Privacy Policy
Last updated: 2026
Goviral Lab ("GVL", "we", "our", or "us") is committed to protecting the privacy and personal data of individuals with whom we interact. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you interact with us through our website https://www.govirallab.com/ and through our business activities as a venture studio, consultancy, business advisory, and execution partner.
This Policy is structured to closely mirror the clause-by-clause approach used by leading global consulting firms, while complying strictly with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
Goviral Lab ("GVL", "we", "our", or "us") is committed to protecting the privacy and personal data of individuals with whom we interact. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you interact with us through our website https://www.govirallab.com/ and through our business activities as a venture studio, consultancy, business advisory, and execution partner.
This Policy is structured to closely mirror the clause-by-clause approach used by leading global consulting firms, while complying strictly with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
1. Who We Are
GVL is a Malaysia-based company providing creative, digital, automation, training, and corporate & people advisory services. Our work spans creative capital, digital and cultural capital, and corporate & people capital, supporting businesses, founders, and organizations from strategy through execution.
GVL is a Malaysia-based company providing creative, digital, automation, training, and corporate & people advisory services. Our work spans creative capital, digital and cultural capital, and corporate & people capital, supporting businesses, founders, and organizations from strategy through execution.
2. Scope of This Privacy Policy
This Privacy Policy applies to personal data collected in connection with:
This Privacy Policy applies to personal data collected in connection with:
Visitors to our websites and digital platforms
Visitors to our websites and digital platforms
Clients, prospective clients, and business partners
Clients, prospective clients, and business partners
Founders, entrepreneurs, and venture participants
Founders, entrepreneurs, and venture participants
Participants in training programs, workshops, and HRDC-related initiatives
Participants in training programs, workshops, and HRDC-related initiatives
Individuals registering interest, booking diagnostics, audits, or readiness sessions
Individuals registering interest, booking diagnostics, audits, or readiness sessions
Job applicants, contractors, and collaborators
Job applicants, contractors, and collaborators
3. Personal Data We Collect
3.1 Personal Data You Provide
Depending on how you interact with us, we may collect:
3.1 Personal Data You Provide
Depending on how you interact with us, we may collect:
Identification and contact details (e.g. name, email address, phone number)
Identification and contact details (e.g. name, email address, phone number)
Professional and business information (e.g. company name, role, operational details)
Professional and business information (e.g. company name, role, operational details)
Information submitted through enquiry forms, booking forms, audits, or registrations
Information submitted through enquiry forms, booking forms, audits, or registrations
Training, program, or event participation details
Training, program, or event participation details
Communications, feedback, and correspondence
Communications, feedback, and correspondence
3.2 Personal Data Collected Automatically
When you access our website, we may automatically collect certain information, including:
3.2 Personal Data Collected Automatically
When you access our website, we may automatically collect certain information, including:
IP address and device identifiers
IP address and device identifiers
Browser type, operating system, and referring URLs
Browser type, operating system, and referring URLs
Website usage data, page interactions, and analytics information
Website usage data, page interactions, and analytics information
Cookies and similar tracking technologies
Cookies and similar tracking technologies
4. How We Use Personal Data
We use personal data for legitimate business and operational purposes, including to:
We use personal data for legitimate business and operational purposes, including to:
Respond to enquiries and communicate with you
Respond to enquiries and communicate with you
Deliver our venture studio, creative, digital, AI, training, and advisory services
Deliver our venture studio, creative, digital, AI, training, and advisory services
Schedule and manage diagnostic calls, audits, and readiness assessments
Schedule and manage diagnostic calls, audits, and readiness assessments
Operate, improve, and secure our websites and systems
Operate, improve, and secure our websites and systems
Conduct marketing, thought leadership, and business development activities (where consent is provided)
Conduct marketing, thought leadership, and business development activities (where consent is provided)
Manage training programmes and HRDC-related engagements
Manage training programmes and HRDC-related engagements
Comply with applicable legal, regulatory, and contractual obligations
Comply with applicable legal, regulatory, and contractual obligations
Protect our rights, interests, and business operations
Protect our rights, interests, and business operations
5. Legal Basis for Processing
Under Malaysian law, we process personal data based on one or more of the following grounds:
