General Privacy Statement

CyberaNSafe collects and processes personal data necessary to deliver cyber literacy and IT security awareness services, manage accounts, and comply with legal obligations. We handle data with measured technical and organizational safeguards, limit access to what is necessary for service delivery, and document processing activities. This statement explains categories of data processed, the purposes, retention practices, security measures and user rights in clear, practical terms.

08-04-2026
CyberaNSafe (Business ID: 690449440112), Jalan Chung Onn Siew, Taman Chateau, 30250 Ipoh, Perak, Malaysia
Jalan Chung Onn Siew, Taman Chateau, 30250 Ipoh, Perak, Malaysia
[email protected]

Definitions

This section defines terms used in this privacy policy to ensure clarity about the categories of data and processing activities related to CyberaNSafe services.

Personal data means any information that relates to an identified or identifiable natural person, including name, email address, job title, employer, and account identifiers used within our learning platform.
Processing refers to any operation performed on personal data, such as collection, recording, organization, storage, retrieval, use, disclosure, erasure and destruction, carried out by CyberaNSafe or on our behalf.
User refers to an individual who uses or is enrolled in CyberaNSafe services, including employees of client organizations and administrators who manage training programs.
Service refers to the cyber literacy and IT security awareness training, phishing simulations, assessments, reporting tools and related support provided via CyberaNSafe.vip.
Cookies are small text files stored on a user device to support authentication, preferences, analytics and service functionality. CyberaNSafe uses cookies in accordance with the categories described below.

What Data We Collect

We collect data directly from users, automatically through system logs and from third parties when required to deliver and improve our services. We limit collection to what is necessary for operational, contractual or legal purposes.

Data You Provide

When you register for an account, enroll in training, request support, or make a purchase, we collect the information you provide to operate the service and communicate with you.

  • Identity and contact details: full name, work email, phone number, job title and department.
  • Account and organization details: employer name, business ID, team assignments and administrator contact information.
  • Training and assessment data: course enrollments, module completion status, quiz answers, assessment scores and certificates.
  • Support and communication records: messages, support tickets, feedback and related attachments.
  • Billing and contractual information: invoicing address, payment details processed by our payment partners and purchase history.
  • Incident response data: voluntary reports of security incidents, screenshots and supporting information provided during contribute.

Data Collected Automatically

To maintain and improve the service, we collect technical and usage information from devices and interactions with the platform. This helps with troubleshooting, analytics and threat detection.

  • Usage metrics: pages visited, time spent on modules, clicks and feature usage for service improvement and reporting.
  • Authentication and access logs: login timestamps, session duration, IP addresses and device metadata used for security monitoring.
  • Technical diagnostics: browser type, operating system, software version, and error logs to support platform reliability.
  • Phishing simulation telemetry: simulated email interactions, click-through rates and simulated credential submissions used solely for training analysis.
  • Cookies and tracking identifiers used for session management, preference storage and aggregated analytics.
  • Aggregated performance metrics and anonymized behavioral statistics used to improve course effectiveness.

Data from Third Parties

We may receive data about users from authorized third parties to enable administration, billing and integrations required by client organizations.

  • Identity and organizational data synchronized from customer HR systems or identity providers (SSO) to provision accounts.
  • Payment and billing confirmations from payment processors and accounting platforms necessary to complete transactions.
  • Aggregated or anonymized lists from analytics providers or benchmarking services to inform product improvements.

How We Use Personal Data

We process personal data for specific operational and legal purposes necessary to deliver the CyberaNSafe service, support clients and comply with obligations.

  • To provide and maintain the training platform, deliver course content, assessments and certificates to users and client administrators.
  • To enable secure access, authentication and single sign-on integrations for enrolled users.
  • To operate phishing simulations and training exercises and to report performance and risk metrics to authorized client contacts.
  • To process payments, invoices and related accounting records using third-party payment processors.
  • To respond to user inquiries, provide technical and customer support and manage account preferences.
  • To monitor, detect and respond to security incidents that affect platform integrity and client data.
  • To comply with legal and regulatory obligations, including recordkeeping and responding to lawful requests from authorities.
  • To analyze aggregated usage data to improve content quality, curriculum design and training outcomes while minimizing personal identifiers.

Legal Basis for Processing

We rely on appropriate legal bases to process personal data depending on the purpose — contractual necessity, legitimate interests, consent or legal obligation.

Cookies and Tracking Technologies

CyberaNSafe uses cookies and similar technologies to provide core functionality, remember preferences and collect analytics. We limit tracking to what is necessary for service operation and performance measurement.

We use session cookies for authentication, persistent cookies for preferences, and analytics cookies for aggregated usage analysis. Third-party cookies may be present when embedding external content or using integrated services.

Categories: strictly necessary, performance/analytics, functionality and marketing (marketing cookies only used with consent).

You can manage cookie preferences via your browser settings or the cookie preference center in the platform. Disabling certain cookies may affect functionality.

Detailed Cookie Policy

Sharing and Disclosure of Data

We do not sell personal data. We share data with vendors, processors and authorities only as required to deliver services, for legal compliance, or as directed by client organizations under contract.

  • Service providers and subprocessors: LMS hosts, email delivery services, analytics providers and payment processors under data processing agreements.
  • Client organizations: authorized administrators and compliance officers of the contracting organization receive training results and reports relevant to their users.
  • Professional advisors: auditors, legal counsel and accountants when necessary for regulatory or contractual obligations.
  • Regulatory and law enforcement authorities: in response to lawful requests or to protect rights, safety or property.
  • Aggregated or de-identified data: shared for benchmarking, research or product improvement without personal identifiers.
  • Acquirers and affiliates: in connection with business transfers, mergers or restructuring, subject to safeguards and notice to affected users where required.

