About this privacy notice
This privacy notice describes the data practices of ITNowMakmal (operating at ITNowMakmal.pro) in relation to our hands-on IT security and cyber practice lab services. It explains what information we collect, why it is collected, how it is used, who it may be shared with, and the choices available to data subjects. The notice reflects current practices as of the effective date below.
Key definitions
Terms used in this policy are defined to improve clarity. Defined terms apply throughout the notice and are intended for plain-language understanding of common privacy concepts relevant to our services.
Information we collect
We collect data that is necessary to provide, maintain, secure, and improve our services. Data collection is limited to what is functionally relevant for account management, lab operation, billing, support, and compliance.
Data you provide directly
When you create an account, register for a course, or contact support, we collect information you supply to enable those activities and maintain records.
- Full name and display name used for account and course enrolment.
- Contact email address and telephone number for notifications and support (+60126661319 may be used by the support team).
- Organisation or company name and role for team accounts and access permissions.
- Billing and invoicing details required to process payments and issue receipts.
- Account credentials such as username and hashed password, and related authentication data.
- Support correspondence, feedback, and any files or logs you submit to troubleshoot lab environments.
Information collected automatically
We gather certain technical and usage information automatically when you use our website and hosted lab environments. This data helps operate the service and diagnose issues.
- IP address, device type, browser version, and basic system configuration for session management and abuse prevention.
- Usage logs and activity metadata from lab sessions such as timestamps, actions performed in sandbox instances, and error reports.
- Analytics data about feature usage and navigation patterns to improve user experience and resource planning.
- Cookie identifiers and local storage entries used to manage sessions and preferences.
- Performance metrics and automated monitoring data used to maintain platform stability and security.
- Geolocation at a coarse level derived from IP address to comply with legal and operational requirements.
Data received from third parties
We may receive data about you from third-party service providers when they assist us with payments, hosting, analytics, or identity verification. We only collect data necessary for the specified service.
- Payment processor records needed to confirm and reconcile transactions.
- Hosting and infrastructure provider logs required for platform operation and incident analysis.
- Analytics and measurement providers supplying aggregated usage metrics and performance data.
Purposes of processing
We process personal data for specific operational, legal, and service improvement purposes. Each purpose is limited to the minimum data necessary to achieve it.
- Account creation, authentication, and access management for lab services.
- Provisioning and operation of sandbox environments, course materials, and training modules.
- Billing, invoicing, and business record keeping for services provided to customers.
- Security operations, incident response, and abuse prevention to protect systems and other users.
- Customer support and technical troubleshooting, including analysis of logs and submitted artifacts.
- Service performance monitoring and product improvement based on aggregated usage data.
- Compliance with legal obligations, requests from authorities, and internal policy enforcement.
- Research and development activities directed at improving lab scenarios, tooling, and documentation, using anonymised or aggregated data where possible.
Legal bases for processing
We rely on legal bases appropriate to the processing activity and jurisdiction. For customers and users in relevant jurisdictions, processing will be supported by one or more of the following bases.
- Performance of a contract: processing necessary to provide lab access, deliver training, and fulfil service agreements.
- Consent: where consent is requested for optional features such as marketing communications or certain analytics.
- Legal obligation: processing required to comply with applicable laws, tax rules, or official requests.
- Legitimate interests: for platform security, fraud prevention, and internal business operations, balanced against individual rights.
Data subject rights and compliance
Where applicable, individuals have rights under data protection frameworks. ITNowMakmal seeks to respect those rights and to provide mechanisms to exercise them. Responses follow legal requirements and may require verification.
- Right of access: you may request a copy of personal data we hold about you.
- Right to rectification: you can request correction of inaccurate or incomplete data.
- Right to erasure: where retention is no longer necessary or lawful, you may request deletion of personal data subject to legal constraints.
- Right to restrict processing: you may request suspension of processing while a dispute is resolved.
- Right to data portability: where technically feasible, we will provide personal data in a structured, commonly used format.
- Right to object: you may object to processing based on legitimate interests or direct marketing; we will review and respond in line with applicable law.
Data sharing and disclosures
We share personal data only with service providers and partners who require the information to deliver services on our behalf, or when disclosure is required by law. Any sharing is limited and subject to contractual safeguards.
- Internal teams and authorised personnel for account provisioning, support, and security operations.
- Third-party service providers such as payment processors, cloud infrastructure hosts, and analytics vendors.
