Privacy Notice
Personal Data Protection Notice for Hypnosis and Training Solutions (M) Sdn Bhd (759055-T)
Effective Date: 6 September 2018
Hypnosis and Training Solutions (M) Sdn Bhd ("the Company") is committed to protecting your personal data and privacy. This Notice outlines how we collect, use, disclose, and process your personal data in accordance with the Malaysian Personal Data Protection Act 2010 ("PDPA") and other applicable laws and regulations, including but not limited to the General Data Protection Regulation (EU) 2016/679 ("GDPR") where applicable.
We may update this Notice from time to time. We will notify you of any material changes by posting the updated Notice on our website and/or through other appropriate communication channels, such as email. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Notice.
1. Definitions
For the purposes of this Notice:
-
"Personal data" means any information relating to you, which is capable of identifying you, directly or indirectly, and which was collected or provided to the Company for the purposes stated in Section 2.
-
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
-
"Sensitive personal data" means any personal data consisting of information as to the data subject's religious belief, political opinion, health or condition, physical or mental, sexual life, the commission or alleged commission of any offence or any other personal data as the Minister may prescribe, or as defined under applicable data protection laws.
2. Collection of Personal Data
We collect personal data from various sources, including:
-
Directly from you: When you provide information to us through application forms, registration forms, agreements, surveys, and other similar forms, whether in physical or electronic format.
-
Indirectly from you: When you interact with our website, use our services, or participate in our events. This may include information collected automatically through cookies and similar technologies.
-
From third parties: We may receive your personal data from third parties, such as parents, guardians, recruitment agents, business partners, public agencies, and other sources where you have consented to the disclosure of your data to us or where such disclosure is permitted by law.
3. Types of Personal Data
The personal data we collect and process may include, but is not limited to, the following:
-
Identification and contact information: Name, national registration identity card (NRIC) number, passport number, date of birth, gender, address, email address, telephone number, and other contact details.
-
Academic and professional information: Previous examination results, academic records, qualifications, employment history, and other related information.
-
Financial information: Bank account details, payment information, and other financial information relevant to transactions with us.
-
Sensitive personal data: We only collect and process sensitive personal data (such as information relating to religious belief and health) if:
-
You have given your explicit consent; or
-
The processing is necessary for the purposes permitted under the PDPA and other applicable laws.
-
-
Usage and technical information: IP address, browser type, operating system, website usage data, and other technical information collected through cookies and similar technologies.
-
Audio-visual information: Photographs, video recordings (including CCTV recordings), and voice recordings.
-
Location data: Location tracking or GPS information, when relevant to the provision of our services and with your consent, where required.
-
Marketing and communication preferences: Your preferences for receiving marketing communications from us.
4. Purposes of Processing Personal Data
We process your personal data for various purposes, including but not limited to, the following:
-
For students and potential students:
-
To process your application for admission and provide educational services;
-
To manage your academic records and assess your academic performance;
-
To facilitate placements, internships, or attachments;
-
To administer tuition fees and other payments;
-
To manage your use of our facilities and events;
-
To ensure the safety and security of our facilities;
-
To conduct internal marketing analysis, student profiling, and research;
-
To comply with our legal and regulatory obligations, including those related to international students;
-
To contact you regarding products, services, upcoming events, promotions, advertising, marketing, and commercial materials, where you have provided your consent;
-
To improve our website and services;
-
For the Company’s internal records management.
-
-
For parents/guardians of students and potential students:
-
To process student applications for admission;
-
To communicate with you in case of emergencies;
-
To provide you with updates on student progress, tuition fees, and other payments;
-
To conduct internal marketing analysis and student profiling;
-
To comply with our legal and regulatory obligations;
-
To contact you regarding products, services, upcoming events, promotions, advertising, marketing, and commercial materials, where you have provided your consent;
-
To improve our website and services;
-
For the Company’s internal records management.
-
-
For clients/customers and potential clients/customers:
-
To provide you with information, products, or services that you request;
-
To communicate with you regarding our products, services, events, and marketing activities, where you have provided your consent;
-
To improve our products and services;
-
To conduct internal marketing analysis and consumer profiling;
-
To notify you about changes to our products and services;
-
To improve our website and services;
-
To comply with our legal and regulatory obligations;
-
For the Company’s internal records management.
-
-
For vendors, suppliers, and service providers:
-
To manage and administer commercial transactions;
-
To process payments, including cross-border payments;
-
For internal investigations, audits, and security purposes;
-
To comply with our legal and regulatory obligations, including international trade regulations;
-
To communicate with you regarding our products, services, events, and marketing activities, where you have provided your consent;
-
To improve our website and services;
-
For the Company’s internal records management.
-
5. Disclosure and Transfer of Personal Data
We may disclose or transfer your personal data to the following categories of third parties (within or outside of Malaysia) for the purposes described in Section 4, or as required or permitted by law:
-
Entities within the Company and its related entities, including subsidiaries, holding companies, associated companies, and affiliates, including those located in other countries.
-
Our authorized employees, contractors, service providers, and professional advisors, such as auditors, lawyers, company secretaries, consultants, IT service providers, and other parties who provide services on our behalf, including those located in other countries.
-
Educational institutions, accreditation bodies, and examination boards, where applicable, including international institutions.
-
Government authorities, regulatory bodies, law enforcement agencies, and courts, as required by law, including foreign authorities.
-
Sponsors, parents, or guardians, where applicable and with consent, if required.
-
Third parties involved in mergers, acquisitions, or other corporate transactions, where such disclosure is necessary for the transaction, including international transactions.
-
Other third parties to whom you have consented to disclosure.
