsequent professional or regulatory inquiries.
Security logs and system diagnostics are retained for a limited period to detect and contribute incidents; retention is based on operational needs and applicable retention schedules.
When personal data is no longer required, we securely delete, anonymize or aggregate it in accordance with internal policies and applicable law.
12
Security measures
We implement technical and organizational measures to protect personal data against unauthorized access, improper disclosure, or loss. Measures are proportionate to the sensitivity of the data and the risks involved and are reviewed regularly by our security and compliance teams.
- Access controls and role-based permissions to limit data access to authorized personnel
- Encryption of data in transit and at rest for sensitive records and backups
- Regular security assessments, patch management and incident response procedures
13
Your rights
You have rights in relation to your personal data, subject to local law and exceptions for legal or professional confidentiality. We describe how to exercise those rights and the steps we take to respond to requests in a timely manner.
- Right to access the personal data we hold about you and receive a copy in a commonly used electronic format.
- Right to request rectification of inaccurate or incomplete personal data to ensure records are current and precise.
- Right to request erasure of personal data where processing is no longer necessary or consent has been withdrawn, subject to legal and contractual retention requirements.
- Right to restrict or object to certain processing activities, including direct marketing and profiling where applicable.
- Right to data portability to receive personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible.
- Right to withdraw consent for processing activities that rely on consent, without affecting the lawfulness of prior processing.
- Right to be informed about automated decision-making and profiling that materially affects you, and to request human review where applicable.
- Right to lodge a complaint with a supervisory authority if you consider our processing does not comply with applicable data protection laws.
14
Regional data protection
StartupHubBiz is committed to transparent processing of personal data. For individuals protected by the EU General Data Protection Regulation (GDPR), we recognize the specific rights afforded by that regulation and apply those rights to applicable processing activities. This section explains how GDPR rights may apply when StartupHubBiz processes personal data of data subjects covered by the GDPR in relation to our legal consulting services for startups.
GDPR provisions apply to personal data of EU data subjects irrespective of where StartupHubBiz operates. Where you are located in the European Economic Area or otherwise fall within GDPR scope, the rights described here will be available to you in addition to any local data protection rights in Malaysia. For Malaysian residents, local data protection laws will govern processing, and we apply compatible protections and transparency practices across jurisdictions.
- Access: You may request confirmation whether we process your personal data and obtain a copy of that data together with details of processing purposes, recipients and retention periods.
- Rectification: If personal data we hold about you is inaccurate or incomplete, you may request correction or completion without undue delay.
- Erasure and Restriction: You may request erasure of your personal data where grounds exist, or request restriction of processing while a dispute about accuracy or lawful grounds is resolved.
- Portability: Where processing is based on consent or contract and carried out by automated means, you may request portability of your personal data to yourself or to another controller in a structured, commonly used format.
If you consider StartupHubBiz has not complied with applicable data protection rules in handling your personal data, you may submit a complaint to us using the contact details below. You also retain the right to lodge a complaint with a supervisory authority in your jurisdiction if you remain dissatisfied after our response.
15
How to submit a rights request
To exercise any data subject right, contact our Data Protection Officer or privacy team: StartupHubBiz, 89500 Penampang, Sabah, Malaysia. Phone: +60126586379. Business ID: 183984247028. Please specify the right you wish to exercise and provide sufficient information to verify your identity. We may request additional information to confirm your identity and to locate relevant records.
[email protected]
We aim to respond to verified requests within 30 calendar days of receipt. Complex or numerous requests may require an extended period; we will notify you if additional time is necessary and explain the reason for the delay.
16
Marketing communications
We use contact details provided by clients and subscribers to deliver service updates, legal insights, and event invitations relevant to startup legal matters. Marketing communications are based on consent where required and on legitimate interest for existing client relationships. Communications are targeted and kept relevant to professional needs.
You may opt out of marketing communications at any time by using the unsubscribe link in emails, updating your preferences on your account dashboard, or contacting our team at the address below. Opting out will not affect transactional messages related to services you have requested.
17
Children's information
StartupHubBiz services and materials are intended for professionals and business founders. We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have collected information from a child, contact us and we will take steps to remove the data where required by law.
18
Links to third-party services
Our website and communications may include links or integrations with third-party services and content providers. StartupHubBiz is not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any external sites you visit.
19
Changes to this policy
We may update this privacy information to reflect changes in law, business practices, or services. Material changes will be posted on StartupHubBiz.pro with an updated effective date. Continued use of our services after changes are posted constitutes acceptance of the revised policy.
Contact StartupHubBiz for privacy enquiries: StartupHubBiz, 89500 Penampang, Sabah, Malaysia. Phone: +60126586379. Business ID: 183984247028. Effective date: 07-02-2026. For data subject requests or privacy concerns, please provide details of the request and any identity verification documents as needed.