International Transfers

CyberaNSafe may transfer or store personal data on servers located outside Malaysia to enable global service delivery. Transfers are managed under contractual safeguards and limited to trusted subprocessors.

We use contractual measures such as data processing agreements and standard contractual clauses where applicable, and assess third parties for appropriate data protection controls prior to engagement.

Data Retention

We retain personal data only for the period necessary to fulfill the purposes set out in this policy, to comply with legal obligations, and to resolve disputes. Retention periods vary by data category and purpose.

Account records and administrative information are retained while an account is active and subsequently for up to 7 years for business and audit requirements, unless a longer retention is required by law.

Support correspondences and service-related communications are retained for up to 3 years to allow effective support and historical context for client matters.

Authentication, access and system logs used for security and troubleshooting are retained for up to 12 months, except where longer retention is required to contribute an incident or comply with legal obligations.

When data is no longer required, we securely delete or anonymize it. Deletion requests by authorized data controllers are implemented in accordance with contractual commitments and applicable law; backups are purged within a defined timeframe.

Security of Your Data

CyberaNSafe applies a layered approach to information security including network protections, encryption of data in transit and at rest where applicable, access controls with role separation, regular security testing and staff training on data handling best practices. We maintain an incident response plan and perform periodic third-party audits to validate controls.

  • Technical protections: TLS encryption in transit, encryption at rest where feasible, web application firewalls and intrusion detection.
  • Operational controls: least-privilege access, regular access reviews, multifactor authentication for administrative accounts and secure development life cycle practices.
  • Organizational measures: staff training on data protection and security awareness, vendor assessments and an incident response and business continuity program.

Your Rights and Choices

Subject to applicable law and contractual relationships, users and data subjects have rights to access and manage their personal data held by CyberaNSafe. We provide mechanisms to exercise these rights in a clear and verifiable manner.

  • Right of access: request confirmation of processing and a copy of personal data we hold.
  • Right to rectification: request correction of inaccurate or incomplete personal data.
  • Right to erasure: request deletion of personal data where retention is no longer necessary and no legal obligation prevents deletion.
  • Right to restriction: request limitation of processing in specified circumstances, for example during dispute resolution.
  • Right to data portability: request a machine-readable copy of personal data provided to CyberaNSafe where applicable.
  • Right to object: object to processing based on legitimate interests, subject to applicable exemptions.
  • Right to withdraw consent where processing is based on consent, without affecting processing performed prior to withdrawal.
  • Right to lodge a complaint with a supervisory authority if you believe processing violates applicable data protection law.

How to Submit a Rights Request

To exercise your rights or raise a privacy-related question, contact CyberaNSafe at [email protected] or by mail to Data Protection Officer, CyberaNSafe, Jalan Chung Onn Siew, Taman Chateau, 30250 Ipoh, Perak, Malaysia. For verification and security we may request information to confirm identity and authority to act on behalf of an organization. We aim to respond to valid requests promptly and in accordance with applicable law. For urgent matters call +60122674802 between business hours.

[email protected]

We will acknowledge receipt of a valid data subject rights request within 7 business days and aim to provide a substantive response within 30 calendar days of verification. If complexity or volume requires additional time, we will inform the requester of any reasonable extension and the expected timeframe for completion.

Rights under GDPR and Comparable Protections

CyberaNSafe respects data subject rights under applicable privacy laws, including the EU General Data Protection Regulation (GDPR) where it applies and comparable protections for residents of other jurisdictions. We process requests to access, rectify, restrict, erase, port data and to object to processing in a structured and auditable manner. Requests are subject to verification and lawful limitations.

  • Right of access: You may request confirmation of whether we process your personal data and obtain a copy of the data we hold about you, subject to verification and legal exceptions.
  • Right to rectification: If personal data we hold about you is inaccurate or incomplete, you may request correction or supplementation.
  • Right to erasure: Where applicable, you may request deletion of personal data when retention is not required by law or legitimate business needs; we will evaluate each request against legal obligations and operational requirements.
  • Right to restriction of processing: You may request limitation of processing in specific situations, for example while accuracy is being verified or where processing is contested.
  • Right to data portability: When processing is based on consent or contract and carried out by automated means, you may request a structured, commonly used and machine-readable copy of your personal data for transfer to another controller.
  • Right to object and automated decision-making: You may object to processing based on legitimate interests or to direct marketing processing. Requests related to automated profiling will be considered under applicable law and subject to safeguards.

If you are located in the European Economic Area, you may lodge a complaint with your local supervisory authority. CyberaNSafe is committed to cooperating with supervisory authorities where appropriate and will provide information necessary to contribute complaints consistent with legal obligations.

Marketing Communications

We may send marketing messages about CyberaNSafe training courses, updates and events where we have a lawful basis to do so. Communications are tailored to professional audiences and limited to relevant services. We maintain records of consent where required and apply industry-standard controls to ensure messages are lawful and proportionate.

You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting our privacy team. Opting out will not affect transactional communications related to services you currently receive.

Children and Data

CyberaNSafe does not target services to children under the age of 16. We do not knowingly collect personal data from children for training sign-ups. If we become aware that we have collected personal data from a minor without appropriate consent, we will take steps to delete the data in accordance with applicable law.

Third-Party Links and Services

Our website and training platform may contain links to third-party websites and integrate services from trusted providers (payment processors, analytics, content platforms). These third parties operate under their own privacy policies. We recommend reviewing their policies before providing personal data. CyberaNSafe is not responsible for third-party privacy practices.

Changes to This Policy

We review our privacy policy periodically to reflect changes in legal, regulatory and operational requirements. Material changes will be posted on CyberaNSafe.vip with an updated effective date. For minor clarifications, we may update the policy without advance notice, but the most recent version available on the site governs our practices.