Legal

Privacy Policy

Last Updated: 18 April 2025

Sumora ("we", "us", "our") is committed to handling personal data with care and transparency. This Privacy Policy describes what information we collect, how we use it, and the rights available to you under Malaysia's Personal Data Protection Act 2010 (PDPA). By using our website or services, you agree to the practices described in this document.

1. Data Controller

The data controller for personal information collected through this website and our sessions is:

Sumora
Unit 8-4, Heritage Tower, Jalan Raja Laut, 50350 Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3-2698 4715

2. Information We Collect

Information you provide directly

• Full name and email address (submitted via contact form)
• Phone number (optional, if you choose to provide it)
• Your message or enquiry
• Financial documents brought to sessions (bank statements, EPF statements) — reviewed during the session and not retained by Sumora beyond the duration of your engagement

Information collected automatically

• Browser type and operating system
• Pages visited and time spent on this website
• IP address (anonymised where possible)
• Cookie data — see our Cookie Policy for details

3. Legal Basis for Processing

We process personal data on the following bases under the PDPA 2010:

• Consent: Where you have submitted a contact form or agreed to receive communications from us.
• Contract performance: Where data is necessary to deliver a session or engagement you have booked.
• Legitimate interest: For improving this website and responding to general enquiries.

4. How We Use Your Information

• To respond to your enquiries and arrange session bookings
• To deliver the financial education sessions you have enrolled in
• To send confirmations, reminders, and post-session communications
• To improve our website content and session formats based on usage patterns
• To comply with any applicable legal obligations

We do not use your personal information to send unsolicited marketing. Any communication beyond your active engagement requires your explicit agreement.

5. Data Sharing

Sumora does not sell, rent, or trade personal data. We may share data only in these limited circumstances:

• Service providers: Hosting and email delivery services necessary for the operation of this website — bound by confidentiality obligations.
• Analytics: Anonymised website usage data may be processed by a third-party analytics provider.
• Legal requirement: If required by applicable Malaysian law or court order.

6. Data Retention

• Contact enquiry data: retained for up to 24 months unless you request earlier deletion.
• Session engagement records: retained for the duration of the engagement plus 12 months.
• Financial documents reviewed in session: not retained beyond the session itself.
• Website analytics data: retained in anonymised form for up to 26 months.

7. Data Protection Measures

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

• Encrypted transmission (HTTPS) for all website communications
• Password-protected internal systems with access limited to relevant staff
• Periodic review of data held and deletion of data no longer required
• Staff awareness of confidentiality obligations

In the event of a personal data breach that is likely to result in harm to affected individuals, we will notify the relevant parties in accordance with applicable law.

8. Cookies

This website uses cookies to understand visitor behaviour and to remember your cookie preferences. You can manage your cookie settings at any time via our Cookie Policy page.

9. Your Rights Under the PDPA 2010

Under Malaysia's Personal Data Protection Act 2010, you have the following rights:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to correction: You may request that inaccurate or incomplete data be corrected.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
• Right to prevent processing for direct marketing: You may opt out of any marketing communications at any time.
• Right to lodge a complaint: You may contact the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my if you believe your rights have been infringed.

To exercise any of these rights, write to us at [email protected]. We will respond within 21 days.

10. Third-Party Links

This website may contain links to external sites. Sumora is not responsible for the privacy practices of any third-party website. We encourage you to review the privacy policies of any site you visit.

11. Children's Privacy

Our services are intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted data to us, please contact [email protected] and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we do, we will update the "Last Updated" date at the top of this page. We encourage you to review this page periodically.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, please contact:

Sumora
Unit 8-4, Heritage Tower, Jalan Raja Laut, 50350 Kuala Lumpur
Email: [email protected]
Phone: +60 3-2698 4715