Privacy Policy – TutorialXpress.my

Effective Date: June 1, 2025

At TutorialXpress.my, we are committed to protecting your personal data and respecting your privacy in accordance with Malaysia’s Personal Data Protection Act 2010 (PDPA) and its recent amendments effective June 1, 2025. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our e-learning platform.

1. Personal Data We Collect

We may collect the following types of personal data from you:

Identification information (name, date of birth)
Contact details (email address, phone number)
Account credentials (username, password)
Payment information (billing address, credit card details)
Usage data (course progress, device information, IP address)
Communications (messages, feedback, support requests)

We collect data directly from you when you register, purchase courses, or communicate with us, and automatically through cookies and tracking technologies.

2. Purpose of Processing Your Data

Your personal data is processed for the following purposes:

To provide and manage your access to our courses and services
To process payments and prevent fraud
To communicate important updates, support, and marketing (with your consent)
To comply with legal obligations including PDPA requirements
To improve our platform and personalize your learning experience
To detect and respond to security incidents or data breaches

3. Legal Basis for Processing

We process your personal data based on:

Your consent, where applicable
The necessity to perform a contract with you (e.g., course enrollment)
Compliance with legal obligations under Malaysian law
Legitimate interests, such as improving our services and ensuring security

4. Data Protection Officer (DPO)

In compliance with the PDPA Amendment Act 2024, we have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and compliance.

You may contact our DPO at: hai @ tutorialxpress.my

5. Data Sharing and Disclosure

We do not sell or rent your personal data to third parties. We may share your data with:

Trusted service providers who assist us in operating the platform (e.g., payment processors, hosting services) under strict confidentiality and security agreements
Legal authorities when required by law or to protect our rights
Other third parties only with your explicit consent

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction, including encryption, access controls, and regular security assessments.

7. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this Policy and to comply with legal obligations. When no longer needed, your data will be securely deleted or anonymized.

8. Your Rights Under PDPA

You have the right to:

Access and obtain a copy of your personal data we hold
Request correction of inaccurate or incomplete data
Withdraw consent where processing is based on consent
Request data portability where applicable
Lodge complaints with the Personal Data Protection Commissioner if you believe your data has been mishandled

9. Data Breach Notification

In accordance with the new PDPA breach notification requirements effective June 2025, we will notify the Personal Data Protection Commissioner and affected users promptly if a data breach occurs that is likely to cause significant harm.

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze site usage. You can manage your cookie preferences through your browser settings.

11. International Data Transfers

If your data is transferred outside Malaysia, we ensure it is protected by adequate safeguards consistent with PDPA requirements.

12. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in laws or our practices. We encourage you to review it periodically.