Privacy Policy
Last Updated: 12 May 2025 · Linenroot, George Town, Penang
1. Introduction
Linenroot ("we", "us", "our") is committed to handling personal information with care. This policy explains what data we collect from people who use our website or enquire about our programmes, how we use it, and what rights you have in relation to it.
We are based in Malaysia and process data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). Where relevant, we also follow internationally recognised data protection principles.
If you have questions about this policy, please contact us at [email protected].
2. Data We Collect
We collect personal data in the following ways:
- Enquiry forms: When you submit an enquiry through our website, we collect your name, email address, and phone number if you provide it. Your message content is also stored.
- Planning calls: For retreat bookings, notes from planning calls are recorded in writing and stored securely. Audio or video recordings are not made.
- Cookies and analytics: Our website uses cookies to understand how visitors interact with the site. See Section 5 for details.
We do not collect sensitive personal data such as health information, financial details, or identity documents.
Legal basis: We process enquiry data on the basis of your consent (when you submit a form) and legitimate interest (to follow up on an enquiry you have initiated). Planning call notes are processed on the basis of contract (you have engaged us for a programme).
Retention: Enquiry data is retained for 24 months from the date of submission, unless you request earlier deletion. Planning notes for programmes are retained for 36 months and then deleted.
3. How We Use Your Data
- To respond to your enquiry and provide information about programmes
- To confirm bookings, send payment details, and deliver programme materials
- To prepare custom retreat agendas based on planning call notes
- To improve our programmes using anonymised aggregate feedback
- To comply with legal obligations if required by Malaysian law
We do not sell your personal data to any third party. We do not use your data for automated profiling or decision-making.
Marketing: We do not send marketing emails unless you have separately opted in to receive them. Each marketing email includes an unsubscribe option.
4. Data Sharing
We may share data with:
- Email service providers: Used to send enquiry responses and booking confirmations. These providers are instructed not to use your data for their own purposes.
- Analytics providers: Aggregate, anonymised data is shared with analytics tools (e.g. Google Analytics) to understand site usage. IP addresses are anonymised where possible.
- Legal authorities: We may disclose data if required to do so by law or in response to a valid legal process.
No data is transferred outside Malaysia except where third-party service providers (such as analytics tools) store data on overseas servers. In such cases, we use providers that maintain appropriate safeguards.
5. Cookies
Our website uses cookies to understand site usage and improve functionality. We use the following types:
- Essential cookies: Required for the site to function. Cannot be disabled.
- Analytics cookies: Help us understand how visitors use the site. Optional.
- Preference cookies: Remember settings such as cookie consent status. Optional.
You can manage your cookie preferences at any time via our Cookie Policy page.
6. Data Security
We take reasonable steps to protect personal data from unauthorised access, loss, or misuse. These include:
- Password-protected access to systems that store personal data
- Limiting access to personal data to team members who need it for their role
- HTTPS encryption on all pages of our website
- Regular review of who has access to stored data
In the event of a data breach that is likely to harm affected individuals, we will notify those individuals and, where required, the relevant authority within a reasonable timeframe.
7. Your Rights
Under the PDPA 2010 and related principles, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (subject to legal retention requirements)
- Withdraw consent at any time (this does not affect processing carried out before withdrawal)
- Lodge a complaint with Malaysia's Personal Data Protection Department if you believe your rights have been infringed
To exercise any of these rights, write to us at [email protected]. We will respond within 30 days.
8. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policies of any site you visit via an external link.
9. Children's Privacy
Our programmes are for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted data through our site, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. Where changes are material, we will note the updated date at the top of this page. Continued use of our site after an update constitutes acceptance of the revised policy.
11. Contact
Data controller: Linenroot
Address: No. 9-1, Lebuh Light, 10200 George Town, Penang, Malaysia
Email: [email protected]
Phone: +60 4-262 8174