Privacy Policy
How we protect and manage your personal information
1. Introduction and Scope
prismatheolux ("we," "us," or "our") operates prismatheolux.sbs, a progressive muscle relaxation and self-development platform. This privacy policy explains how we collect, use, store, and protect your personal information when you visit our website or use our services in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA) and international data protection standards.
By accessing our website or using our services, you acknowledge that you have read, understood, and agree to the practices described in this privacy policy. If you disagree with any part of this policy, please discontinue use of our services immediately.
Important: This policy applies to all users of our platform, regardless of location. We are committed to maintaining the highest standards of data protection and transparency in all our operations.
2. Information We Collect
We collect various types of information to provide and improve our progressive muscle relaxation services. The information we gather falls into several categories, each serving specific purposes for service delivery and enhancement.
| Information Type | Examples | Collection Method |
|---|---|---|
| Personal Identifiers | Name, email address, phone number | Registration forms, contact forms |
| Technical Data | IP address, browser type, device information | Automatic collection via cookies |
| Usage Information | Pages visited, time spent, interaction patterns | Analytics tools and server logs |
| Communication Data | Messages sent through our platform, feedback | Contact forms, support requests |
| Progress Data | Course completion, relaxation session history | Platform usage tracking |
- Information you provide directly when creating an account or contacting us
- Automatically collected data through cookies and similar technologies
- Information from third-party services you choose to connect with our platform
- Feedback and reviews you submit about our relaxation programs
- Payment information processed through secure third-party payment processors
3. How We Use Your Information
Your personal information serves multiple purposes in delivering our progressive muscle relaxation services. We process your data based on legitimate business interests, contractual obligations, and your explicit consent where required.
Primary uses include providing personalized relaxation experiences, maintaining your account, processing enrollments for our learning programs, and communicating important service updates. We also analyze usage patterns to improve our platform's effectiveness and develop new features that better serve our community.
- Delivering personalized progressive muscle relaxation sessions and recommendations
- Processing enrollments and managing your participation in our self-development programs
- Sending important notifications about your account, course updates, and platform changes
- Providing customer support and responding to your inquiries promptly
- Analyzing platform usage to improve our services and develop new features
- Ensuring platform security and preventing fraudulent or unauthorized access
- Complying with legal obligations under Malaysian and international law
- Conducting research to enhance the effectiveness of relaxation techniques
We never sell your personal information to third parties. Any data sharing occurs only with your explicit consent or as required by law, and always with appropriate safeguards in place.
4. Your Privacy Rights
Under Malaysia's Personal Data Protection Act 2010 and international privacy standards, you have several important rights regarding your personal information. We are committed to honoring these rights and providing you with full control over your data.
Right to Access
Request a complete copy of all personal information we hold about you, including how it's being used and with whom it's shared.
Right to Rectification
Correct any inaccurate or incomplete personal information in our systems at any time through your account settings or by contacting us.
Right to Erasure
Request deletion of your personal information when it's no longer necessary for the purposes for which it was collected.
Right to Portability
Receive your personal data in a structured, commonly used format that allows you to transfer it to another service provider.
Right to Restrict Processing
Limit how we use your personal information in certain circumstances while maintaining your account access.
Right to Object
Withdraw consent for specific processing activities, including marketing communications and data analysis for service improvement.
To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within 21 days as required by Malaysian law, though we often respond much faster. Some requests may require additional verification to protect your privacy and security.
5. Data Storage and Security
We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security framework includes both technical and organizational measures designed to maintain data integrity and confidentiality.
All sensitive data is encrypted both in transit and at rest using industry-standard encryption protocols. We regularly update our security systems and conduct vulnerability assessments to ensure continued protection against emerging threats.
- SSL/TLS encryption for all data transmitted between your device and our servers
- Advanced encryption standards (AES-256) for data stored in our databases
- Multi-factor authentication requirements for administrative access
- Regular security audits and penetration testing by independent security firms
- Restricted access controls ensuring only authorized personnel can access personal data
- Secure backup systems with encrypted off-site storage for disaster recovery
- Employee training programs on data protection and security best practices
- Incident response procedures for rapid containment of any potential security breaches
While we maintain robust security measures, no system is completely immune to security risks. We encourage users to maintain strong passwords and promptly report any suspicious account activity.
6. Data Retention and Deletion
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy policy, comply with legal obligations, resolve disputes, and enforce our agreements. Different types of data have different retention periods based on their purpose and legal requirements.
Retained while your account is active and for 3 years after account closure to comply with business records requirements and handle any disputes.
Maintained for 5 years to support your learning journey and provide continuity if you return to our platform after a break.
Support messages and feedback retained for 2 years to improve our services and provide context for ongoing support needs.
Server logs and analytics data automatically deleted after 12 months unless required for security investigations or legal compliance.
