PART 1: TERMS AND CONDITIONS
These Terms and Conditions ("Terms") govern the access to and use of the training services ("Services") provided by WSK Consultancy Sdn. Bhd. (Business Registration No.: 201101007874 (936013-W)), having its registered address at Suite 2-5-5, 5th floor, Menara KLH Business Centre, 51200 Kuala Lumpur ("the Business," "we," "us," "our") through its designated landing page or website at https://wskconsultancy.com/ ("the Platform").
By accessing the Platform, registering for, purchasing, or using any of the Services, the individual or entity doing so ("the Customer," "user," "they," "them") agrees to be unconditionally bound by these Terms, the Cancellation & Refund Policy, and the Privacy Policy, all of which are incorporated herein by reference and collectively form a legally binding agreement between the Customer and the Business.
Acceptance of these Terms is signified by the Customer clicking on an "I Agree," "Register," "Proceed to Payment," or similar button or link on the Platform, or by otherwise accessing or using the Services. This action constitutes an electronic acceptance. The formation of contracts through electronic means, including the communication of proposals and acceptances via electronic messages, is legally recognized under the Malaysian Electronic Commerce Act 2006 ("ECA 2006"). Specifically, Section 7(1) of the ECA 2006 allows for contract formation elements to be expressed electronically, and Section 7(2) affirms that such contracts are not denied legal effect solely because an electronic message was used. This validation is crucial for the online transaction model employed by the Business.
The method of presenting and obtaining acceptance of these Terms directly influences their enforceability under both the ECA 2006 and the Contracts Act 1950. The Contracts Act 1950 outlines the fundamental elements of a contract, namely offer, acceptance, and consideration. The Platform presents the offer (training services at a specified price), and the Customer's affirmative action (e.g., clicking "I Agree" and making payment) constitutes acceptance.
1.2. Information About Us (The Training Provider)
In compliance with Malaysian law, specifically the Consumer Protection (Electronic Trade Transactions) Regulations 2012 ("CPETT Regulations 2012"), the Business provides the following information:
●Full Legal Name: WSK Consultancy Sdn. Bhd.
●Business Registration Number (SSM): 201101007874 (936013-W)
●Registered Address / Principal Place of Business: Suite 2-5-5, 5th floor, Menara KLH Business Centre, 51200 Kuala Lumpur.
●Contact Email Address: [email protected]
●Contact Telephone Number: 03-23812322
●Description of Business: WSK Consultancy Sdn. Bhd. is a provider of training services and consultancy services delivered online and offline.
The CPETT Regulations 2012, made under the Consumer Protection Act 1999 ("CPA 1999"), mandate that online traders disclose specific details about their business. Failure to provide this information accurately and clearly is an offense under these regulations. Beyond legal compliance, this transparency is fundamental to building consumer trust, a key objective underpinning much of Malaysian consumer protection legislation. When Customers can easily identify and contact the Business, it reduces perceived risk and fosters confidence in the online marketplace.
1.3. Training Services Offered
The Business offers a range of online training courses, including but not limited to [e.g., workshops on digital marketing, courses on software development, seminars on leadership skills – be specific to your offerings]. Detailed descriptions of each specific training course, including its content, learning outcomes, duration, prerequisites (if any), and the format of delivery (e.g., live interactive online sessions, pre-recorded video modules, downloadable resources, practical assignments), will be provided on the individual landing page or information section dedicated to that course on the Platform.
Providing a clear and accurate description of the Services is a requirement under the CPETT Regulations 2012, which mandates disclosure of "a description of the main characteristics of the goods or services". This clarity is also essential for managing Customer expectations and forms a basis for assessing whether the Services meet the implied guarantee of "acceptable quality" and "fitness for purpose" under the CPA 1999. If the Service delivered aligns with a comprehensive and truthful upfront description, it mitigates the risk of disputes where a Customer might claim they were misled or that the Service did not meet reasonable expectations.
1.4. User Registration and Account Security
To access certain Services, Customers may be required to register for an account on the Platform. The Customer agrees to:
●Provide true, accurate, current, and complete information about themselves as prompted by the registration form.
●Maintain and promptly update their registration data to keep it true, accurate, current, and complete.
