1. Introduction
Finhaven ("we", "us", or "our") is committed to protecting the personal data of individuals who interact with our website and services. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
By using our website at finhaven.my or submitting an enquiry through any of our contact forms, you acknowledge that you have read and understood this policy.
2. Data Controller
The data controller responsible for your personal data is:
- Business name: Finhaven
- Address: 33 Jalan Datuk Keramat, 54000 Kuala Lumpur, Malaysia
- Telephone: +60 3-4261 7893
- Email: [email protected]
3. Personal Data We Collect
We may collect the following categories of personal data:
3.1 Data you provide directly
- Full name
- Email address
- Telephone number
- The content of messages or enquiries you submit
- Programme preferences you indicate
3.2 Data collected automatically
- IP address and approximate location (country or city)
- Browser type and version
- Device type and operating system
- Pages visited and time spent on our website
- Referring website or URL
- Cookie identifiers (see Section 10)
We do not collect sensitive personal data such as identification numbers, financial account details, health information, or political opinions through our website.
4. Purpose of Processing
We process your personal data for the following purposes:
- Responding to your enquiries and programme interest
- Communicating information about our programmes, including scheduling and logistics
- Administering enrolment in our financial education programmes
- Improving the content and usability of our website
- Complying with our legal and regulatory obligations
- Sending relevant updates about programmes or services you have expressed interest in (with your consent, where required)
5. Legal Basis for Processing
Under the PDPA 2010, we process your personal data on the following grounds:
- Consent: Where you have submitted a form or opted in to receive communications from us.
- Contractual necessity: Where processing is necessary to fulfil our obligations in providing a programme you have enrolled in.
- Legitimate interests: For website analytics and improving our services, provided such interests are not overridden by your rights.
- Legal obligation: Where we are required to retain or share data by law.
6. Disclosure of Personal Data
We do not sell your personal data to third parties. We may share your data in the following limited circumstances:
- Service providers: Trusted vendors who assist us in operating our website or delivering our services (e.g. email delivery, analytics), under strict data processing agreements.
- Legal requirement: If we are required to do so under applicable Malaysian law, court order, or regulatory direction.
- Business transfer: In the event of a merger, acquisition, or transfer of business assets, subject to appropriate confidentiality protections.
Any third parties with whom we share data are required to process it only for the stated purpose and in compliance with applicable data protection law.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law.
- Enquiry data: up to 24 months from the date of receipt, unless a programme relationship is established.
- Participant records: up to 7 years following the conclusion of a programme, in line with standard business record-keeping practices.
- Analytics data: typically aggregated and anonymised; raw logs retained for no more than 14 months.
Once data is no longer required, it is securely deleted or anonymised.
8. Your Rights Under PDPA 2010
Under the Personal Data Protection Act 2010, you have the following rights in relation to your personal data:
- Right of access: You may request a copy of the personal data we hold about you.
- Right of correction: You may request that inaccurate or incomplete data be corrected.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to limit processing: In certain circumstances, you may request that we restrict the use of your data.
To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within 21 days. There is no charge for submitting a reasonable request.
9. Security of Personal Data
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, or disclosure. These include encrypted data transmission (HTTPS), access controls, and secure server environments.
While we take care to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to responding promptly to any confirmed breach in accordance with our obligations under the PDPA 2010.
11. Third-Party Links
Our website may contain links to external websites that are not operated by Finhaven. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policy of any external site you visit through a link on our pages.
12. Children's Privacy
Our website and programmes are intended for adults. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.
13. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
Continued use of our website following any update constitutes your acknowledgement of the revised policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
- By post: 33 Jalan Datuk Keramat, 54000 Kuala Lumpur, Malaysia
- By telephone: +60 3-4261 7893
- By email: [email protected]
If you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia through the Ministry of Digital.