Fortune Year Logo

Fortune Year 好运年

PRIVACY POLICY

Effective Date: January 12, 2026

1. Introduction

Welcome to FortuneYear. We are committed to protecting your personal information. This policy explains how we, as a Data Controller, collect and process your data in accordance with the Malaysian Personal Data Protection Act (PDPA) 2010 and its 2024 amendments.

2. Information We Collect

To provide our AI-powered BaZi readings, we collect:

  • Birth Data: Date, time, and location of birth.
  • Account Data: Name and email address.
  • Technical Data: IP address and cookies for session management and regional pricing.
  • Payment Data: We do not store financial details. All transactions are processed by third-party providers (e.g., Stripe/FPX).

3. Automated Processing & AI

Our service utilizes Automated Decision-Making. Your birth data is processed by our AI partner (Google Gemini) to generate your report.

  • Non-Identification: We do not send your name or email to AI providers; only the raw birth data is used for calculation.
  • No AI Training: Your personal data is not used to train or improve the underlying AI models of our partners.

4. Cross-Border Data Transfers

As FortuneYear utilizes global infrastructure (Google Cloud/Stripe), your personal data may be transferred to, stored, and processed outside of Malaysia.

  • Adequacy: We only transfer data to jurisdictions that ensure a level of protection equivalent to the PDPA or where we have established contractual safeguards.

5. Your Rights as a Data Subject

In 2026, you have expanded rights under Malaysian law:

  • Access & Correction: You may request a copy of your data or correct inaccuracies.
  • Data Portability: You have the right to request a copy of your birth and account data in a structured, machine-readable format to be transferred to another provider.
  • Withdrawal of Consent: You may withdraw your consent at any time, though this will result in the termination of service.
  • Erasure: You may request the deletion of your account and associated data.

6. Data Breach Notification

In the event of a significant data breach, we are legally required to notify the Personal Data Protection Commissioner within 72 hours and notify you without unnecessary delay.

7. Contact Us & Data Protection Officer

For any privacy inquiries or to exercise your rights, please contact our designated Data Protection Officer (DPO):

  • DPO Name: Jacky Choo
  • Email: hello@fortuneyear.com
arrow_backBack