Legal

Privacy Policy

Last updated: 30 June 2025

1. Introduction

Hearthlink ("we", "us", "our") is committed to handling the personal information of everyone who contacts us or participates in our programmes with care and transparency. This policy explains what personal data we collect, why we collect it, how we use it, and what your rights are in relation to it.

This policy applies to information collected through our website at hearthl.blog, through enquiry and booking forms, and through information shared during our programmes. It is governed by the Personal Data Protection Act 2010 (PDPA) of Malaysia.

If you have questions about this policy, please contact us at [email protected].

2. What Personal Data We Collect

Information you provide directly

Information collected automatically

Legal basis for processing

We process your personal data on the basis of your consent (where you have provided it), for the performance of a service you have requested, and where we have a legitimate interest in responding to your enquiry and improving our programmes.

Retention periods

Enquiry records are kept for up to 12 months after the last contact. Programme records (names, session dates, outputs) are kept for up to three years for programme improvement purposes, then securely deleted. You may request earlier deletion at any time (see Section 6).

3. How We Use Your Information

We do not use your personal data for unsolicited marketing. If we wish to contact you with information about future programmes or updates, we will ask for your explicit agreement first.

We do not share your personal data with third parties except where necessary to deliver a service (such as a payment processor), where required by law, or where you have given clear consent.

4. Data Protection Measures

We take reasonable technical and organisational steps to protect your personal data against unauthorised access, loss, or misuse. These include:

In the event of a data breach that is likely to affect your rights, we will notify you and the relevant authority as required under Malaysian law without undue delay.

5. Cookies

Our website uses cookies to function correctly and to understand how visitors use the site. We use essential cookies (required for the site to work) and optional analytics cookies (to improve our website). You can manage your cookie preferences through the banner on our homepage or our Cookie Policy page.

6. Your Rights

Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to the personal data we hold about you:

To exercise any of these rights, email [email protected]. We will respond within 21 days. If you are not satisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia (PDPD).

7. Third-Party Links

Our website may include links to external websites — for example, links to professional referral bodies or government services. We are not responsible for the privacy practices of those websites. We encourage you to read the privacy policy of any external site you visit.

8. Participation by Minors

Our programmes are designed for adults aged 18 and above. We do not knowingly collect personal data from anyone under 18 without the express consent of a parent or legal guardian. If you believe a minor's data has been submitted to us, please contact us at [email protected] so we can remove it.

9. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or in applicable law. The "last updated" date at the top of this page will be changed when we do. For significant changes, we will make reasonable efforts to notify you directly if we hold your contact details.

10. Contact Us

Hearthlink is the data controller for the personal information described in this policy.