Privacy Policy 

The Firmus Privacy Policy outlines how user information is collected, used, retained, disclosed, and disposed, with consent obtained before engagement with us. 

By using our products and services or accessing our website, you acknowledge and consent to the collection, use, retention, disclosure and disposal of your information as outlined in this Privacy Policy. 

As a leading provider of penetration testing and cybersecurity strategy solutions, we collect and process personal data to deliver secure, reliable, and effective services tailored to your organization’s needs. 

With the consent taken, we ensure our visitors/clients on the secure safekeeping of the data and duly notified as per our Privacy Policy. 

Personal Data 

Collecting and Using Your Personal Data 

Firmus (all entities) are committed to protect your data as per our Privacy Policy. We collect and use your Personally Identifiable Information only when necessary to provide our cybersecurity services, improve service delivery, and comply with legal obligations.

A. Types of Personal Data Collected

Depending on your relationship with us (e.g. client, visitor, or vendor), the types of personal data we collect may include: 

  • Identity Data: Full name, national ID/passport number, job title, organization 
  • Contact Information: Business email address, phone number, office address 
  • Technical Data: IP address, device ID, browser type, operating system, cookies, usage logs 
  • Business-IT Specific Information: IT system details or network architecture (only collected during engagement with us as per contract terms & conditions) 
  • Sensitive Data (only if strictly required during engagement): Cyber Strategy, Business Enhancement Plans, Intellectual Property etc — with explicit consent

B. Methods of Collection

We may collect your personal data through the following methods: 

  • When you engage us for cybersecurity services (e.g. penetration testing, consulting services) 
  • Through our website (contact forms, cookies, analytics tools) 
  • During communications via email or secure portals 
  • From third parties with your consent (e.g. vendors, partners) 
  • During events, webinars, or consultations 

C. Purposes of Use

Your personal data may be used for the following purposes: 

  • To deliver and manage cybersecurity assessments and penetration tests 
  • To develop tailored cybersecurity strategies for your organization 
  • To provide technical support and communicate service updates 
  • To improve our services, website functionality, and user experience 
  • To comply with regulatory obligations (e.g. Malaysia PDPA 2010 & 2024 Amendment and Singapore PDPA 2012 & 2020 Amendment) 
  • To send relevant service notices, newsletters, or industry insights (only if subscribed) 

D. Your Consent and Rights

By providing your personal data to Firmus (all entities), you consent to its use as outlined in this policy. You have the right to: 

  • Access the personal data we hold about you. 
  • Request corrections to inaccurate or incomplete data. 
  • Withdraw consent for data processing, where applicable. 
  • Limit or object to the processing of your data in specific situations. 
  • Request data deletion (subject to legal and contractual obligations). 
  • Request data portability allowing you to transfer your data to another service provider. 
  • Be notified in the event of a data breach that is likely to cause significant harm to you. 

Detailed Information on the Processing of Your Personal Data 

Firmus (all entities) processes your personal data strictly for legitimate purposes and in accordance with the Malaysia Personal Data Protection Act 2010 and its amendment in 2024 as well as Singapore Personal Data Protection Act 2012 and its amendment in 2020. The following outlines the types of processing activities we undertake: 

A. Purpose of Processing

Your Personal Data may be processed for the following purposes: 

  • To deliver cybersecurity services, including penetration testing, threat assessments, and security audits. 
  • To communicate with you regarding service updates, incident response, or technical support. 
  • To customize solutions based on your organization’s infrastructure and security posture. 
  • For account registration, identity verification, and client onboarding. 
  • To comply with legal, regulatory, or contractual obligations. 
  • To improve our website, services, and user experience (via analytics and usage patterns). 
  • For internal risk management, billing, and administrative purposes 

B. Legal Basis for Processing 

Our processing of your personal data is based on one or more of the following legal grounds based on your consent: 

  • The performance of a contract between you and Firmus (all entities). 
  • Compliance with a legal obligation. 
  • The legitimate interest of Firmus (all entities) in maintaining a secure and effective cybersecurity infrastructure. 

C. Data Retention

Your personal data will be retained as per our Data Retention Policy to fulfil the legitimate purposes for which it was collected, or as required under applicable laws.  

D. Disclosure to Third Parties

Firmus (all entities) does not sell or rent your personal data. However, we may disclose it to: 

  • Our authorized staff and service providers on a need-to-know basis. 
  • Government agencies or regulators when legally obligated. 
  • Third-party security partners or subcontractors under strict confidentiality agreements. 
  • Legal advisers, auditors, or insurers when required for compliance or claims. 

All third parties are contractually bound to protect the confidentiality and security of your data. 

Personal Data Given by You 

We hereby confirm that we have obtained the necessary authorization and consent from you for your Personally Identifiable Data (PII) collected for the purposes as set out in this Privacy Policy and for such PII to be disclosed to parties as stated in this Privacy Policy. As per our policy, you are responsible for providing accurate, complete and updated PII via contact forms or email. 

Third Party Websites 

Our websites may contain links to third party sites whose data protection and privacy practices may differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage you to consult the applicable privacy policies governing those sites. Firmus (all entities) are not responsible for any information that is submitted to or collected by these third parties. 

Updates to the Policy 

This policy will be reviewed and updated from time to time by Firmus to take into account new laws, technological changes, changes to our operations and practices and industry trends. 

Subject to your rights at law, you agree to be bound by the prevailing terms of our Personal Data Protection guidelines as updated from time to time on our websites. Please check back regularly for updated information on the handling of your Personal Data. 

Contact Us 

If you have any questions about this Privacy Policy, you can contact us via our official email provided on our website: www.firmussec.com 

You also may contact or submit any query with regards to the processing of your personal data and sensitive personal data to: 

Data Protection Officer
Email: shushean.chan@firmussec.com
Phone: +6 03 6411 2626
Address: FIRMUS PTE LTD
20 McCallum Street #19-01,
Tokio Marine Centre,
Singapore 069046.