Last updated: 10 July 2025
Privacy Policy
This policy describes how Gentle Bridge collects, uses and protects personal data. It is written to comply with Malaysia's Personal Data Protection Act 2010 (PDPA). If you have a question about your personal data, please write to [email protected].
1. Who We Are
Gentle Bridge is an adult education provider based at 12 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia. We run sessions and courses covering household records literacy and document organisation, and we provide consulting to institutions on intake process design. We are the data controller for personal data collected through this website and in connection with our sessions and courses.
2. Data We Collect
We collect personal data in two ways: when you contact us or complete an enquiry form, and when you attend a session or course.
Enquiry data: name, email address, telephone number (optional), message content.
Participant data: name, email address, session or course attended, payment record, and any materials produced during the session if retained with your consent.
Website data: cookies and browser data as described in our Cookie Policy. This may include IP address, pages visited, and device type.
We do not collect sensitive personal data such as health information, financial account details, or information about family proceedings. If you include such information in a message or session, we treat it as strictly confidential and do not retain it beyond what is necessary.
3. How We Use Your Data
- To respond to enquiries and explain how our sessions work
- To schedule sessions and courses and send confirmation
- To process payment and issue receipts
- To send materials related to a session you have registered for
- To improve our materials based on aggregate, anonymised feedback
- To comply with legal obligations including PDPA 2010
We do not use your data for marketing unless you have separately asked to receive updates from us, and we do not sell or rent your data to any third party.
4. Legal Basis for Processing
Under PDPA 2010, we process personal data on the following bases:
- Consent: for enquiry forms and optional cookies
- Contract: for data necessary to deliver a session or course you have registered for
- Legitimate interest: for improving session materials and maintaining session records
- Legal obligation: for financial records required under Malaysian law
5. Data Retention
Enquiry data is held for twelve months after the last contact, then deleted. Participant registration data is held for three years from the date of the session, for the purpose of providing records or receipts if requested. Payment records are held for seven years as required by Malaysian financial regulation. Website analytics data is anonymised after thirteen months.
6. Third Parties
We use the following third-party services, each of which has its own privacy policy:
- Email provider: for sending confirmation and session materials
- Payment processor: for processing session fees (we do not store card details)
- Website hosting: servers located in Malaysia or the ASEAN region
We do not share your personal data with third parties except as described above or as required by law.
7. Cookies
We use cookies to operate this website. Essential cookies are always active. Optional cookies (analytics and preference) are only set with your consent. You can manage cookie preferences at any time through our Cookie Policy page.
8. Your Rights Under PDPA 2010
Under Malaysia's Personal Data Protection Act 2010, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Withdraw consent to processing based on consent
- Request deletion of data we no longer need
- Object to processing for direct marketing (we do not conduct direct marketing without consent)
- Lodge a complaint with Malaysia's Department of Personal Data Protection
To exercise any of these rights, write to [email protected]. We will respond within 21 days.
9. Security
We take reasonable steps to protect personal data against loss, misuse, and unauthorised access. This includes password protection of records, encrypted email for sensitive correspondence, and limiting access to personal data to the staff member who needs it to complete the relevant task. If a data breach occurs that is likely to affect your rights, we will notify you and the Department of Personal Data Protection as required by law.
10. Children
Our sessions and courses are intended for adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, please contact [email protected] and we will delete it promptly.
11. Changes to This Policy
We may update this policy from time to time. The revised version will be posted on this page with an updated date at the top. If the changes are significant, we will send a notice by email to registered participants. Continued use of this website after changes are posted constitutes acceptance of the updated policy.
12. Contact
For privacy-related questions: [email protected]
For general enquiries: [email protected]
Gentle Bridge, 12 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia
Department of Personal Data Protection Malaysia: pdp.gov.my