The Customer is responsible for maintaining the confidentiality of their account password and username and is fully responsible for all activities that occur under their account. The Customer agrees to immediately notify the Business of any unauthorized use of their account or any other breach of security. The Business will not be liable for any loss or damage arising from the Customer's failure to comply with this section. While the Business has obligations under the Personal Data Protection Act 2010 to implement security measures for data it controls , these clauses establish a reasonable shared responsibility model, where the Customer also plays a role in safeguarding their own account access.
1.5. Fees, Payment, and Taxes
All fees for the Training Services will be clearly displayed on the relevant course landing page on the Platform. All transactions will be conducted in Malaysian Ringgit (RM). The Business accepts payment via Senangpay. Full payment of the stipulated fees is required before the Customer is granted access to the selected Training Service or its materials.
The prices displayed are inclusive of any applicable taxes, such as Sales Tax or Service Tax, as mandated by the Sales Tax Act 2018 or Service Tax Act 2018. If applicable, such taxes will be itemized and added to the total amount payable.
1.6. Provision of Training Services
Upon successful registration and confirmation of full payment, the Customer will be granted access to the relevant Training Service materials and/or sessions as described on the specific course landing page. The duration of access to course materials, particularly for pre-recorded content or online resources, will be specified for each course.
The Business will use reasonable endeavors to ensure that the Services are available and accessible. However, the Business does not guarantee uninterrupted access and acknowledges that the Services may occasionally be unavailable due to scheduled maintenance, system upgrades, or unforeseen technical issues beyond its reasonable control. In such events, the Business will take reasonable steps to restore the Service promptly.
All Services will be provided with reasonable care and skill, in line with the implied guarantees stipulated under Part VIII of the CPA 1999. These include:
●An implied guarantee that the Services will be carried out with reasonable care and skill (Section 53, CPA 1999).
●An implied guarantee that the Services are reasonably fit for any particular purpose made known by the Customer (Section 54, CPA 1999).
●An implied guarantee that the Services will be completed within a reasonable time, if no time is fixed (Section 55, CPA 1999).
These implied guarantees are automatically incorporated into consumer contracts for services in Malaysia. While the Business strives for high-quality service delivery, it is practical to include a disclaimer regarding potential technical interruptions, balanced with a commitment to resolve them. This approach manages Customer expectations without attempting to unlawfully exclude fundamental obligations under the CPA 1999.
1.7. User Obligations and Conduct
The Customer agrees to use the Services and the Platform for lawful purposes only and in a manner that does not infringe the rights of, or restrict or inhibit the use and enjoyment of the Services by, any third party. Specifically, the Customer agrees not to:
●Share their login credentials or provide access to the Training Services or materials to any unauthorized third party.
●Copy, reproduce, distribute, republish, download, display, post, or transmit any part of the Training Services or materials in any form or by any means, including but not limited to electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the Business. This is further detailed in the Intellectual Property Rights clause.
●Engage in any conduct that is disruptive, offensive, or abusive during any interactive sessions or on any associated forums or communication channels.
●Use the Services to distribute any material that is defamatory, obscene, or otherwise illegal.
Breach of these obligations may result in the immediate suspension or termination of the Customer's access to the Services, without refund, and may also subject the Customer to further legal action if appropriate. These obligations are essential for protecting the Business's core assets – its intellectual property and the integrity of its service delivery environment.
1.8. Intellectual Property Rights
All intellectual property rights, including but not limited to copyright, trademarks, trade names, logos, course materials, video content, audio content, text, graphics, software, website design, and any other materials provided as part of the Training Services or on the Platform ("Proprietary Materials"), are the sole and exclusive property of WSK Consultancy Sdn. Bhd. or are licensed to WSK Consultancy Sdn. Bhd. by its third-party licensors.
The Business grants the Customer, upon full payment of fees, a limited, non-exclusive, non-transferable, revocable license to access and use the Proprietary Materials solely for their personal, non-commercial educational purposes for the duration specified for the particular Training Service. This license is personal to the Customer and may not be shared, sublicensed, sold, or otherwise transferred to any other person or entity.
The Customer agrees not to:
●Modify, adapt, translate, reverse engineer, decompile, or disassemble any part of the Proprietary Materials.
●Create derivative works based on the Proprietary Materials.
