Privacy Policy

1. Introduction

Mirenza ("we", "us", "our") is committed to protecting the personal data of individuals who engage with our services. This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with our financial education workshops and reading programmes offered in Singapore.

This policy applies to personal data collected through our website, enrolment forms, and direct correspondence. It is drafted in compliance with Singapore's Personal Data Protection Act 2012 (PDPA). For data-related enquiries, contact us at [email protected].

2. Data Controller

The data controller responsible for personal data collected in connection with Mirenza's programmes is:

Mirenza
18 Cross Street, #14-05, Cross Street Exchange, Singapore 048423
Email: [email protected]
Telephone: +65 9381 6274

3. Data We Collect

We may collect the following categories of personal data:

• Identity data: Full name
• Contact data: Email address, telephone number
• Enrolment data: Programme preferences, cohort selections, scheduling correspondence
• Communications data: Content of enquiries sent via our contact form or by email
• Feedback data: Anonymous feedback responses collected after each programme cohort
• Technical data: IP address, browser type, pages visited, session duration — collected automatically when you visit our website via cookies and similar technologies

4. How We Collect Data

We collect personal data through:

• Our website contact and enquiry form
• Direct email correspondence
• Telephone enquiries
• Programme enrolment and registration processes
• Anonymous post-programme feedback forms
• Cookies and analytics tools on our website (see Cookie Policy for full detail)

5. Legal Basis for Processing

Under the PDPA, we process personal data on the following bases:

• Consent: Where you have given consent at the point of data collection, including consent to receive communications about our programmes
• Contractual necessity: Where processing is necessary to manage your enrolment in a programme and deliver the associated materials
• Legitimate interests: Where processing supports our legitimate interest in operating, improving, and communicating our educational programmes — balanced against your rights and interests

6. How We Use Your Data

We use personal data for the following purposes:

• To respond to your enquiries and manage your enrolment in our programmes
• To schedule and manage workshop cohorts and send session-related information
• To deliver printed materials to you where applicable
• To manage follow-up reflection circles for qualifying programme participants
• To maintain records of participation for our operational purposes
• To improve the quality of our programmes through analysis of anonymous feedback
• To comply with applicable legal obligations

We do not use personal data for targeted advertising, and we do not sell or rent personal data to third parties.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law:

• Enrolment records: Retained for three years after the programme end date, then securely deleted
• Enquiry correspondence: Retained for twelve months after the last interaction, then deleted
• Anonymous feedback: Retained indefinitely in anonymised, aggregated form
• Website technical data: Retained for up to thirteen months through analytics platforms

8. Data Sharing

We do not sell, rent, or trade personal data. We may share personal data with:

• Service providers: Third-party providers who support our operations — including email delivery, website hosting, and analytics — under data processing agreements that restrict their use of your data
• Legal authorities: Where we are required to do so by law, court order, or regulatory requirement

We do not share participant discussion content with any third party. What is said within a cohort session remains within that cohort.

9. Data Protection Measures

We maintain the following security measures to protect personal data:

• Access to personal data is limited to staff with a legitimate operational need
• Data is stored on secure, access-controlled systems
• We conduct periodic reviews of our data handling procedures
• In the event of a data breach, we will notify affected individuals and the Personal Data Protection Commission (PDPC) in accordance with the PDPA's mandatory breach notification requirements

10. Cookies

Our website uses cookies to manage session preferences and collect anonymised usage data. Please read our Cookie Policy for full details on the types of cookies used and how to manage your preferences.

11. Your Rights Under the PDPA

Under the PDPA, you have the right to:

• Access: Request confirmation of whether we hold your personal data and obtain a copy of it
• Correction: Request correction of inaccurate or incomplete personal data
• Withdrawal of consent: Withdraw consent to data processing where we rely on consent as the legal basis — noting that withdrawal may affect our ability to deliver services to you
• Data portability: Request that your data be provided in a machine-readable format where technically feasible
• Erasure: Request deletion of personal data we hold about you, subject to applicable legal requirements

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days of receiving your request.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We recommend reviewing the privacy policies of any third-party sites you visit.

13. Children's Privacy

Mirenza's programmes are designed for adults aged 40 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

14. Supervisory Authority

If you have a complaint about our handling of your personal data that we have not resolved to your satisfaction, you may contact the Personal Data Protection Commission (PDPC) of Singapore at pdpc.gov.sg.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify enrolled participants by email. Continued use of our website or programmes after changes have been posted constitutes acceptance of the updated policy. The date at the top of this page reflects when the policy was last revised.