Privacy Policy

Pennybloom ("we", "us", "our") is committed to protecting the privacy and personal data of individuals who interact with us. This Privacy Policy explains our practices regarding the collection, use, storage, and disclosure of personal data, in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

By using our website at pennyblo.info or by engaging with any of our programs or services, you acknowledge that you have read and understood this policy.

1. Who We Are

Pennybloom is a financial education provider operating from Melaka, Malaysia. Our registered business address is:

Pennybloom
62 Jalan Hang Jebat
75200 Melaka
Malaysia
Phone: +60 6-2831 4597
Email: [email protected]

2. Personal Data We Collect

We may collect the following categories of personal data:

2.1 Information You Provide Directly

• Full name
• Email address
• Phone number
• Any information you include in messages or enquiry forms
• Program interest and preferences as expressed during enrolment

2.2 Information Collected Automatically

• IP address and approximate geolocation
• Browser type and version
• Pages visited and time spent on our website
• Referring website or source
• Device type and operating system
• Cookie identifiers (subject to your consent — see Section 9)

2.3 Information from Third Parties

Where you contact us via a third-party platform (such as a social media inquiry or referral), we may receive limited data provided in that context. We only use such data for the purpose for which it was shared.

3. How We Collect Your Data

• Contact and enquiry forms on our website
• Direct communication by email or phone
• Program registration and enrolment
• Website cookies and analytics tools (with consent)
• Social media or referral platforms

4. Why We Use Your Personal Data

We use personal data collected from you for the following purposes:

• To respond to your enquiries and provide information about our programs
• To process enrolment and manage participation in our programs
• To communicate program schedules, materials, and updates
• To send relevant follow-up communications about programs you have expressed interest in
• To improve the quality and relevance of our programs and website
• To comply with applicable legal and regulatory obligations
• To conduct anonymous, aggregated analysis for internal research purposes

We do not use your personal data for automated decision-making that produces legal or similarly significant effects.

5. Legal Basis for Processing

Under Malaysia's PDPA, we process personal data on the following grounds:

• Consent: For marketing communications and cookie-based tracking, we rely on your explicit consent, which you may withdraw at any time.
• Contractual necessity: Where processing is required to perform services you have signed up for.
• Legitimate interests: For internal analytics, quality improvement, and ensuring the security of our systems, where these interests are not overridden by your rights.
• Legal compliance: Where processing is required to fulfil our obligations under Malaysian law.

6. Sharing Your Personal Data

We do not sell your personal data. We may share it in the following limited circumstances:

6.1 Service Providers

We may share data with trusted third-party service providers who assist us in operating our website and delivering programs, including email platforms, cloud storage, analytics tools, and payment processors. These providers are contractually bound to process data only in accordance with our instructions and applicable law.

6.2 Legal Requirements

We may disclose personal data where required to do so by law, court order, or lawful request from a government or regulatory authority.

6.3 Business Transitions

In the event of a merger, acquisition, or transfer of assets, your personal data may be transferred as part of that transaction. We will provide notice before any such transfer takes effect and before your data becomes subject to a different privacy policy.

7. Data Retention

We retain your personal data only for as long as is necessary for the purposes set out in this policy, or as required by applicable law. In general:

• Enquiry and contact data is retained for up to 24 months from last contact
• Program participant records are retained for up to 7 years for audit and compliance purposes
• Anonymous, aggregated analytics data may be retained indefinitely

When personal data is no longer required, it is securely deleted or anonymised.

8. Your Rights Under the PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right of correction: You may request that we correct any inaccurate or incomplete personal data.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to limit processing: You may request that we stop using your data for direct communications at any time.

To exercise any of these rights, please contact us at [email protected] or in writing to our address above. We will respond to requests within 21 calendar days.

9. Cookies and Tracking Technologies

Our website uses cookies to improve user experience and gather anonymised analytics data. Please refer to our Cookie Policy for full details on the types of cookies used and how to manage your preferences.

We do not place non-essential cookies without your prior consent.

10. Security of Your Data

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include secure data storage, restricted access controls, and regular review of our information security practices.

However, no method of transmission over the internet or electronic storage is entirely secure. While we endeavour to protect your personal data, we cannot offer an unconditional assurance of absolute security.

11. Third-Party Websites and Links

Our website may contain links to external websites not operated by Pennybloom. Once you leave our site, this Privacy Policy no longer applies. We encourage you to review the privacy policies of any third-party websites you visit.

12. Data Relating to Children

Our programs and website are intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us promptly and we will take steps to delete the relevant information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Where changes are material, we may also provide notice by email or a prominent notice on our website. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Data Contact: Pennybloom
Email: [email protected]
Phone: +60 6-2831 4597
Address: 62 Jalan Hang Jebat, 75200 Melaka, Malaysia
Operating Hours: Mon–Fri 9:00am–6:00pm · Sat 9:00am–1:00pm