●Remove, alter, or obscure any copyright, trademark, or other proprietary notices affixed to or contained within the Proprietary Materials.
●Use any of the Proprietary Materials for any commercial purpose or for public display or performance.
Any use of the Proprietary Materials not expressly permitted by these Terms is strictly prohibited and constitutes an infringement of the Business's intellectual property rights, which may result in civil and/or criminal liability. For a training business, the course materials represent its primary intellectual property. It is paramount that these Terms unequivocally state the ownership of this IP. If the Business owner creates the content, the Business typically owns it. If third-party content is used, the Business must hold valid licenses authorizing its use and sub-licensing (if applicable) within the Services. The license granted to Customers must be carefully defined to permit learning while rigorously preventing misuse or unauthorized dissemination of these valuable assets.
1.9. Limitation of Liability
To the maximum extent permitted by Malaysian law, the total aggregate liability of the Business, its directors, employees, agents, and affiliates, for any and all claims, losses, damages, or expenses arising out of or in connection with the Services, these Terms, or any breach thereof, whether in contract, tort (including negligence), or otherwise, shall be limited to the total fees paid by the Customer to the Business for the specific Training Service which gave rise to the claim in the three (3) months preceding the event causing the liability.
The Business shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, loss of data, loss of business opportunity, or interruption of business, even if the Business has been advised of the possibility of such damages, unless such exclusion is prohibited by applicable Malaysian law.
Nothing in these Terms shall limit or exclude the Business's liability for:
●Death or personal injury caused by its negligence;
●Fraud or fraudulent misrepresentation;
●Any breach of the terms implied by Section 53, 54, or 55 of the Consumer Protection Act 1999 (regarding reasonable care and skill, fitness for purpose, and time of completion for services), where exclusion would be contrary to law; or
●Any other liability which cannot be excluded or limited under Malaysian law, including the Consumer Protection Act 1999. Part IIIA of the CPA 1999 addresses unfair contract terms, and Section 61 explicitly states "No contracting out" of the Act's provisions.
1.10. Termination of Services
●Termination by Customer: The Customer may cancel their enrollment in a Training Service subject to the terms outlined in the Cancellation & Refund Policy.
●Termination by the Business: The Business reserves the right to suspend or terminate a Customer's access to the Services, wholly or in part, with or without prior notice, if the Customer:
○Breaches any material term of these Terms and Conditions;
○Fails to make due payment for the Services;
○Engages in any unlawful activity or conduct that the Business deems harmful to its operations, reputation, or other users;
○Provides false or misleading registration information.
In the event of termination by the Business for cause (due to the Customer's breach), the Customer will not be entitled to any refund of fees paid, except as may be strictly required by law. The grounds for termination by the Business must be reasonable and clearly articulated. Arbitrary termination rights, or clauses that allow termination by the Business without good cause, could be challenged as unfair contract terms under the CPA 1999, which aims to prevent significant imbalances in contractual rights.
1.11. Disclaimers
The Business endeavors to provide accurate, up-to-date, and high-quality Training Services. However, unless expressly stated otherwise:
●The Business does not warrant that the content of the Training Services will be entirely error-free, complete for every individual's specific needs, or that all information will always be current. The materials are provided on an "as is" and "as available" basis.
●The Training Services are provided for educational and informational purposes only and do not constitute professional advice (e.g., legal, financial, medical, psychological advice), unless the specific training is explicitly marketed and delivered as such by appropriately qualified professionals. Customers should seek independent professional advice tailored to their specific circumstances where necessary.
●The Business makes no guarantees regarding specific outcomes, results, or success from participation in the Training Services. Individual results depend on various factors, including the Customer's effort, application of learned concepts, and external circumstances.
1.12. Governing Law and Dispute Resolution
These Terms and Conditions, and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims), shall be governed by and construed in accordance with the laws of Malaysia.
The parties agree to attempt to resolve any dispute arising hereunder amicably through mutual negotiation. If the dispute cannot be resolved through negotiation within thirty (30) days, the parties will consider mediation before resorting to other dispute resolution mechanisms.
