Privacy Policy

TTE Elephant Headspa Sdn Bhd ("we", "our", "us") operates headspa.my as a scalp health education and discovery platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit headspa.my, in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA).

By using headspa.my you consent to the practices described in this Policy. If you do not agree, please discontinue use of the site.

Automatically collected data — When you visit headspa.my, our servers and analytics tools (Google Analytics 4) automatically record: IP address, browser type and version, pages visited, referral source, session duration, and device type. This data is aggregated and not linked to your identity.

Data you provide voluntarily — If you contact us via email or social media, we collect the information you include in that communication (name, email address, and message content).

Booking data — Appointment bookings are handled exclusively on tteheadspa.my, a separate platform. headspa.my does not collect payment information or appointment records.

We use the data we collect to:

• Analyse site traffic and improve content relevance
• Understand which scalp health topics are most useful to our readers
• Respond to direct enquiries sent to us
• Comply with legal obligations under Malaysian law

We do not use your data for automated decision-making or profiling.

headspa.my uses Google Analytics 4 (GA4) to measure audience behaviour. GA4 places cookies on your device. You can opt out of GA4 tracking by installing the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

We do not use advertising cookies, third-party retargeting, or session-recording tools.

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

• Service providers — Google LLC (analytics), Vercel Inc (hosting). Both operate under data processing agreements.
• Legal requirement — If required by Malaysian law, court order, or a government authority with jurisdiction.

All third-party service providers are required to handle your data in accordance with applicable data protection law.

Analytics data is retained in Google Analytics for 14 months, after which it is automatically deleted. Email correspondence is retained for up to 24 months, or until you request deletion. We do not store sensitive personal data on headspa.my servers.

Under Malaysia's Personal Data Protection Act 2010, you have the right to:

• Access — Request a copy of personal data we hold about you
• Correction — Request correction of inaccurate or incomplete data
• Withdrawal of consent — Withdraw consent to data processing at any time
• Enquiry — Ask how your data is being used

To exercise any of these rights, contact us at the address below. We will respond within 21 business days.

headspa.my is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately and we will delete it.

headspa.my contains links to tteheadspa.my (our booking platform) and peer-reviewed research sources. We are not responsible for the privacy practices of those sites and encourage you to review their respective privacy policies.

We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last Updated" date at the top of this page. Continued use of headspa.my after changes are posted constitutes acceptance of the revised Policy.

For privacy-related enquiries, contact us at:

TTE Elephant Headspa Sdn Bhd Unit No 9-6, The Boulevard, Mid Valley City 59200 Kuala Lumpur, Malaysia

Email: hello@headspa.my Instagram: @ttelephant_headspa