We will take reasonable steps to ensure that any third parties who receive your personal data are bound by confidentiality obligations and are required to protect your personal data in accordance with the PDPA, GDPR, and other applicable data protection laws and this Notice. This includes implementing appropriate safeguards such as:
-
Data transfer agreements with standard contractual clauses approved by the relevant authorities.
-
Ensuring that the recipient country has an adequate level of data protection as recognized by relevant authorities.
-
Obtaining your explicit consent for the transfer, where required by law.
6. Data Retention
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations, including those in other jurisdictions. We will then securely dispose of your personal data when it is no longer needed.
7. Your Rights
Under the PDPA, GDPR, and other applicable data protection laws, you have certain rights regarding your personal data, including the right to:
-
Access your personal data held by us;
-
Correct any inaccurate or incomplete personal data;
-
Withdraw your consent to the processing of your personal data, where processing is based on consent;
-
Object to the processing of your personal data for certain purposes, such as direct marketing;
-
Restrict the processing of your personal data in certain circumstances;
-
Erase your personal data in certain circumstances;
-
Portability: To receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where the processing is based on consent or contract and carried out by automated means;
To exercise your rights, please contact us using the contact details provided in Section 9. We may require you to verify your identity before processing your request. We will respond to your request within the timeframes specified by applicable laws.
8. Security of Personal Data
We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, use, disclosure, alteration, or destruction. These measures include:
-
Limiting access to your personal data to authorized personnel on a need-to-know basis;
-
Using secure servers and storage technologies, including those located in secure data centres;
-
Implementing encryption and other security technologies to protect data during transmission and storage, including across international borders;
-
Maintaining physical, electronic, and procedural safeguards;
-
Providing regular training to our staff on data protection best practices, including compliance with international data protection laws;
-
Conducting regular security assessments and audits.
However, please note that no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach, we will comply with all notification requirements under applicable laws, including notification to supervisory authorities and affected individuals, where required.
9. Contact Us
If you have any questions, concerns, or requests regarding this Notice or the processing of your personal data, or if you wish to exercise your rights under the PDPA, GDPR, or other applicable data protection laws, please contact us at:
Hypnosis & Training Solutions (M) Sdn Bhd
807 Block B, Phileo Damansara 1
16/11, Off Jalan Damansara
Section 16, 46350 Petaling Jaya
Selangor Darul Ehsan, Malaysia
Tel: + (60) 3 7960 6449
Email: privacy@lcch.asia
Data Protection Officer:
We have appointed a Data Protection Officer to oversee our data protection compliance. The Data Protection Officer can be contacted at the address and email provided above.
10. Cookies and Other Tracking Technologies
Our website may use cookies and other tracking technologies to collect certain information automatically. This information may include your IP address, browser type, operating system, and website usage patterns.
We use cookies to:
-
Improve the functionality and performance of our website;
-
Personalize your experience, including language preferences and content;
-
Analyze website traffic and usage, including from different regions;
-
Support our marketing and advertising efforts, where you have consented to such tracking;
-
To comply with legal obligations, including consent management requirements under the GDPR.
You can manage your cookie preferences through your browser settings. However, please note that disabling certain cookies may affect your ability to use some features of our website. We will provide you with clear information about the types of cookies we use and obtain your consent where required by applicable law, including the GDPR.
11. Cross-Border Transfer of Personal Data
Your personal data may be transferred to and processed in countries outside of Malaysia. These countries may have data protection laws that differ from the laws of Malaysia, and in some cases, may not offer the same level of protection.
We will take reasonable steps to ensure that your personal data is protected in accordance with the PDPA, GDPR, and this Notice when it is transferred outside of Malaysia. This may include:
-
Transferring your data to countries that have been recognized by the relevant authorities (including the European Commission) as providing an adequate level of protection for personal data;
-
Entering into contracts with the recipients of your data that include standard contractual clauses approved by the relevant authorities (including the European Commission's Standard Contractual Clauses);
-
Obtaining your explicit consent for the transfer, where required by law;
-
Implementing other appropriate safeguards permitted under applicable law.
12. Language
This Notice is issued in both English and Bahasa Malaysia. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail. To the extent required by applicable law, we will also provide this Notice in other languages.
13. Consent
By providing your personal data to us, you consent to the processing of your personal data in accordance with this Notice. If you do not consent to the processing of your personal data as described in this Notice, please do not provide your personal data to us.
14. Automated Decision-Making
We do not use your personal data for automated decision-making that produces legal effects concerning you or similarly significantly affects you, unless such processing is necessary for entering into, or performance of, a contract between you and us, is authorized by law, or is based on your explicit consent.
15. Specific Provisions for the European Economic Area (EEA)
If you are located in the European Economic Area (EEA), the following provisions apply to our processing of your personal data in addition to the general provisions of this Notice:
-
Legal Basis for Processing: We will only process your personal data when we have a legal basis to do so under the GDPR. The legal bases for processing your data may include:
-
Consent: You have given your consent to the processing of your personal data for one or more specific purposes.
-
Contract: The processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
-
Legal Obligation: The processing is necessary for compliance with a legal obligation to which we are subject.
-
Legitimate Interests: The processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data.
-
-
Your Rights: In addition to the rights outlined in Section 7, you have the following rights under the GDPR:
-
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
-
-
Data Protection Officer: Our Data Protection Officer can be contacted using the details provided in Section 9.
16. Changes to this Notice
We may update this Notice from time to time to reflect changes in our data processing practices or legal obligations. We will notify you of any material changes by posting the updated Notice on our website and/or through other appropriate communication channels, such as email. We will also update the "Effective Date" at the top of this Notice. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Notice.