For consumer claims that fall within the jurisdiction of the Tribunal for Consumer Claims Malaysia ("TCCM") (currently for claims up to RM50,000 relating to goods or services supplied to a consumer), the Customer has the right to file a claim with the TCCM. The TCCM offers an accessible and low-cost avenue for consumer redress.
Subject to the foregoing, and for disputes not resolved by negotiation, mediation, or not falling under the TCCM's jurisdiction, the parties irrevocably submit to the exclusive jurisdiction of the courts of Malaysia. Specifying Malaysian law and courts provides certainty, particularly for online services that might be accessed from various locations. Given the Business's location in Malaysia and its primary target market, Malaysian jurisdiction is appropriate. Attempting to force all consumer disputes into potentially costly arbitration, thereby bypassing the TCCM, might be viewed as an unfair contract term.
1.13. Amendments to Terms and Conditions
The Business reserves the right to amend, modify, or update these Terms at any time. Any material changes to these Terms will be communicated to Customers by posting a notice on the Platform and sending an email to the registered email address. The "Last Updated" date at the bottom of these Terms will indicate when revisions were made.
The Customer's continued use of the Services after the notification of such changes shall constitute their acceptance of the amended Terms. It is recommended that Customers review these Terms periodically.
1.14. Contact Information
For any questions, concerns, or clarifications regarding these Terms and Conditions, please contact the Business at:
Email: [email protected]
Phone: +60169488854
Address: Suite 2-5-5, 5th floor, Menara KLH Business Centre, No.2 Jalan Kasipillay,51200 Kuala Lumpur.
PART 2: CANCELLATION & REFUND POLICY
This Cancellation & Refund Policy ("Policy") should be read in conjunction with the main Terms and Conditions. It details the procedures and conditions for cancellation of Training Services purchased from WSK Consultancy Sdn. Bhd. ("the Business") and the circumstances under which refunds may be issued, with specific adherence to Malaysian consumer protection laws.
2.1. Your Right to Cancel (Future Services Contract)
The Training Services offered by the Business, when paid for in advance for provision at a future date or over a period of time, are generally considered "future services contracts" within the meaning of Section 17 of the Consumer Protection Act 1999 ("CPA 1999"). Section 17 grants consumers specific rights regarding the cancellation of such contracts. The types of services listed under the Consumer Protection (Future Services Contract) (Amendment) Order 2014, such as "Tuition class in accordance with curriculum or module" and various "Personal skill development" classes (e.g., cooking, music, language, computer classes), strongly indicate that most online training courses offered by the Business will fall under this definition.
Therefore, the Customer has a statutory right under the CPA 1999 to cancel a future services contract at any time before the full provision of the Training Service. This right is significant and often overrides contractual "no cancellation" or "no refund" clauses that are inconsistent with Section 17. Many businesses, particularly smaller enterprises, may be unaware of these provisions, leading to policies that are not compliant with Malaysian law.
2.2. How to Cancel
To exercise the right to cancel, the Customer must communicate their intention to cancel to the Business. While Section 17 of the CPA 1999 states that cancellation may be communicated by "words or conduct" and takes effect from the time of such communication, the Business strongly recommends that Customers submit their cancellation request in writing for clarity and record-keeping purposes. This helps both parties avoid disputes regarding the date and fact of cancellation.
Cancellation requests should be sent to: Suite 2-5-5, 5th floor, Menara KLH Business Centre, No.2 Jalan Kasipillay, 51200 Kuala Lumpur.
Email: [email protected]
To process the cancellation efficiently, the Customer should provide the following information:
●Full Name
●Registered Email Address
●Name of the Training Course to be cancelled
●Date of Purchase/Enrollment
●Reason for cancellation (optional, but helpful for service improvement)
2.3. Refund Eligibility upon User Cancellation (Charges Permitted under CPA Section 17)
Upon cancellation of a future services contract by the Customer in accordance with Section 17 of the CPA 1999, the Business is entitled to charge the Customer ONLY ONE of the following amounts, as stipulated in Section 17(1)(b) of the CPA 1999:
●(i) Five per cent (5%) of the full contract price of the Training Service; OR
●(ii) The cost of any goods the Customer has used or is keeping. (This might apply if, for example, the Training Service included physical workbooks, non-returnable software licenses with a separately itemized cost, or other tangible materials provided to the Customer which cannot be returned or have been consumed); OR
●(iii) The portion of the full contract price representing the Training Services already received or utilized by the Customer. (For example, if a course consists of multiple modules or sessions, this would be a pro-rata calculation based on the modules accessed, live sessions attended, or portion of time-based access utilized up to the point of cancellation).
