Privacy Policy

1. Personal Data We Collect

We collect personal data that you provide to us directly, including:

• Name: To address you appropriately and personalise correspondence.
• Email address: For programme communications, confirmations, and follow-up.
• Phone number (optional): For scheduling and direct communication if you provide it.
• Message content: Information you share in our contact form or community platform.

We also collect non-personal technical data through cookies and analytics tools (see Section 5). We collect data when you submit our contact form, enrol in a programme, or participate in our community platform.

Legal basis: Consent (form submissions), contract performance (programme enrolment), and legitimate interest (website analytics).

Retention: Contact enquiry data is retained for up to 12 months. Programme participant data is retained for up to 3 years for administrative and certification purposes, then securely deleted.

2. How We Use Your Personal Data

We use your personal data only for purposes directly related to the services you've enquired about or enrolled in:

• Responding to your enquiries and booking requests
• Delivering and administering programme sessions
• Sending session reminders and relevant programme updates
• Issuing certificates of attendance where applicable
• Improving our website and programme content through aggregated analytics

We do not sell your personal data to third parties. We do not use your data for unsolicited marketing without your explicit consent.

3. Data Sharing with Third Parties

We may share limited data with the following types of service providers, solely to operate our services:

• Website hosting and infrastructure providers — for secure data storage.
• Analytics services (e.g. Google Analytics) — for understanding website usage patterns.
• Email communication tools — for delivering session confirmations and reminders.

All third-party providers are required to handle your data in accordance with applicable data protection law. We do not transfer your data outside of Malaysia without appropriate safeguards in place.

4. How We Protect Your Data

We take reasonable and practical steps to protect personal data from unauthorised access, loss, or misuse:

• HTTPS encryption for all data transmitted through our website
• Access controls limiting staff access to personal data on a need-to-know basis
• Secure hosting on reputable infrastructure with regular backups
• Internal data handling guidelines followed by all team members

In the event of a data breach that may affect your rights or interests, we will notify relevant parties as required under Malaysian law and take prompt corrective action.

5. Cookies

Our website uses cookies to improve your browsing experience and understand how visitors interact with our content. Cookies are small text files stored on your device.

We use essential cookies (required for site function), analytics cookies (to understand usage patterns), and preference cookies (to remember your settings). You can manage your cookie preferences at any time — see our Cookie Policy for full details.

6. Your Rights Under Malaysian PDPA

Under the Personal Data Protection Act 2010, you have the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you.
• Right to correct: Request correction of inaccurate or incomplete personal data.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
• Right to limit processing: Request that we restrict the use of your data in certain circumstances.
• Right to raise a complaint: Lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia if you believe your data rights have been violated.

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.

7. Third-Party Links

Our website may contain links to external websites or platforms. Florinora is not responsible for the privacy practices or content of those external sites. We encourage you to review the privacy policies of any sites you visit.

8. Children's Privacy

Our services are intended for individuals aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted personal data to us, please contact us at [email protected] and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. Continued use of our website or services after any change constitutes your acceptance of the updated policy. For significant changes, we will notify enrolled participants by email.