Privacy Policy

1. Introduction 

This Privacy Policy explains how Hexcel & Associates (the “Data User”, “we”, “us”, “our”) collects, uses, discloses, and protects your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. 

By accessing our website, submitting your information, or engaging with our services, you agree to the terms of this Privacy Policy. 

 

2. What Personal Data We Collect 

We may collect and process personal data including, but not limited to: 

Full name 

Contact details (email address, phone number) 

Company name, designation, and professional background 

Identification details (where required for certification or compliance) 

Payment and billing information (where applicable) 

Any other information you voluntarily provide through forms, registrations, or communications 

We only collect data that is relevant and necessary for the purposes outlined below. 

 

3. Purpose of Collection 

Your personal data is collected and used for the following purposes: 

Administering course registration and participation 

Delivering structured learning programs, professional certification, and accreditation-aligned learning experiences 

Processing and supporting certification, accreditation, compliance requirements, and maintaining the integrity of professional standards 

Facilitating required submissions to HRD Corp and/or relevant regulatory, certification, or accreditation bodies, where applicable 

Communicating program details, updates, and support 

Improving our programs, services, and participant experience 

We strictly limit the use of your personal data to what is necessary to deliver outcomes, certification, and compliance. 

 

4. Legal Basis for Processing 

We process your personal data based on: 

Your consent 

Performance of contractual obligations (e.g. program delivery) 

Compliance with legal and regulatory requirements 

 

5. Mandatory Personal Data 

Certain personal data is required for participation in our programs, certification processes, or regulatory compliance. 

Failure to provide such data may result in your inability to proceed with registration, participation, certification, or related services. 

 

6. Disclosure of Personal Data 

Your personal data will be treated as confidential. 

We may disclose your data only where necessary to: 

Government or regulatory authorities 
(e.g. HRD Corp or other statutory bodies) 

Training partners, facilitators, or accreditation bodies 
(strictly for program delivery, certification, and quality assurance) 

Professional advisors or service providers 
(e.g. IT, hosting, or administrative support—under strict confidentiality obligations) 

Where required by law or legal process 

We do not sell, rent, or freely share your personal data. 
Any disclosure beyond the above will require your prior written consent. 

 

7. Data Security 

We implement appropriate technical and organisational measures to safeguard your personal data, including: 

Encryption of sensitive data 

Secure storage systems 

Access control and authentication protocols 

Restricted access to authorised personnel only 

We apply a risk-based approach to data protection and continuously review our safeguards to meet evolving security standards. 

While we take reasonable steps to protect your data, no system is completely secure. 

 

8. Data Retention 

Your personal data will be retained only for as long as necessary to: 

Fulfil the purposes outlined in this policy 

Meet legal, regulatory, and accreditation requirements 

Resolve disputes and enforce agreements 

When data is no longer required, it will be securely deleted or anonymised. 

 

9. Your Rights 

Under the PDPA, you have the right to: 

Request access to your personal data 

Request correction of inaccurate or incomplete data 

Withdraw your consent to data processing 

Limit or object to certain uses of your data (where applicable) 

Withdrawal of consent may affect our ability to deliver services, including course participation, certification, or compliance-related submissions. 

To exercise your rights, contact us at: [email protected] 

We may require verification of your identity before processing your request. 
We will respond within a reasonable timeframe in accordance with applicable laws. 

 

10. Communication Preferences 

We may contact you regarding relevant programs, updates, or offerings. 

You may opt out of such communications at any time. 

 

11. Cookies and Website Usage 

Our website may use cookies or similar technologies to: 

Improve user experience 

Analyse website traffic and behaviour 

Optimise performance and content 

You may choose to disable cookies via your browser settings. 
However, some website functionality may be affected. 

 

12. Third-Party Links 

Our website may contain links to third-party websites. 

We are not responsible for the privacy practices or content of these external sites. 
We encourage you to review their privacy policies before providing any personal data. 

 

13. Cross-Border Data Transfers 

Where necessary, your personal data may be transferred, stored, or processed outside Malaysia (e.g. cloud services or international accreditation bodies). 

In such cases, we ensure that appropriate safeguards are in place to protect your data in accordance with PDPA requirements. 

 

14. Updates to This Policy 

We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements. 

The latest version will always be available on our website. Continued use of our services constitutes acceptance of any updates. 

 

15. Contact Information 

If you have any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact: 

Hexcel & Associates 
Email: [email protected]