The Business will determine which of the above three options is applicable and most appropriate in the circumstances. The Customer will not be charged more than one of these amounts. These limitations on cancellation charges are very consumer-friendly and mean that businesses cannot impose arbitrary or excessive cancellation penalties.
The Business must refund to the Customer any amount paid that exceeds the permissible charge (as calculated above) within fourteen (14) days from the date of cancellation, as mandated by Section 17(2) of the CPA 1999.22 For the Business to accurately calculate any pro-rata amount for "services received," it needs a fair, transparent, and auditable method, such as tracking module completion, live session attendance records, or platform access logs. The basis for such calculation should be clear to avoid disputes.
2.4. Processing Refunds
Eligible refunds will be processed by the Business as follows:
●For cancellations, refunds will be processed within fourteen (14) calendar days from the date the cancellation is effective and the Business has confirmed the refundable amount.
●Refunds will generally be made using the same method of payment originally used by the Customer, unless otherwise agreed.
●The Business may require the Customer to provide bank account details or other necessary information to facilitate the refund process.
2.6. Exceptions / Non-Refundable Circumstances
This Policy primarily outlines rights to cancellation and refund as provided under Malaysian law, particularly the CPA 1999. Given these strong consumer protections, especially Section 17 for future services contracts and the implied guarantees for service quality, circumstances where a refund is entirely denied must be very limited and legally justifiable.
A refund may generally not be available if:
●The Customer has fully completed the Training Service and received all associated materials and benefits, and the Service was provided in accordance with the terms and to an acceptable quality, and the refund request is based merely on a change of mind after completion (unless a specific satisfaction guarantee was offered separately by the Business).
●The cancellation request pertains to a service that does not fall under the definition of a "future services contract" (e.g., a one-off consultation service fully rendered and consumed immediately), and the service was provided satisfactorily.
PART 3: PRIVACY POLICY
Effective Date: 20 May 2025
3.1. Our Commitment to Your Privacy
WSK Consultancy Sdn. Bhd. (Business Registration No.:) ("the Business," "we," "us," "our") is committed to protecting the privacy and security of the personal data of our customers ("Customer," "user," "they," "them"). This Privacy Policy ("Policy") explains how we collect, use, disclose, process, and protect Personal Data in accordance with the Malaysian Personal Data Protection Act 2010 ("PDPA") and its related regulations and standards, including the Personal Data Protection Standard 2015. An opening commitment to data protection sets a positive and compliant tone, reassuring users about the Business's approach to handling their information.
3.2. Scope of this Policy
This Policy applies to all Personal Data collected by the Business from Customers through our landing page or website ("the Platform"), during the payment process, in the course of providing our online training services ("Services"), and through any other interactions Customers may have with us. It is important for users to understand when and how this Policy applies to their data. The PDPA applies to organizations like the Business that process personal data in relation to commercial transactions within Malaysia.
3.3. Information We Collect About You
"Personal Data" refers to any information in our possession or control that relates directly or indirectly to an individual to the extent that the individual can be identified from that information, or from that and other information in our possession.
The types of Personal Data we may collect include, but are not limited to:
●Identity Data: Full name, identification card number (if necessary for specific regulatory purposes, otherwise avoid), passport number (if dealing with international customers or for specific verification).
●Contact Data: Email address, phone number, billing address, delivery address (if physical materials are sent).
●Transaction Data: Details about payments to and from you, and other details of Services you have purchased from us. We do not store full credit/debit card numbers; these are processed by our secure third-party payment gateway(s). We may retain partial card details (like the last four digits) or transaction identifiers for verification and record-keeping.
●Technical Data: Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Platform (often collected via cookies).
●Profile Data: Username and password (if account registration is required), purchases or orders made by you, your interests, preferences, feedback, and survey responses.
●Usage Data: Information about how you use our Platform and Services, such as courses enrolled in, progress, and interaction with course materials.
●Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.
