Privacy Policy

1. Data Controller

The data controller responsible for your personal information is:

2. What Data We Collect

We collect personal data in the following circumstances:

2.1 Information You Provide

• Full name and email address (when submitting our contact form)
• Phone number (if voluntarily provided)
• Message content submitted through the contact form
• Enrolment and payment details (when registering for a track)

2.2 Automatically Collected Data

• Browser type, operating system, and device type
• Pages visited and time spent on the website
• IP address and approximate location (country/city level)
• Referring website or search query that brought you to our site

2.3 Legal Basis for Processing

• Consent — for marketing communications and non-essential cookies
• Contractual necessity — to administer your enrolment and deliver the programme
• Legitimate interest — to maintain and improve the website and understand how it is used

3. How We Use Your Data

• To respond to your enquiries and provide information about our tracks
• To process enrolment and manage your participation in a programme
• To send you confirmation emails, programme materials, and clinic schedules
• To send marketing emails about upcoming cohorts (only with your consent; you may opt out at any time)
• To analyse website usage and improve our services
• To comply with legal obligations under Malaysian law

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

3.1 Data Retention

Contact form enquiries are retained for up to 12 months. Enrolment records are retained for up to 7 years for accounting and legal compliance purposes. Website analytics data is retained for up to 26 months. You may request deletion of your data at any time (see Section 6).

4. Third-Party Services

We use the following third-party services that may process your data:

• Google Analytics — website usage statistics (you may opt out via Google's opt-out browser add-on)
• Payment processor — for handling enrolment fees; we do not store payment card details directly
• Email service provider — for sending programme communications

Each third party has its own privacy policy. We choose services that maintain appropriate data protection standards.

5. Cookies

We use cookies to keep the website functional, understand how it is used, and, where you consent, to support analytics. Essential cookies cannot be disabled. All other cookies require your consent.

For full details, see our Cookie Policy.

6. Your Rights Under Malaysian PDPA

Under the Personal Data Protection Act 2010 (Malaysia), and applicable standards, you have the following rights:

• Right of access — to request a copy of the personal data we hold about you
• Right to correction — to request correction of inaccurate or incomplete data
• Right to withdraw consent — to withdraw consent for processing based on consent (e.g., marketing emails)
• Right to limit processing — to request that we limit how we use your data in certain circumstances
• Right to erasure — to request deletion of your data where it is no longer necessary for the purpose collected

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days. We may need to verify your identity before processing a request.

7. Data Protection Measures

• Website served over HTTPS with TLS encryption
• Access to personal data restricted to staff who need it to perform their role
• Passwords and payment data are never stored in plain text
• Regular review of access permissions and service providers
• In the event of a data breach that poses risk to individuals, we will notify the Department of Personal Data Protection (Malaysia) and affected individuals as required by law

8. Third-Party Links

Our website may link to external sites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before submitting any personal data to them.

9. Children's Privacy

Our services are intended for individuals aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the "Last Updated" date at the top. Continued use of our website or services following a change constitutes acceptance of the revised policy. Significant changes will be communicated by email to enrolled learners.