Privacy Policy

1. Introduction

Sundial House (referred to in this policy as "we," "us," or "our") is a financial education practice operating at No. 23, Jalan Gasing Indah, Gasing Garden Court, 46000 Petaling Jaya, Selangor, Malaysia. We take the privacy of anyone who contacts us or engages our programmes seriously.

This policy describes what personal data we collect, why we collect it, how long we keep it, and what your rights are under Malaysian law — in particular, the Personal Data Protection Act 2010 (PDPA). If you have questions about anything in this policy, please write to us at privacy@{{DOMAIN}}.

2. Data We Collect

We collect only the personal data that is necessary to respond to enquiries, confirm programme agreements, and deliver our services. This may include:

• Your name and contact details (email address, phone number) provided through our enquiry form or by direct communication
• Correspondence between you and our facilitators, including emails and written session notes
• Financial documents you share with us in the course of a programme — treated under separate confidentiality terms as described in your programme agreement
• Technical data collected automatically when you visit our website (browser type, pages visited, time on site) via cookies — see our Cookie Policy

We do not collect sensitive personal data beyond what is shared in the context of a programme, and we do not request data that is not relevant to the engagement.

3. Legal Basis for Processing

We process personal data on the following bases under the PDPA 2010:

• Consent — when you submit an enquiry form or agree to commence a programme, you consent to us holding and using your contact details to fulfil that enquiry or programme
• Contract performance — where processing is necessary to carry out a signed programme agreement
• Legitimate interest — for website analytics and service improvement, where our interest does not override your privacy rights

4. How We Use Your Data

• To respond to your enquiry and schedule an introductory conversation
• To confirm, administer, and deliver your programme
• To send written programme materials and deliverables to you
• To contact you regarding your programme or a follow-up annual review session (if you have completed the Household Picture Engagement)
• To understand how visitors use our website and improve our content

We do not use your data for marketing communications without your explicit consent, and we do not share your data with financial product providers, insurance companies, or any third party for commercial purposes.

5. Data Retention

We retain personal data only for as long as is necessary:

• Enquiry records not resulting in a programme: up to 12 months from the date of the last contact
• Programme participant records: up to 7 years from the completion of the programme, to comply with applicable record-keeping obligations
• Financial documents shared during sessions: as specified in your programme agreement; not retained beyond the scope of the engagement without explicit consent
• Website analytics data: anonymised after 26 months

6. Data Protection Measures

We take reasonable steps to protect the personal data we hold:

• Electronic records are stored on password-protected systems with restricted access
• Physical documents are stored securely and not accessible to unauthorised persons
• Facilitators are bound by written confidentiality agreements
• In the event of a data breach likely to affect your rights, we will notify you within a reasonable time as required by law

7. Cookies

Our website uses cookies to understand how visitors interact with our pages. Essential cookies are always active. Optional analytics and preference cookies may be enabled or declined through our Cookie Policy page, where you can manage your preferences at any time.

8. Third-Party Services

We use the following third-party services that may process data in connection with our website:

• Google Analytics — website usage analytics (anonymised; subject to Google's privacy policy)
• Google Maps — location map embed on our homepage (no personal data transmitted)

We do not sell, rent, or trade personal data with any third party. We do not share personal data with financial product providers or advertising platforms.

9. Your Rights

Under the Personal Data Protection Act 2010 (Malaysia) and related regulations, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete personal data
• Withdraw your consent to processing (where processing is based on consent)
• Request that we cease processing your data for direct marketing purposes
• Lodge a complaint with the Department of Personal Data Protection (PDPD) if you believe your rights under the PDPA have been infringed

To exercise any of these rights, please write to privacy@{{DOMAIN}}. We will respond within 21 days.

10. Links to Other Websites

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

11. Children's Privacy

Our programmes and website are intended for adults aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted data to us, please contact us promptly at privacy@{{DOMAIN}}.

12. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. Continued use of our website or services after any change constitutes acceptance of the revised policy.