●User-Generated Content: Any information you voluntarily provide, such as posts in forums, assignments submitted, or testimonials (with your consent for the latter).
Sensitive Personal Data: "Sensitive Personal Data" includes information as to the physical or mental health or condition of a data subject, political opinions, religious beliefs or other beliefs of a similar nature, the commission or alleged commission of any offence, or any other personal data as the Minister may determine by order published in the Gazette. We generally do not collect Sensitive Personal Data unless it is directly relevant to a specific Training Service (e.g., a health and wellness course where such information is voluntarily provided with explicit consent for a specified purpose). If we do need to collect Sensitive Personal Data, we will obtain your explicit consent prior to collection and processing. The PDPA has stricter requirements for handling Sensitive Personal Data, and the Business must accurately classify and manage any such data with heightened care.
3.4. How We Collect Your Information
We may collect Personal Data in the following ways:
●Directly from you: When you provide it to us by filling in forms on our Platform (e.g., registration, contact, payment forms), when you correspond with us by email, phone, or otherwise, when you register for a course, make a payment, participate in discussions or surveys, or provide feedback.
●Automatically: When you interact with our Platform, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We may collect this data by using cookies and other similar technologies. Please see Section 3.12 (Cookies and Other Tracking Technologies) for more details.
Transparency in collection methods is a core component of the PDPA's Notice and Choice Principle, ensuring users are aware of how their data is obtained.
3.5. How We Use Your Personal Data (Purposes)
We will only use your Personal Data for the purposes for which it was collected, or for other purposes which are directly related to those original purposes, or where permitted or required by law. The specific purposes for which we may use your Personal Data include:
●To register you as a new Customer and manage your account.
●To provide and deliver the Training Services you have purchased, including granting access to course materials, facilitating online sessions, and tracking progress.
●To process your payments for the Services.
●To communicate with you regarding your enrollment, service updates, technical support, responses to your inquiries, and to request feedback.
●To manage our relationship with you, which may include notifying you about changes to our Terms, Policies, or Services.
●To improve our Platform and Services, including through data analysis, research, and troubleshooting (where possible, using aggregated and anonymized data).
●For internal administrative and record-keeping purposes.
●To comply with our legal and regulatory obligations.
●For marketing and promotional purposes: To inform you about new courses, special offers, or other services that may be of interest to you, only if you have given us your explicit opt-in consent to receive such communications. You have the right to withdraw this consent at any time.
The PDPA's General Principle strictly enforces purpose limitation, meaning data collected for one purpose (e.g., course registration) cannot be used for an unrelated purpose (e.g., marketing for a different type of product) without separate, explicit consent.
3.6. Legal Basis for Processing (Consent)
Our primary legal basis for collecting and processing your Personal Data is your consent, which you provide when you agree to these Terms and this Privacy Policy, and specifically when you opt-in for particular processing activities (such as receiving marketing communications).
We may also process your Personal Data where it is necessary:
●For the performance of a contract to which you are a party (i.e., to provide you with the Training Services you have purchased).
●For compliance with a legal obligation to which we are subject.
Where we process Sensitive Personal Data (if applicable, as described in Section 3.3), we will always obtain your explicit consent for the specific purpose(s) of processing.
Minors: Our Services are generally not directed at individuals under the age of 18. If we intend to collect Personal Data from individuals under 18 years of age, we will obtain the consent of their parent or legal guardian before collecting and processing such Personal Data, in accordance with the PDPA. The Business must implement mechanisms to identify if users are minors and to manage parental consent if its services are likely to attract this age group.
While general acceptance of Terms (which incorporate this Privacy Policy) can signify consent for processing data essential for core service delivery, it is best practice to obtain separate, granular consent for non-essential processing activities, particularly marketing or the use of any sensitive data. This aligns with the PDPA's emphasis on informed and explicit consent.
3.7. Disclosure of Your Personal Data
We may disclose your Personal Data to the following categories of third parties for the purposes outlined in this Policy:
●Third-Party Service Providers (Data Processors): We engage third-party service providers to perform functions on our behalf. These may include payment gateway providers (to process payments securely), cloud hosting providers (to host our Platform and data), email marketing service providers (to send communications, with your consent), analytics providers, and customer support tool providers. These providers act as "data processors" and are contractually obligated to process your Personal Data only on our instructions and to implement appropriate security measures to protect it. We remain responsible for how they handle your data. The Business must have Data Processing Agreements (DPAs) in place with these providers.
