ASSOCIATION OF MALAYSIAN BUSINESS ADVISORS

Privacy Policy

Association of Malaysian Business Advisors (AMBA)

Effective date: 19 June 2026 | Last updated: 19 June 2026

Association of Malaysian Business Advisors (“AMBA”, “we”, “us” or “our”) is the official Malaysian Chapter of the Institute of Advisors (IOA). AMBA is committed to protecting the privacy and personal data of everyone who visits our website at https://amba.com.my (the “Website”).

This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with the Website and our related membership, training, certification, and advisory services. This Policy is issued in accordance with the Personal Data Protection Act 2010 (“PDPA”) of Malaysia and other applicable laws.

By accessing or using the Website, registering as a member, enrolling in a training or certification programme, or otherwise providing us with your personal data, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, please do not use the Website or provide us with your personal data.

1. Who We Are

AMBA is a registered association in Malaysia and operates as the official Malaysian Chapter of the Institute of Advisors (IOA), and as a Registered Training Organisation (RTO 91675). For the purposes of the PDPA, AMBA is the “data user” responsible for the personal data described in this Policy.

Registered address: VO-05, Aras 6, Bangunan Kumpulan Muara, Persiaran Perbandaran, Seksyen 14, Shah Alam, Selangor 40000, Malaysia

Website: https://amba.com.my

For any enquiries regarding this Privacy Policy or your personal data, please refer to Section 11 (Contact Us) below.

2. Personal Data We Collect

We may collect the following categories of personal data, depending on how you interact with us:

2.1 Information you provide to us directly

  • Identification and contact details: full name, IC/passport number, date of birth, gender, nationality, mailing address, email address, and phone number.
  • Membership information: membership category, employer/organisation, job title, professional qualifications, and areas of advisory specialisation.
  • Training and certification records: enrolment details, attendance records, assessment results, certificates issued, and continuing professional development (CPD) records, including information submitted to or shared with the Institute of Advisors (IOA) where required for global certification recognition.
  • Payment information: billing details and proof of payment for membership fees, training fees, or other services (note: we do not directly store full credit/debit card numbers; payments are processed via third-party payment gateways as described in Section 5).
  • Communications: information you provide when you contact us, submit enquiries, complete contact or feedback forms, leave comments, or request publications and resources.
  • Testimonials: name, organisation, photograph, and feedback you voluntarily submit for publication on our Website or marketing materials.
  • Recruitment information: if you apply for a position with AMBA, your CV, qualifications, and related application materials.

2.2 Information collected automatically

  • Technical data: IP address, browser type and version, device type, operating system, and referral source.
  • Usage data: pages visited, time spent on pages, click patterns, and other analytics relating to your use of the Website.
  • Cookies and similar technologies: as described in Section 6 (Cookies) below.

2.3 Information from third parties

  • Information from the Institute of Advisors (IOA) and other global affiliate bodies in connection with certification, accreditation, or membership reciprocity.
  • Information from payment processors confirming successful or failed transactions.
  • Publicly available information, such as professional profiles, where relevant to assessing membership eligibility.

3. How We Use Your Personal Data

We collect and process personal data for the following purposes:

  1. To process and manage your AMBA membership application, renewal, and records.
  2. To register you for, administer, and deliver training programmes, workshops, and certification courses, and to issue certificates and CPD records.
  3. To liaise with the Institute of Advisors (IOA) and other global affiliate bodies regarding certification, accreditation, and cross-recognition of qualifications.
  4. To process payments for membership fees, training fees, and other services.
  5. To respond to your enquiries, feedback, and requests for information or resources.
  6. To send you administrative communications, including updates on membership status, event notifications, and changes to our policies.
  7. To send you marketing and promotional communications about AMBA events, publications, training programmes, and services, where you have consented to receive such communications (or otherwise in accordance with applicable law).
  8. To publish testimonials and success stories that you have voluntarily submitted, with your consent.
  9. To maintain, secure, and improve the Website, including monitoring for spam and fraudulent activity.
  10. To comply with our legal, regulatory, and statutory obligations, including those arising under Malaysian law.
  11. To evaluate job applications, where you have applied for a role with AMBA.
  12. For any other purpose disclosed to you at the time the personal data is collected, or with your consent.

4. Legal Basis for Processing

We process your personal data on one or more of the following bases:

  • Your consent, which you may withdraw at any time (see Section 8);
  • Performance of a contract with you, such as your membership agreement or training enrolment;
  • Compliance with a legal or regulatory obligation;
  • Our legitimate interests in operating, securing, and improving our association and the Website, provided such interests do not override your fundamental rights.

