Effective Date: July 28, 2025
At HRD Easy (https://hrdeasy.webx.my/), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal data in compliance with the Personal Data Protection Act 2010 (“PDPA”) of Malaysia, as well as outlining your rights concerning your personal data.
By using the HRD Easy website and Service, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Scope of This Privacy Policy
This Privacy Policy applies to personal data collected by HRD Easy through your use of our website and AI-powered HRDC course creation service (collectively, the “Service”).
2. Principles of PDPA Compliance
We adhere to the following core principles of the PDPA 2010 in handling your personal data:
General Principle: We will obtain your consent for the collection and processing of your personal data.
Notice and Choice Principle: We will provide you with clear notice regarding the type of personal data collected, the purpose of collection, and your right to withdraw consent.
Disclosure Principle: We will not disclose your personal data for any purpose other than that for which it was collected, or for purposes directly related to it, without your consent, unless legally required.
Security Principle: We will take practical steps to protect your personal data from loss, misuse, modification, unauthorized or accidental access or disclosure, alteration, or destruction.
Retention Principle: We will not keep your personal data longer than is necessary for the fulfillment of the purpose for which it was collected.
Data Integrity Principle: We will take reasonable steps to ensure that personal data is accurate, complete, not misleading, and kept up-to-date.
Access Principle: You have the right to access and correct your personal data held by us.
3. Information We Collect
We collect various types of information for different purposes to provide and improve our Service to you.
3.1 Personal Data:
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). This may include, but is not limited to:
Email address
First name and last name
Company Name
Phone number
Payment information (processed by third-party payment gateways; we do not store full payment card details)
Any other information you voluntarily provide during account registration, support inquiries, or communication with us.
3.2 Usage Data:
We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
3.3 Data Inputted into the AI Service (User Content):
When you use our Service to generate HRDC course content, you will input text, instructions, and other data (“User Content”).
Important Note on AI Model Training: HRD Easy leverages third-party Large Language Models (LLMs) such as those from OpenAI (e.g., ChatGPT) and Google (e.g., Gemini) to power the content generation features of the Service. HRD Easy does NOT use your specific User Content to train or improve these underlying third-party AI models or any proprietary models. Your User Content is processed by these LLMs only for the purpose of generating responses and content for your direct use within the Service, in accordance with the data handling practices and privacy policies of the respective third-party providers. We recommend reviewing their privacy policies for more details on their data handling practices.
4. How We Use Your Information
HRD Easy uses the collected data for various purposes, consistent with the PDPA principles:
To Provide and Maintain the Service: Including to allow you to create and access your HRDC course materials.
To Manage Your Account: To manage your registration as a user of the Service and grant access to the functionalities available to registered users.
To Process Payments: To process your one-time payment for the Service.
To Communicate With You: To send you service updates, important notices, and respond to your inquiries or support requests.
To Improve Our Service: To understand how our users interact with the Service, so we can make improvements and offer new features (this involves aggregated and anonymized usage data, not your specific User Content).
For Security: To detect, prevent, and address technical issues or fraudulent activities.
To Comply with Legal Obligations: To meet any applicable laws, regulations, or legal processes in Malaysia or elsewhere.
5. Disclosure of Your Information
We may disclose your personal data in the following situations, always adhering to PDPA requirements:
Service Providers: We may share your personal data with third-party companies and individuals who provide services on our behalf (e.g., payment processing via Stripe or CHIP, website hosting, analytics providers, and third-party LLM providers like OpenAI and Google for content generation). These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Legal Requirements: We may disclose your Personal Data in the good faith belief that such action is necessary to:
Comply with a legal obligation (e.g., court order, subpoena).
Protect and defend the rights or property of HRD Easy.
Prevent or investigate possible wrongdoing in connection with the Service.
Protect the personal safety of users of the Service or the public.
Protect against legal liability.
Business Transfers: If HRD Easy is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
With Your Consent: We may disclose your personal data for any other purpose with your consent.
6. Data Retention
HRD Easy will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, and in accordance with the PDPA’s retention principles. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.
7. Data Security
The security of your data is important to us. We implement appropriate administrative, physical, and technical measures to safeguard your personal data against loss, misuse, unauthorized access, disclosure, alteration, and destruction, in compliance with the Security Principle of the PDPA. However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
8. Your Rights Under PDPA 2010 (Malaysia)
In accordance with the Personal Data Protection Act 2010, you have the following rights regarding your personal data:
Right to Access: You have the right to request access to your personal data held by us. We may charge a prescribed fee for this service.
Right to Correction: You have the right to request the correction of any inaccurate, incomplete, misleading, or outdated personal data.
Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your personal data at any time. Please note that withdrawing consent may affect your ability to use certain features of the Service.
Right to Prevent Processing for Direct Marketing: You have the right to request us to cease processing your personal data for the purposes of direct marketing.
Right to Prevent Processing Likely to Cause Damage or Distress: You have the right to request us to cease processing your personal data if such processing is likely to cause unwarranted substantial damage or substantial distress to you or another person.
To exercise any of these rights, please contact us using the contact details provided in Section 12. We will respond to your request within the timeframe prescribed by the PDPA.
9. International Data Transfer
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of Malaysia.
If you are located outside Malaysia and choose to provide information to us, please note that we transfer the data, including Personal Data, to Malaysia and process it there. We also utilize global third-party service providers (including LLM providers) whose servers may be located outside of Malaysia. By using the Service, you consent to the transfer of your information to these locations. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and the PDPA 2010.
10. Links to Other Websites
Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
11. Children’s Privacy
Our Service is not intended for use by individuals under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
12. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.