Legal
Privacy Policy
vellumcomes · Last Updated: 10 April 2025
1. Introduction
vellumcomes ("we", "our", "us") is committed to handling personal data responsibly and in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). This policy explains what personal data we collect from visitors to our website and participants in our programmes, how we use it, and the rights available to you.
This policy applies to all personal data we process in connection with our financial education programmes and this website. If you have questions about any aspect of this policy, please write to us at privacy@{{DOMAIN}}.
2. What Personal Data We Collect
We collect the following categories of personal data:
- Enquiry data: name, email address, and telephone number submitted via the contact form on our website.
- Programme registration data: name, email address, telephone number, and in some cases occupation or employer, collected when you register for a programme.
- Payment data: bank reference details associated with programme fees. We do not store card numbers.
- Website usage data: IP address, browser type, pages visited, and time spent, collected via cookies and server logs.
We do not collect sensitive personal data as defined under the PDPA unless you voluntarily provide it in a message or communication.
3. How We Collect Data
- Directly from you via the website contact form or programme registration form.
- Via cookies and similar tracking technologies when you visit the website.
- By telephone or email when you contact us directly.
4. Legal Basis for Processing
We process personal data on the following bases under the PDPA 2010:
- Consent: when you submit an enquiry form or register for a programme.
- Performance of a contract: to deliver a programme you have enrolled in and paid for.
- Legitimate interests: to respond to enquiries and to maintain appropriate records of our educational activities.
5. How We Use Personal Data
- To respond to your enquiries and provide information about our programmes.
- To process your programme registration and deliver the programme you have enrolled in.
- To send programme-related correspondence — confirmation, schedules, draft documents, and follow-up communications within the scope of your engagement.
- To maintain records required for accounting and compliance purposes.
- To improve our website based on aggregated, anonymised usage data.
We do not use personal data for direct marketing without your explicit consent, and we do not sell or share personal data with financial product providers or any third party for commercial purposes.
6. Data Retention
- Enquiry data (non-participants): retained for 12 months from the date of enquiry, then deleted.
- Programme participant data: retained for 7 years from the date of your last programme, as required for accounting records under Malaysian law.
- Website usage data: retained for up to 26 months in aggregated form.
7. Third-Party Services
We use a small number of third-party services that may process personal data on our behalf:
- Google Analytics: for website usage analysis. Data is anonymised and aggregated.
- Email service provider: for sending programme correspondence. We use a service based in the Asia-Pacific region.
We do not share personal data with insurers, investment platforms, financial institutions, or any party with a commercial interest in your financial decisions.
8. Cookies
We use essential cookies required for website function and optional analytics cookies. You can manage your cookie preferences at any time via our Cookie Policy page.
9. Data Protection Measures
- Data is transmitted over encrypted HTTPS connections.
- Access to personal data is limited to staff who require it to deliver programmes.
- Programme registration records are stored in password-protected systems.
- Paper documents containing personal data are stored in a locked filing area.
In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify the relevant authorities and affected individuals in accordance with our obligations under the PDPA 2010.
10. Your Rights Under Malaysian Law
Under the Personal Data Protection Act 2010, you have the following rights:
- Right of access: to request a copy of the personal data we hold about you.
- Right of correction: to request correction of inaccurate or incomplete personal data.
- Right to withdraw consent: to withdraw consent to processing where consent is the legal basis. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Right to limit processing: to request that we stop using your data for certain purposes.
To exercise any of these rights, write to us at privacy@{{DOMAIN}}. We will respond within 21 days.
If you are not satisfied with our handling of your request, you may contact the Personal Data Protection Department (JPDP) of Malaysia, the supervisory authority for data protection in this jurisdiction.
11. Children's Privacy
Our programmes are designed for adults aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted data to us, please contact us and we will delete it promptly.
12. Links to Other Websites
Our website may contain links to external resources. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.
13. Changes to This Policy
We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of our website or programmes after any update constitutes acceptance of the revised policy.
14. Contact
For any questions or requests relating to this policy:
- Email: privacy@{{DOMAIN}}
- Address: vellumcomes, No. 15 Jalan Sultan Idris Shah, Ipoh Old Town Square, 30000 Ipoh, Perak