- Legal, regulatory, or law enforcement entities when compelled by applicable law or to respond to legal processes.
- Professional advisors such as auditors, accountants, or legal counsel assisting with compliance or dispute resolution.
- Potential buyers or partners in the event of a business transaction, subject to confidentiality and data protection arrangements.
- Aggregated or anonymised data may be shared for research, benchmarking, or public reporting where individuals are no longer identifiable.
International data transfers
Data processed by ITNowMakmal may be stored or processed in jurisdictions outside Malaysia. Transfers are conducted in accordance with applicable laws and are limited to destinations with appropriate safeguards.
Appropriate safeguards include contractual commitments, standard contractual clauses where available, data minimisation, and technical measures such as encryption to protect personal data during transfer and storage.
Data retention
We retain personal data only for as long as necessary to provide services, meet contractual and legal obligations, and for legitimate operational needs. Retention periods are assessed based on purpose and legal requirements.
Account information is retained while an account is active and for a reasonable period after account termination for record keeping, billing reconciliation, and to comply with legal obligations.
Support correspondence and submitted artifacts are retained as needed to resolve issues and maintain service quality, typically for a period aligned with operational needs unless law requires otherwise.
System logs and monitoring data are retained for security monitoring and incident contribute for a defined period that balances operational necessity and privacy considerations.
When data is no longer required, it is deleted or anonymised in accordance with our data retention procedures. Some backups may remain for longer periods but are subject to access controls and deletion policies.
Security measures
ITNowMakmal implements technical and organisational measures to protect data from unauthorised access, disclosure, alteration, and destruction. Measures are reviewed periodically to address evolving threats and operational needs.
- Access controls and role-based permissions to limit data access to authorised staff.
- Encryption of data in transit and at rest where appropriate, combined with secure key management practices.
- Regular vulnerability assessments, secure configuration management, and incident response planning to detect and mitigate risks.
How to exercise your rights
Individuals can exercise the rights described in this notice by contacting ITNowMakmal at the address or channels below. We require reasonable information to verify identity before responding to requests and will respond within applicable timeframes.
- To request access to or a copy of your personal data, submit a verified request identifying the account and the scope of data sought.
- To request correction or update of inaccurate information, provide the corrected details and relevant documentation where necessary.
- To request deletion or restriction of processing, explain the basis for the request and any supporting information; some requests may be constrained by legal or contractual obligations.
- To lodge a complaint with a supervisory authority or seek additional remedies, we can provide information about applicable oversight bodies and contact procedures.
- Right to restriction of processing: you may request that we limit how we process your personal data in certain circumstances, for example while a dispute about accuracy is being resolved.
- Right to object: you may object to our processing of your personal data where processing is based on our legitimate interests or for direct marketing purposes.
- Right to data portability: where processing is based on consent or on a contractual obligation and carried out by automated means, you can request a copy of your personal data in a commonly used, machine-readable format.
- Right to withdraw consent: if we process your personal data on the basis of your consent, you may withdraw that consent at any time without affecting processing done prior to withdrawal.
How to exercise your privacy rights
To exercise any of the rights listed above, contact our privacy team with a clear description of the request and any supporting information. We apply reasonable verification steps before acting on requests to protect user data. Contact details are provided below.
We aim to respond to verifiable requests within 30 days of receipt. Complex requests or requests requiring additional verification may take longer; if so, we will inform you of the expected timeframe and any required information.
Marketing communications
We may send informational updates, course announcements, and administrative messages about ITNowMakmal services. Marketing messages are based on your preferences and consent where required by law. You can opt out of promotional communications at any time.
To stop receiving marketing emails, follow the unsubscribe link included in each marketing message or contact our support team. Unsubscribing will not affect receipt of essential service or transactional communications.
Children's data
Our services are intended for adult learners and professionals. We do not knowingly collect personal data from children under the age of 18. If we become aware that we have collected personal data of a child without appropriate consent, we will take steps to delete that information.
Third-party links
Our site and services may include links to third-party websites and services. ITNowMakmal is not responsible for the content or data practices of third parties. Review the privacy policies of any external site before providing personal information.
Changes to this privacy policy
We may update this privacy policy to reflect operational, legal, or regulatory changes. Material changes will be published with an effective date. Current effective date: 19-01-2026. Continued use of our services after changes are published constitutes acceptance of the updated policy.