Privacy Policy
Last Updated: 10 June 2025 · Effective: 10 June 2025
1. Introduction
Soft Anchor ("we", "us", "our") is committed to handling personal data with care. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have in relation to it. It applies to all visitors to our website and to all clients who use our preparation, facilitation, and records services in Melaka, Malaysia.
We operate in accordance with the Personal Data Protection Act 2010 (Malaysia) (PDPA). Questions about this policy should be addressed to [email protected].
2. Data We Collect
We collect personal data in the following circumstances:
- When you submit the contact form on our website: name, email address, phone number (optional), and message content.
- When you book or attend a session: name, contact details, and any information you choose to share during the preparation or facilitation process.
- When you visit our website: standard server logs including IP address, browser type, and pages accessed, collected automatically via hosting infrastructure.
- Cookies: preference data stored in your browser via our cookie consent system. See Section 5 and our Cookie Policy for details.
Legal basis for processing: Contact enquiries and service delivery are processed on the basis of your consent and on the basis of a contract or pre-contractual steps at your request. Server logs are processed on the basis of our legitimate interest in maintaining website security.
Retention: Contact form data is retained for 12 months from the date of last contact. Client session records are retained for 36 months from the close of the engagement, then deleted unless you direct otherwise. Server logs are retained for 90 days.
3. How We Use Personal Data
- To respond to enquiries submitted via the contact form.
- To arrange and deliver the preparation, facilitation, or records service you have requested.
- To produce and share session summaries, minutes, and records with the parties present in that session.
- To send administrative communications related to your booking (confirmation, rescheduling, close of programme).
- To improve our website based on anonymised usage data.
We do not use personal data for marketing without explicit consent. We do not sell, rent, or share personal data with any third party for commercial purposes.
4. Data Protection Measures
- Website traffic is encrypted via HTTPS.
- Contact form data is transmitted to our secure email system and not stored in any third-party database.
- Physical client records are stored in locked filing at our premises in Taman Melaka Raya. Access is limited to the coordinator assigned to the engagement.
- Digital records are stored on password-protected devices without cloud synchronisation to third-party services.
- In the event of a data breach affecting personal data, we will notify affected individuals within 72 hours of becoming aware of the breach, in accordance with PDPA obligations.
5. Cookies
Our website uses cookies to remember your consent preferences. Essential cookies are necessary for the site to function and cannot be declined. Optional cookies (analytics, marketing, preferences) are only placed with your consent. You can manage your preferences at any time via our Cookie Policy page.
6. Your Rights
Under the PDPA and general data protection principles, you have the following rights in relation to your personal data:
- Access: You may request a copy of the personal data we hold about you.
- Correction: You may request that inaccurate data is corrected.
- Erasure: You may request deletion of personal data we hold, subject to our legal obligations to retain certain records.
- Withdrawal of consent: Where processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
- Objection: You may object to processing based on legitimate interests.
To exercise any of these rights, contact us at [email protected]. We will respond within 21 days. If you are not satisfied with our response, you may refer a complaint to the Department of Personal Data Protection Malaysia (JPDP).
7. Third-Party Links
Our website may contain links to external resources, including the practitioner directory references we provide to clients. We are not responsible for the privacy practices of those external sites. We encourage you to review the privacy policy of any external site before providing personal data.
8. Children's Privacy
Our services are directed at adults aged 18 and over. We do not knowingly collect personal data from persons under 18. If you believe we have received data from a minor, please contact us at [email protected] and we will delete it promptly.
9. Policy Updates
We may update this policy from time to time. The date at the top of this page shows when it was last revised. Continued use of our website or services after an update constitutes acceptance of the revised policy. For material changes, we will notify clients directly by email where we hold a current address.
10. Contact
Data Controller: Soft Anchor
Address: 19 Jalan Merdeka, Taman Melaka Raya, 75000 Melaka, Malaysia
Email: [email protected]