Privacy Policy
Business: Yonderfold · Last Updated: 10 June 2025 · Effective Date: 10 June 2025
Questions about this policy: [email protected]
1. Introduction
Yonderfold ("we", "us", "our") is committed to handling personal data responsibly. This policy explains what data we collect, how we use it, and what rights you hold in relation to it. It applies to all data collected through our website, contact forms, and during the provision of our facilitation services.
We operate under Malaysian law, including the Personal Data Protection Act 2010 (PDPA). By using our services or website, you acknowledge this policy.
2. Data We Collect
We collect only what is necessary to provide our services and respond to enquiries.
Information you provide
- Name and contact details (email address, phone number)
- The nature of your enquiry or session request
- Documents you voluntarily provide in the course of the Atlas Programme (these remain your property)
Information collected automatically
- Basic browser and device information (via cookies, where consent is given)
- Pages visited and time spent on the website (aggregated analytics)
- IP address (for security and fraud prevention)
Legal basis for processing
We process personal data on the basis of: your consent (for marketing communications and non-essential cookies); the performance of a service agreement (for delivering facilitation sessions); and our legitimate interests (for website security and improving service quality).
Retention periods
Contact enquiries are retained for 12 months. Session records (minutes, agendas) are retained for 24 months from the final session date or until you request deletion, whichever comes first. Documents provided in the Atlas Programme are returned to the family on programme completion and are not retained by Yonderfold.
3. How We Use Personal Data
- To respond to enquiries and arrange sessions
- To deliver facilitation services and produce session records
- To communicate about your engagement (scheduling, session materials)
- To improve our website and services using aggregated, anonymised data
- To comply with legal obligations under Malaysian law
We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use your data for automated decision-making or profiling.
4. Data Protection Measures
- Data is stored on password-protected systems with restricted access
- Our website uses HTTPS encryption for all data in transit
- Internal access to personal data is limited to staff who require it for their role
- In the event of a data breach affecting your data, we will notify you within 72 hours where required by law
- We review our data security practices annually
5. Cookies
We use cookies for essential website functions, optional analytics (to understand how the site is used), and preference storage. Essential cookies are set automatically; analytics and preference cookies require your consent.
For full details, see our Cookie Policy. You can update your cookie preferences at any time through that page.
6. Your Rights
Under the Malaysian Personal Data Protection Act 2010, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request that inaccurate or incomplete data be corrected
- Withdrawal of consent — withdraw consent for processing at any time (this does not affect processing carried out before withdrawal)
- Objection — object to the processing of your data for direct marketing purposes
- Erasure — request deletion of personal data where we no longer have a lawful basis to retain it
To exercise any of these rights, write to us at [email protected]. We will respond within 21 days. If you are dissatisfied with our response, you may contact the Department of Personal Data Protection Malaysia (JPDP).
7. Third-Party Links
Our website may contain links to external websites, including resources and practitioner directories. We are not responsible for the privacy practices of those sites. We recommend reading the privacy policy of any external site before providing personal data.
8. Children's Privacy
Our services are directed at adults aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will delete it promptly.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated by a notice on our website homepage for at least 30 days before taking effect. The date at the top of this page reflects the most recent revision. Continued use of our services after changes take effect constitutes acceptance of the updated policy.
10. Contact for Data Enquiries
Data Controller: Yonderfold
Address: 8-2 Jalan Kemuja, Bangsar Utama, 59000 Kuala Lumpur, Malaysia
Email: [email protected]
Governing law: Personal Data Protection Act 2010 (Malaysia)