1. Who we are
Morpho Studio is a financial education practice operating from Lot 3-7, Tropicana City Mall, Persiaran Tropicana, 47410 Petaling Jaya, Selangor, Malaysia. We offer structured educational programmes and long-horizon planning engagements for individuals, couples, and households.
For the purposes of the Personal Data Protection Act 2010 (PDPA), Morpho Studio is the data user in respect of personal data collected through this website and through our programme enrolment process. If you have any questions about how we handle your information, please write to us at [email protected].
2. Data we collect
We collect personal data in two ways: information you provide to us directly, and information gathered automatically when you use this website.
Information you provide
- Your full name
- Your email address
- Your telephone number (if you choose to include it)
- The content of any message you send via our contact form
- Information shared during consultation sessions, which may include financial circumstances and household details relevant to your planning engagement
Information collected automatically
- Pages visited and time spent on each page (via analytics cookies)
- Approximate location based on IP address (country or city level only)
- Browser type and operating system
- The website that referred you to ours, if applicable
3. How we use your data
We use the personal data we collect for the following purposes:
- Responding to your enquiry and arranging an introductory conversation
- Delivering the educational programme or planning engagement you enrol in
- Sending you information relevant to your programme, such as session reminders and follow-up materials
- Improving the content and structure of this website based on aggregated usage data
- Maintaining records as required for legitimate business and legal purposes
We do not use your personal data to send unsolicited marketing communications. If you would like to receive occasional updates about our programmes, we will ask for your explicit consent separately.
4. Legal basis for processing
Under the PDPA, we process your personal data on the following grounds:
Consent
When you complete and submit our contact form, you consent to us processing your data to respond to your enquiry. You may withdraw this consent at any time by writing to us.
Contract performance
Once you enrol in a programme, processing your data is necessary to deliver the sessions you have engaged us for.
Legitimate interests
We have a legitimate interest in understanding how our website is used in aggregate so we can improve it. We use analytics data for this purpose only in anonymised or pseudonymised form.
5. Data sharing and third parties
We do not sell or trade your personal data. We may share limited data with the following categories of service provider, strictly for the purposes described:
- Analytics providers โ We use Google Analytics to understand aggregate website usage. Data is pseudonymised and we do not enable advertising features or cross-site tracking.
- Email service providers โ If we use a third-party platform to send session reminders or programme materials, we will ensure it complies with applicable data protection standards.
- Legal or regulatory authorities โ We may disclose data if required to do so by law or by a competent authority under Malaysian law.
All third-party providers we engage are required to handle your data in a manner consistent with our obligations under the PDPA.
6. How we protect your data
We take reasonable technical and organisational steps to protect personal data from unauthorised access, loss, or disclosure, including:
- TLS encryption for all data transmitted through this website
- Access controls limiting who within our team can view client data
- Secure storage for any written materials produced during planning engagements
- Regular review of data handling practices
In the event of a data breach that poses a risk to individuals, we will notify affected parties and, where required, the relevant Malaysian authorities in a timely manner.
7. Cookies
This website uses cookies to function properly and to gather anonymised usage information. We request your consent before placing any non-essential cookies.
For full details of the cookies we use and how to manage your preferences, please read our Cookie Policy.
8. How long we keep your data
| Data type |
Retention period |
| Contact form enquiries | 24 months from last contact, then deleted |
| Programme participant records | 7 years from programme completion, for record-keeping purposes |
| Analytics data | 26 months, per Google Analytics default settings |
| Cookie consent records | 12 months in your browser's local storage |
You may request early deletion of your data at any time. See Section 9 for how to do so.
9. Your rights
Under the PDPA and applicable privacy standards, you have the following rights in respect of your personal data:
Right of access โ You may request a copy of the personal data we hold about you.
Right to correction โ You may ask us to correct any inaccurate or incomplete data.
Right to erasure โ You may request that we delete your personal data where there is no longer a lawful basis for us to hold it.
Right to withdraw consent โ Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of earlier processing.
Right to object โ You may object to processing carried out on the basis of our legitimate interests.
Right to restrict processing โ In certain circumstances, you may ask us to limit how we use your data.
To exercise any of these rights, please write to [email protected]. We will respond within 21 days. If you are not satisfied with our response, you may raise a complaint with the Department of Personal Data Protection Malaysia (pdp.gov.my).
10. Children's privacy
Our programmes are designed for adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently received information from a minor, please contact us at [email protected] and we will delete it promptly.
11. External links
This website may contain links to external resources or organisations. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party websites you visit.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we do, we will revise the "Last updated" date at the top of this page.
If the changes are material, we will take reasonable steps to bring them to your attention โ for example, by displaying a notice on the website. Continued use of the website after the effective date of any update constitutes acceptance of the revised policy.