Last Updated: 16 May 2026
This privacy notice for MyKongsi Sdn Bhd (doing business as MyKongsi) ("Company," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services").
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services.
If you still have any questions or concerns, please contact us at compliance@mykongsi.com .
This policy applies to personal data collected about:
Our services are intended for adults. We do not knowingly collect personal data from individuals under 18 years of age.
If you are under 18, please obtain the consent of your parent or legal guardian before providing any personal data.
If we become aware that we have collected personal data from a minor without such consent, we will delete the data and, where appropriate, terminate the account.
By using our services, you represent that you are at least 18 years old or have obtained consent from a parent or legal guardian.
Information about an identified or identifiable individual. This includes NRIC or passport numbers, addresses, telephone numbers, email addresses, photographs, signatures, biometric data, device identifiers, financial information, corporate shareholding and beneficial ownership information.
Personal data relating to health, political opinions, religious beliefs or other data defined by law as sensitive. We will obtain explicit consent where required.
The individual to whom the personal data relates.
The organisation that controls and processes personal data (equivalent to a controller under GDPR). MyKongsi is the data user for personal data collected through the platform.
A third party who processes personal data on behalf of a data user. Under the PDPA, processors have contractual obligations imposed by data users.
We collect personal data necessary to provide our services and comply with legal obligations. Depending on your relationship with us, this may include:
| Category | Examples (Non-Exhaustive) |
|---|---|
| Identification Data | Full name, NRIC number, passport number, date of birth, nationality, gender, photograph, signature, tax identification number, company incorporation number. |
| Contact Details | Residential or business address, email address, telephone number, social media handles. |
| Corporate & Beneficial Ownership Information | Shareholding structure, beneficial ownership information, company resolutions, board minutes, statutory registers. |
| KYC / AML Documents | Identity documents, proof of address, source of funds declarations, bank statements and due diligence reports. |
| Financial Data | Bank account details, payment card information, transaction histories, invoices, receipts, tax filings. |
| Service Usage & Communications | Account credentials, preferences, feedback, call recordings and service history. |
| Technical & Device Data | IP address, device identifiers, browser type, log data, cookies and tracking information. |
| Marketing Preferences | Information about your preferences for receiving marketing communications. |
We may also collect personal data from publicly available sources such as SSM registries, court filings, commercial information providers, sanctions screening providers and regulatory databases to perform customer due diligence and verify beneficial ownership information.
We may collect personal data through various means, including:
You are responsible for ensuring that information you provide about others (such as co-founders, shareholders or beneficial owners) has been obtained and disclosed with proper consent.
We process personal data for the following purposes and pursuant to the PDPA principles:
Including company registration, incorporation documents, statutory filings, company secretarial services, registered office services, mail forwarding, consultation scheduling, and account communications.
To comply with AML/CFT requirements, verify customers, beneficial owners and authorised persons, conduct sanctions screening, verify ownership structures and perform ongoing monitoring.
To comply with PDPA, Companies Act 2016, AMLA 2001, SSM regulations, BNM requirements, tax obligations, anti-fraud and anti-corruption laws.
To process payments, incorporation fees, government filing fees, refunds, billing disputes and account management.
Responding to enquiries, customer support, appointment confirmations, service renewals, surveys and compliance notifications.
To provide information about products and services that may be relevant to you, subject to your consent and applicable laws.
Including system administration, auditing, risk management, analytics, product development and business strategy.
Fraud prevention, legal claims management, debt recovery, security monitoring and protection of users and staff.
Our processing activities are based on your consent, contractual necessity, compliance with legal obligations, and legitimate business interests such as fraud prevention, cybersecurity and service improvements.
Where processing is based on consent, you may withdraw your consent at any time. Withdrawal will not affect processing carried out before the withdrawal request.
We may disclose personal data where necessary for the purposes described above, including to:
Including SSM, BNM, the Securities Commission and other government or law enforcement agencies for regulatory compliance and reporting purposes.
Licensed company secretaries, nominee directors, registered office providers, law firms, accounting firms, tax agents, screening providers, cloud providers, payment processors, insurers and customer support vendors.
