Last Updated: 16 May 2026

Privacy Policy

Introduction

This privacy notice for MyKongsi Sdn Bhd (doing business as MyKongsi) ("Company," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services").

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services.

If you still have any questions or concerns, please contact us at compliance@mykongsi.com .

Scope

This policy applies to personal data collected about:

  • • Visitors and users of the mykongsi.com website and related domains.
  • • Individuals using our services, including company incorporation applicants, company directors, shareholders, beneficial owners, authorised signatories and representatives.
  • • Representatives of corporate customers.
  • • Individuals who communicate with us via email, telephone, chat, social media or other channels.
  • • Any other person whose personal data is provided to us for the purposes described in this policy.

Children and Minors

Our services are intended for adults. We do not knowingly collect personal data from individuals under 18 years of age.

If you are under 18, please obtain the consent of your parent or legal guardian before providing any personal data.

If we become aware that we have collected personal data from a minor without such consent, we will delete the data and, where appropriate, terminate the account.

By using our services, you represent that you are at least 18 years old or have obtained consent from a parent or legal guardian.

Definitions

Personal Data

Information about an identified or identifiable individual. This includes NRIC or passport numbers, addresses, telephone numbers, email addresses, photographs, signatures, biometric data, device identifiers, financial information, corporate shareholding and beneficial ownership information.

Sensitive Personal Data

Personal data relating to health, political opinions, religious beliefs or other data defined by law as sensitive. We will obtain explicit consent where required.

Data Subject

The individual to whom the personal data relates.

Data User

The organisation that controls and processes personal data (equivalent to a controller under GDPR). MyKongsi is the data user for personal data collected through the platform.

Data Processor

A third party who processes personal data on behalf of a data user. Under the PDPA, processors have contractual obligations imposed by data users.

Types of Personal Data We Collect

We collect personal data necessary to provide our services and comply with legal obligations. Depending on your relationship with us, this may include:

Category Examples (Non-Exhaustive)
Identification Data Full name, NRIC number, passport number, date of birth, nationality, gender, photograph, signature, tax identification number, company incorporation number.
Contact Details Residential or business address, email address, telephone number, social media handles.
Corporate & Beneficial Ownership Information Shareholding structure, beneficial ownership information, company resolutions, board minutes, statutory registers.
KYC / AML Documents Identity documents, proof of address, source of funds declarations, bank statements and due diligence reports.
Financial Data Bank account details, payment card information, transaction histories, invoices, receipts, tax filings.
Service Usage & Communications Account credentials, preferences, feedback, call recordings and service history.
Technical & Device Data IP address, device identifiers, browser type, log data, cookies and tracking information.
Marketing Preferences Information about your preferences for receiving marketing communications.

We may also collect personal data from publicly available sources such as SSM registries, court filings, commercial information providers, sanctions screening providers and regulatory databases to perform customer due diligence and verify beneficial ownership information.

How We Collect Personal Data

We may collect personal data through various means, including:

  • • Directly from you when you register for an account, apply for company incorporation, submit documents or communicate with us.
  • • Through our website or platform when you fill out forms, upload documents, interact with our chatbot or schedule consultations.
  • • From third parties such as company secretaries, banks, payment processors, screening providers, government agencies, advisers and public registries.
  • • Automatically through cookies and similar technologies when you browse our website.

You are responsible for ensuring that information you provide about others (such as co-founders, shareholders or beneficial owners) has been obtained and disclosed with proper consent.

Purpose and Legal Basis for Processing

We process personal data for the following purposes and pursuant to the PDPA principles:

1. Provide Our Services and Perform Contracts

Including company registration, incorporation documents, statutory filings, company secretarial services, registered office services, mail forwarding, consultation scheduling, and account communications.

2. Identity Verification & Customer Due Diligence (CDD/KYC)

To comply with AML/CFT requirements, verify customers, beneficial owners and authorised persons, conduct sanctions screening, verify ownership structures and perform ongoing monitoring.

3. Legal and Regulatory Compliance

To comply with PDPA, Companies Act 2016, AMLA 2001, SSM regulations, BNM requirements, tax obligations, anti-fraud and anti-corruption laws.

4. Payment Processing

To process payments, incorporation fees, government filing fees, refunds, billing disputes and account management.

5. Customer Relationship Management

Responding to enquiries, customer support, appointment confirmations, service renewals, surveys and compliance notifications.

6. Marketing Communications

To provide information about products and services that may be relevant to you, subject to your consent and applicable laws.

7. Platform Improvement & Business Operations

Including system administration, auditing, risk management, analytics, product development and business strategy.

8. Protection of Legitimate Interests

Fraud prevention, legal claims management, debt recovery, security monitoring and protection of users and staff.

Legal Basis Under PDPA

Our processing activities are based on your consent, contractual necessity, compliance with legal obligations, and legitimate business interests such as fraud prevention, cybersecurity and service improvements.

Withdrawal of Consent

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal will not affect processing carried out before the withdrawal request.

Disclosure of Personal Data

We may disclose personal data where necessary for the purposes described above, including to:

Regulators & Public Authorities

Including SSM, BNM, the Securities Commission and other government or law enforcement agencies for regulatory compliance and reporting purposes.

