Legal
Privacy Policy
Last Updated: 14 April 2025 · Effective: 14 April 2025
1. Introduction
Halcyon Reach ("we", "us", "our") is committed to handling personal data responsibly. This Privacy Policy describes what personal data we collect, how we use it, the legal basis on which we process it, and the rights you have as a data subject. It applies to all individuals who interact with our website and enrol in our courses.
This policy is governed by Malaysia's Personal Data Protection Act 2010 (PDPA). If you have questions about this policy, you may contact us at [email protected].
2. Data We Collect
Information You Provide
- Full name and email address (required for enquiry and enrolment)
- Phone number (optional, if provided in contact forms)
- Message content submitted through our contact form
- Payment details — processed via third-party payment providers; we do not store card numbers
Information Collected Automatically
- IP address and browser type (via server logs)
- Pages visited and duration (via analytics cookies, if consented)
- Referring URL
Legal Basis for Processing
- Contract performance — processing your name and email to deliver the course you have enrolled in
- Legitimate interests — maintaining records of transactions and responding to enquiries
- Consent — analytics and marketing cookies, which you may accept or decline via our cookie banner
Data Retention
Enrolment records are retained for seven years for accounting and compliance purposes. Contact form submissions are retained for twelve months. Analytics data is retained for twenty-four months before being deleted or anonymised.
3. How We Use Your Data
- To process enrolment and provide access to course materials
- To respond to enquiries submitted through our contact form
- To send course update notifications when materials are revised (participants only)
- To improve the website and course content through aggregated analytics
- To comply with Malaysian legal and tax obligations
We do not use your data to send general marketing communications without your explicit consent. We do not sell, rent, or share your personal data with third parties for their commercial purposes.
Third-Party Services
- Payment processing — FPX / Stripe or similar; subject to their own privacy policies
- Analytics — Google Analytics (if consented), operating under Google's privacy framework
- Email delivery — transactional emails delivered via a third-party email service provider
4. Data Protection Measures
- Our website uses HTTPS (TLS encryption) for all data transmission
- Administrative access to participant records is restricted to authorised staff
- Payment transactions are processed over encrypted connections by our payment provider
- In the event of a personal data breach, we will notify affected individuals and the relevant authorities as required under the PDPA
5. Cookies
We use essential cookies to maintain site functionality, and optional analytics cookies to understand how visitors use the site. You may manage your cookie preferences at any time through our Cookie Policy page. Withdrawing consent for analytics cookies does not affect your access to our courses or any other service.
6. Your Rights Under Malaysian PDPA
As a data subject under the Personal Data Protection Act 2010, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request that inaccurate or incomplete data be corrected
- Withdrawal of consent — withdraw consent for optional data processing (e.g. analytics) at any time
- Limit processing — request that we limit the use of your personal data in certain circumstances
- Object — object to processing based on legitimate interests where your interests override ours
To exercise any of these rights, please write to [email protected]. We will respond within thirty days. You also have the right to lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) if you believe your rights have been infringed.
7. Third-Party Links
Our website may contain links to third-party websites, including linked payment platforms and references to external institutions. We are not responsible for the privacy practices of those websites and encourage you to review their own privacy policies.
8. Children's Privacy
Our courses are designed for adults aged 40 and over. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that personal data has been submitted by a minor, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in Malaysian law. When we do, we will update the "Last Updated" date at the top of this page. Enrolled participants will be notified by email of material changes. Continued use of our courses after notification constitutes acceptance of the revised policy.
10. Contact Us
For questions, requests, or complaints regarding this Privacy Policy or the handling of your personal data:
- Email: [email protected]
- Address: 12 Jalan Telawi 3, Bangsar Baru, 59100 Kuala Lumpur, Malaysia
- Phone: +60 3-2165 9438
Halcyon Reach is the data controller for personal data processed in connection with our courses and website.