Legal
Privacy Policy
Last Updated: 7 March 2026
At Ilmu Vault, we regard the trust you place in us when sharing your personal information as something not to be taken lightly. This policy sets out, clearly and honestly, how we collect, use, and look after the information you provide — in full accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
1. Who We Are
Ilmu Vault is a financial education provider operating in Malaysia, with our principal place of business at 6 Persiaran KLCC, 50088 Kuala Lumpur. We are the data controller responsible for the personal information collected through this website and our programmes.
For questions relating to this policy or to your personal data, please write to us at privacy@ilmuvault.
2. What Personal Data We Collect
We collect personal data only when there is a clear reason to do so. The categories of data we may collect include:
- Contact details: full name, email address, and phone number — provided through our contact form or programme registration.
- Enquiry content: any message or question you submit through our website form.
- Technical data: IP address, browser type, pages visited, and session duration — collected automatically via analytics tools.
- Cookie preferences: your choices regarding cookie categories, stored locally on your device.
We do not collect sensitive personal data such as financial account numbers, identification documents, or medical information through this website.
3. How and Why We Use Your Data
| Purpose | Legal Basis (PDPA) |
|---|---|
| Responding to your enquiry or request | Consent / Contractual necessity |
| Processing programme registration and payment | Contractual necessity |
| Sending programme materials and session reminders | Contractual necessity |
| Informing you of related educational offerings | Consent (you may withdraw at any time) |
| Improving our website and content quality | Legitimate interest |
| Complying with legal and regulatory obligations | Legal obligation |
4. Data Retention
We keep your personal data only for as long as reasonably necessary:
- Enquiry data: 12 months from the date of enquiry if no programme enrolment follows.
- Programme participant data: 7 years from the end of the programme, in line with standard Malaysian record-keeping requirements.
- Analytics data: aggregated and anonymised; retained up to 26 months.
- Marketing consent records: retained until you withdraw consent, plus 1 year thereafter as an audit record.
5. Data Sharing
We do not sell your personal data. We may share it in specific, narrow circumstances:
- Service providers: email delivery, payment processing, or website hosting providers who operate under contractual data protection obligations.
- Analytics tools: Google Analytics (anonymised) to help us understand how our website is used.
- Legal authorities: when required by Malaysian law, court order, or regulatory directive.
6. Data Protection Measures
We take appropriate technical and organisational steps to keep your data safe:
Encrypted Transmission
All data submitted through our website is transmitted using HTTPS/TLS encryption.
Access Controls
Personal data is accessible only to staff members who need it to perform their role.
Regular Reviews
We periodically review our data handling practices and update them as needed.
Breach Response
In the event of a data breach, affected individuals will be notified in accordance with PDPA obligations.
7. Cookies
Our website uses cookies for functionality, analytics, and optional marketing purposes. You may set your preferences at any time through our Cookie Policy page, which includes interactive controls. Essential cookies cannot be disabled as they are necessary for the site to function correctly.
8. Your Rights Under the PDPA
Under Malaysia's Personal Data Protection Act 2010, you have the following rights with respect to your personal data:
To exercise any of these rights, please write to privacy@ilmuvault. We will respond within 21 days.
9. Third-Party Links
Our website may contain links to external resources or third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their individual privacy policies before sharing any information with them.
10. Children's Privacy
Our services are designed for adults aged 40 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted information through our website, please contact us promptly and we will take steps to remove that data.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in Malaysian law. When we do, the revised date at the top of this page will be updated. We encourage you to review this page periodically. Continued use of our website following any update constitutes your acknowledgement of the revised policy.
12. Contact for Data Matters
For any questions, concerns, or requests relating to your personal data, please reach out to us directly: