Privacy Policy - Yayasan Jantung Kongenital Malaysia

This Privacy Policy (“Policy”) explains how [Yayasan Jantung Kongenital Malaysia] (“the Organisation”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data of donors, supporters, beneficiaries, and other stakeholders, in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

By interacting with us, submitting personal data, or making a donation, you consent to the processing of your personal data as described in this Policy.

1. Collection of Personal Data

We may collect and process the following types of personal data:

Name, identification details, and contact information (e.g., phone number, email, address);
Payment and transaction details relating to donations;
Communication records between you and the Organisation;
Any other personal data voluntarily provided to us in connection with our activities.

2. Purpose of Processing

Personal data collected will be used for the following purposes:

To process and record donations;
To issue official receipts and acknowledgements;
To comply with legal, regulatory, and financial reporting obligations;
To communicate updates, campaigns, and fundraising activities (unless you opt out);
For internal record-keeping and organisational administration;
To ensure compliance with applicable laws, including anti-money laundering and counter-terrorism financing regulations.

3. Disclosure of Personal Data

We may disclose your personal data to the following parties where necessary:

Regulatory authorities such as the Inland Revenue Board of Malaysia (LHDN), or Bahagian Ehwal Undang-Undang (BHEUU);
Banks, payment service providers, or financial institutions processing your donation;
Auditors, accountants, or professional advisors engaged by the Organisation;
Any third party to whom disclosure is required by law or authorised by you.

We will not sell, rent, or trade your personal data to third parties.

4. Security of Personal Data

The Organisation implements appropriate administrative, technical, and physical safeguards to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure.

5. Retention of Data

Personal data will be retained for as long as is necessary to fulfil the purposes stated in this Policy, or as required by applicable law. After such period, data will be securely destroyed or anonymised.

6. Access and Correction Rights

You have the right to:

Request access to your personal data held by the Organisation;
Request correction of your personal data if it is inaccurate, incomplete, or outdated;
Withdraw consent to the processing of your personal data (subject to legal or contractual restrictions).

All requests must be submitted in writing to the contact provided below.

7. Updates to This Policy

The Organisation reserves the right to amend this Policy from time to time in compliance with changes in law or organisational requirements. The updated Policy will be published on our official website.