5. Disclosure of Your Personal Data

We do not sell your personal data. We may disclose your personal data to the following categories of recipients, where necessary for the purposes set out in Section 3:

  • The Institute of Advisors (IOA) and other recognised global affiliate or accreditation bodies, for purposes of certification, membership recognition, and quality assurance.
  • Payment service providers and financial institutions, to process membership and training fee payments.
  • IT service providers, website hosting providers, and email service providers who support our Website and operations (e.g. our website is built on WordPress, and analytics may be supported via Google’s Site Kit).
  • Professional advisers, including auditors, legal counsel, and accountants, where necessary for our business operations.
  • Regulatory authorities, government agencies, courts, or law enforcement bodies, where required by law or to protect our legal rights.
  • Any other third party with your prior consent.

We require all third parties to whom we disclose personal data to maintain appropriate safeguards and to use such data only for the purposes for which it was disclosed.

6. Cookies and Similar Technologies

Our Website may use cookies and similar tracking technologies to enhance your browsing experience and analyse Website traffic.

6.1 Types of cookies we may use

  • Essential cookies: necessary for the Website to function properly, including login session cookies.
  • Functional cookies: remember your preferences, such as comment form details (name, email, website), typically retained for up to one year if you opt in.
  • Analytics cookies: help us understand how visitors use the Website, including through tools such as Google Site Kit/Google Analytics.
  • Login-related cookies: if you have an account on the Website, we use cookies to keep you logged in (login cookies generally last two days, or two weeks if you select “Remember Me”; screen display cookies last about one year).

6.2 Managing cookies

Most web browsers allow you to control cookies through their settings. You may choose to disable cookies; however, this may affect the functionality of certain features on the Website.

7. Embedded and Third-Party Content

Pages on our Website may include embedded content (for example, videos, social media posts, or articles) from other websites. Embedded content from other websites behaves in the same way as if you visited that other website directly, and such third parties may collect data about you, use cookies, or monitor your interaction with their content. We are not responsible for the privacy practices of these third-party websites, and we encourage you to review their respective privacy policies.

Our Website includes links to our social media pages (Instagram, Facebook, and X). Your use of these platforms is governed by their respective privacy policies.

8. Your Rights Under the PDPA

Under the Personal Data Protection Act 2010, you have the following rights in relation to your personal data:

  • Right to access: you may request a copy of the personal data we hold about you.
  • Right to correction: you may request that we correct any inaccurate, incomplete, or outdated personal data.
  • Right to withdraw consent: you may withdraw your consent to our processing of your personal data at any time, by giving us reasonable notice. Please note that withdrawing consent may affect our ability to provide certain services to you (for example, membership administration or certification processing).
  • Right to limit processing: you may request that we cease processing your personal data for direct marketing purposes.
  • Right to data portability: where applicable, you may request an export of personal data you have provided to us.
  • Right to erasure: you may request that we delete personal data we hold about you, subject to any legal, regulatory, contractual, or administrative obligations that require us to retain such data.

To exercise any of these rights, please contact us using the details in Section 11. We may require proof of identity before processing your request, and we will respond within the timeframe required under the PDPA.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, regulatory, or reporting requirements. As a general guide:

  • Membership and certification records are retained for the duration of your membership and for a reasonable period thereafter to support certificate verification, renewal, and regulatory compliance.
  • Website comments and related metadata are generally retained indefinitely to support spam detection and comment moderation, unless you request deletion.
  • Job application materials are retained for a reasonable period for recruitment purposes, after which they are securely deleted unless you are engaged by AMBA.

Where personal data is no longer required, we will securely delete, destroy, or anonymise it.

10. Data Security

We implement reasonable technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, loss, misuse, or destruction. These measures include access controls, secure storage of records, and the use of reputable third-party service providers (including payment gateways) for sensitive transactions.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us at:

Association of Malaysian Business Advisors (AMBA)

VO-05, Aras 6, Bangunan Kumpulan Muara, Persiaran Perbandaran, Seksyen 14, Shah Alam, Selangor 40000, Malaysia

Website: https://amba.com.my

Please use the contact form on our Website (“Contact” page) for general enquiries relating to this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. Any changes will be posted on this page with a revised “Last updated” date. We encourage you to review this Privacy Policy periodically. Your continued use of the Website following any changes constitutes your acceptance of the revised Privacy Policy.