Third-Party Service Providers

Licensed company secretaries, nominee directors, registered office providers, law firms, accounting firms, tax agents, screening providers, cloud providers, payment processors, insurers and customer support vendors.

Corporate Transactions

In connection with mergers, acquisitions, sales or transfer of assets, subject to confidentiality requirements.

Professional Advisers

Lawyers, accountants, auditors and professional consultants engaged to provide services to MyKongsi.

Authorised Third Parties

Investors, accountants, bankers or advisers where you have authorised us to disclose information on your behalf.

Customer Due Diligence, KYC & AML/CFT Obligations

MyKongsi operates under Malaysia's AML/CFT framework and complies with both BNM and SSM requirements.

Customer & Beneficial Owner Verification

Identifying and verifying customers and beneficial owners using reliable and independent sources. For individuals, this includes NRIC/passport details and personal information. For legal entities, this includes company registration details, ownership structures and beneficial ownership information.

Risk Profiling & Monitoring

Conducting risk assessments and ongoing monitoring, including enhanced due diligence for high-risk customers and Politically Exposed Persons (PEPs).

Record Keeping

Company secretaries must retain customer due diligence records, transaction records and supporting analysis for a minimum of seven years after completion of a transaction or termination of the business relationship.

Suspicious Transaction Reporting

Suspicious transactions must be reported to BNM's Financial Intelligence and Enforcement Department (FIED). Company secretaries may also be required to report to SSM.

Sanctions & Adverse Media Screening

Screening against sanctions lists issued by the United Nations, BNM and other authorities. Services may be declined or terminated if source of funds cannot be verified or if sanctions concerns arise.

Beneficial Ownership & Regulatory Filings

Malaysia's Companies Act and SSM guidelines require companies to maintain a register of beneficial owners.

As your company secretary or service provider, we may collect beneficial ownership information from directors, shareholders and ultimate beneficial owners.

We may verify beneficial ownership information through independent sources and public registries and submit such information to SSM or other regulatory authorities when required.

Failure to provide accurate beneficial ownership information may result in rejection of incorporation applications or termination of services.

Data Retention

Personal data is retained only for as long as necessary to fulfil its intended purpose and comply with legal obligations.

CDD & AML/CFT Records

Retained for at least seven years after completion of a transaction or termination of the business relationship.

Company Statutory Records

Maintained as required under the Companies Act, typically for seven years following company dissolution or cessation.

Accounting & Transaction Records

Retained for a minimum of seven years to comply with legal, regulatory and tax obligations.

Marketing & Communication Data

Retained until consent is withdrawn or for a reasonable period after the last interaction with the customer.

Website Logs & Analytics

Retained for shorter periods unless required for security investigations, fraud prevention or legal obligations.

Where records are subject to investigation, litigation or regulatory proceedings, they may be retained for longer periods as required by the relevant authorities.

When personal data is no longer required, it will be securely deleted, destroyed or anonymised in accordance with applicable data protection requirements.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, remember your preferences, analyse traffic and deliver relevant content.

Cookies are small text files stored on your device. You can manage cookie preferences through your browser settings or by using our cookie banner when you visit the site.

Some cookies are necessary for the website to function and cannot be disabled.

We may also use third-party analytics services such as Google Analytics to collect aggregated information about how visitors use our website.

These providers may use cookies and tracking technologies and may store data outside Malaysia. Such analytics help improve website performance and user experience.

Security Measures

We implement reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.

Access Controls

User IDs, passwords and restricted access permissions.

Data Encryption

Encryption of data in transit and at rest where appropriate.

Security Monitoring

Regular vulnerability assessments and system monitoring.

Physical Security

Access controls, CCTV and secure storage facilities.

Backup & Recovery

Backup procedures and disaster recovery systems.

Staff Training

Confidentiality, privacy and security awareness training.

While we implement strong safeguards, no transmission or storage system can be guaranteed 100% secure.

Cross-Border Transfers

We may transfer your personal data outside Malaysia where permitted by applicable laws and adequate safeguards are in place.

Adequacy & Safeguards

Transfers to jurisdictions with adequate protection or supported by contractual safeguards.

Consent

Where you have expressly agreed to the transfer.

Contract Performance

Where transfer is necessary to perform a contract.

Legal Requirements

For legal proceedings, compliance obligations or legal advice.

Vital Interests

To protect your interests or prevent adverse actions.

Your Rights

Right to Access

Request a copy of personal data we hold.

Right to Correct

Update inaccurate or incomplete information.

Right to Withdraw Consent

Withdraw consent for optional processing activities.

Prevent Harmful Processing

Request restrictions on harmful processing activities.

Direct Marketing Objection

Opt out of marketing communications.

Data Portability

Request your personal data in a portable format.

Exercising Your Rights & Contacting Us

Email: privacy@mykongsi.com

Registered Office:
(33-35) Level 10,
The Boulevard, Mid Valley City,
59200 Kuala Lumpur

Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of external websites and encourage you to review their privacy policies.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements or industry practices. Updated versions will be published on our website and may be communicated through email or our platform.

By continuing to use our services after updates are published, you acknowledge and accept the revised policy.