Privacy Policy

CertTulen Academy (SSM Registration No. 202503317226), a business registered in Malaysia, is the data controller responsible for your personal data collected through our website, training programmes, and related services. This Privacy Policy is issued in compliance with the Malaysian Personal Data Protection Act 2010 (PDPA).

We collect the following categories of personal data:

• Identity & contact data: name, email address, phone number, company name, job title, and country of residence.
• Transaction data: course enrolments, invoice details, and payment confirmations. We do not store full credit or debit card numbers; payment processing is handled by our licensed payment gateway.
• Learning data: attendance records, assessment results, and certification progress where applicable.
• Technical data: IP address, browser type, device information, and basic usage analytics gathered through cookies and similar technologies.

We use your personal data to:

• Process enrolments, payments, and issue receipts and certificates.
• Deliver training, lab access, and learner support.
• Communicate course updates, schedule changes, and (where you have opted in) marketing about new programmes.
• Comply with our legal, tax, and regulatory obligations under Malaysian law, including HRD Corp claim documentation where applicable.
• Improve our website, services, and learner experience.

Online payments are processed through licensed third-party payment gateways authorised to operate in Malaysia under Bank Negara Malaysia oversight. When you make a payment, your card and banking details are submitted directly to the gateway and are not stored on CertTulen's servers. The gateway acts as an independent data processor and is bound by its own privacy policy and PCI-DSS compliance obligations.

We may share your personal data with:

• Microsoft Corporation and Pearson VUE, where required for certification voucher issuance, lab access provisioning, or examination registration.
• HRD Corp and our licensed HRD Corp provider partner, where you are claiming training under SBL-Khas funding.
• Authorised service providers (hosting, email, payment, and analytics) bound by confidentiality obligations.
• Government authorities where disclosure is required by Malaysian law.

We do not sell your personal data to any third party.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Financial and tax records are retained for a minimum of seven (7) years in accordance with Malaysian tax law.

Subject to the Personal Data Protection Act 2010, you have the right to access your personal data, request correction of inaccurate data, withdraw consent for marketing communications, and lodge a complaint regarding the handling of your data. To exercise any of these rights, please contact us at the address below.

Our website uses essential cookies to enable core functionality and may use analytics cookies to understand site usage. You can disable cookies through your browser settings, though some features of the site may not function correctly as a result.

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. However, no method of transmission over the internet is fully secure, and we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. The revised version will be posted on this page with an updated "Last updated" date.

For any questions about this Privacy Policy or to exercise your rights under PDPA, please contact us at hello@certtulen.com.