Partner Privacy Policy
Last updated: April 2026
1. Introduction
KINPASS Technology Sdn. Bhd. (“KINPASS”, “we”, “us”) is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This Privacy Policy explains how we collect, use, disclose, and safeguard the information of our activity provider partners (“Partners”).
2. Information We Collect
Business Information
Business registered name, SSM registration number, Tax Identification Number (TIN), Local Authority/Council License (PBT License), business address, operating hours, activity categories, location photos, and descriptions provided during onboarding and ongoing account management.
Contact Information
Name, email address, phone number, and other contact details of business owners and team members.
Financial Information
Bank account details for payouts are collected by KINPASS support and stored encrypted (AES-256-GCM); only the last four digits are ever displayed in the dashboard. Payouts are made by bank transfer.
Documents
Business registration (SSM) certificates and insurance documents uploaded during onboarding for verification purposes.
Usage Data
Dashboard usage patterns, login activity, booking management actions, and device information to improve the Partner experience.
Performance Data
Booking statistics, attendance records, revenue reports, review ratings, and response times to provide analytics and maintain platform quality.
3. How We Use Your Information
- To verify your business and complete the Partner onboarding process
- To display your activity listings to Users on the KINPASS platform
- To process bookings, manage rosters, and facilitate attendance tracking
- To calculate and process commission-based payouts by bank transfer
- To provide performance analytics, revenue reports, and booking insights through the Partner Dashboard
- To send booking notifications, schedule updates, and platform communications
- To resolve disputes between Partners and Users
- To improve the platform and develop new Partner features
- To comply with legal obligations
4. Children's Data You Receive
As a Partner, you will receive children's personal data for booked classes, including the child's name, age, medical notes, allergies, and emergency contact details. This data is shared solely for the purpose of delivering activities safely. You must:
- Use children's data only for the purpose of the booked activity session
- Not store, copy, or retain children's data beyond what is necessary for the class session
- Not share children's data with any third party
- Ensure any staff with access to children's data understand their confidentiality obligations
- Report any data breach involving children's data to KINPASS immediately
Children's IC numbers and emergency contact information are encrypted using AES-256-GCM in our systems and are only decrypted when displayed to authorised Partners for active bookings.
5. Data Sharing
We share your information only with:
- Users: Your business name, location details, activity descriptions, ratings, and reviews are displayed publicly on the KINPASS platform.
- Payment Processors: Stripe, for processing parent payments securely. Partner payouts are made by bank transfer.
- Service Providers: Hosting, email, analytics, and cloud storage providers who process data on our behalf under strict data processing agreements.
- Legal Requirements: When required by Malaysian law, regulation, or valid legal process.
6. Data Security
We implement industry-standard security measures including encryption at rest and in transit, role-based access controls, and regular security audits. Your Partner Dashboard access is protected by authentication with session management. Sensitive documents (SSM, insurance) are stored securely with restricted access.
7. Your Rights
Under the PDPA, you have the right to:
- Access your personal and business data held by us
- Correct inaccurate or incomplete data
- Withdraw consent for data processing
- Request deletion of your account and associated data (subject to legal retention requirements)
- Receive information about how your data is being used and with whom it is shared
To exercise these rights, contact us at partners@kinpass.com.
8. Data Retention
We retain your business and account data for as long as your Partner account is active or as needed to provide services. Financial records and transaction data are retained for a minimum of 7 years as required by Malaysian tax and accounting regulations. Upon account termination, we will remove your personal data within 30 days, except where retention is required by law. Your public activity listings will be deactivated immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Partner Dashboard. Continued use of the Service after changes constitutes acceptance of the updated policy.
10. Contact Point
For privacy-related enquiries, contact our Data Protection Officer at partners@kinpass.com.