Privacy Policy

Sumora ("we", "us", "our") is committed to handling your personal information with care and transparency. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have. It applies to all services offered by Sumora, including workshops, the Habit Toolkit, the Steady Savings Programme, and our website at sumora.world.

If you have questions about this policy, please contact us at [email protected].

1. Who We Are

Sumora is a savings habits education studio registered in Malaysia, located at 15-A, Lebuh Pantai, 10300 George Town, Pulau Pinang. We are the data controller for personal information collected through our website and services.

2. What Personal Data We Collect

We may collect the following types of personal data:

• Contact information: name, email address, and phone number (when provided through our enquiry form).
• Programme registration details: name, contact information, and programme preferences when you register for a workshop or programme.
• Communication data: messages you send us via email or the website contact form.
• Website usage data: pages visited, browser type, device type, and IP address — collected via cookies and analytics tools (where consent is given).

We do not collect sensitive personal data such as identity card numbers, financial account details, or health information.

3. How We Collect Personal Data

• Through the contact and enquiry form on our website
• Through email correspondence
• During workshop or programme registration
• Via cookies and analytics tools on our website (subject to your consent)

4. Legal Basis for Processing

We process your personal data on the following legal bases under Malaysia's Personal Data Protection Act 2010 (PDPA):

• Consent: where you have provided explicit consent (e.g., submitting the contact form, accepting cookies).
• Contractual necessity: to fulfil our obligations when you register for and attend a programme.
• Legitimate interests: for internal analytics and improving our content and services.

5. How We Use Your Personal Data

• To respond to your enquiries and provide programme information
• To process and confirm your programme registration and payment
• To send you session reminders, materials, and post-session follow-ups
• To issue a certificate of attendance (Steady Savings Programme)
• To improve our website, content, and facilitation based on aggregated usage data
• To comply with legal obligations

We do not use your personal data for automated decision-making or profiling.

6. Data Sharing

We do not sell your personal data. We may share data with the following categories of third parties only as necessary to operate our services:

• Email service providers for sending session communications
• Analytics providers (e.g., Google Analytics) subject to your cookie consent
• Payment processors for programme fees (they hold payment data, not us)

All third parties we work with are required to handle data appropriately and are not permitted to use it for their own purposes.

7. Data Retention

We retain your personal data only as long as necessary for the purposes it was collected:

• Enquiry data: up to 12 months after last contact
• Programme registration records: up to 3 years for administrative and certification purposes
• Website analytics: up to 26 months (aggregated, anonymised where possible)

8. Cookie Information

Our website uses cookies. For details on what cookies we use and how to manage them, please see our Cookie Policy.

9. Your Rights

Under Malaysia's PDPA 2010, you have the right to:

• Access personal data we hold about you
• Correct inaccurate or incomplete personal data
• Withdraw consent for processing at any time (where consent is the legal basis)
• Request deletion of your personal data (subject to legal retention requirements)
• Opt out of direct marketing communications at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

10. Data Security

We use reasonable technical and organisational measures to protect your personal data, including encrypted email transmission, access controls, and limited staff access to personal records. In the event of a data breach that affects your rights, we will notify you as required by law.

11. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies separately.

12. Children's Privacy

Our services are intended for adults aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has submitted information to us, please contact us and we will remove it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via the website or by email to registered participants. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our services after a change constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related enquiries or to exercise your rights:

• Email: [email protected]
• Address: 15-A, Lebuh Pantai, 10300 George Town, Pulau Pinang, Malaysia
• Phone: +60 4-261 8093