Under Malaysian law, we process personal data based on one or more of the following grounds:
Your consent
Your consent
The performance of a contract or steps taken prior to entering into a contract
The performance of a contract or steps taken prior to entering into a contract
Compliance with legal or regulatory obligations
Compliance with legal or regulatory obligations
Our legitimate business interests, provided such interests do not override your rights
Our legitimate business interests, provided such interests do not override your rights
6. Disclosure of Personal Data
We may disclose personal data on a need-to-know basis to:
We may disclose personal data on a need-to-know basis to:
Our internal teams and authorised personnel
Our internal teams and authorised personnel
Third-party service providers and technology partners supporting our operations
Third-party service providers and technology partners supporting our operations
Professional advisers such as legal, accounting, and compliance consultants
Professional advisers such as legal, accounting, and compliance consultants
Training providers, ecosystem partners, or strategic collaborators where relevant
Training providers, ecosystem partners, or strategic collaborators where relevant
Government authorities or regulators where required by law
Government authorities or regulators where required by law
7. Cross-Border Transfers
Some of our service providers or technology infrastructure may be located outside Malaysia. Where personal data is transferred internationally, we take reasonable steps to ensure that such transfers comply with the PDPA and that appropriate safeguards are in place.
Some of our service providers or technology infrastructure may be located outside Malaysia. Where personal data is transferred internationally, we take reasonable steps to ensure that such transfers comply with the PDPA and that appropriate safeguards are in place.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, or as required by applicable laws, regulations, or contractual obligations. When personal data is no longer required, it will be securely deleted or anonymised.
We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, or as required by applicable laws, regulations, or contractual obligations. When personal data is no longer required, it will be securely deleted or anonymised.
9. Data Security
We maintain reasonable administrative, technical, and organisational safeguards designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. However, no system can be completely secure, and we cannot guarantee absolute security of personal data.
We maintain reasonable administrative, technical, and organisational safeguards designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. However, no system can be completely secure, and we cannot guarantee absolute security of personal data.
10. Your Rights
Subject to the PDPA, you may have the right to:
Subject to the PDPA, you may have the right to:
Request access to your personal data held by us
Request access to your personal data held by us
Request correction of inaccurate or incomplete personal data
Request correction of inaccurate or incomplete personal data
Withdraw consent to the processing of personal data, subject to legal or contractual limitations
Withdraw consent to the processing of personal data, subject to legal or contractual limitations
Requests will be handled in accordance with applicable law and may require verification of identity.
Requests will be handled in accordance with applicable law and may require verification of identity.
11. Cookies and Similar Technologies
We use cookies and similar technologies to operate our website, analyse usage, and improve performance. You may adjust your browser settings to manage or disable cookies. Disabling cookies may affect certain website features.
We use cookies and similar technologies to operate our website, analyse usage, and improve performance. You may adjust your browser settings to manage or disable cookies. Disabling cookies may affect certain website features.
12. Third-Party Links
Our website may contain links to third-party websites or platforms. This Privacy Policy does not apply to those third-party sites, and we are not responsible for their privacy practices or content.
Our website may contain links to third-party websites or platforms. This Privacy Policy does not apply to those third-party sites, and we are not responsible for their privacy practices or content.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business, services, or legal requirements. Any updates will be posted on our website with a revised "Last updated" date.
We may update this Privacy Policy from time to time to reflect changes in our business, services, or legal requirements. Any updates will be posted on our website with a revised "Last updated" date.
14. How to Contact Us
If you have questions, concerns, or requests relating to this Privacy Policy or our handling of personal data, please contact:
If you have questions, concerns, or requests relating to this Privacy Policy or our handling of personal data, please contact:
Goviral Lab
Website: https://www.govirallab.com/
Email: management@govirallab.com
Goviral Lab
Website: https://www.govirallab.com/
Email: management@govirallab.com
This Privacy Policy is intended to comply with the Personal Data Protection Act 2010 (Malaysia). It is provided for general information purposes and does not constitute legal advice.
This Privacy Policy is intended to comply with the Personal Data Protection Act 2010 (Malaysia). It is provided for general information purposes and does not constitute legal advice.