Privacy Policy

Ravel Studio  ·  Last updated: 18 April 2025

1. Introduction

Ravel Studio ("we", "us", "our") is committed to protecting the personal data of individuals who enquire about or participate in our financial education programmes. This policy explains what data we collect, how we use it, and what rights you have in relation to it.

This policy applies to the website at ravelstu, our email correspondence, and any personal data shared with us in the context of programme enquiries, enrolments, or sessions.

Ravel Studio operates under the Personal Data Protection Act 2010 (PDPA) of Malaysia. Data controller: Ravel Studio, No. 18, Jalan Stadium, Taman Bukit Kempas, 81200 Johor Bahru, Johor, Malaysia.

2. Data We Collect

2.1 Information you provide directly

• Name and email address (required for programme enquiries and correspondence)
• Phone number (if provided voluntarily)
• Information about your household's financial situation — shared only within sessions and held in confidence
• Any written communications you send to the studio

2.2 Information collected automatically

• Standard website analytics data (pages visited, session duration) via cookies — only if you have consented
• Technical data: IP address, browser type, device type (collected by the server)

2.3 Legal basis for processing

• Consent — for marketing communications and non-essential cookies
• Contract — to fulfil a programme you have enrolled in
• Legitimate interest — for responding to general enquiries
• Legal obligation — where required by Malaysian law

2.4 Retention periods

• Enquiry data (not enrolled): deleted after 12 months
• Programme participant data: retained for 3 years after the programme concludes
• Financial information discussed in sessions: not retained in written form beyond what is produced in the programme itself
• Analytics data: retained for 14 months then deleted

3. How We Use Your Data

• To respond to programme enquiries
• To schedule and administer programme sessions
• To produce written materials during a programme (retained by the participant)
• To send post-programme follow-up correspondence (included in programme fee)
• To improve our website based on aggregated, anonymised analytics
• To comply with legal obligations under Malaysian law

We do not use your data for advertising, and we do not sell your data to any third party. We do not share your data with financial product providers, insurers, or any institution that might use it for commercial purposes.

4. Third-Party Services

We use a small number of third-party services to operate the website and deliver online sessions:

• Google Analytics (if consented): anonymised usage statistics. Google's privacy policy applies.
• Video call platform: for online sessions. No session content is recorded unless explicitly agreed with the participant.
• Email service provider: for correspondence. Messages are transmitted securely.

We do not embed social media trackers or advertising pixels on our website.

5. Data Security

• Website served over HTTPS (TLS encryption)
• Session-related financial information is not stored in shared systems
• Access to participant data is restricted to the facilitator and studio coordinator directly involved in the programme
• In the event of a data breach affecting your personal data, we will notify affected parties within 72 hours of becoming aware, in accordance with our obligations under Malaysian law

6. Cookies

We use essential cookies (required for the website to function) and, with your consent, analytics cookies. You can manage your cookie preferences at any time on our Cookie Policy page.

7. Your Rights

Under the Malaysian Personal Data Protection Act 2010, you have the following rights:

• Right to access: Request a copy of the personal data we hold about you
• Right to correction: Request that inaccurate data be corrected
• Right to withdraw consent: Withdraw consent for processing at any time without affecting lawfulness of prior processing
• Right to prevent processing: Object to your data being used for purposes other than those you consented to
• Right to erasure: Request deletion of your personal data where we no longer have a legal basis to hold it

To exercise any of these rights, contact us at privacy@ravelstu. We will respond within 21 days.

If you are dissatisfied with our handling of your request, you may contact the Personal Data Protection Commissioner, Malaysia (under the Ministry of Digital).

8. External Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies separately.

9. Children's Privacy

Our programmes are designed for adults aged 18 and over. We do not knowingly collect personal data from minors. If you believe we have inadvertently received data from a person under 18, please contact us immediately at privacy@ravelstu.

10. Changes to This Policy

If we make material changes to this policy, we will post the updated version on this page and update the "Last updated" date above. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

11. Contact

For any privacy-related enquiry or to exercise your data rights:

• Email: privacy@ravelstu
• Post: Ravel Studio, No. 18, Jalan Stadium, Taman Bukit Kempas, 81200 Johor Bahru, Johor, Malaysia