Legal
Privacy Policy
Last updated: · Effective: 20 June 2025
This policy explains what personal data Nyxlearn collects, why we collect it, how it is used, and what rights you have in relation to it. It applies to visitors to our website at nyxlearn.blog and to people who enquire about or enrol in our courses. Questions about this policy can be sent to [email protected].
1. Who we are
The data controller for personal data processed under this policy is:
Nyxlearn45 Jalan Pinang, 50450 Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3 2794 1568
Nyxlearn operates under Malaysian law. The primary applicable legislation is the Personal Data Protection Act 2010 (PDPA Malaysia). Where we serve individuals in the European Economic Area, the General Data Protection Regulation (GDPR) also applies and is reflected in our practices.
2. Data we collect and why
2.1 Enquiry and enrolment data
When you submit the contact form on our website, we collect your name, email address, and optionally your phone number and a message. This data is used to respond to your enquiry and, if you proceed to enrol, to administer your course place.
Legal basis: Legitimate interest (responding to an unsolicited enquiry); contract (administering an enrolment).
2.2 Course participation data
For enrolled participants we hold your name, contact details, assignment submissions, assessment results, and written feedback from tutors. For the Team Capability Programme we also hold the name of the employing organisation and details of the agreed scope.
2.3 Website usage data
If you accept analytics cookies, we collect information about pages visited, time on page, and approximate geographic location via analytics tools. This data is aggregated and is not used to identify individuals. See Section 5 for details on cookies.
2.4 Data we do not collect
We do not collect payment card data directly. If payment processing is required, it is handled by a third-party payment service provider and governed by their privacy policy. We do not collect sensitive personal data (race, religion, health information) and we do not knowingly collect data from persons under the age of 18.
3. How we use personal data
- Course administration: managing enrolments, scheduling sessions, issuing completion records.
- Communication: responding to enquiries, sending pre-course information, notifying participants of cohort dates or changes.
- Assessment and feedback: tutors access participant submissions to provide individual written feedback.
- Website improvement: aggregated analytics data helps us understand which pages are useful and identify technical issues.
- Legal compliance: we retain certain records as required by Malaysian accounting and tax law.
We do not use personal data for automated decision-making that produces legal or similarly significant effects. We do not sell personal data to third parties. We do not use enquiry data for marketing unless you have separately consented to receive communications from us.
4. Data sharing and third parties
We share personal data with third parties only where necessary:
- Video conferencing and course delivery tools (e.g. the platform used for live sessions): participant names and email addresses are shared to grant access to session links.
- Analytics providers (if analytics cookies are accepted): aggregated, anonymised usage data only.
- Payment processors: name and contact details to the extent required to process a transaction.
- Legal or regulatory authorities: where required by Malaysian law or a valid legal process.
For the Team Capability Programme, the employer organisation has access to session recordings and the written curriculum handover as part of the agreed scope. Individual participant assessment data is not shared with the employer without the participant's consent.
5. How long we keep data
| Data type | Retention period |
|---|---|
| Enquiry data (no enrolment) | 12 months from enquiry date |
| Enrolment and course participation records | 5 years from course completion |
| Financial and invoice records | 7 years (Malaysian statutory requirement) |
| Website analytics data | 26 months (aggregated) |
| Cookie consent records | 12 months |
Data is deleted or anonymised at the end of the applicable retention period unless a legal obligation requires us to keep it longer.
6. Security measures
Personal data is stored on servers located in data centres with access controls, encryption at rest, and encrypted connections (TLS) for data in transit. Access to personal data within Nyxlearn is limited to staff who need it to perform their role.
In the event of a personal data breach that is likely to result in a risk to individuals' rights, we will notify the relevant authority and affected individuals as required under the PDPA Malaysia and, where applicable, GDPR within the timeframes those laws specify.
No system is entirely without risk. If you have concerns about a specific interaction, contact [email protected].
7. Cookies
We use strictly necessary cookies to operate the website and optional analytics and preference cookies where you have consented. The cookie modal displayed when you first visit the site allows you to accept or decline optional cookies.
Full details of the cookies we use, their purposes, and how to manage them are in our Cookie Policy.
8. Your rights
Under the PDPA Malaysia and, where applicable, GDPR, you have the following rights in relation to your personal data:
- Access: request a copy of the personal data we hold about you.
- Correction: request that inaccurate data is corrected.
- Erasure: request deletion of data we no longer have a lawful basis to hold (subject to statutory retention obligations).
- Portability: receive your data in a structured, commonly used format where the legal basis for processing is consent or contract.
- Objection: object to processing based on legitimate interests.
- Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Complaint: lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at pdp.gov.my.
To exercise any of these rights, email [email protected] with your request. We will respond within 30 days. We may need to verify your identity before acting on a request.
9. Third-party links
Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and recommend you read their policies before providing any personal data to them.
10. Children's privacy
Our courses require a level of prior programming experience that is not generally found in persons under 18. We do not knowingly collect personal data from persons under 18. If you believe we have collected data from a minor, contact [email protected] and we will delete it.
11. Changes to this policy
We may update this policy when our practices change or when legal requirements change. Material updates will be communicated by posting the revised policy on this page with a new "Last updated" date. Continued use of our website or services after the update date constitutes acceptance of the revised policy.
12. Contact for data enquiries
For any questions about this policy or your personal data:
- [email protected]
- +60 3 2794 1568
- 45 Jalan Pinang, 50450 Kuala Lumpur, Malaysia