Privacy notice effective 13-04-2026

About this privacy notice

This privacy notice describes the data practices of ITNowMakmal (operating at ITNowMakmal.pro) in relation to our hands-on IT security and cyber practice lab services. It explains what information we collect, why it is collected, how it is used, who it may be shared with, and the choices available to data subjects. The notice reflects current practices as of the effective date below.

13-04-2026 ITNowMakmal (Business ID 743536350796), Pekan Sepang, 43950 Sepang, Selangor, Malaysia Pekan Sepang, 43950 Sepang, Selangor, Malaysia [email protected]
01

Key definitions

Terms used in this policy are defined to improve clarity. Defined terms apply throughout the notice and are intended for plain-language understanding of common privacy concepts relevant to our services.

Personal data means information that relates to an identified or identifiable individual, such as name, contact details, identifiers, or other data that can be associated with a person directly or indirectly. Processing means any operation performed on personal data, including collection, storage, modification, analysis, transmission, disclosure, or deletion, whether automated or manual. User refers to an individual who registers for or interacts with ITNowMakmal services, including learners, administrators, and authorised team members of customer organisations. Service refers to the hands-on IT security and cyber practice lab offerings provided by ITNowMakmal, including hosted sandbox environments, training modules, telemetry, and support. Cookies are small text files stored on a device by a website to remember preferences, support authentication, or provide analytics and measurement. Similar technologies include web beacons and local storage.
02

Information we collect

We collect data that is necessary to provide, maintain, secure, and improve our services. Data collection is limited to what is functionally relevant for account management, lab operation, billing, support, and compliance.

Data you provide directly

When you create an account, register for a course, or contact support, we collect information you supply to enable those activities and maintain records.

  • Full name and display name used for account and course enrolment.
  • Contact email address and telephone number for notifications and support (+60126661319 may be used by the support team).
  • Organisation or company name and role for team accounts and access permissions.
  • Billing and invoicing details required to process payments and issue receipts.
  • Account credentials such as username and hashed password, and related authentication data.
  • Support correspondence, feedback, and any files or logs you submit to troubleshoot lab environments.

Information collected automatically

We gather certain technical and usage information automatically when you use our website and hosted lab environments. This data helps operate the service and diagnose issues.

  • IP address, device type, browser version, and basic system configuration for session management and abuse prevention.
  • Usage logs and activity metadata from lab sessions such as timestamps, actions performed in sandbox instances, and error reports.
  • Analytics data about feature usage and navigation patterns to improve user experience and resource planning.
  • Cookie identifiers and local storage entries used to manage sessions and preferences.
  • Performance metrics and automated monitoring data used to maintain platform stability and security.
  • Geolocation at a coarse level derived from IP address to comply with legal and operational requirements.

Data received from third parties

We may receive data about you from third-party service providers when they assist us with payments, hosting, analytics, or identity verification. We only collect data necessary for the specified service.

  • Payment processor records needed to confirm and reconcile transactions.
  • Hosting and infrastructure provider logs required for platform operation and incident analysis.
  • Analytics and measurement providers supplying aggregated usage metrics and performance data.
03

Purposes of processing

We process personal data for specific operational, legal, and service improvement purposes. Each purpose is limited to the minimum data necessary to achieve it.

  • Account creation, authentication, and access management for lab services.
  • Provisioning and operation of sandbox environments, course materials, and training modules.
  • Billing, invoicing, and business record keeping for services provided to customers.
  • Security operations, incident response, and abuse prevention to protect systems and other users.
  • Customer support and technical troubleshooting, including analysis of logs and submitted artifacts.
  • Service performance monitoring and product improvement based on aggregated usage data.
  • Compliance with legal obligations, requests from authorities, and internal policy enforcement.
  • Research and development activities directed at improving lab scenarios, tooling, and documentation, using anonymised or aggregated data where possible.

Legal bases for processing

We rely on legal bases appropriate to the processing activity and jurisdiction. For customers and users in relevant jurisdictions, processing will be supported by one or more of the following bases.

  • Performance of a contract: processing necessary to provide lab access, deliver training, and fulfil service agreements.
  • Consent: where consent is requested for optional features such as marketing communications or certain analytics.
  • Legal obligation: processing required to comply with applicable laws, tax rules, or official requests.
  • Legitimate interests: for platform security, fraud prevention, and internal business operations, balanced against individual rights.

Data subject rights and compliance

Where applicable, individuals have rights under data protection frameworks. ITNowMakmal seeks to respect those rights and to provide mechanisms to exercise them. Responses follow legal requirements and may require verification.

  • Right of access: you may request a copy of personal data we hold about you.
  • Right to rectification: you can request correction of inaccurate or incomplete data.
  • Right to erasure: where retention is no longer necessary or lawful, you may request deletion of personal data subject to legal constraints.
  • Right to restrict processing: you may request suspension of processing while a dispute is resolved.
  • Right to data portability: where technically feasible, we will provide personal data in a structured, commonly used format.
  • Right to object: you may object to processing based on legitimate interests or direct marketing; we will review and respond in line with applicable law.
04

Cookies and similar technologies

We use cookies and similar technologies to support essential site functions, personalise settings, and generate anonymous analytics. You can manage cookie settings through your browser or available controls on the site.

