Last Updated: May 2026
Advance Fin Advisory Sdn. Bhd. ("we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you engage our services, visit our website (advancefa-av.it.com), or otherwise interact with us. We comply with the Personal Data Protection Act 2010 (PDPA) of Malaysia and all applicable regulations issued by the Department of Personal Data Protection (JPDP).
We do not sell, rent, or trade your personal data to third parties for their marketing purposes. Any sharing of your data is done strictly for the purposes described in this policy and with your consent where required by law. By engaging our services or using our Website, you acknowledge that you have read and understood this Privacy Policy.
We collect information you voluntarily provide when you engage our services, submit enquiries, or communicate with us. This includes: personal identification data (full name, NRIC number, passport number, date of birth, nationality); contact information (mailing address, email address, telephone numbers); financial information (bank account details, income, net worth, investment portfolio details, tax identification number); account and transaction data (investment preferences, risk tolerance assessments, transaction history, account statements); communications (records of correspondence, meeting notes, instructions provided to us); and marketing preferences (your consent to receive newsletters, market updates, and event invitations).
When you visit our Website, we automatically collect: device information (IP address, browser type and version, operating system); usage data (pages visited, time spent on pages, referral source, clickstream data); location data (approximate geographic location based on IP address); cookie data (information collected through cookies and similar technologies as detailed in our Cookie Privacy Policy); and metadata (timestamps, session identifiers, error logs).
We may receive information about you from: credit reporting agencies and background-check providers (subject to your consent where required); financial institutions with which you maintain accounts (with your authorisation); payment processors and custodians handling your transactions; government agencies and regulatory bodies (for compliance verification); and business partners and professional advisers who introduce you to our services.
We use your personal data to: establish and manage your account with us; deliver the investment advisory, wealth preservation, and corporate advisory services you have engaged; assess your financial situation, risk tolerance, and investment objectives; construct and monitor investment portfolios tailored to your profile; process transactions and facilitate payments; provide ongoing customer service and respond to your enquiries; and send service-related communications including account statements, trade confirmations, and portfolio reviews.
As a financial advisory firm operating in Malaysia, we are required to comply with various legal obligations, including: Know-Your-Customer (KYC) and Customer Due Diligence (CDD) under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA); reporting obligations to the Securities Commission Malaysia under the Capital Markets and Services Act 2007; tax reporting to Lembaga Hasil Dalam Negeri Malaysia (LHDN) where required; responding to lawful requests from regulatory authorities and law enforcement agencies; and maintaining records as required by Malaysian law.
We use your contact information to communicate with you regarding our services, respond to your enquiries and requests, provide client support, and notify you of changes to our policies or terms of service. We may also contact you for feedback on your experience to help us improve our services.
With your explicit consent, we may send you market commentaries, investment insights, event invitations, and information about services that may interest you. You may withdraw your marketing consent at any time without affecting the delivery of services you have engaged. We will never share your contact details with third parties for their own marketing purposes.
We may share your data with: custodian banks and securities firms holding your assets; fund managers and product providers where you have instructed us to place investments; payment processors facilitating transactions; and professional advisers (lawyers, accountants, tax advisers) working on your behalf with your consent.
We may disclose your information: to the Securities Commission Malaysia, Bank Negara Malaysia, LHDN, and other Malaysian regulatory bodies as required by law; to law enforcement agencies pursuant to a valid legal request; to the Department of Personal Data Protection (JPDP) in connection with complaints or investigations; and to courts and tribunals in connection with legal proceedings.
In the event of a merger, acquisition, restructuring, or sale of all or a portion of our business, your data may be disclosed to the prospective buyer, subject to confidentiality undertakings and your right to be notified of any change in data controller.
We may share your data with other parties not described above only with your explicit, documented consent, which you may withdraw at any time.
We implement robust technical safeguards including: encryption of data at rest (AES-256) and in transit (TLS 1.3); multi-factor authentication (MFA) for all systems accessing client data; network security including firewalls, intrusion detection systems, and regular penetration testing; role-based access controls limiting data access to authorised personnel only; automated backup systems with secure off-site storage; and continuous monitoring for unusual activity or potential breaches.
Our organisational safeguards include: mandatory annual data protection training for all employees; background checks conducted on personnel before granting access to client data; confidentiality agreements signed by all employees and contractors; documented internal data protection policies reviewed at least annually; independent third-party security audits; and a formal incident response plan tested at least annually.
While we implement robust security measures, you also have a role in protecting your information. We recommend that you keep your login credentials confidential, use strong and unique passwords, and notify us immediately if you suspect any unauthorised access to your account.
In the event of a data breach involving your personal data, we will: notify you without undue delay if the breach is likely to result in significant harm; notify the JPDP within the timeframe required by Malaysian law; provide details of the nature of the breach, the data affected, and the measures we have taken or propose to take; and cooperate fully with regulatory investigations.
Our Website uses cookies and similar tracking technologies. The following is a summary; for complete details, please refer to our Cookie Privacy Policy.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential website functions: session management, security, consent storage | Session to 365 days |
| Performance/Analytics | Google Analytics for visitor behaviour analysis and site improvement | 1 minute to 2 years |
| Functionality | Remember preferences such as language and region | Session to 30 days |
| Targeting/Marketing | Facebook Pixel and campaign attribution | 30 to 90 days |
Additional tracking technologies include web beacons (pixel tags embedded in pages and emails) and local storage (browser storage for preferences). You may manage cookie preferences through our cookie banner, your browser settings, or third-party opt-out tools described in the Cookie Privacy Policy.
