Privacy Policy
Nestbloom ("we", "us", "our") is committed to handling your personal information responsibly and in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). This policy explains what data we collect, why we collect it, how we use it, and what rights you have in relation to it.
This policy applies to all personal data you provide when you use our website at nestbloo.world, enquire about our programmes, or attend one of our sessions.
1. Data Controller
The data controller for personal information collected through this website and through our session services is Nestbloom, located at 51 Jalan Tunku Abdul Rahman, 50100 Kuala Lumpur, Malaysia. For data-related enquiries, please contact us at [email protected].
2. What Personal Data We Collect
We collect personal data in the following circumstances:
- Contact form submissions: name, email address, and phone number (optional), and any information you include in your message.
- Session bookings: name, contact details, and any accessibility or scheduling information you provide.
- Website usage: technical data collected through cookies, including pages visited and approximate location. See our Cookie Policy for details.
We do not collect or retain any personal documents you bring to a session. All documents leave with the participant at the end of every appointment.
3. How We Use Your Data
- To respond to your enquiry and communicate about your session booking.
- To schedule and manage sessions, including accessibility arrangements.
- To send service-related information you have requested.
- To improve our website and services using anonymised analytics data.
- To comply with applicable legal obligations.
We do not use your data for unsolicited marketing without your consent, and we do not sell your data to any third party.
4. Legal Basis for Processing
- Consent: where you have provided explicit consent, such as when submitting our contact form.
- Contract: where processing is necessary to fulfil a booking or session you have requested.
- Legitimate interests: for website analytics and security, where those interests are not overridden by your rights.
- Legal obligation: where we are required to retain records under Malaysian law.
5. Data Retention
We retain contact and booking records for up to three years from the date of your most recent contact with us, after which they are securely deleted. Website analytics data is retained in anonymised form for up to two years. You may request deletion of your data at any time — see section 8 below.
6. Data Security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, disclosure, or loss. These include:
- Secure HTTPS encryption for all website data transmission.
- Access controls limiting who can view personal data internally.
- Regular review of data handling procedures.
In the event of a data breach affecting your rights or interests, we will notify you and the relevant authority as required by applicable law.
7. Third-Party Services
We may use the following third-party services that process data on our behalf:
- Analytics: tools such as Google Analytics may collect anonymised usage data. You may opt out through our cookie consent settings.
- Email delivery: third-party email service providers used to send you replies and booking confirmations.
We do not share your personal data with advertisers or unrelated third parties.
8. Your Rights Under Malaysian PDPA
Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:
- Request access to the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Withdraw consent to processing at any time (without affecting lawfulness of prior processing).
- Request that we stop processing your data for direct marketing purposes.
- Request deletion of your data, subject to any legal retention obligations.
To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days.
9. Cookies
We use cookies on this website. For full details of which cookies we use and how to manage your preferences, please see our Cookie Policy.
10. Links to External Websites
Our website may contain links to third-party sites, including official Malaysian government portals. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.
11. Children's Privacy
Our services are intended for adults aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or applicable law. The updated version will be published on this page with a revised date. Continued use of our website or services after any change constitutes acceptance of the updated policy.
13. Contact for Privacy Matters
For any questions about this policy or how we handle your data, please contact: Nestbloom, 51 Jalan Tunku Abdul Rahman, 50100 Kuala Lumpur, Malaysia. Email: [email protected].