Skip to main content

Last updated: 06 March 2026


This Privacy Policy explains how Capital Bridge (“we”, “us”, “our”) collects, uses, discloses, and safeguards your personal data when you visit capitalbridge.my or engage our services. We operate in accordance with the Personal Data Protection Act 2010 of Malaysia (PDPA Malaysia) and the Personal Data Protection Act 2012 of Singapore (PDPA Singapore).



  1. Who We Are
    Capital Bridge is a business consultancy and advisory firm based in Kuala Lumpur, Malaysia.

    This Privacy Policy applies to all personal data we process in connection with our website, services, and client engagements.


  2. Information We Collect
    We may collect the following categories of personal data:
    • Identity & Contact Data: name, email address, telephone number, company details, role.
    • Business Interaction Data: enquiry details, meeting notes, proposals, billing information.
    • Technical Data: IP address, browser type, device identifiers, usage analytics.
    • Marketing Preferences: opt‑in/opt‑out records, communication preferences.
    • Sensitive Data: only where required by law or contract, and only with explicit consent.


  3. How We Use Your Information
    We process your personal data for the following purposes:
    • Responding to enquiries, providing proposals, and delivering our services.
    • Account management, client servicing, and contractual performance.
    • Operating, maintaining, and improving our website and digital platforms.
    • Compliance with legal or regulatory requirements.
    • Marketing communications with consent or as permitted by law.


  4. Marketing and Communications
    We may send you updates, insights, or event invitations. You may opt out at any time using the unsubscribe link or by contacting us.

    For Singapore numbers:

    We comply with the Do Not Call (DNC) Registry requirements and will not send marketing messages to numbers listed unless you have given clear consent.


  5. Cookies and Tracking Technologies
    We use cookies and similar technologies to enhance website functionality, analyse traffic, and improve user experience.

    You may manage cookie preferences through your browser settings.


  6. Disclosure of Personal Data
    We may disclose personal data to:
    • Service providers such as cloud hosting, IT security, CRM, and analytics platforms.
    • Professional advisers (legal, tax, compliance, auditing).
    • Regulators and authorities where required by law.
    • Affiliates and partners for internal business operations.
    • Potential investors or purchasers in corporate transactions.

    We do not sell personal data to third parties.


  7. Cross‑Border Data Transfers
    Your personal data may be transferred to servers or service providers located outside Malaysia or Singapore.

    Where such transfers occur, we ensure appropriate safeguards, such as:
    • Contractual protections ensuring equivalent data protection standards,
    • Transfer Impact Assessments (where applicable),
    • Your explicit consent,
    • Other conditions permitted under PDPA Malaysia or PDPA Singapore.


  8. Data Retention Policy

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to meet legal, regulatory, and operational requirements.


General retention periods include:


• Client and project records: 7 years from the end of engagement.

• Financial and billing documents: 7 years.

• Marketing data: retained until you withdraw consent or opt out.

• Website analytics logs: typically 12–24 months, unless anonymised.

• Job applications: 12 months unless consent is given for longer retention.


When data is no longer required, we will securely delete or anonymise it in accordance with PDPA Malaysia’s Retention Principle and PDPA Singapore’s Retention Limitation Obligation.



9. Your Rights

For Malaysia (PDPA Malaysia):


You have the right to:

• Access your personal data.

• Request corrections to inaccurate or incomplete data.

• Withdraw consent.

• Prevent processing likely to cause damage or distress.

• Opt out of direct marketing.


For Singapore (PDPA Singapore):


You have the right to:

• Access your personal data and understand how it was used in the last 12 months.

• Correct inaccuracies.

• Withdraw consent.

• Be notified of certain data breaches.


To exercise any of these rights, please contact our Data Protection Officer.



10. Data Security

We implement administrative, technical, and physical safeguards to protect your personal data from unauthorised access, misuse, alteration, or loss.


Third‑party processors handling personal data must comply with equivalent security standards.



11. Children’s Data

Our services are intended for business use and are not targeted at children.


We do not knowingly collect personal data from individuals under the age required by local law.



12. Links to Third‑Party Websites

Our website may contain links to external sites.


We are not responsible for the privacy practices or content of such websites.



13. Contact Us (Data Protection Officer)

If you have any questions or requests about this Privacy Policy, please contact:


Data Protection Officer (DPO): Kenneth Wong

Email: kenneth.wong@thecapitalbridge.com

Address: No. 6, Jalan Kia Peng, 50450 Kuala Lumpur, W. Persekutuan, Malaysia.


We will respond as soon as reasonably practicable.



14. Language

If this Privacy Policy is translated into other languages, the English version shall prevail in the event of any inconsistency.