Privacy Policy
1. Introduction
1.1This privacy policy (this "Policy") is issued by YEO ASHLEY & PARTNERS and its group of companies operating under the name of YEO ASHLEY (collectively, "the Group", "we", "us" or "our"). This Policy governs the collection, processing, management, usage and disclosure of your personal data and has been prepared in accordance with our obligations and your rights set out in the Personal Data Protection Act 2010 of Malaysia ("PDPA"). Please read this Policy carefully to understand how we are committed to protecting the privacy, confidentiality and security of your personal data.
1.2We are committed to protecting your personal data when you interact with us, including while using our website, attending our courses, seminars, workshops, webinars, or engaging our advisory services ("Services"). Therefore, we will ensure that the confidentiality and security of all personal data provided to us are fully protected at all times and may only be used by us in accordance with this Policy or where it is permitted under the laws.
1.3 In the event you do not provide us with some or all of the information requested by us or withdraw your consent given to us for collecting and using your personal data, we will be unable to provide or continue to provide you with our Services, including but not limited to access to our advisory services, courses, seminars, workshops, webinars, educational materials, and online resources. You acknowledge that refusal to provide certain personal data may result in the Group being unable to process your enquiries, registration, deliver course materials, provide advisory services or other Services.
1.4 By agreeing to this Policy or by providing us with the requested personal data or participating in our courses, seminars, workshops, webinars or continuing to engage us for our Services or by using our website, you have agreed to be bound by, and will be deemed to have read, understood, and accepted the practices and policies outlined in this Policy and you hereby consent to our collection, use and disclosure of your personal data and information as described in this Policy.
2. Collection of Personal Data
2.1 When you register for any of our Services or otherwise provide your personal data to us and use the website, the personal data that we collect from you may include, but are not limited to, your identification details (full name, gender, age, date of birth, national registration identity card number, passport number), contact information (including address, email address and phone number), billing address, occupation, company name, records of our communications with you (including any messages, emails, feedback forms), and photographs, audio recordings, and/or video recordings taken during our courses, events, seminars, or workshops, and any other information which may be required by us from time to time for the purposes specified in Clause 4.
2.2 If you provide personal data of any third party to us, you represent and warrant that you have obtained the necessary consent, licence and/or permissions from that third party to share and transfer his/her personal data to us, and for us to collect, store, use, disclose and process that personal data in accordance with this Policy.
2.3 We do not generally collect or process any sensitive personal data unless explicit consent has been obtained from you, or where such processing is otherwise permitted or required under the laws. However, should you voluntarily provide us with any sensitive personal data, it will be deemed that you have given us your explicit consent by conduct to collect, use, disclose or process the sensitive personal data solely for the purpose for which it was provided if it is reasonable that you would voluntarily provide the information, and in accordance with the PDPA. Sensitive personal data includes, but is not limited to:
- (a) your physical or mental health conditions;
- (b) your political opinions;
- (c) your religious beliefs or other beliefs of similar nature;
- (d) your commission or alleged commission of any offence; and
- (e) biometric data.
3. Sources of Personal Data
3.1 We may obtain your personal data from you and from other sources, including but not limited to:
- (a) information provided by you in registration forms, enquiry forms, feedback forms or course evaluation forms (if applicable);
- (b) when you engage our advisory services;
- (c) when you access the website and use our Services;
- (d) when you communicate with us through phone calls, emails, social media, messaging platforms and/or other correspondence methods;
- (e) when you attend our courses, seminars, workshops, webinars, or events (whether in-person or online);
- (f) any interactions between you and us through the website, our social media platforms, and/or our online chat applications (if applicable);
- (g) third parties connected to you, such as your employees, nominees, referrers, and such other persons (subject to your prior consent for them to disclose information relating to you);
- (h) Cookies (as defined below), details of which are as set out in Clause 10;
- (i) third-party service providers such as payment processors, analytics providers, marketing platforms, and advertising service providers; and
- (j) publicly available sources (e.g. business listings, public registries, social media profiles).
4. Purposes of Personal Data Collection
4.1 The purposes for collecting and processing your personal data include, but are not limited to, the following:
- (a) to verify the information provided by you and your identity;
- (b) to analyse your suitability to register with us and process your registration;
- (c) to implement, perform and complete any transactions or dealings or provide you or any third parties with our Services;
- (d) to prepare agreements or documentation by our professional legal advisors in connection with our engagement;
- (e) to facilitate communications between you and us in respect of our Services;
- (f) to perform our obligations or to exercise our rights under the law;
- (g) to operate, administer, and manage the website and our Services;
- (h) to respond and follow up on any queries, complaints or requests you may have;
- (i) to process payments, issue invoices, receipts, and manage refunds (where applicable);
- (j) to deliver course materials, educational content, and advisory resources to you;
- (k) to send important service, security, or policy updates;
- (l) to provide personalised recommendations and feedback to enhance your learning experience;
- (m) we use Cookies to enhance our processes, advertising, notifications, authentication, security and compliance, analytic and preference management (details of usage are specified in Clause 10 herein);
- (n) to contact and provide you information regarding our Services and such other information as may be determined by us to be of interest to you;
- (o) to comply with your obligations, any legal or regulatory requirement relating to our Services and to make disclosure under the requirements of any applicable law, regulation, directive, guideline, by-law, code, circular, government authorities and/or court of competent jurisdiction;
- (p) for our internal record keeping in the ordinary course of business;
- (q) to use photographs, audio recordings, and video recordings taken during our courses, events, seminars, or workshops for promotional, marketing, and educational purposes;
- (r) to create and distribute testimonials, case studies, or success stories featuring your participation (with your consent);
- (s) to manage and protect our intellectual property rights in connection with the course materials and content provided to you; and
- (t) for any other related purposes in the course of business.