In connection with mergers, acquisitions, sales or transfer of assets, subject to confidentiality requirements.
Lawyers, accountants, auditors and professional consultants engaged to provide services to MyKongsi.
Investors, accountants, bankers or advisers where you have authorised us to disclose information on your behalf.
MyKongsi operates under Malaysia's AML/CFT framework and complies with both BNM and SSM requirements.
Identifying and verifying customers and beneficial owners using reliable and independent sources. For individuals, this includes NRIC/passport details and personal information. For legal entities, this includes company registration details, ownership structures and beneficial ownership information.
Conducting risk assessments and ongoing monitoring, including enhanced due diligence for high-risk customers and Politically Exposed Persons (PEPs).
Company secretaries must retain customer due diligence records, transaction records and supporting analysis for a minimum of seven years after completion of a transaction or termination of the business relationship.
Suspicious transactions must be reported to BNM's Financial Intelligence and Enforcement Department (FIED). Company secretaries may also be required to report to SSM.
Screening against sanctions lists issued by the United Nations, BNM and other authorities. Services may be declined or terminated if source of funds cannot be verified or if sanctions concerns arise.
Malaysia's Companies Act and SSM guidelines require companies to maintain a register of beneficial owners.
As your company secretary or service provider, we may collect beneficial ownership information from directors, shareholders and ultimate beneficial owners.
We may verify beneficial ownership information through independent sources and public registries and submit such information to SSM or other regulatory authorities when required.
Failure to provide accurate beneficial ownership information may result in rejection of incorporation applications or termination of services.
Personal data is retained only for as long as necessary to fulfil its intended purpose and comply with legal obligations.
Retained for at least seven years after completion of a transaction or termination of the business relationship.
Maintained as required under the Companies Act, typically for seven years following company dissolution or cessation.
Retained for a minimum of seven years to comply with legal, regulatory and tax obligations.
Retained until consent is withdrawn or for a reasonable period after the last interaction with the customer.
Retained for shorter periods unless required for security investigations, fraud prevention or legal obligations.
Where records are subject to investigation, litigation or regulatory proceedings, they may be retained for longer periods as required by the relevant authorities.
When personal data is no longer required, it will be securely deleted, destroyed or anonymised in accordance with applicable data protection requirements.
Our website uses cookies and similar technologies to enhance your browsing experience, remember your preferences, analyse traffic and deliver relevant content.
Cookies are small text files stored on your device. You can manage cookie preferences through your browser settings or by using our cookie banner when you visit the site.
Some cookies are necessary for the website to function and cannot be disabled.
We may also use third-party analytics services such as Google Analytics to collect aggregated information about how visitors use our website.
These providers may use cookies and tracking technologies and may store data outside Malaysia. Such analytics help improve website performance and user experience.
We implement reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.
User IDs, passwords and restricted access permissions.
Encryption of data in transit and at rest where appropriate.
Regular vulnerability assessments and system monitoring.
Access controls, CCTV and secure storage facilities.
Backup procedures and disaster recovery systems.
Confidentiality, privacy and security awareness training.
While we implement strong safeguards, no transmission or storage system can be guaranteed 100% secure.
We may transfer your personal data outside Malaysia where permitted by applicable laws and adequate safeguards are in place.
Transfers to jurisdictions with adequate protection or supported by contractual safeguards.
Where you have expressly agreed to the transfer.
Where transfer is necessary to perform a contract.
For legal proceedings, compliance obligations or legal advice.
To protect your interests or prevent adverse actions.
Request a copy of personal data we hold.
Update inaccurate or incomplete information.
Withdraw consent for optional processing activities.
Request restrictions on harmful processing activities.
Opt out of marketing communications.
Request your personal data in a portable format.
Email: privacy@mykongsi.com
Registered Office:
(33-35) Level 10,
The Boulevard, Mid Valley City,
59200 Kuala Lumpur
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of external websites and encourage you to review their privacy policies.
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements or industry practices. Updated versions will be published on our website and may be communicated through email or our platform.
By continuing to use our services after updates are published, you acknowledge and accept the revised policy.