Privacy Policy

1. Who We Are

Mintleaf is a financial education provider based in Kuala Lumpur, Malaysia. Our registered address is 36 Jalan Pudu, 55100 Kuala Lumpur. We operate educational programs for individuals and community educators, and we are the data controller in respect of personal data collected through our website and programs.

You can reach us at [email protected] or by calling +60 3-9285 4176.

2. Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

Contact and enquiry data

• Your name
• Email address
• Phone number (if provided)
• The content of any message or enquiry you submit to us

Program enrolment data

• Name, email, and contact details
• Professional background (where relevant to program eligibility)
• Payment records (processed via a third-party payment provider — we do not store card data)
• Attendance and participation records

Website usage data

• IP address (anonymised where possible)
• Browser type and version
• Pages visited and time spent
• Referring URL
• Cookie identifiers (see Section 9)

We do not collect sensitive personal data as defined by the PDPA (such as health information, racial or ethnic origin, or financial account credentials) unless expressly required and separately consented to.

3. How We Collect It

We collect your personal data through the following means:

• When you complete the contact form on our website
• When you register or enrol in a Mintleaf program
• When you correspond with us by email or telephone
• Automatically through cookies and analytics tools when you visit our website (subject to your consent preferences)

4. How We Use Your Data

We use the personal data we hold about you for the following purposes:

• To respond to your enquiries and communicate with you about our programs
• To process your enrolment and manage your participation in a program
• To send you program-related communications, schedules, and materials
• To process payments and issue receipts
• To improve the quality and relevance of our programs through anonymised feedback analysis
• To fulfil our legal and regulatory obligations
• To send occasional updates about new programs or events at Mintleaf, where you have consented to receiving such communications

We do not use your personal data for automated decision-making or profiling.

5. Legal Basis for Processing

Under the PDPA 2010, we process your personal data on one or more of the following grounds:

• Consent — where you have clearly indicated agreement to the processing, such as when submitting the contact form or opting into marketing communications
• Contract performance — where processing is necessary to deliver a program you have enrolled in
• Legitimate interests — where we have a legitimate business reason to process data and it does not override your rights, such as improving program quality using anonymised feedback
• Legal obligation — where we are required to retain records for compliance or statutory purposes

6. Data Sharing

Mintleaf does not sell, rent, or trade your personal data with any third parties for their marketing purposes.

We may share your data with the following parties only where necessary:

• Payment processors — to handle program enrolment payments securely. These providers are bound by their own data protection obligations.
• Email and communication tools — to send you program communications. These providers are selected for their security standards and data handling practices.
• Analytics providers — to understand website usage in aggregate and anonymised form (subject to your cookie preferences).
• Regulatory or legal authorities — where we are required to disclose data by law or court order.

Any third-party service provider that processes data on our behalf is subject to contractual obligations consistent with applicable data protection law.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law.

• Enquiry data — retained for up to 12 months from the date of last contact, unless you enrol in a program
• Program enrolment data — retained for up to 7 years following program completion, in line with Malaysian financial record-keeping requirements
• Payment records — retained for up to 7 years for tax and accounting purposes
• Marketing consent records — retained until you withdraw consent, and for up to 3 years thereafter as evidence of consent history
• Website analytics data — retained in anonymised or aggregated form; identifiable data is typically deleted within 26 months

When data is no longer needed, it is securely deleted or anonymised.

8. Your Rights

Under the PDPA 2010, you have the following rights in relation to the personal data we hold about you:

Right of access

You may request a copy of the personal data we hold about you. We will respond to access requests within 21 days.

Right to correction

If you believe any personal data we hold is inaccurate or incomplete, you may request that we correct it.

Right to withdraw consent

Where processing is based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

Right to limit processing

In certain circumstances, you may request that we cease using your data for specific purposes, such as direct marketing communications.

How to exercise your rights

To make any data rights request, please email us at [email protected] with the subject line "Data Rights Request". We may need to verify your identity before fulfilling the request.

If you have a concern about how we handle your data and we are unable to resolve it to your satisfaction, you may lodge a complaint with the Department of Personal Data Protection Malaysia (PDPD).

9. Cookies

Our website uses cookies and similar tracking technologies. Some cookies are strictly necessary for the website to function; others are used for analytics and performance measurement and are only placed with your consent.

A cookie preference panel is available on our website, allowing you to accept or decline non-essential cookies at any time.

For a full explanation of the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

10. Third-Party Services

Our website may use the following third-party services, each of which maintains its own privacy policy:

• Google Analytics — website traffic analysis. Data is anonymised and subject to Google's data processing terms.
• Google Maps — embedded maps to display our location. Google may collect data when you interact with map embeds.
• Google Fonts — typeface delivery via Google's CDN. Font requests may transmit limited technical data to Google's servers.
• Meta Pixel (Facebook) — conversion tracking, where consented to via cookie preferences.
• Microsoft Advertising (Bing) — conversion tracking, where consented to via cookie preferences.

We are not responsible for the privacy practices of third-party services. We encourage you to review their respective privacy policies if you have concerns.

11. Children's Privacy

Mintleaf programs are designed for adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data to us, please contact us and we will promptly delete the relevant records.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we provide. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website or services following any update constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us: