Privacy Policy

Panthalas ("we", "us", "our") is a financial education practice registered in Penang, Malaysia. This policy explains what personal information we collect, why we collect it, how we use it, and what your rights are under the Personal Data Protection Act 2010 (PDPA) of Malaysia. If you have questions, you can reach us at privacy@panthalaa.

1. Data We Collect

We may collect the following categories of personal information:

• Contact information — name, email address, phone number, provided when you submit an enquiry form or contact us directly.
• Programme-related information — details about your financial records and documents shared during sessions, for the sole purpose of delivering the programme.
• Usage data — IP address, browser type, pages visited, and time spent on our website, collected automatically via cookies and analytics tools if you consent.
• Communications — the content of emails, messages, or enquiries you send us.

We do not collect payment card details through our website. Payment is handled by bank transfer with details provided separately.

2. How We Collect Data

• Directly from you via the enquiry form on our website
• Through email or phone communications you initiate
• During programme sessions (documents and information you share for educational purposes)
• Automatically through cookies and analytics tools, subject to your consent

3. Legal Basis and Purpose for Processing

We process your personal data on the following bases:

• Consent — where you have agreed to cookies or marketing communications.
• Contractual necessity — to deliver the programme you have enrolled in and to respond to enquiries.
• Legitimate interest — to maintain records of completed work, to improve our programmes, and to protect against fraud.

4. How We Use Your Data

• To respond to enquiries and confirm programme arrangements
• To deliver the programme you have engaged us for
• To prepare and send printed materials arising from the programme
• To maintain internal records of completed programmes
• To send programme-related follow-up communications (not marketing)
• To improve the structure and content of our programmes over time
• To comply with legal obligations under Malaysian law

5. Data Sharing

We do not sell your personal data. We do not share financial information shared in sessions with any third party. We may share limited contact data with:

• Service providers who operate our website or email infrastructure (under data processing agreements)
• Analytics providers, if you have consented to analytics cookies
• Authorities, if required by law

We do not share your data with financial product providers, insurance companies, or investment platforms.

6. Data Retention

Contact enquiry data is retained for 24 months from the date of last contact. Programme records are retained for 5 years after programme completion, as required for business and tax record-keeping under Malaysian law. Analytics data is retained in accordance with the terms of the analytics provider, typically 14 months. You may request earlier deletion — see Your Rights below.

7. Cookies

We use cookies to understand how the website is used. Essential cookies are required for the website to function. Analytics and preference cookies are optional and require your consent. You can manage your cookie preferences at any time via our Cookie Policy page.

8. Data Security

We take reasonable steps to protect your personal data, including:

• HTTPS encryption for all website communications
• Access controls limiting who can view personal data
• Secure disposal of physical documents containing personal information
• Session notes are held securely and not accessible to parties outside the working relationship

No transmission over the internet is completely secure. If we become aware of a data breach that is likely to affect your rights, we will notify you and the relevant authority as required by Malaysian law.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before submitting personal data to them.

10. Children's Privacy

Our programmes are designed for adults aged 18 and over. We do not knowingly collect data from individuals under 18. If you believe we have inadvertently done so, please contact us and we will delete it promptly.

11. Your Rights

Under the PDPA 2010 and generally accepted data protection principles, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention obligations)
• Withdraw consent for optional processing (e.g. analytics cookies)
• Object to processing where we rely on legitimate interest
• Lodge a complaint with the Personal Data Protection Commissioner of Malaysia

To exercise any of these rights, write to us at privacy@panthalaa. We will respond within 21 days.

12. Policy Updates

We may update this policy from time to time. When we do, the "Last updated" date at the top of this page will change. Continued use of our website or services after an update constitutes acceptance of the revised policy. For significant changes, we will notify participants who have active programme arrangements by email.

13. Contact

For privacy-related questions or to exercise your rights:

• privacy@panthalaa
• Panthalas, Jalan Teluk Bahang No. 19, Teluk Heritage Court, 11050 George Town, Penang, Malaysia