Stepwise House Get in Touch

Privacy Policy

Stepwise House

Last Updated: 10 April 2025

Stepwise House takes the handling of personal data seriously. This policy describes what personal data we collect, why we collect it, how we use it, and how individuals whose data we hold may exercise their rights under Malaysia's Personal Data Protection Act 2010 (PDPA 2010).

This policy applies to all individuals who enquire about, enrol in, or participate in any Stepwise House programme, as well as visitors to our website at stepwise.cyou. For questions about this policy, please contact us at [email protected].

1. Data Controller

The data controller for personal data processed under this policy is:

Stepwise House
No. 28, Jalan Tun Ismail, Shah Alam Grove,
40200 Shah Alam, Selangor, Malaysia
Email: [email protected]
Telephone: +60 3-5519 8246

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Data Provided Directly

  • Enquiry data: name, email address, telephone number, and any information provided voluntarily in an enquiry message.
  • Enrolment data: name, email address, telephone number, and programme selected.
  • Session-related notes: information shared during educational sessions, retained only with participant consent and treated with strict confidentiality.

2.2 Data Collected Automatically

  • Cookies and local storage: cookie consent preference stored in your browser's local storage. See Section 5 and our Cookie Policy for details.
  • Analytics data: if analytics cookies are accepted, aggregated usage data such as pages visited and session duration may be collected via Google Analytics.

2.3 Legal Basis for Processing

  • Processing enquiry and enrolment data is necessary to take steps prior to entering into a contract (PDPA 2010, Section 6(1)(b)).
  • Processing for programme delivery is necessary for the performance of a contract (PDPA 2010, Section 6(1)(b)).
  • Processing for analytics and marketing communications is based on consent (PDPA 2010, Section 6(1)(a)).

2.4 Data Retention

  • Enquiry data where no programme is commenced: deleted after 12 months.
  • Enrolment and programme completion records: retained for 5 years from the date of programme completion.
  • Financial transaction records: retained for 7 years as required under Malaysian law.
  • Analytics data: subject to the retention policy of the analytics provider (Google Analytics default: 26 months).

3. How We Use Personal Data

We use personal data for the following purposes:

  • Responding to enquiries about our programmes.
  • Administering programme enrolment and scheduling sessions.
  • Communicating session details, materials, and follow-up notes.
  • Sending programme-related administrative emails (e.g. payment confirmation, session reminders).
  • With explicit consent: sending information about new programmes or relevant updates from Stepwise House.
  • Improving our website based on aggregated, anonymised usage data.
  • Complying with legal and regulatory obligations applicable in Malaysia.

We do not use personal data for automated decision-making or profiling. We do not sell personal data to any third party. We do not share personal data with lenders, financial product providers, or marketing networks.

4. Data Sharing with Third Parties

We share personal data only in the following limited circumstances:

  • Service providers: email and scheduling tools used to administer sessions, bound by data processing agreements. These providers are not permitted to use personal data for their own purposes.
  • Analytics: if analytics cookies are accepted, anonymised usage data is shared with Google Analytics under Google's data processing terms.
  • Legal requirements: if required by Malaysian law, court order, or regulatory authority.

Any third-party service provider used by Stepwise House is selected with reasonable care and required to handle personal data in accordance with PDPA 2010.

5. Cookies

Our website uses cookies for essential functionality and, with your consent, for analytics purposes. Detailed information about the cookies we use is available in our Cookie Policy. You can manage your cookie preferences at any time through that page.

6. Data Protection Measures

  • Personal data is stored on password-protected systems with access limited to authorised staff.
  • Electronic communication of personal data uses encrypted channels where available.
  • Session notes and programme materials are stored securely and not accessible to third parties.
  • In the event of a data breach likely to cause harm to affected individuals, Stepwise House will notify those individuals and the relevant Malaysian supervisory authority as required under PDPA 2010.

7. Your Rights Under PDPA 2010

Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to personal data we hold about you:

  • Right of access: you may request confirmation of whether we process personal data about you and, if so, a copy of that data.
  • Right of correction: you may request that inaccurate or incomplete personal data be corrected.
  • Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Right to cease processing: in certain circumstances you may request that we stop processing your personal data.
  • Right to prevent processing for direct marketing: you may request at any time that we stop using your data for direct marketing purposes.

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days of receiving your request. There is no charge for reasonable requests.

If you are not satisfied with our response, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP).

8. Links to Third-Party Websites

Our website may contain links to external websites. Stepwise House is not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policy of any external site you visit.

9. Minimum Age

Stepwise House programmes are designed for adults aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us at [email protected] and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. We recommend checking this page periodically. Continued use of our website or services following a policy update constitutes acceptance of the revised policy.

11. Contact

For questions, requests, or concerns relating to this Privacy Policy or the handling of your personal data, please contact:

Stepwise House
No. 28, Jalan Tun Ismail, Shah Alam Grove,
40200 Shah Alam, Selangor, Malaysia
[email protected]
+60 3-5519 8246