Legal

Privacy Policy

How RHMI Pharmaceuticals Sdn Bhd collects, uses and protects personal data in accordance with the EU General Data Protection Regulation (GDPR).

Last updated: 14 May 2026

This Privacy Policy explains how RHMI Pharmaceuticals Sdn Bhd (“RHMI”, “we”, “our”, “us”) processes personal data of visitors to www.rhmi-pharma.com (the “Website”) and individuals who contact us via this Website.

Although RHMI is established in Malaysia, this policy is drafted to be compatible with the European Union General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) where applicable, in addition to the Malaysian Personal Data Protection Act 2010 (“PDPA”).

1. Data Controller

The data controller responsible for processing your personal data is:

RHMI Pharmaceuticals Sdn Bhd
Kuala Lumpur, Malaysia
Email: info@rhmi-pharma.com

For any questions about this policy or to exercise your rights, please write to the email address above.

2. Personal Data We Collect

We collect personal data that you voluntarily provide to us, in particular when you submit the contact form on the Website. This includes:

  • Company name
  • Contact person’s full name
  • Email address
  • Country
  • Product category and current registration status
  • The content of the message you send us

We may also automatically collect limited technical information when you visit the Website (e.g. IP address, browser type, referring URL, pages viewed, timestamps) through standard server logs maintained by our hosting provider. This information is used for security, troubleshooting and aggregated traffic analysis only.

We do not intentionally collect any special categories of personal data (such as health data, racial or ethnic origin, political opinions). Please do not include such information in any message to us.

3. Purposes and Legal Bases of Processing

We process your personal data for the following purposes and on the following legal bases (Article 6 GDPR):

  • Responding to your enquiry — to process and reply to messages submitted via the contact form, evaluate potential business cooperation, and follow up on commercial discussions. Legal basis: performance of a contract or steps prior to entering a contract (Art. 6(1)(b)); our legitimate interest in conducting our business communications (Art. 6(1)(f)).
  • Operating and securing the Website — to ensure the technical integrity, security and proper functioning of the Website. Legal basis: our legitimate interest (Art. 6(1)(f)).
  • Compliance with legal obligations — where we are required to retain or disclose data under applicable laws. Legal basis: compliance with a legal obligation (Art. 6(1)(c)).

4. How We Share Personal Data

We do not sell personal data. We share personal data only with the following categories of recipients, and only to the extent necessary:

  • Form delivery service. Contact form submissions are processed through Web3Forms (operated by Web3Forms LLC) which delivers the submission to our internal email inbox. See Web3Forms’ privacy policy.
  • Email and hosting providers. Our email and web-hosting providers may process personal data on our behalf strictly to provide their services to us, under appropriate data-processing agreements.
  • Professional advisers and authorities. Where required for legal, regulatory or accounting purposes (e.g. auditors, legal counsel, public authorities upon valid request).

5. International Transfers

Because RHMI is based in Malaysia and uses service providers outside the European Economic Area (“EEA”), personal data may be transferred to and processed in countries that are not recognised by the European Commission as providing an adequate level of data protection.

Where applicable, such transfers are protected by appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, or rely on another transfer mechanism permitted under Chapter V GDPR. You may request a copy of the safeguards in place by contacting us at the address in section 1.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet our legal, accounting or reporting obligations. In practice:

  • Contact form enquiries: up to 3 years after the last interaction, unless a business relationship continues.
  • Personal data forming part of an active business relationship: for the duration of that relationship and as required by applicable law thereafter.
  • Server log data: typically up to 12 months.

At the end of the relevant retention period, personal data is securely deleted or anonymised.

7. Your Rights

Subject to applicable law, you have the following rights in relation to your personal data:

  • Right of access — to obtain confirmation of whether we process your personal data and a copy of it (Art. 15 GDPR).
  • Right to rectification — to have inaccurate data corrected (Art. 16 GDPR).
  • Right to erasure (“right to be forgotten”) — in certain circumstances (Art. 17 GDPR).
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability — to receive certain data in a structured, commonly used and machine-readable format (Art. 20 GDPR).
  • Right to object — including to processing based on legitimate interests (Art. 21 GDPR).
  • Right not to be subject to solely automated decision-making that produces legal or similarly significant effects (Art. 22 GDPR). We do not currently carry out such automated decision-making.
  • Right to withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@rhmi-pharma.com. We may need to verify your identity before responding. We will respond within the time limits required by applicable law (typically one month under the GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority — in the EU/EEA, with the authority of your habitual residence, place of work, or place of the alleged infringement; in Malaysia, with the Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi, JPDP).

8. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction. These include encrypted connections (TLS) for the Website, access controls, and processing data only through reputable service providers under written agreements.

No method of transmission over the internet or method of electronic storage is, however, 100% secure. We cannot guarantee absolute security.

9. Cookies and Similar Technologies

The Website does not set its own tracking cookies. We load web fonts from Google Fonts; depending on your browser and settings, this may result in a request to a Google server, which may collect technical data such as your IP address as part of standard server operation.

You can control cookies and similar technologies through your browser settings. Blocking certain cookies may affect the functionality of the Website.

10. Children

The Website is intended for business audiences and is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can delete it.

11. Third-Party Links

The Website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read their privacy policies before providing them with any personal data.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The updated version will be posted on this page with a new “Last updated” date. Material changes will be brought to your attention by appropriate means.

13. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our processing of your personal data, please contact:

RHMI Pharmaceuticals Sdn Bhd
Kuala Lumpur, Malaysia
Email: info@rhmi-pharma.com