Cookies used include session cookies for login and persistent cookies for remembered preferences; third-party cookies may be used for analytics and integrated services. Identifiers are limited to functionality and measurement needs.

Cookie categories include strictly necessary (session management), performance and analytics (usage measurement), and functional (preferences). Marketing cookies are not used by default unless consent is provided for specific features.

You can manage cookie preferences in your browser settings or clear site data at any time. For detailed steps, consult your browser documentation. Some features may be impacted if cookies are disabled.

Detailed cookie policy and preference management

Data sharing and disclosures

We share personal data only with service providers and partners who require the information to deliver services on our behalf, or when disclosure is required by law. Any sharing is limited and subject to contractual safeguards.

  • Internal teams and authorised personnel for account provisioning, support, and security operations.
  • Third-party service providers such as payment processors, cloud infrastructure hosts, and analytics vendors.
  • Legal, regulatory, or law enforcement entities when compelled by applicable law or to respond to legal processes.
  • Professional advisors such as auditors, accountants, or legal counsel assisting with compliance or dispute resolution.
  • Potential buyers or partners in the event of a business transaction, subject to confidentiality and data protection arrangements.
  • Aggregated or anonymised data may be shared for research, benchmarking, or public reporting where individuals are no longer identifiable.

International data transfers

Data processed by ITNowMakmal may be stored or processed in jurisdictions outside Malaysia. Transfers are conducted in accordance with applicable laws and are limited to destinations with appropriate safeguards.

Appropriate safeguards include contractual commitments, standard contractual clauses where available, data minimisation, and technical measures such as encryption to protect personal data during transfer and storage.

Data retention

We retain personal data only for as long as necessary to provide services, meet contractual and legal obligations, and for legitimate operational needs. Retention periods are assessed based on purpose and legal requirements.

Account information is retained while an account is active and for a reasonable period after account termination for record keeping, billing reconciliation, and to comply with legal obligations.

Support correspondence and submitted artifacts are retained as needed to resolve issues and maintain service quality, typically for a period aligned with operational needs unless law requires otherwise.

System logs and monitoring data are retained for security monitoring and incident contribute for a defined period that balances operational necessity and privacy considerations.

When data is no longer required, it is deleted or anonymised in accordance with our data retention procedures. Some backups may remain for longer periods but are subject to access controls and deletion policies.

Security measures

ITNowMakmal implements technical and organisational measures to protect data from unauthorised access, disclosure, alteration, and destruction. Measures are reviewed periodically to address evolving threats and operational needs.

  • Access controls and role-based permissions to limit data access to authorised staff.
  • Encryption of data in transit and at rest where appropriate, combined with secure key management practices.
  • Regular vulnerability assessments, secure configuration management, and incident response planning to detect and mitigate risks.
05

How to exercise your rights

Individuals can exercise the rights described in this notice by contacting ITNowMakmal at the address or channels below. We require reasonable information to verify identity before responding to requests and will respond within applicable timeframes.

  • To request access to or a copy of your personal data, submit a verified request identifying the account and the scope of data sought.
  • To request correction or update of inaccurate information, provide the corrected details and relevant documentation where necessary.
  • To request deletion or restriction of processing, explain the basis for the request and any supporting information; some requests may be constrained by legal or contractual obligations.
  • To lodge a complaint with a supervisory authority or seek additional remedies, we can provide information about applicable oversight bodies and contact procedures.
  • Right to restriction of processing: you may request that we limit how we process your personal data in certain circumstances, for example while a dispute about accuracy is being resolved.
  • Right to object: you may object to our processing of your personal data where processing is based on our legitimate interests or for direct marketing purposes.
  • Right to data portability: where processing is based on consent or on a contractual obligation and carried out by automated means, you can request a copy of your personal data in a commonly used, machine-readable format.
  • Right to withdraw consent: if we process your personal data on the basis of your consent, you may withdraw that consent at any time without affecting processing done prior to withdrawal.

How to exercise your privacy rights

To exercise any of the rights listed above, contact our privacy team with a clear description of the request and any supporting information. We apply reasonable verification steps before acting on requests to protect user data. Contact details are provided below.

[email protected]

We aim to respond to verifiable requests within 30 days of receipt. Complex requests or requests requiring additional verification may take longer; if so, we will inform you of the expected timeframe and any required information.

Marketing communications

We may send informational updates, course announcements, and administrative messages about ITNowMakmal services. Marketing messages are based on your preferences and consent where required by law. You can opt out of promotional communications at any time.

To stop receiving marketing emails, follow the unsubscribe link included in each marketing message or contact our support team. Unsubscribing will not affect receipt of essential service or transactional communications.

Children's data

Our services are intended for adult learners and professionals. We do not knowingly collect personal data from children under the age of 18. If we become aware that we have collected personal data of a child without appropriate consent, we will take steps to delete that information.

Third-party links

Our site and services may include links to third-party websites and services. ITNowMakmal is not responsible for the content or data practices of third parties. Review the privacy policies of any external site before providing personal information.

Changes to this privacy policy

We may update this privacy policy to reflect operational, legal, or regulatory changes. Material changes will be published with an effective date. Current effective date: 19-01-2026. Continued use of our services after changes are published constitutes acceptance of the updated policy.