Privacy Policy
Last updated: 2026-07-09 · Compliant with Malaysia Personal Data Protection Act 2010 (PDPA)
Studio R (the "Company") recognises the importance of personal data of users (the "User") and collects, uses and manages it appropriately in accordance with the Malaysia PDPA 2010.
1. Information Collected
- Name, email address, phone number, date of birth, nationality
- Booking history, attendance records, ticket purchase history
- Payment info (iPay88 reference — card numbers are NOT stored on our servers)
- Image/video (in-lesson recordings, marketing use is opt-in)
- Access logs (IP address, User-Agent, timestamps)
2. Purpose
- Booking / ticket / attendance management
- Payment processing and receipt issuance
- Identity verification and fraud prevention
- Marketing (opt-in only)
- Anonymised statistics for service improvement
3. Retention Period
3 years from last use. Financial records retained for 7 years per Companies Act 2016.
4. Third-Party Disclosure
- iPay88 (Malaysia) — payment processing
- MailChannels / Cloudflare — email delivery and hosting
- Court / police / tax authority requests as required by law
5. User Rights (PDPA §30-38)
- Access — request disclosure of held personal data
- Correction — correction of inaccurate info
- Deletion — self-delete at /studio/mypage/delete-account
- Opt-out — stop marketing communications
- Portability — request electronic copy
6. Cookies
We use strictly necessary cookies for session. Analytics cookies require consent (banner on first visit).
7. Security
- Passwords hashed via PBKDF2-SHA256 (100 000 iterations)
- All communication over HTTPS / TLS 1.3
- Rate limiting, CSRF protection, CSP headers
8. Contact
Data Protection Officer: info@dance-studio-r.com
← Back to Studio R