Legal
Privacy Policy
Last updated: 30 June 2025
1. Introduction
Hearthlink ("we", "us", "our") is committed to handling the personal information of everyone who contacts us or participates in our programmes with care and transparency. This policy explains what personal data we collect, why we collect it, how we use it, and what your rights are in relation to it.
This policy applies to information collected through our website at hearthl.blog, through enquiry and booking forms, and through information shared during our programmes. It is governed by the Personal Data Protection Act 2010 (PDPA) of Malaysia.
If you have questions about this policy, please contact us at [email protected].
2. What Personal Data We Collect
Information you provide directly
- Name and contact details (email address, phone number)
- Information shared in enquiry or booking forms (such as a brief description of your family's situation)
- Information shared verbally or in writing during programme sessions
Information collected automatically
- Website usage data (pages visited, time spent, browser type) collected via analytics cookies
- IP address and device information collected by our website hosting provider
Legal basis for processing
We process your personal data on the basis of your consent (where you have provided it), for the performance of a service you have requested, and where we have a legitimate interest in responding to your enquiry and improving our programmes.
Retention periods
Enquiry records are kept for up to 12 months after the last contact. Programme records (names, session dates, outputs) are kept for up to three years for programme improvement purposes, then securely deleted. You may request earlier deletion at any time (see Section 6).
3. How We Use Your Information
- To respond to your enquiry and discuss which programme may suit your situation
- To schedule and deliver programme sessions
- To send programme-related follow-up information
- To improve our website and programme content (using aggregated, anonymised analytics data)
- To meet any legal obligations that apply to us
We do not use your personal data for unsolicited marketing. If we wish to contact you with information about future programmes or updates, we will ask for your explicit agreement first.
We do not share your personal data with third parties except where necessary to deliver a service (such as a payment processor), where required by law, or where you have given clear consent.
4. Data Protection Measures
We take reasonable technical and organisational steps to protect your personal data against unauthorised access, loss, or misuse. These include:
- Secure, password-protected systems for storing contact and session records
- Restricted access to personal data (only staff who need it to deliver services can access it)
- Regular review of our data handling practices
In the event of a data breach that is likely to affect your rights, we will notify you and the relevant authority as required under Malaysian law without undue delay.
5. Cookies
Our website uses cookies to function correctly and to understand how visitors use the site. We use essential cookies (required for the site to work) and optional analytics cookies (to improve our website). You can manage your cookie preferences through the banner on our homepage or our Cookie Policy page.
6. Your Rights
Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to the personal data we hold about you:
- Right of access: to request a copy of the personal data we hold about you
- Right to correction: to request that inaccurate or incomplete data be corrected
- Right to withdraw consent: to withdraw consent to processing at any time (without affecting processing already carried out)
- Right to limit processing: to request that we stop processing your data except for storage while a concern is resolved
- Right to erasure: to request deletion of your personal data where there is no legitimate reason for us to continue holding it
To exercise any of these rights, email [email protected]. We will respond within 21 days. If you are not satisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia (PDPD).
7. Third-Party Links
Our website may include links to external websites — for example, links to professional referral bodies or government services. We are not responsible for the privacy practices of those websites. We encourage you to read the privacy policy of any external site you visit.
8. Participation by Minors
Our programmes are designed for adults aged 18 and above. We do not knowingly collect personal data from anyone under 18 without the express consent of a parent or legal guardian. If you believe a minor's data has been submitted to us, please contact us at [email protected] so we can remove it.
9. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or in applicable law. The "last updated" date at the top of this page will be changed when we do. For significant changes, we will make reasonable efforts to notify you directly if we hold your contact details.
10. Contact Us
Hearthlink is the data controller for the personal information described in this policy.
- Email: [email protected]
- Address: 68, Jalan SS2/24, 47300 Petaling Jaya, Selangor, Malaysia
- Phone: +60 3 7875 4610