Legal

Privacy Policy

Last updated:  ·  Effective: 20 June 2025

This policy explains what personal data Nyxlearn collects, why we collect it, how it is used, and what rights you have in relation to it. It applies to visitors to our website at nyxlearn.blog and to people who enquire about or enrol in our courses. Questions about this policy can be sent to [email protected].

1. Who we are

The data controller for personal data processed under this policy is:

Nyxlearn
45 Jalan Pinang, 50450 Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3 2794 1568

Nyxlearn operates under Malaysian law. The primary applicable legislation is the Personal Data Protection Act 2010 (PDPA Malaysia). Where we serve individuals in the European Economic Area, the General Data Protection Regulation (GDPR) also applies and is reflected in our practices.

2. Data we collect and why

2.1 Enquiry and enrolment data

When you submit the contact form on our website, we collect your name, email address, and optionally your phone number and a message. This data is used to respond to your enquiry and, if you proceed to enrol, to administer your course place.

Legal basis: Legitimate interest (responding to an unsolicited enquiry); contract (administering an enrolment).

2.2 Course participation data

For enrolled participants we hold your name, contact details, assignment submissions, assessment results, and written feedback from tutors. For the Team Capability Programme we also hold the name of the employing organisation and details of the agreed scope.

2.3 Website usage data

If you accept analytics cookies, we collect information about pages visited, time on page, and approximate geographic location via analytics tools. This data is aggregated and is not used to identify individuals. See Section 5 for details on cookies.

2.4 Data we do not collect

We do not collect payment card data directly. If payment processing is required, it is handled by a third-party payment service provider and governed by their privacy policy. We do not collect sensitive personal data (race, religion, health information) and we do not knowingly collect data from persons under the age of 18.

3. How we use personal data

We do not use personal data for automated decision-making that produces legal or similarly significant effects. We do not sell personal data to third parties. We do not use enquiry data for marketing unless you have separately consented to receive communications from us.

4. Data sharing and third parties

We share personal data with third parties only where necessary:

For the Team Capability Programme, the employer organisation has access to session recordings and the written curriculum handover as part of the agreed scope. Individual participant assessment data is not shared with the employer without the participant's consent.

5. How long we keep data

Data type Retention period
Enquiry data (no enrolment)12 months from enquiry date
Enrolment and course participation records5 years from course completion
Financial and invoice records7 years (Malaysian statutory requirement)
Website analytics data26 months (aggregated)
Cookie consent records12 months

Data is deleted or anonymised at the end of the applicable retention period unless a legal obligation requires us to keep it longer.

6. Security measures

Personal data is stored on servers located in data centres with access controls, encryption at rest, and encrypted connections (TLS) for data in transit. Access to personal data within Nyxlearn is limited to staff who need it to perform their role.

In the event of a personal data breach that is likely to result in a risk to individuals' rights, we will notify the relevant authority and affected individuals as required under the PDPA Malaysia and, where applicable, GDPR within the timeframes those laws specify.

No system is entirely without risk. If you have concerns about a specific interaction, contact [email protected].

7. Cookies

We use strictly necessary cookies to operate the website and optional analytics and preference cookies where you have consented. The cookie modal displayed when you first visit the site allows you to accept or decline optional cookies.

Full details of the cookies we use, their purposes, and how to manage them are in our Cookie Policy.

8. Your rights

Under the PDPA Malaysia and, where applicable, GDPR, you have the following rights in relation to your personal data:

To exercise any of these rights, email [email protected] with your request. We will respond within 30 days. We may need to verify your identity before acting on a request.

9. Third-party links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and recommend you read their policies before providing any personal data to them.

10. Children's privacy

Our courses require a level of prior programming experience that is not generally found in persons under 18. We do not knowingly collect personal data from persons under 18. If you believe we have collected data from a minor, contact [email protected] and we will delete it.

11. Changes to this policy

We may update this policy when our practices change or when legal requirements change. Material updates will be communicated by posting the revised policy on this page with a new "Last updated" date. Continued use of our website or services after the update date constitutes acceptance of the revised policy.

12. Contact for data enquiries

For any questions about this policy or your personal data: