Privacy Policy

1. Data Controller

The data controller responsible for your personal information is:

2. Information We Collect

We collect personal data in the following ways:

Information you provide directly:

• Name and contact details (email address, phone number)
• Postal or billing address where required for invoicing
• Program enrollment selections and related correspondence
• Employer details (for HRDF/HRD Corp claims, if applicable)
• Financial circumstances shared voluntarily during program activities

Information collected automatically:

• IP address and browser type for site security and analytics
• Pages visited, session duration, and referring URLs
• Cookie identifiers (see Section 5 and our Cookie Policy)

3. How We Use Your Data

Personal data is used for the following purposes:

• Processing program enrollments, issuing confirmations, and managing your cohort participation
• Communicating with you about program schedules, materials, and facilitator details
• Issuing Certificates of Completion and HRDF documentation
• Responding to enquiries submitted via our contact form
• Sending occasional updates about new programs or cohort schedules (only with your consent)
• Improving our programs based on aggregated participant feedback
• Complying with legal and regulatory obligations in Malaysia

We process personal data on the basis of: consent (for marketing communications), contractual necessity (for enrollment administration), and legitimate interest (for service improvement and security).

4. Data Sharing

We do not sell personal data. We may share data with:

• HRD Corp / HRDF — where required to process employer subsidy claims
• Payment processors — to handle transaction processing securely
• Analytics providers — aggregated, non-identifiable usage data only
• IT service providers — who assist with website hosting and operational infrastructure, bound by data processing agreements

All third parties engaged by Finsavva are required to handle personal data in accordance with PDPA obligations.

5. Cookies

We use cookies to support site functionality, analyse traffic, and — with your consent — for marketing purposes. For a full explanation of the cookies we use and how to manage your preferences, please see our Cookie Policy.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this policy:

• Enrollment and program records: 7 years (for regulatory and tax compliance)
• Contact form enquiries: 12 months from last correspondence
• Marketing consent records: until consent is withdrawn plus 1 year
• Website analytics data: 26 months (aggregated and anonymised after 14 months)

7. Your Rights Under PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the following rights:

• Right of access — to request a copy of personal data we hold about you
• Right of correction — to request that inaccurate or incomplete data be corrected
• Right to withdraw consent — to withdraw consent for marketing at any time
• Right to limit processing — to restrict how we use your data in certain circumstances
• Right to inquire — to ask questions about our data handling practices

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (HTTPS), access controls, and staff awareness of data handling obligations. In the event of a data breach, we will notify affected individuals as required by applicable law.

9. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies directly.

10. Children's Privacy

Our programs and services are intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor's data has been submitted to us, please contact us promptly so it can be removed.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When material changes are made, we will update the "Last Updated" date above. Continued use of our services following any update constitutes acceptance of the revised policy.

12. Contact for Privacy Enquiries

For any questions or requests relating to this policy or our data handling practices: