Legal
Privacy Policy
Last Updated: 15 May 2025 · Effective: 15 May 2025
Mindforge ("we", "us", "our") operates from Suite 8-A, Jalan Tun Mustapha, 88000 Kota Kinabalu, Sabah, Malaysia. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website or enquire about or enrol in our courses. We handle personal data in accordance with the Personal Data Protection Act 2010 (Malaysia) (PDPA).
1. Introduction
We are committed to handling the personal data you share with us carefully and only for the purposes set out here. If you have questions about this policy, contact us at [email protected].
2. Data We Collect
2.1 Information you provide directly
- Name and email address (submitted via the contact or enquiry form)
- Phone number (if provided voluntarily)
- Message content submitted via the contact form
- Course-related communications — questions, notebook submissions, feedback correspondence
2.2 Information collected automatically
- Browser type and device information via standard web server logs
- Pages visited and approximate session duration
- Cookie data, where consent is given (see our Cookie Policy)
2.3 Information we do not collect
We do not collect payment card details directly — payment processing, where applicable, is handled by a third-party payment service under their own privacy terms.
3. How We Use Your Data
We use personal data only for the following purposes:
- Responding to enquiries about courses and cohort availability
- Managing enrolment and course delivery
- Communicating about course schedules, materials, and updates
- Providing feedback on submitted notebooks and projects
- Improving the course content and website based on aggregate usage patterns
- Complying with applicable legal obligations
We do not use your personal data for behavioural advertising or profiling, and we do not sell or share it with third-party marketing services.
4. Legal Basis for Processing
We process personal data on the following grounds under Malaysian law:
- Your consent, where given (e.g. when you submit an enquiry form or agree to cookies)
- Performance of a contract, where processing is necessary to deliver a course you have enrolled in
- Legitimate interests, where processing is necessary for routine communications and website operation, where those interests are not overridden by your rights
5. Data Retention
Enquiry data is retained for twelve months from the date of submission unless it leads to an enrolment. Enrolment and course data is retained for three years after course completion for the purpose of issuing completion records on request. You may request deletion earlier — see Section 8.
6. Data Protection Measures
- Data in transit is encrypted using TLS
- Access to personal data is restricted to team members who require it for their role
- We review access permissions periodically
- In the event of a data breach affecting your personal data, we will notify you as required under applicable Malaysian law
7. Cookies
We use cookies for basic site functionality and, where consent is given, for analytics. See our Cookie Policy for details on types used, duration, and how to manage preferences.
8. Your Rights
Under the PDPA and applicable data protection principles, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request deletion of your data (subject to our legal retention obligations)
- Withdraw consent where processing is based on consent
- Object to processing in certain circumstances
To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.
9. Third-Party Links
Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies before providing personal data.
10. Children's Privacy
Our courses are intended for adults aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted data through our site, contact us and we will delete it promptly.
11. International Data Transfers
Data is primarily stored and processed within Malaysia. Where third-party services process data outside Malaysia (for example, analytics or cloud hosting providers), we ensure appropriate safeguards are in place consistent with the PDPA.
12. Policy Updates
We may update this policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the site after a change constitutes acceptance of the revised policy.
13. Contact
For privacy-related queries:
- Email: [email protected]
- Address: Suite 8-A, Jalan Tun Mustapha, 88000 Kota Kinabalu, Sabah, Malaysia
- Phone: +60 88-244 7185