Privacy Policy
Penang Steep
Our Commitment to Your Privacy
At Penang Steep, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with our website and services. We believe in transparency and want you to feel confident about how your data is handled.
This policy applies to all information collected through our website, including contact forms, consultation requests, and any other interactions you have with us. By using our services, you acknowledge that you have read and understood this policy.
Last updated: November 25, 2025
Information We Collect
Personal Information You Provide
When you contact us or request our services, we may collect the following information that you voluntarily provide:
- • Full name and contact details (email address, phone number)
- • Business or organization name (if applicable)
- • Details about your coffee project or inquiry
- • Any other information you choose to share in correspondence
Automatically Collected Information
When you visit our website, we automatically collect certain technical information through cookies and similar technologies:
- • IP address and general location information
- • Browser type and device information
- • Pages visited and time spent on our site
- • Referring website or search terms used
Legal Basis for Data Processing
We collect and process your personal data based on your consent when you submit forms, our legitimate business interests in providing coffee consulting services, and to fulfill contractual obligations when you engage our services. We only collect information that is necessary for these purposes.
Data Retention Periods
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy. Contact form submissions are kept for up to two years unless you request earlier deletion. Analytics data is typically aggregated and anonymized after 90 days. Information related to active consulting projects is retained for the duration of our engagement plus three years for business record purposes.
How We Use Your Information
We use the information we collect for the following purposes:
Responding to Your Inquiries
When you contact us through our website, we use your information to respond to your questions, provide consultation scheduling, and deliver the information or services you requested.
Service Delivery and Project Management
For clients engaging our consulting services, we use your information to coordinate projects, communicate updates, schedule tours or meetings, and fulfill our service commitments to you.
Website Improvement and Analytics
We analyze how visitors use our website to improve navigation, content relevance, and overall user experience. This helps us understand which services are most interesting to our audience and where we can enhance our offerings.
Marketing Communications (With Your Consent)
If you opt in to receive updates, we may send you information about our services, coffee industry insights, or heritage preservation topics. You can unsubscribe from these communications at any time using the link provided in each email.
Third-Party Data Sharing
We do not sell your personal information. We may share your data with trusted service providers who help us operate our website (such as web hosting services) or analytics platforms, but only to the extent necessary for them to perform their services. These providers are contractually bound to protect your information and use it only for the purposes we specify.
How We Protect Your Data
We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction:
Security Measures
Our website uses secure HTTPS encryption to protect data transmitted between your browser and our servers. We implement industry-standard security protocols to safeguard stored information and regularly update our security measures to address emerging threats.
Data Storage and Encryption
Personal information collected through contact forms is stored in secure databases with encrypted connections. We use reputable hosting providers that maintain robust security infrastructure and comply with international data protection standards.
Access Controls and Monitoring
We limit access to personal information to authorized personnel who need it to perform their job functions. Our systems are monitored for unusual activity, and we maintain logs of data access for security audit purposes.
Breach Notification Procedures
While we take extensive measures to protect your data, no system is completely secure. In the unlikely event of a data breach affecting your personal information, we will notify you promptly and take immediate steps to mitigate any potential harm, in accordance with applicable data protection regulations.
Your Privacy Rights
You have several rights regarding your personal information. We respect these rights and make it easy for you to exercise them:
Right to Access Personal Data
You can request a copy of the personal information we hold about you. We will provide this information in a commonly used, machine-readable format within 30 days of your request.
Right to Rectification and Erasure
If you believe any information we have about you is inaccurate or incomplete, you can request that we correct it. You also have the right to request deletion of your personal data, subject to any legal obligations we may have to retain certain information.
Right to Data Portability
You can request to receive your personal data in a structured, commonly used format that allows you to transfer it to another service provider if you wish.
Right to Object to Processing
You can object to our processing of your personal data for marketing purposes or where we rely on legitimate interests as our legal basis. We will respect your preferences and stop processing your data for those purposes.
How to Exercise Your Rights
To exercise any of these rights, please contact us using the details provided at the top of this page. We will respond to your request within 30 days and may ask you to verify your identity before processing your request to ensure the security of your information.
Your Rights and Opt-Out Instructions
You are not required to provide any personal information when using this website. If you prefer not to share your data, you may:
- • Avoid filling out contact forms, account registrations, or any data-submitting features
- • Disable cookies through your browser settings (see our Cookie Policy for more details)
- • Contact us directly to request the deletion of any previously shared personal data
We respect your privacy choices. If you would like us to delete your data, please reach out to us at the contact details provided on our Contact page. We will process your request promptly.
For transparency, we want you to know that certain information may need to be retained for legitimate business purposes or legal compliance, such as financial records or correspondence related to active projects. We will explain any such limitations when responding to your deletion request.