Privacy Policy

1. Who We Are

Teratai Hikmah is a financial education provider registered in Malaysia, operating from 18 Jalan Kelang Lama, 58000 Kuala Lumpur. References to "we", "us" or "our" in this policy refer to Teratai Hikmah. This website is operated at terataihikmah.cyou.

We are the data controller for personal data collected through this website and through our programme enrolment and communications processes.

---

2. Legal Framework

This Privacy Policy is prepared in compliance with the Personal Data Protection Act 2010 (Act 709) of Malaysia (PDPA). It governs how we process personal data of individuals who interact with our website, contact us, or enrol in our programmes.

---

3. Personal Data We Collect

We collect personal data in the following circumstances:

When you submit our contact form

• Full name
• Email address
• Phone number (if provided)
• Programme of interest (if indicated)
• The content of your message

When you enrol in a programme

• Full name and identification details (as required for class records)
• Contact details (email, phone)
• Payment reference information
• Any supporting information you choose to share relevant to the programme

When you visit our website

• Browser type and version
• Device type and operating system
• Pages visited and time spent (via analytics, if enabled)
• Referring URL

We do not collect sensitive personal data as defined under the PDPA (such as health information, political opinions, or religious beliefs) unless you voluntarily provide it in the context of a programme.

---

4. How We Use Your Data

We use personal data for the following purposes:

• To respond to your enquiry or question
• To process enrolment and coordinate programme delivery
• To send you relevant correspondence related to your enrolment (session confirmations, materials, follow-up summaries)
• To comply with legal and regulatory obligations
• To improve the quality of our programmes and website

We do not use your data for automated profiling, targeted advertising, or resale to third parties.

---

5. Legal Basis for Processing

Under the PDPA, we process your data on the following grounds:

• Consent — you have given consent by submitting our contact form or enrolling in a programme
• Contractual necessity — processing is necessary to perform our obligations under a programme enrolment agreement
• Legal obligation — where processing is required by Malaysian law
• Legitimate interests — for internal record-keeping and website analytics, where these do not override your rights

---

6. Disclosure of Data

We do not sell or transfer your personal data to third parties for marketing purposes. We may share data only in the following limited circumstances:

• Service providers — hosting, email delivery, and analytics providers who process data on our behalf under contractual obligations consistent with this policy
• Legal requirements — where disclosure is required by Malaysian law, court order, or regulatory authority
• Consent — where you have given explicit permission for a specific purpose

---

7. Data Retention

We retain personal data for no longer than necessary for the purpose for which it was collected:

• Enquiry correspondence is held for up to 24 months from the date of last contact.
• Programme participant records are retained for 7 years from completion of the programme, as required for financial and administrative records under Malaysian law.
• Website analytics data is retained for up to 14 months.

After the applicable retention period, data is securely deleted or anonymised.

---

8. Your Rights

Under the PDPA, you have the following rights with respect to your personal data:

• Right of access — to request a copy of the personal data we hold about you
• Right to correction — to request correction of inaccurate or incomplete data
• Right to withdraw consent — where processing is based on consent, you may withdraw at any time
• Right to limit processing — in circumstances permitted under the PDPA

To exercise any of these rights, please contact us at [email protected] or by post to the address below. We will respond within 21 days of receiving a valid request.

---

9. Security

We take reasonable technical and organisational precautions to protect your personal data against loss, misuse, unauthorised access, alteration or disclosure. Our website is served over HTTPS. Access to participant records is restricted to authorised staff only.

No method of transmission over the internet is entirely without risk. If you have reason to believe that your interaction with us is no longer secure, please contact us promptly.

---

10. Cookies

Our website uses cookies for session management and, where enabled, website analytics. Please see our Cookie Policy for full details of the cookies we use and how to manage them.

---

11. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and recommend that you review their privacy policies independently.

---

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The revised policy will be published on this page with an updated effective date. Material changes will be communicated by notice on our website.

---

13. Contact

For questions, data access requests, or complaints relating to this Privacy Policy, please contact:

Teratai Hikmah
18 Jalan Kelang Lama
58000 Kuala Lumpur
Malaysia
+60 3-9173 6248
[email protected]

If you are not satisfied with our response, you may refer your complaint to the Department of Personal Data Protection (JPDP), Malaysia.