4.2 In connection with the purposes as set out in Clause 4.1 above, you hereby give permission to us to disclose your personal data to the relevant governmental authorities, our successor in interest, sponsors, advertisers, lawyers, insurers, adjusters, other advisers, suppliers, contractors and/or service providers, our Affiliates (defined below) and other carefully selected third parties in accordance with Clause 5.
5. Disclosure of Personal Data to Third Parties
5.1 For the purposes of providing you with our Services, we reserve the right to disclose your personal data to carefully selected third parties set out as follows:
- (a) our affiliates law firms, related and associated companies (collectively, our "Affiliates");
- (b) our business partners, including but not limited to course instructors, and guest speakers;
- (c) companies and/or organisations who assist us including but not limited to our sponsors, advertisers, suppliers, contractors, payment gateway service providers and other third-party service and/or product providers;
- (d) companies and/or organisations who act as our strategic partners which include parties that we collaborate with for certain events, courses, workshops, or activities;
- (e) our and/or our client’s professional advisors including but not limited to our lawyers, insurers, auditors, accountants and/or other advisors authorised by us;
- (f) any person authorised by you to give instructions in relation to your transactions or dealings with us;
- (g) any persons, government agencies, law enforcement agencies, statutory authorities and/or industry regulators where we are compelled to disclose personal data pursuant to any law, regulation or court order;
- (h) our IT service providers, including but not limited to customer relationship management service providers, email marketing service providers, and cloud hosting providers;
- (i) our marketing, research, and communications agencies; and
- (j) any other parties if so required by the laws.
5.2 In disclosing your personal data to any third parties pursuant to Clause 5.1, we shall take reasonable steps and appropriate security measures to ensure that such disclosure is carried out in a safe and secure manner.
6. Limitation on Disclosure
6.1 Subject to Clause 5, we will treat your personal data as private and confidential and will not disclose your personal data to any third party unless any of the following events arises:
- (a) you have given us permission to disclose your personal data;
- (b) we are required or permitted to do so in compliance with legislative or regulatory obligations, any request from a regulatory, government body or any other authority;
- (c) we are required to fulfil our obligations specified in this Policy; or
- (d) we are required to transfer our rights and obligations under this Policy.
6.2 If there are any complaints or enquiries in relation to the disclosure of your personal data to any third party under this Policy, you may contact us at the addresses specified in Clause 14.1.
7. Security of Personal Data
7.1 We undertake appropriate administrative and security safeguards, procedures and policies and take reasonable steps, to the extent practicable, and in accordance with the laws, to secure your personal data from improper or unauthorised access, use, disclosure, modification, appropriation, destruction, and loss.
7.2 We may hold your information in either electronic or physical form or retain third parties to hold that information on our behalf.
7.3 We will make reasonable updates to our security measures from time to time and ensure that the authorised third parties only use your personal data for the purposes as set out in this Policy.
7.4 The Internet is not a secure medium. However, where applicable, we will put in place various reasonable security procedures in respect of any electronic communications with us. All our employees and data processors, who have access to, and are associated with the processing of your personal data, are obliged to respect the confidentiality of your personal data.
7.5 We do not guarantee that data transmission over the Internet or any wireless network to be completely secure. While we take commercially practical steps to protect your personal data, we do not accept responsibility for any unauthorised access, unlawful interceptions or loss of personal data transmitted electronically (if applicable), and will not be responsible for the actions of any third parties that may receive any such personal data. You acknowledge and agree that you provide your personal data to us at your own risk.
8. Storage and Retention of Personal Data
8.1Your personal data shall be stored either (i) in hard copies in our offices or our Affiliates’ offices; and/or (ii) in soft copies stored in servers located in Malaysia or other information technology storage facilities and servers situated in other countries outside Malaysia. You should be aware that your personal data may be disclosed or transferred to entities located outside Malaysia. Please note that these foreign entities may be established in countries that might not offer the same level of data protection offered in Malaysia. By continuing to engage with us, you hereby expressly consent to and authorise us to transfer your personal data outside of Malaysia for the purposes stated in Clause 4.
8.2 We will continue to retain your personal data for a further period of up to seven (7) years after the termination of your relationship with us, to comply with legal or regulatory requirements, to protect our legitimate interests, or for any other lawful purpose. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
8.3 Upon the expiry of the retention period, we will take reasonable steps to ensure that your personal data is securely disposed of or anonymised, in accordance with the laws.
