Privacy Policy

1. Introduction

Aethon is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you engage our AI strategy advisory services or visit our website.

This policy applies to all information collected through our services, website, and any related communications. By using our services, you agree to the collection and use of information in accordance with this policy.

If you have any questions or concerns about this policy or our practices regarding your personal information, please contact us at privacy@aetthonnb.

2. Information We Collect

2.1 Personal Data Provided by You

We collect personal information that you voluntarily provide when expressing interest in our services, requesting information, or engaging our advisory services. This may include:

Contact information (name, email address, phone number, business address)
Professional information (job title, organization name, department)
Communication preferences
Information provided during consultations, workshops, or assessments
Any other information you choose to provide

2.2 Automatically Collected Information

When you visit our website, we may automatically collect certain information about your device and usage, including:

IP address and general location data
Browser type and version
Pages visited and time spent on pages
Referring website addresses
Device information

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. For detailed information about our use of cookies, please refer to our Cookie Policy.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

To provide and deliver our advisory services
To respond to your inquiries and communicate with you
To conduct maturity assessments, develop roadmaps, and create governance frameworks
To send administrative information, such as engagement updates and policy changes
To improve our services and develop new offerings
To analyze usage patterns and optimize our website
To comply with legal obligations and protect our legal rights
With your consent, to send you information about our services that may be of interest

4. Legal Basis for Processing

Under the Malaysian Personal Data Protection Act 2010 (PDPA), we process your personal data based on the following legal grounds:

Consent: Where you have given explicit consent for us to process your personal data for specific purposes
Contract Performance: Where processing is necessary for the performance of our advisory services contract with you
Legitimate Interests: Where processing is necessary for our legitimate business interests, provided this does not override your rights
Legal Obligation: Where we are required by law to process your personal data

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

Website hosting and maintenance providers
Email communication platforms
Analytics service providers
Cloud storage providers

These service providers are contractually obligated to use your personal information only as necessary to provide services to us and maintain appropriate security measures.

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, such as court orders or government agencies.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication requirements
Secure data storage and backup procedures
Employee training on data protection practices

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary depending on the type of information and the purpose for which it was collected:

Client engagement data: 7 years after completion of services
Marketing communications data: Until you withdraw consent or request deletion
Website analytics data: 26 months
Financial records: As required by Malaysian tax and accounting regulations

When we no longer need your personal information, we will securely delete or anonymize it.

8. Your Rights Under Malaysian PDPA

Under the Personal Data Protection Act 2010, you have the following rights regarding your personal data:

Right to Access: You may request access to your personal data that we hold
Right to Correction: You may request correction of inaccurate or incomplete personal data
Right to Withdraw Consent: You may withdraw your consent to processing at any time, where processing is based on consent
Right to Data Portability: You may request a copy of your personal data in a structured, commonly used format
Right to Limit Processing: You may request that we limit how we use your personal data in certain circumstances
Right to Complain: You may lodge a complaint with the Personal Data Protection Commissioner if you believe your rights have been violated

To exercise any of these rights, please contact us at privacy@aetthonnb. We will respond to your request within 21 days as required under PDPA.

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than Malaysia, particularly if we use cloud service providers with international operations. When we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:

Standard contractual clauses approved by relevant data protection authorities
Ensuring the receiving country has adequate data protection laws
Obtaining your explicit consent for the transfer

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

11. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically.

Your continued use of our services after any changes to this policy will constitute your acceptance of such changes.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@aetthonnb

Phone: +60 3-2385 7264

Address: 11 Jalan Pinang, 50450 Kuala Lumpur, Malaysia

We will respond to your inquiry within a reasonable timeframe, typically within 21 days as required under Malaysian PDPA.