Privacy Policy

1. Introduction

Kemilau Bestari ("we", "us", "our") is committed to handling personal information responsibly. This Privacy Policy explains what personal data we collect from persons who use our website or enquire about or enrol in our programmes, how we use that data, and what rights you have in relation to it.

This policy applies to data collected through our website at kemilaubestari.pro, through our enquiry form, and through the enrolment and programme delivery process. It is governed by Malaysia's Personal Data Protection Act 2010 (PDPA).

If you have questions about this policy, please contact us at [email protected].

2. Personal Data We Collect

We collect personal data in the following circumstances:

• Enquiry form: name, email address, and optionally phone number and message text.
• Programme enrolment: full name, contact details, and relevant background information needed to manage your participation.
• Website analytics: anonymised data on page visits, browser type, and general geographic region — collected via cookies if you consent to analytics cookies.
• Email correspondence: the content of any email you send to us.

We do not collect sensitive personal data (such as identification numbers, financial account details, or health information) through our website. Financial information that participants share verbally during sessions is treated as confidential and is not recorded in identifiable form.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

• To respond to your enquiry about our programmes.
• To manage your enrolment and participation in a programme.
• To send you practical information about session dates, materials, and logistics.
• To understand how our website is used, in order to improve it (analytics cookies, where consented).
• To comply with our legal obligations under Malaysian law.

We do not use your personal data for direct marketing without your explicit consent. We do not sell or share personal data with third-party commercial partners.

4. Legal Basis for Processing

Under the PDPA and internationally recognised data protection principles, we process your personal data on the following bases:

• Your consent: where you have submitted an enquiry form or agreed to analytics cookies.
• Contractual necessity: to manage your enrolment and deliver the programme you have paid for.
• Legitimate interests: to respond to your enquiry and to improve our services, where this does not override your rights.
• Legal obligation: where we are required to retain or disclose data by Malaysian law.

5. Data Retention

We retain personal data for as long as is necessary for the purpose for which it was collected:

• Enquiry data (no enrolment): retained for up to 12 months, then deleted.
• Enrolment and programme records: retained for 7 years following the conclusion of the programme, as required for financial record-keeping.
• Email correspondence: retained for up to 3 years, then reviewed for deletion.

6. Cookies

Our website uses cookies. Essential cookies are required for the website to function and cannot be disabled. Analytics and preference cookies are optional and are only activated if you consent. For a full description of the cookies we use, see our Cookie Policy.

7. Third-Party Services

We use Google Analytics (if analytics cookies are accepted) to understand anonymised website usage patterns. Google's Privacy Policy governs their handling of this data. We do not share identifiable personal data with Google or any other third party for marketing purposes.

Links on our website to external resources are provided for convenience. We are not responsible for the privacy practices of those sites.

8. Data Security

We take reasonable technical and organisational measures to protect personal data against loss, misuse, or unauthorised access. These include restricted access to data held on our systems, use of secure communication channels, and regular review of our data handling practices.

In the event of a data breach that poses a significant risk to the persons concerned, we will notify the relevant parties in accordance with our obligations under Malaysian law.

9. Your Rights Under the PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to your personal data:

• Right of access: to request a copy of the personal data we hold about you.
• Right of correction: to request correction of inaccurate or incomplete data.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
• Right to prevent processing for direct marketing: you can ask us to stop using your data for any direct marketing purpose.

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days.

10. Children's Privacy

Our programmes are designed for adults aged 40 and above. We do not knowingly collect personal data from persons under the age of 18. If you believe a minor's data has been submitted to us, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available at this page with the date of the last update shown at the top. Continued use of our website after a policy update constitutes acceptance of the revised policy.

12. Contact

For any questions or concerns about this Privacy Policy or about how we handle your personal data, please contact:

• Email: [email protected]
• Post: Kemilau Bestari, 124 Jalan Burma, 10350 George Town, Penang, Malaysia
• Telephone: +60 4-261 5837 (office hours: Monday–Friday 9am–5:30pm)