9. Your Rights
9.1 Your rights under the laws in relation to your personal data retained by us are set out as follows:
- (a) right to access your personal data that is retained by us with reasonable notice (subject to payment of the relevant processing fee, if applicable);
- (b) right to update, change, delete, amend or correct your personal data;
- (c) right to request restriction on the processing of your personal data; and
- (d) right to withdraw your consent previously given to us or limit the use of your personal data.
9.2 Pursuant to your right to access your personal data in Clause 9.1(a) above:
- (a) you also have the right to receive a copy of your personal data in an electronic format. However, this right is limited to the personal data that you have provided to us and is processed based on your consent. It does not cover personal data that we may have received on other grounds or from other sources; and
- (b) we may withhold your request to access your personal data in certain circumstances, including but not limited to:
- (i) when we are unable to confirm your identity;
- (ii) where such personal data requested is of a confidential nature;
- (iii) where disclosure may compromise our intellectual property, trade secrets, or proprietary course content; or
- (iv) when we receive repeated or unreasonable requests for the same data. In any event, we will promptly notify you of the reason(s) for not being able to accede to your request.
9.3 Subject to your requests and pursuant to Clauses 9.1 and 9.2 above, we reserve all our right to deny your access to the website and/or use of our Services, to reject any or all your requests, or require further documentary evidence, for reasons permitted by the laws.
9.4 You acknowledge that the withdrawal of consent may result in the Group being unable to continue providing you with access to our courses, webinars, events, advisory services, and/or other Services. The Group shall not be liable for any losses, damages, or consequences arising from such inability to continue providing Services due to your withdrawal of consent.
10. Cookies
10.1We may use cookies, advertising identifiers, web beacons, tags, scripts, local shared objects such as HTML5 and Flash or Flash cookies including other similar technology ("Cookies") on our website for the purposes of holding your usage data in respect of the website and to recognise your device on your next login which we may promptly deliver tailored information to you that matches your account, interests and preferences. The data collected via cookies are anonymous collective statistics and do not contain personal data.
10.2 The Cookies have unique identifiers which may be stored on the website, on the device you use to access the website in emails we send to you. The Cookies may transmit information about you and your use of the website, including but not limited to the period of usage, your search preference, browse type, IP address and/or data relating to advertisements displayed and clicked by you.
10.3 Without prejudice to any other provisions under this Policy, third parties may use the Cookies on our website to collect the same type of information for the same purposes as specified in Clause 10.2 above. The third parties may associate the information about you obtained from our website or from any other resources for their other purposes, in which we do not have any responsibility, access nor control in regard to the usage of such information.
10.4 We may share non-personally identifiable information from or about you with such third parties, including but not limited to location data, advertising identifiers, or a cryptographic hash of a common account identifier (such as email address) to facilitate the display or targeted advertising.
10.5 In any event, you may disable, block or deactivate Cookies at any time by adjusting your Internet browser setting to disable such Cookies. You may also limit our sharing of your information through mobile settings.
11. Intellectual Property and Course Materials
11.1All course materials, content, methodologies, strategies, educational resources, videos, presentations, worksheets, and any other materials provided by us in connection with our Services ("Course Materials") are and shall remain the exclusive intellectual property of the Group.
11.2 You shall not reproduce, distribute, modify, create derivative works from, publicly display, publicly perform, republish, download, store, or transmit any Course Materials without the prior written consent of the Group.
11.3 Any unauthorised use, reproduction, or distribution of the Course Materials may result in the immediate termination of your access to our Services and may subject you to civil and/or criminal liability.
12. Links to Third-Party Websites
12.1 The website may contain links to third-party websites. These third-party websites are not related to, associated with, us, or under our control. Therefore, we are not responsible or liable for their privacy policy in regard to any collection, usage, maintenance and/or sharing of personal data of such third-party websites. We reserve the right to disable access to any links to any third-party websites at our sole discretion.
13. Changes to This Policy
13.1 We reserve the right to modify, amend or update the terms of this Policy from time to time without giving any prior notice to you. The modified, amended or updated Policy will be posted on the website and shall take effect immediately upon being posted.
13.2 Our use of the personal data we collect is subject to the Policy in effect at the time such personal data is used. Please take note to periodically review this Policy and carefully review any changes made to this Policy.
13.3 Your continued use of our website and/or Services after the posting of changes constitutes your acceptance of such changes.
14. Contact Details and Language
14.1 If there are any changes to your personal data, and/or if you have any questions in respect of the disclosure or the use of your personal data, and/or you would like to exercise any of your rights as set out in this Policy, you may contact us at:
- Address: Unit 13A-08, Level 13A, Menara MBMR, 1 Jalan Syed Putra, 58000 Kuala Lumpur, Malaysia
- Telephone number: +603 4816 8676
- Email address: info@yeoashley.com.my
14.2 In accordance with Section 7(3) of the PDPA, this Policy is issued in both English and Bahasa Malaysia. In the event of any discrepancies or inconsistencies arising between the English version and the Bahasa Malaysia version of this Policy, the English version shall apply and prevail.