DRAFT This page contains placeholder sections pending final text from legal counsel. Do not deploy publicly until all placeholders are replaced.
Privacy Policy

How we handle your information.

Last updated: [DATE TO BE SET AT LAUNCH] Governing framework: Malaysia PDPA 2010
Contents
Section 01

Introduction & Data Controller

This Privacy Policy describes how Lumina Nova — a platform operated by KOPIT (Koperasi Usahawan Informasi Teknologi Malaysia Berhad) — collects, uses, discloses, and protects personal data obtained through this website and associated engagement channels, in compliance with the Personal Data Protection Act 2010 of Malaysia ("PDPA") and other applicable Malaysian data protection regulations.

Formal identification of KOPIT as data controller, including full registered name, registration number, registered office address, and any applicable cooperative registration details under Suruhanjaya Koperasi Malaysia. Statement of authority and scope of this privacy policy.
Section 02

Personal Data We Collect

We collect only personal data that visitors voluntarily provide when contacting Lumina Nova or engaging with the platform.

Enumeration of personal data categories collected: name, email address, telephone number, organisation/affiliation, professional title, content of inquiry messages, and any other data categories the site actually collects. Statement about what we do NOT collect (e.g., financial information, identification documents). Treatment of data received incidentally (e.g., email sender metadata).
Section 03

How We Collect Data

Personal data is collected solely through voluntary disclosure by data subjects during direct engagement with Lumina Nova.

Description of collection methods: direct email communication to partners@luminanova.com.my, telephone communication to the Lumina Nova Office line, and any automatic data collection (server logs, IP addresses, user-agent strings) performed by hosting infrastructure. Clarification that no forms, account creation, or active data harvesting is performed through the website.
Section 04

Purpose of Processing

Specification of the purposes for which personal data is processed: (1) responding to qualified institutional inquiries, (2) engaging in institutional partner dialogue, (3) administering operational correspondence, (4) complying with legal and regulatory obligations, (5) any other specific purposes aligned with the platform's operations. Confirmation that data is not processed for marketing, advertising, or unrelated purposes.
Section 05

Legal Basis Under PDPA

Identification of the applicable legal bases for processing under PDPA 2010: consent, performance of contract, compliance with legal obligations, legitimate interests, etc. For each data category and purpose identified above, specification of which legal basis applies. This section is legally technical and should be drafted by counsel in full.
Section 06

Data Retention

Specification of retention periods: how long inquiry correspondence is retained, how long telephone contact records are retained, retention triggers (e.g., until engagement conclusion plus a defined period), and deletion procedures at end of retention. Distinction between retention for qualified-engaged partners versus general inquiries that did not proceed.
Section 07

Third-Party Access

Enumeration of third parties with access to personal data: web hosting provider (to be named post-deployment decision), email service provider, any professional advisers engaged (legal, Shariah, audit), and the purposes for which each receives data. Confirmation of contractual data protection obligations imposed on each. Statement that data is not sold, rented, or disclosed to unrelated third parties.
Section 08

Cross-Border Transfers

Disclosure of whether personal data is transferred outside Malaysia (likely yes, depending on hosting provider and email service location). Identification of destination jurisdictions. Confirmation of safeguards applied under PDPA Section 129 for cross-border transfers: adequate protection determination, contractual safeguards, data subject consent, or other applicable mechanism. This is a PDPA-specific requirement and must be drafted by counsel with knowledge of actual data flows.
Section 09

Your Rights as Data Subject

Under the PDPA, data subjects hold specific rights regarding their personal data.

Full enumeration of PDPA data subject rights: right of access, right of correction, right to withdraw consent, right to prevent processing likely to cause damage or distress, right to prevent processing for direct marketing, right to lodge complaints with the Personal Data Protection Commissioner. For each right, the procedure by which data subjects can exercise it, the expected response timeframe, and any associated fees permitted under PDPA.
Section 10

Data Security

Description of security measures applied to protect personal data: encryption in transit (HTTPS/TLS), access controls, organisational measures, breach response procedures, and staff training. This should be factually accurate — specifying measures that are genuinely in place, not aspirational ones.
Section 11

Cookies & Tracking Technologies

Statement of cookies and tracking technologies used by the website. If analytics are deployed (e.g., Plausible, Fathom, Google Analytics), specify the provider, purpose, and data subject controls. If no cookies are used, a clean statement to that effect. Specification of any session or functional cookies used by the site itself.
Section 12

Children's Privacy

Statement that the Lumina Nova website and associated engagement channels are not directed at children and do not knowingly collect personal data from children under the applicable age threshold. Procedure for addressing accidentally-collected data from minors if discovered.
Section 13

Changes to This Policy

Explanation of how this policy may be updated, how data subjects will be notified of material changes (e.g., through website notice, dated "last updated" marker, direct email for engaged partners), and how prior versions will be archived for reference.
Section 14

Contact for Privacy Matters

For questions about this Privacy Policy, to exercise your rights as a data subject, or to raise any concern about how Lumina Nova processes personal data, please contact us:

Email: partners@luminanova.com.my
Subject line: Privacy Inquiry
Phone: +60 10-5122 561 (Lumina Nova Office, business hours)

Additional formal contact details: postal address for written inquiries, name and contact of Data Protection Officer or equivalent responsible person if applicable, and the contact details for the Personal Data Protection Commissioner of Malaysia for escalation purposes.