+60 12-657 8938
Get a Consultation

Privacy Policy

Last Updated: January 30, 2026

Home > Privacy Policy

Introduction

Nxwlto ("we," "our," or "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at nxwlto.one or engage our bookkeeping and financial reporting services.

We process personal data in accordance with the Malaysian Personal Data Protection Act 2010 (PDPA) and other applicable data protection laws. This policy provides you with information regarding your rights and our obligations and explains how, why, and when we process your personal data.

Please read this policy carefully to understand our practices regarding your personal data. By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

Data Controller

For the purposes of applicable data protection legislation, Nxwlto, with its registered address at 28 & 30, Jalan SG 1/5, Taman Sri Gombak, 68100 Batu Caves, Selangor, Malaysia, is the data controller of personal data collected through our website and services.

Information We Collect

We may collect various types of information from and about users of our website and services, including:

Personal Data

Personal data refers to information that can identify you as an individual. We may collect the following categories of personal data:

  • Identification information (name, company name, job title)
  • Contact information (email address, phone number, postal address)
  • Financial information (where necessary for our services)
  • Professional information (business details, industry, etc.)
  • Communication records (emails, call logs, meeting notes)
  • User credentials (usernames, passwords) for service portals

Non-Personal Data

We also collect non-personal information that does not directly identify you, including:

  • Technical information (browser type, operating system, device information)
  • Usage information (pages visited, time spent on site, referring/exit pages)
  • IP address and location data
  • Cookies and similar technologies (as described in our Cookie Policy)

How We Collect Your Information

We collect information about you through various methods, including:

Direct Interactions

  • Information you provide when filling out forms on our website
  • Communication with us by phone, email, or otherwise
  • Information provided when engaging our services
  • Responses to surveys or feedback requests

Automated Technologies

  • Cookies and similar tracking technologies
  • Server logs and analytics tools
  • Third-party analytics providers

For more information about our use of cookies and similar technologies, please see our Cookie Policy.

How We Use Your Information

We use the information we collect for various purposes, including:

Providing and Improving Our Services

  • To provide bookkeeping and financial reporting services
  • To respond to your inquiries, questions, and service requests
  • To personalize your experience and deliver content relevant to your interests
  • To improve our website, services, and customer experience
  • To develop new services, features, and functionality

Communication and Marketing

  • To communicate with you about our services
  • To send administrative information, such as updates to our terms and policies
  • To send marketing communications (with your consent where required by law)
  • To respond to your comments and questions and provide customer service

Legal and Business Operations

  • To comply with legal obligations and regulatory requirements
  • To enforce our terms and conditions and protect our rights
  • To detect, prevent, and address technical issues, security breaches, or fraud
  • To process and complete transactions and send related information
  • To maintain proper business records and administrative functions

Legal Basis for Processing

We process your personal data in accordance with the Malaysian PDPA and other applicable laws. Our processing is based on one or more of the following legal grounds:

Consent

Where you have given us explicit consent to process your data for specific purposes, such as sending marketing communications.

Contractual Necessity

Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

Legal Obligation

Where processing is necessary for compliance with our legal obligations under Malaysian law or other applicable jurisdictions.

Legitimate Interests

Where processing is necessary for our legitimate interests or those of a third party, provided these interests are not overridden by your rights and freedoms. Our legitimate interests include providing and improving our services, ensuring the security of our systems, and conducting our business operations efficiently.

Information Sharing and Disclosure

We may share your personal data with the following categories of recipients:

Service Providers

We may share your information with trusted third-party service providers who perform services on our behalf, such as IT support, cloud hosting, email delivery, customer relationship management, and analytics. These providers are contractually bound to protect your information and may only use it for the specific purposes we prescribe.

Professional Advisors

We may share information with professional advisors, such as lawyers, auditors, accountants, and insurers, who provide legal, accounting, or insurance services.

Legal and Regulatory Authorities

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., tax authorities, court orders, or government regulators).

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal data.

With Your Consent

We may share your information with other third parties with your consent or at your direction.

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

For service clients, we typically retain financial records and supporting documentation for seven years, in accordance with Malaysian tax and accounting regulations. Personal data processed for marketing purposes will be retained until you opt-out or withdraw your consent.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means.

Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of sensitive data both in transit and at rest
  • Access controls and authentication protocols
  • Regular security assessments and penetration testing
  • Staff training on data protection and security practices
  • Physical security measures at our facilities
  • Incident response procedures

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to implementing reasonable security practices.

Your Rights

Under the Malaysian PDPA and other applicable data protection laws, you have certain rights regarding your personal data, including:

Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we use it.

Right of Correction

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing based on your consent before its withdrawal.

Right to Object

You have the right to object to processing of your personal data in certain circumstances, including direct marketing.

Right to Data Portability

In certain circumstances, you may have the right to request that your personal data be transferred to you or another service provider in a structured, commonly used, and machine-readable format.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

To exercise any of these rights, please contact us using the details provided in the "Contact Information" section below. We will respond to your request within 30 days or as required by applicable law.

International Data Transfers

We primarily store and process your personal data within Malaysia. However, some of our service providers may be located in other countries. Whenever we transfer your personal data outside of Malaysia, we ensure that appropriate safeguards are in place to protect your information and comply with the Malaysian PDPA.

These safeguards may include:

  • Transferring to countries that have been deemed to provide an adequate level of protection
  • Using specific contracts or clauses approved by relevant authorities
  • Implementing additional security measures where appropriate

Children's Privacy

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect or solicit personal information from children. If we learn that we have collected personal information from a child, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child, please contact us.

Third-Party Websites and Services

Our website may contain links to third-party websites, plugins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

Additionally, when using our website, certain third parties, including analytics providers and advertising networks, may use cookies or similar technologies to collect information about your browsing activities over time and across different websites. For more information about this practice and how to opt out, please see our Cookie Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website with a revised "Last Updated" date. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Nxwlto

Address: 28 & 30, Jalan SG 1/5, Taman Sri Gombak, 68100 Batu Caves, Selangor, Malaysia

Phone: +60 12-657 8938

Email: [email protected]

Complaint Resolution

If you have a complaint about our handling of your personal data, please contact us first using the details above. We will investigate your complaint and respond within a reasonable time.

If you are not satisfied with our response, you may contact the Malaysian Personal Data Protection Commissioner:

Personal Data Protection Department

Ministry of Communications and Multimedia

Level 6, Kompleks KKMM

Lot 4G9, Persiaran Perdana, Presint 4

62100 Putrajaya, Malaysia

Privacy Preference Center

We use cookies to help you navigate efficiently, analyze site usage, and assist in our marketing efforts. Read our Cookie Policy to learn more.

Necessary Cookies

These cookies are essential for the website to function properly and cannot be disabled.

ml_cookie_consent
Provider:
Nxwlto
Purpose:
Stores your cookie consent preferences
Expiry:
1 year

Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

_ga, _ga_*
Provider:
Google
Purpose:
Registers a unique ID used to generate statistical data on how you use the website
Expiry:
2 years

Marketing Cookies

These cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.

_fbp
Provider:
Facebook
Purpose:
Used by Facebook to deliver a series of advertisement products
Expiry:
3 months

Preferences Cookies

These cookies enable the website to remember information that changes the way the website behaves or looks, like your preferred language.

ml_preferences
Provider:
Nxwlto
Purpose:
Stores your website preferences
Expiry:
1 year

We Value Your Privacy

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies as described in our Cookie Policy.