Privacy Policy

1. Introduction

Halcyon Ledger ("we", "us", "our") is committed to protecting the personal data of individuals who interact with our programmes and website. This Privacy Policy explains what personal data we collect, why we collect it, how it is used and protected, and what rights individuals hold under applicable Malaysian law.

This policy applies to data collected through our website at https://halcyonl.live, our programme enrolment process, and any other communication with Halcyon Ledger. By using our website or enquiring about our programmes, you acknowledge the practices described here.

2. Data We Collect

We collect only the personal data necessary to process programme enquiries and manage enrolment. This may include:

• Full name and contact details (email address, phone number)
• Business type or industry (for programme matching purposes)
• Enquiry content submitted through our contact form
• Technical data collected automatically (IP address, browser type, pages visited) via analytics cookies where consent has been given

We do not collect financial account details, identity card numbers, or sensitive personal data as defined under the Personal Data Protection Act 2010 (PDPA) unless expressly required and consented to for a specific purpose.

3. How We Use Your Data

Personal data is used for the following purposes:

• Responding to programme enquiries and providing enrolment information
• Managing programme participation and communicating about sessions
• Sending relevant programme updates where consent has been given
• Improving our website and programmes using anonymised analytics data
• Complying with legal obligations under Malaysian law

We do not use personal data for automated decision-making or profiling, and we do not sell personal data to third parties.

4. Legal Basis for Processing

Under the PDPA and in alignment with general data protection principles, our legal bases for processing personal data are:

• Consent — where you have submitted an enquiry or agreed to receive communications
• Legitimate interest — for internal record-keeping and programme administration
• Legal obligation — where required to comply with Malaysian law

5. Data Retention

Enquiry records are retained for up to 24 months after last contact. Programme participant records are retained for up to 7 years for administrative purposes. Analytics data is retained in aggregated, anonymised form. You may request deletion at any time — see Section 9.

6. Data Sharing

We do not share personal data with third parties for commercial purposes. Limited sharing may occur with:

• Service providers assisting with website hosting or email delivery, bound by data processing agreements
• Regulatory authorities if required by law

All third-party service providers are required to handle personal data in a manner consistent with this policy.

7. Data Security

We take reasonable technical and organisational measures to protect personal data from unauthorised access, disclosure, or loss. These include access controls on internal systems, secure data transmission via HTTPS, and restricted internal access to personal data on a need-to-know basis.

In the event of a data breach that is likely to result in risk to individuals, we will notify affected parties and relevant authorities as required under applicable law.

8. Cookies

Our website uses cookies to support basic functionality and, where consent is given, to collect analytics data. See our Cookie Policy for full details on cookie types, purposes, and how to manage your preferences.

9. Your Rights Under Malaysian Law

Under the Personal Data Protection Act 2010, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Withdraw consent for processing at any time
• Request that we cease processing your data for direct communications

To exercise any of these rights, please contact us at [email protected] or by post to the address below. We will respond within 21 days.

10. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any external sites you visit.

11. Children's Privacy

Our programmes are intended for adults aged 18 and above who operate or manage small businesses. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that such data has been submitted, it will be deleted promptly.

12. Changes to This Policy

We may update this policy from time to time. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of our website or services after any revision constitutes acceptance of the updated policy. We encourage you to review this page periodically.

13. Contact

For any privacy-related enquiries, requests, or complaints, please contact: