Privacy Policy

This section defines terms used in the policy to make it easier to understand what we mean when we refer to data, processing, users and services.

We limit collection to data necessary for account provisioning, course delivery, reporting and lawful operational needs. Below are examples of data we collect directly from users and automatically.

Data you provide when registering, enrolling or communicating with support:

• Full name and professional title required for account setup and certification records.
• Email address and contact phone number used for notifications and administrative communication.
• Organisation name and role to assign appropriate learning tracks and access levels.
• Payment or billing information when purchasing courses via secure payment processors.
• Course responses, assessment results and progress data needed for reporting and compliance records.
• Any support messages or feedback you choose to provide to AstraTlock support staff.

Information collected automatically while you use our site or platform to support functionality and improve service quality:

• Device and browser type to ensure compatibility and troubleshoot issues.
• IP addresses and approximate location for security monitoring and fraud prevention.
• Usage logs such as pages visited, modules completed and time spent to deliver meaningful progress reports.
• Cookie identifiers to maintain sessions and preferences.
• Analytics data aggregated to help improve course content and platform performance.
• Error reports and diagnostic data when crashes or issues occur.

We may receive data about you from third parties when necessary to deliver services or verify information:

• Identity verification providers when required by customer contractual settings.
• Payment processors that provide transaction confirmations and billing records.
• Learning management systems integrated by client organisations that share roster and completion data.

We use personal data for operational, legal and improvement purposes described below. Each purpose has a clear, limited scope.

• To create and manage user accounts, authenticate access and provide course delivery.
• To administer assessments, issue completion records and generate progress reports for managers.
• To process payments and maintain billing records where applicable.
• To communicate important updates, support responses and security notices.
• To improve course content, platform usability and overall service quality through aggregated analytics.
• To maintain security, detect abuse and respond to incidents affecting platform integrity.
• To comply with legal obligations and law enforcement requests when required by law.
• To provide optional marketing communications when you have consented to receive them.

Where applicable, we rely on one or more lawful bases to process personal data, including contractual necessity, legitimate interests, consent and legal obligations.

• Contractual necessity: processing required to deliver services you have requested.
• Legitimate interests: processing for fraud prevention, platform security and service improvement where it does not override your rights.
• Consent: for optional marketing communications and certain tracking technologies where consent is requested.
• Legal obligation: to comply with applicable laws and regulatory requirements.

AstraTlock uses cookies and similar technologies to enable essential platform functions, remember preferences and measure site performance.

We use essential cookies for login and session management, functional cookies for preferences, and analytics cookies for aggregated usage insights. Marketing cookies are only used with consent.

Cookie categories include: essential, functional, analytics and optional marketing. Essential cookies cannot be disabled without affecting service functionality.

You may control cookies via your browser settings or the cookie preferences tool on our site. Disabling optional cookies may reduce certain personalised features.

Full cookie details and management options

We only share personal data with third parties when necessary for service delivery, legal compliance or when you instruct us to do so.

• Service providers that host our platform and process data on our behalf under contractual safeguards.
• Payment processors for billing and transaction verification.
• Client organisations that manage accounts and receive training reports for their employees.
• Legal authorities when disclosure is required by law or to protect rights and safety.
• Third-party analytics providers under strict data minimisation rules.
• Partners delivering integrated learning solutions as authorised by contractual terms.

AstraTlock may transfer data to service providers located outside Malaysia when necessary to deliver services. Transfers are governed by appropriate safeguards and contractual measures to protect personal data.

We implement safeguards such as standard contractual clauses, data processing agreements and technical protections to maintain an adequate level of security for cross-border transfers.

We retain personal data only as long as needed for the purposes described or to satisfy legal and regulatory obligations, then securely dispose of it.

Account records and identity details are retained while your account is active and for a limited period after deactivation to support auditing and compliance requirements.

Support and communication records are kept for a reasonable business period to enable continuity of service and to address disputes.

