Introduction

IBFIM is committed to protecting the privacy and personal data of individuals in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This policy explains how we collect, use, disclose and protect personal data, ensuring compliance with the PDPA guidelines.

Scope

This Personal Data Protection Policy applies to all personal data processed by IBFIM in the context of its services, including training, consultancy and other business operations. It covers, among others, the data of clients, students, vendors, partners and employees.

Principles of Data Protection

IBFIM adheres to the following PDPA principles when handling personal data:

  • General Principle
    • Personal data is collected, used and disclosed only with the individual’s consent and for lawful purposes directly related to our functions.
  • Notice and Choice Principle
    • Individuals are notified of the purpose of data collection and given the choice of whether or not to provide their personal data.
  • Disclosure Principle
    • Personal data is not disclosed to third parties without the individual’s consent unless required by law
  • Security Principle
    • Reasonable measures are taken to protect personal data from loss, misuse, modification, unauthorised or accidental access or disclosure.
  • Retention Principle
    • Personal data is retained only for as long as it is needed for the purposes for which it was collected or as required by law.
  • Data Integrity Principle
    • Personal data is kept accurate, complete and up-to-date.
  • Access Principle
    • Individuals have the right to access and correct their personal data.

Types of Personal Data Collected

IBFIM may collect and process the following types of personal data:

  • Identification Information: Name, NRIC number, gender, passport number.
  • Contact Information: Address, email address, phone number.
  • Employment Details: Occupation, employer, job title.
  • Education and Certification Data: Academic qualifications, training records, professional certifications.
  • Financial Information: Bank details, payment records (for transactions with IBFIM).
  • Images: Still or recording.
  • Other Relevant Information: Sensitive personal data and any Personally Identifiable Information (PII) defined by international privacy laws or standards.

Purpose of Data Collection

The personal data collected by IBFIM is used for the following purposes including but not limited to:

  • Providing and managing training programs, certifications and other educational services.
  • Responding to inquiries or requests from individuals.
  • Managing student and client records, including enrollment, attendance and progress reports.
  • Administering payments and transactions related to IBFIM services.
  • Sending promotional and marketing information (only where consent has been given).
  • Complying with legal and regulatory obligations.

Sources of Personal Data

IBFIM may obtain individuals personal data from the following sources including but not limited to application forms, website, business card, etc.

Data Disclosure

IBFIM will not disclose personal data to third parties except under the following
circumstances:

  • Where consent has been obtained from the individual.
  • Where required by law or by government authorities.
  • To third-party service providers engaged by IBFIM for processing personal data (e.g., for IT services, payment processing).

IBFIM will ensure that third parties who receive personal data from us will protect that data with appropriate safeguards.

Data Security

IBFIM takes reasonable precautions to safeguard personal data from unauthorised access, disclosure, modification or destruction. Security measures include:

  • Secure storage of personal data (electronic and physical).
  • Access controls to limit access to authorised personnel only.
  • Regular security assessments of our systems.

Despite these measures, individuals should be aware that the transmission of information via the internet is not entirely secure, and IBFIM cannot guarantee the absolute security of data transmitted to us.

Data Retention

IBFIM retains personal data only for as long as it necessary for the purpose for which it was collected or to comply with legal, regulatory or internal requirements. When personal data is no longer needed, IBFIM will take steps to securely delete or destroy it.

Rights of Data Subject

  • Request access to personal data
    • Individuals have the right to request for access to personal data processed by IBFIM on with reasonable notice.
  • Request correction of personal data
    • Individuals have the rights to request for correction and/or update personal data that is inaccurate, incomplete or outdated.
  • Limit processing of personal data
    • Individuals are entitled to limit IBFIM’s processing of personal data by expressly withdrawing the consent given previously, in each case, including for direct marketing purposes subject to any applicable legal restrictions, contractual conditions and within a reasonable time period.

Changes to Policy

IBFIM reserves the right to amend this Personal Data Protection Policy at any time. Any changes will be communicated through appropriate channels, such as our website or direct communication with affected individuals.

Consent

  • IBFIM will obtain the consent of individuals before or at the time of collecting their personal data, unless an exception under the PDPA applies. By interacting with IBFIM or providing personal data, individuals consent to the use of their data in accordance with this policy.
  • Where sensitive personal data is involved (e.g., health information, religion), explicit consent will be sought.