●Professional Advisors: Our lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.
●Legal and Regulatory Authorities: If required by law, court order, or by any governmental or regulatory authority in Malaysia.
●Business Transfers: In the event of a sale, merger, consolidation, liquidation, reorganization, or acquisition of our business, your Personal Data may be transferred as part of the transaction, subject to appropriate confidentiality and data protection safeguards.
We will not sell, rent, or trade your Personal Data to any third parties for their own direct marketing purposes without your explicit prior consent. The PDPA's Disclosure Principle requires that data is not shared with third parties without consent, unless for the original purpose or as required by law. Transparency about the categories of third parties who may access data is a key part of informed consent.
3.8. Security of Your Personal Data
We are committed to taking reasonable and appropriate technical, physical, and administrative (organizational) measures to protect your Personal Data from loss, misuse, modification, unauthorized or accidental access or disclosure, alteration, or destruction, in compliance with the Security Principle of the PDPA and the Personal Data Protection Standard 2015 ("PDPS 2015").
These measures include, but are not limited to:
●Using Secure Socket Layer (SSL) or other encryption technologies for the transmission of sensitive information (e.g., payment details processed via our gateway).
●Storing Personal Data on secure servers with access controls.
●Implementing internal policies and procedures regarding data access, confidentiality, and security.
●Conducting regular security reviews and updates to our systems and practices.
●Ensuring staff awareness and training on data protection obligations.
●Implementing backup and disaster recovery systems.
The PDPS 2015 sets minimum requirements for data security. The Business should aim to meet these standards and continually assess risks. While we strive to protect your Personal Data, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. Recent PDPA amendments and guidelines emphasize data breach notification , making robust security practices and preparedness even more critical.
3.9. Retention of Your Personal Data
We will retain your Personal Data only for as long as it is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements, or for the establishment, exercise, or defense of legal claims. This is in accordance with the Retention Principle of the PDPA and the PDPS 2015.
The criteria used to determine our retention periods include:
●The duration of your relationship with us as a Customer.
●The purposes for which we process your Personal Data.
●The length of time Personal Data is required for operational or business purposes.
●Applicable legal or regulatory data retention requirements (e.g., tax laws, company laws).
●Statutory limitation periods for potential legal claims.
When your Personal Data is no longer required for these purposes, we will take reasonable steps to securely destroy, delete, or permanently anonymize it in accordance with our internal policies and applicable laws. The PDPA requires active management of data lifecycles, not indefinite storage, to minimize risks associated with over-retention.
3.10. Accuracy of Your Personal Data (Data Integrity)
We will take reasonable steps to ensure that the Personal Data we collect and process is accurate, complete, not misleading, and kept up-to-date, having regard to the purpose (including any directly related purpose) for which the Personal Data was collected and is to be processed. This aligns with the Data Integrity Principle of the PDPA and the PDPS 2015.
We encourage you to help us keep your Personal Data accurate by promptly informing us of any changes to your information (e.g., change of email address, phone number). You may be able to update some of your information through your account portal on the Platform (if available) or by contacting us as detailed in Section 3.16. Maintaining data integrity is an ongoing process, involving both the Business's efforts and the Customer's cooperation.
3.11. Your Rights as a Data Subject
Under the PDPA, you have certain rights in relation to your Personal Data. We are committed to upholding these rights. Subject to certain exceptions and conditions as provided under the PDPA, your rights include :
Table 3: Your Rights Under the PDPA 2010
Your Right Brief Description of the Right How to Exercise this Right
Right to be Informed To be informed whether your Personal Data is being processed by or on behalf of the Business. This Privacy Policy serves as a general notice. Specific notices may be provided at the point of data collection.
Right to Access To request access to your Personal Data held by us and to obtain a copy of it. Contact us using the details in Section 3.16. We may charge a prescribed fee for processing access requests.
Right to Correct (Rectify) To request the correction of your Personal Data if it is inaccurate, incomplete, misleading, or not up-to-date. Contact us using the details in Section 3.16.