Usage logs and analytics data are retained in aggregated or pseudonymised form for performance monitoring; raw logs are retained only as needed for security contribute.

When deletion is requested and permitted by law, we remove personal data from active systems and retain only minimal records necessary for legal compliance, unless a longer retention period is required.

AstraTlock uses industry-standard security measures including encrypted storage, access controls, regular security reviews and role-based permissions to reduce the risk of unauthorised access. We continuously monitor systems for vulnerabilities and apply patches as part of routine maintenance. Access to personal data is limited to personnel who need it to deliver services.

• Encryption of data in transit and at rest where applicable.
• Role-based access control and logged administrative actions.
• Regular security assessments, patch management and incident response procedures.

Depending on applicable law, you may have rights to access, correct, restrict or delete your personal data and to object to certain processing activities. Requests are handled in line with legal requirements.

• Access: request a copy of personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete information.
• Erasure or restriction: request deletion or restricted processing subject to legal and contractual limitations.
• Request restriction of processing when data accuracy is contested or processing is unlawful but you oppose erasure, subject to applicable law and verification.
• Object to direct marketing processing or profiling for marketing purposes; we will cease using your data for such purposes upon receiving a valid objection.
• Receive information about any automated decision-making and meaningful information about the logic involved, along with the ability to request human review where decisions produce legal or similarly significant effects.
• Withdraw consent at any time for processing activities based on consent; withdrawal will not affect processing carried out prior to the withdrawal.
• Lodge a complaint with a supervisory authority in Malaysia or another relevant jurisdiction if you believe the handling of your personal data breaches applicable law.

Although AstraTlock operates primarily from Malaysia, we align many of our privacy practices with internationally recognized data protection principles to support transparency, individual control, and accountability in how we collect and process personal information for our cyber hygiene and online protection learning programs.

Where individuals in jurisdictions covered by the EU General Data Protection Regulation (GDPR) participate in our services, AstraTlock will apply compatible data handling standards to provide clarity about rights, lawful bases for processing, and mechanisms for exercising data subject rights.

• Lawful basis: We process personal data where necessary for contract performance, compliance with legal obligations, consent, or legitimate interests such as service improvement and fraud prevention.
• Data minimization: We collect only the personal data necessary to deliver courses, manage accounts, process payments, and maintain secure operations.
• Purpose limitation: Personal data is used only for the specified, explicit purposes communicated at the time of collection or subsequently agreed with the user.
• Retention: Data is retained only for as long as necessary to fulfill the purpose for which it was collected and in accordance with applicable retention schedules and legal requirements.

If you are dissatisfied with AstraTlock's handling of your personal data, you may contact us to request a review. You also have the right to lodge a complaint with a supervisory authority in your jurisdiction when applicable. We will aim to respond and cooperate in resolving issues promptly.

To exercise your privacy rights (access, correction, deletion, portability, restriction, objection, or consent withdrawal), contact our Data Protection Officer with sufficient detail to identify your request and verify your identity. Provide a clear description of the data and the action you seek.

[email protected]

We will acknowledge receipt of your request within 7 business days and aim to respond substantively within 30 calendar days. Where additional time is required for complex requests, we will inform you and explain the reasons for any extension.

AstraTlock may use your contact details to send program updates, course recommendations, promotional offers, and security bulletins that help improve your cyber hygiene. You can manage preferences or opt out at any time.

To stop receiving marketing communications, click the unsubscribe link in any promotional email or contact support. Unsubscribe requests are processed promptly and will not affect transactional messages related to your account or course access.

Our learning programs are intended for adult learners and professionals. We do not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently collected data for a minor, contact us and we will take steps to remove the information as required.

AstraTlock may provide links to third-party sites and integrate third-party tools for payments, analytics, or content delivery. These links are provided for convenience; third-party privacy practices are governed by their own policies and are not covered by AstraTlock’s privacy policy.

We may update this privacy information to reflect changes in legal requirements, service offerings, or data practices. Material changes will be communicated via our website or by direct notice to affected users where feasible.