Privacy Policy
Last Updated: 28 April 2025 | Effective: 28 April 2025
Bayu Sentosa ("we", "us", "our") is committed to protecting the personal data of all individuals who engage with our services. This policy explains what data we collect, how we use it, and what rights you have. It is prepared in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).
1. Data Controller
The data controller responsible for your personal data is:
Bayu Sentosa
175 Jalan Damansara, 50490 Kuala Lumpur, Malaysia
Email: [email protected]
2. Data We Collect
We may collect the following categories of personal data:
- Identity data: name, preferred form of address
- Contact data: email address, telephone number, postal address
- Enquiry and enrolment data: your programme interests, questions submitted via our contact form
- Technical data: IP address, browser type, operating system, pages visited — collected automatically via server logs and cookies
- Communications data: records of correspondence with us by email, phone, or in writing
We do not collect sensitive personal data (such as financial account numbers, health data, or government identity numbers) in the normal course of our operations.
3. How We Collect Data
- Directly from you: via our contact form, by email, or in person during programme enrolment
- Automatically: through cookies and server logs when you visit our website
- Third-party analytics: if analytics services are active, aggregated usage data may be collected subject to your cookie preferences
4. Legal Basis for Processing
We process your personal data on the following grounds under the PDPA:
- Consent: where you have submitted a form or agreed to receive communications from us
- Contract: where processing is necessary to fulfil a programme enrolment or related service
- Legitimate interest: for internal record-keeping, service improvement, and ensuring the security of our systems
5. How We Use Your Data
- To respond to enquiries and provide information about our programmes
- To process enrolments and manage participant records
- To send relevant updates about programmes (where you have consented)
- To improve the content and functionality of our website
- To comply with applicable legal and regulatory obligations
We do not use your personal data for automated decision-making or profiling.
6. Data Sharing
We do not sell, rent, or trade your personal data to any third party. We may share data in limited circumstances:
- With service providers who assist in operating our website or communication systems, strictly under data processing agreements
- Where required by Malaysian law or by order of a competent authority
We do not share participant data with financial institutions, product providers, or marketing agencies.
7. Data Retention
We retain personal data only for as long as necessary:
- Enquiry records: up to 12 months after last contact, unless enrolment follows
- Participant records: up to 5 years from programme completion, for administrative and feedback purposes
- Financial and transaction records: as required by Malaysian tax and accounting law (typically 7 years)
After the applicable retention period, data is securely deleted or anonymised.
8. Data Security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:
- HTTPS encryption for all web communications
- Access controls limiting data access to staff with a need to know
- Regular review of data handling practices
In the event of a data breach that is likely to cause harm, we will notify affected individuals and the relevant authority as required by applicable law.
9. Cookies
Our website uses cookies to function and to understand how visitors use the site. You can manage your cookie preferences at any time via our Cookie Policy page. Essential cookies cannot be disabled as they are required for the site to operate.
10. Your Rights
Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate or incomplete data
- Withdrawal of consent: withdraw consent for processing at any time, where processing is based on consent
- Restrict processing: ask us to limit use of your data in certain circumstances
- Complaint: lodge a complaint with Malaysia's Department of Personal Data Protection (JPDP) at www.pdp.gov.my
To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days.
11. Third-Party Links
Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.
12. Children's Privacy
Our programmes and website are intended for adults aged 18 and over. We do not knowingly collect personal data from minors. If you believe a minor has submitted data to us, please contact us and we will delete it promptly.
13. Updates to This Policy
We may update this policy periodically. Any material changes will be noted at the top of this page with a revised effective date. Continued use of our services after the update constitutes acceptance of the revised policy.
14. Contact Us
For any privacy-related questions or requests:
Bayu Sentosa
175 Jalan Damansara, 50490 Kuala Lumpur
Email: [email protected]
Phone: +60 3-2095 7438