Privacy Policy

Eden Social Club ("we," "us," or "our") operates a premium wellness destination located at 1F-10, KLGCC Mall, Bukit Kiara, 60000 Kuala Lumpur, Malaysia. We are committed to protecting and respecting your privacy in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at edensocialclub.com, use our services, book classes, or interact with us in any way. By using our services, you consent to the practices described in this policy.

We collect personal data that you provide directly to us and data that is automatically gathered when you use our website or services. The types of personal data we may collect include:

2.1 Information You Provide

• Identity data: Full name, date of birth, gender, and profile photographs
• Contact data: Email address, phone number, and mailing address
• Account data: Username, password, and account preferences created through our booking platform
• Booking and transaction data: Class bookings, service appointments, purchase history, membership details, and payment information
• Health and wellness data: Fitness goals, health conditions or injuries disclosed for safety purposes, and treatment preferences for beauty and recovery services
• Communication data: Enquiries, feedback, and correspondence you send to us via email, phone, social media, or our website

2.2 Information Collected Automatically

• Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution
• Usage data: Pages visited, time spent on pages, navigation paths, referring URLs, and click behaviour on our website
• Location data: General geographic location derived from your IP address

We process your personal data for the following purposes, in accordance with the PDPA:

• Service delivery: To manage your bookings for Lagree fitness classes, beauty treatments (lash extensions, brow services, dry bar), recovery suite sessions (sauna, cold plunge), and cafe orders
• Account management: To create and maintain your membership account, process payments, and manage your class packages or subscriptions
• Safety and personalisation: To ensure your safety during fitness and wellness activities and to tailor our services to your needs and preferences
• Communication: To respond to your enquiries, send booking confirmations, class reminders, and service updates
• Marketing: To send you newsletters, promotions, event invitations, and updates about Eden Social Club, where you have opted in to receive such communications
• Analytics and improvement: To analyse website usage, improve our services, and enhance the overall user experience
• Legal compliance: To comply with applicable laws, regulations, and legal processes

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and understand how visitors interact with our content.

4.1 Types of Cookies We Use

• Essential cookies: Required for the website to function properly, including session management and security features. These cannot be disabled.
• Analytics cookies: Used through Google Analytics to collect anonymised data about how visitors use our website, including pages visited, session duration, and traffic sources. This helps us improve our website and services.
• Performance cookies: Used by Vercel Speed Insights to monitor website performance and loading times, helping us deliver a faster experience.

4.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of our website.

We work with trusted third-party service providers to deliver and improve our services. These providers may have access to your personal data only as necessary to perform their functions and are contractually obligated to protect your information.

5.1 Momence (Booking Platform)

We use Momence as our class booking and membership management platform. When you create an account, book a class, or purchase a package through Momence, your personal data (including name, email, phone number, and payment details) is processed by Momence in accordance with their own privacy policy. Momence handles payment processing securely and does not share your payment card details with us.

5.2 Google Analytics

We use Google Analytics (GA4) to understand how visitors interact with our website. Google Analytics collects data such as your IP address (which is anonymised), browser type, device information, pages visited, and session duration. This data is processed by Google and is subject to Google's Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

5.3 Vercel (Website Hosting)

Our website is hosted on Vercel. Vercel may collect technical data such as IP addresses and usage metrics to ensure the security and performance of our website. We also use Vercel Speed Insights to monitor site performance. This data is processed in accordance with Vercel's Privacy Policy.

5.4 Instagram

We maintain an active presence on Instagram (@esc.kl). When you interact with our Instagram content or send us direct messages, your interactions are governed by Meta's Privacy Policy.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your personal data in the following circumstances:

• Service providers: With trusted third-party providers who assist us in operating our business, such as payment processors, booking platforms, and analytics services, as described in Section 5
• Legal requirements: When required by law, regulation, court order, or other legal process, or to protect the rights, property, or safety of Eden Social Club, our members, or others
• Business transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, where your personal data may be transferred as part of the business transaction
• With your consent: In any other circumstances where we have obtained your explicit consent

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data transmitted between your browser and our website using SSL/TLS technology
• Secure processing of payment transactions through PCI-compliant third-party providers
• Restricted access to personal data on a need-to-know basis among our staff
• Regular review and updating of our security practices

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining the highest standards practicable.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention practices are as follows:

• Account and membership data: Retained for the duration of your active membership and up to 24 months after your last interaction with us, unless you request earlier deletion
• Booking and transaction records: Retained for up to 7 years in accordance with Malaysian financial and tax regulations
• Marketing preferences: Retained until you withdraw your consent or unsubscribe
• Website analytics data: Retained in anonymised form for up to 26 months through Google Analytics
• Health and wellness data: Retained for the duration of your active membership and securely deleted within 6 months of membership termination, unless a longer retention period is required by law

When personal data is no longer required, we will securely delete or anonymise it in accordance with our data management procedures.

Eden Social Club is committed to complying with Malaysia's Personal Data Protection Act 2010 (PDPA). The PDPA establishes seven key principles that govern how we handle your personal data:

• General Principle: We process your personal data only with your consent and for lawful purposes
• Notice and Choice Principle: We inform you of the purposes for which your data is collected and provide you with a choice regarding the processing
• Disclosure Principle: We do not disclose your personal data for purposes other than those for which it was collected, unless you have given your consent or it is required by law
• Security Principle: We implement practical measures to protect your personal data from loss, misuse, modification, and unauthorised access
• Retention Principle: We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected
• Data Integrity Principle: We take reasonable steps to ensure that your personal data is accurate, complete, and up to date
• Access Principle: You have the right to access and correct your personal data held by us

Under the PDPA, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you
• Right of correction: You may request that we correct any inaccurate or incomplete personal data
• Right to withdraw consent: You may withdraw your consent for the processing of your personal data at any time, though this may affect our ability to provide certain services to you
• Right to limit processing: You may request that we limit or cease processing your personal data for marketing or other non-essential purposes

To exercise any of these rights, please contact us using the details provided in Section 13. We will respond to your request within 21 days, as required by the PDPA. A prescribed processing fee may apply to data access requests, in accordance with the regulations.

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If a minor wishes to use our services, parental or guardian consent is required. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make significant changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through a notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

For formal data access or correction requests under the PDPA, please submit your request in writing to our email address. We will acknowledge your request within 14 days and provide a substantive response within 21 days.