Right to Withdraw Consent To withdraw your consent to the processing of your Personal Data at any time, where processing is based on your consent. Withdrawal of consent may affect our ability to provide you with certain Services. Contact us using the details in Section 3.16.
Right to Prevent Processing Likely to Cause Damage or Distress To request, by notice in writing, that we cease or not begin processing your Personal Data if such processing is causing or is likely to cause substantial unwarranted damage or distress to you or another person. Contact us using the details in Section 3.16.
Right to Prevent Processing for Direct Marketing To request, by notice in writing, that we cease or not begin processing your Personal Data for direct marketing purposes. Contact us using the details in Section 3.16, or use the "unsubscribe" link in marketing emails.
Right to Data Portability (Note: This right may be subject to future amendments to the PDPA coming into force ) To receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit it to another data user, where processing is based on consent or contract and is carried out by automated means. Subject to this right being fully enacted and applicable. Contact us for updates.
To exercise any of these rights, please contact our Data Protection Officer (or designated contact person) using the details provided in Section 3.16. We will respond to your request within the timeframes stipulated by the PDPA (e.g., within 21 days for access requests, which may be extended by a further 14 days if necessary and you are notified). We may require you to provide further information to verify your identity before processing your request.
3.12. Cookies and Other Tracking Technologies
Our Platform may use "cookies" and similar tracking technologies (such as web beacons or pixels) to enhance your user experience, analyze site traffic, and for other purposes such as marketing (with your consent). Cookies are small text files placed on your device when you visit a website.
●Types of Cookies We May Use:
○Strictly Necessary Cookies: Essential for the operation of our Platform (e.g., to enable you to log in, use a shopping cart). These do not require consent.
○Performance/Analytical Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our Platform. This helps us improve the way our Platform works.
○Functionality Cookies: Used to recognize you when you return to our Platform, enabling us to personalize content and remember your preferences.
○Targeting/Advertising Cookies: Record your visit to our Platform, the pages you have visited, and the links you have followed. We may use this information to make our Platform and advertising displayed on it more relevant to your interests.
●Your Choices Regarding Cookies: When you first visit our Platform, you will be presented with a cookie consent banner or tool that allows you to accept or manage your preferences for non-essential cookies. You can also typically manage cookie preferences through your browser settings. However, disabling certain cookies may affect the functionality of the Platform.
Since cookies can collect Personal Data (e.g., IP address, browsing history), obtaining explicit consent for their use, particularly for non-essential cookies like those used for analytics and advertising, is crucial for PDPA compliance. A clear notice and an opt-in mechanism (rather than opt-out) for such cookies are required.
3.13. Third-Party Websites
Our Platform may contain links to other websites operated by third parties. This Privacy Policy applies only to our Platform and Services. We are not responsible for the privacy practices of these third-party websites. We encourage you to read the privacy policies of any third-party website you visit. This is a standard clause to clarify the scope of the Business's responsibility.
3.14. International Data Transfers
Your Personal Data may be transferred to, stored, or processed in a country outside of Malaysia if, for example, our third-party service providers (such as cloud hosting or email marketing services) are based overseas.
If we transfer your Personal Data out of Malaysia, we will take appropriate steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. This may include ensuring that the recipient country has adequate data protection laws, obtaining your explicit consent for the transfer, or implementing contractual safeguards (such as Standard Contractual Clauses, if applicable) with the third-party recipient to ensure they protect the Personal Data. The PDPA has specific requirements governing cross-border data transfers, and the Business must assess its data flows and ensure compliance if international transfers occur.
3.15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technological advancements. We will notify you of any material changes by posting the updated Policy on our Platform and updating the "Effective Date" at the top of this Policy. We may also notify you via email or other direct communication. We encourage you to review this Policy periodically to stay informed about how we are protecting your Personal Data. If changes to this Policy materially alter how we collect, use, or share your Personal Data, we will seek your fresh consent where required by law.
3.16. How to Contact Us (Data Protection Queries)
If you have any questions or concerns about this Privacy Policy, our data protection practices, or if you wish to exercise any of your rights as a data subject, please contact our Data Protection Officer (DPO) / Designated Contact Person at:
WSK Consultancy Sdn. Bhd.
Attn: Data Protection Officer
Email: [email protected]
Phone: 0323812322