Maintained indefinitely until you withdraw consent, allowing us to respect your communication preferences across all interactions.
When personal information reaches the end of its retention period, we securely delete or anonymize it using industry-standard data destruction methods. You may request earlier deletion of your information by exercising your right to erasure, subject to any legal obligations that require us to retain certain data.
7. Third-Party Services and Data Sharing
We work with carefully selected third-party service providers to deliver our progressive muscle relaxation services effectively. These partnerships are governed by strict data protection agreements that ensure your information receives the same level of protection as when processed directly by us.
We never sell or rent your personal information to third parties for their own marketing purposes. Any sharing of your data occurs only under specific circumstances and with appropriate safeguards to protect your privacy.
- Payment processors for secure handling of subscription and course enrollment transactions
- Cloud hosting providers for reliable platform infrastructure and data storage
- Email service providers for delivering course materials and important notifications
- Analytics services to understand platform usage and improve user experience
- Customer support platforms to efficiently manage and respond to your inquiries
- Security services for fraud prevention and platform protection
- Legal authorities when required by law or court order
- Professional advisors bound by confidentiality obligations
All third-party processors are contractually required to implement appropriate technical and organizational measures to protect your personal information and are prohibited from using your data for their own purposes beyond providing services to us.
8. International Data Transfers
As a global platform serving users across different countries, we may transfer your personal information to countries outside Malaysia for processing and storage. We ensure that all international data transfers comply with applicable data protection laws and maintain adequate protection for your personal information.
When transferring data internationally, we implement appropriate safeguards such as Standard Contractual Clauses approved by relevant data protection authorities, adequacy decisions where available, or other legally recognized transfer mechanisms.
Your Rights: Regardless of where your data is processed, you retain all the privacy rights outlined in this policy. We ensure that international service providers meet the same data protection standards we maintain.
- Cloud servers located in regions with strong data protection laws
- Contractual guarantees requiring international processors to meet Malaysian PDPA standards
- Regular audits of international service providers' data protection practices
- Encryption of data both during transfer and at international storage locations
9. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, remember your preferences, and analyze how our platform is used. These technologies help us provide personalized content and improve our services continuously.
You have control over cookie settings through your browser preferences, though disabling certain cookies may limit some platform functionality. We provide detailed information about our cookie usage to help you make informed decisions about your privacy preferences.
| Cookie Type | Purpose | Retention Period |
|---|---|---|
| Essential Cookies | Required for basic website functionality and security | Session or up to 1 year |
| Preference Cookies | Remember your settings and personalize your experience | Up to 2 years |
| Analytics Cookies | Help us understand how visitors use our website | Up to 2 years |
| Marketing Cookies | Used to deliver relevant content and track campaign effectiveness | Up to 1 year |
We also use local storage and similar technologies to enhance platform performance and provide offline functionality where applicable. These technologies are subject to the same privacy protections as cookies and are covered by your consent preferences.
10. Children's Privacy
Our progressive muscle relaxation platform is designed for adult users aged 18 and over. We do not knowingly collect personal information from children under 18 years of age without appropriate parental consent as required by applicable laws.
If we discover that we have inadvertently collected personal information from a child under 18, we will promptly delete such information from our systems and take steps to prevent similar occurrences in the future.
- Age verification processes during account registration
- Immediate deletion of any accidentally collected children's data
- Parental notification requirements for users under 18 where legally required
- Special protections for any educational content that might be suitable for younger users
Parents or guardians who believe their child has provided personal information to us should contact us immediately using the contact information provided below. We will investigate promptly and take appropriate action to protect children's privacy.
11. Changes to This Privacy Policy
We may update this privacy policy periodically to reflect changes in our practices, services, legal requirements, or other operational needs. When we make significant changes, we will notify you through multiple channels to ensure you're aware of how these changes might affect your privacy rights.
We encourage you to review this privacy policy regularly to stay informed about how we protect your personal information. The date of the most recent update is always displayed at the top of this policy for your reference.
Notification Methods: We will inform you of significant changes through email notifications, prominent website notices, and account dashboard alerts. For minor updates, we rely on the updated date at the top of this policy.
- Email notifications for material changes affecting your rights
- Prominent website banners for policy updates
- Account dashboard notifications for enrolled users
- 30-day notice period for significant changes where legally required
Contact Us About Privacy
If you have questions, concerns, or requests regarding this privacy policy or how we handle your personal information, please don't hesitate to contact us through any of the following methods:
Address: Jalan USJ 11/7, Usj 11, 47620 Subang Jaya, Selangor, Malaysia
Phone: +6067630713
Email: info@prismatheolux.sbs
Privacy Officer: Available Monday-Friday, 9:00 AM - 5:00 PM (Malaysia Time)
We are committed to addressing your privacy concerns promptly and transparently. Most inquiries receive a response within 48 hours, with complex matters resolved within 21 days as required by law.