Under the Personal Data Protection Act 2010 (PDPA) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the following rights:
You may request a copy of the personal data we hold about you. We will provide this within 30 days of receiving a verified request, subject to any exemptions under the PDPA.
You may request that we correct any inaccurate or incomplete personal data we hold about you. We will make the correction promptly and notify any third parties to whom the data has been disclosed, where practicable.
You may withdraw your consent to the processing of your personal data at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. However, withdrawal may affect our ability to continue providing certain services.
You may request that we cease or not begin processing your personal data where the processing is causing or is likely to cause substantial damage or distress to you or another person, and the damage or distress is unwarranted.
Where technically feasible, you may request that we transfer your personal data to another data controller in a commonly used, machine-readable format.
We do not currently make decisions about you based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.
Exercising Your Rights: To exercise any of these rights, please contact us at info@advancefa-av.it.com. We will respond within 30 days and may require proof of identity before processing your request. If we cannot comply with your request, we will explain why in writing.
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a person under 18 without verifiable parental consent, we will take immediate steps to delete that data. If you believe we may hold data about a minor, please contact us immediately.
Where we transfer your personal data outside Malaysia, we ensure appropriate safeguards are in place, which may include: adequacy decisions confirming that the destination jurisdiction provides a standard of protection comparable to the PDPA; standard contractual clauses approved by the JPDP; binding corporate rules for intra-group transfers; and compliance audits and certifications demonstrating the recipient's adherence to data protection standards.
Your data may be transferred to service providers located in Singapore (for regional custodial and fund administration services), the United Kingdom and the European Union (for cloud infrastructure and analytics services), and other jurisdictions where we engage service providers subject to the safeguards described above.
| Information Type | Retention Period | Reason |
|---|---|---|
| Client account records | 10 years after relationship ends | AMLA and CMSA regulatory requirement |
| Transaction records | 10 years | Securities Commission Malaysia and LHDN requirements |
| Credit/background reports | 7 years | Regulatory compliance and risk management |
| Marketing consent data | 3 years after consent withdrawal | Evidence of consent under PDPA |
| Website logs | 2 years | Security monitoring and performance analysis |
| Enquiry/support records | 5 years after last contact | Service continuity and quality assurance |
Upon expiry of the applicable retention period, personal data is securely disposed of through irreversible deletion of digital records and shredding of physical documents, in compliance with our data disposal policy.
Our Website may contain links to third-party websites, including those of our business partners, regulatory bodies, and service providers. This Privacy Policy applies only to information collected by Advance Fin Advisory Sdn. Bhd. We are not responsible for the privacy practices of external websites, and we encourage you to review the privacy policies of any third-party sites you visit. The inclusion of a link does not imply endorsement of the linked site or its privacy practices.
We may update this Privacy Policy from time to time. When we make material changes: we will post a notice on our Website at least 30 days before the change takes effect; we will notify active clients by email; where required by law, we will obtain your explicit consent to material changes; and we will update the "Last Updated" date at the top of this page.
We encourage you to review this Privacy Policy periodically. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy, subject to any consent requirements under applicable law.
If you have any questions about this Privacy Policy or our data protection practices, please contact us:
Advance Fin Advisory Sdn. Bhd.
Wisma Kinta 11-7-5, Lorong Kinta, 10400 Georgetown, Penang, Malaysia
Email: info@advancefa-av.it.com
Phone: +6011 1646 1919
Business Hours: Monday to Friday, 9:00 AM – 6:00 PM (MYT)
We commit to responding to all privacy-related enquiries within three business days.
If you believe that we have breached the PDPA, you may lodge a complaint with the Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi Malaysia):
Jabatan Perlindungan Data Peribadi Malaysia
Aras 6, Kompleks Kementerian Komunikasi dan Multimedia
Lot 4G9, Persiaran Perdana, Presint 4
62100 Putrajaya, Malaysia
Website: www.pdp.gov.my
You may withdraw your consent to receive marketing communications at any time through any of the following methods: clicking the "unsubscribe" link in any marketing email; updating your communication preferences through your client portal; contacting our customer service team by email or telephone; or submitting a written request to our mailing address. Withdrawal of marketing consent will not affect our ability to send you service-related communications necessary for the continued delivery of services you have engaged.
If you wish to terminate your relationship with us, the process is as follows: (1) submit a written request to info@advancefa-av.it.com or by post; (2) verify your identity (we will contact you to confirm the request); (3) settle all outstanding fees and complete any open transactions; (4) we will notify you of the records we are legally required to retain and the applicable retention periods; (5) upon completion, we will provide written confirmation of the closure of your account. Data that is not subject to legal retention obligations will be securely deleted within 90 days.
At Advance Fin Advisory, privacy is not merely a compliance obligation — it is central to the trust our clients place in us. We are committed to handling your personal data with the same care, discretion, and integrity that we bring to every aspect of our advisory relationship. This Privacy Policy reflects our ongoing commitment to transparency and data protection. If you have any questions or concerns, we encourage you to reach out to us at any time.