Privacy Policy — General Information
This privacy policy explains how KerjaTopWay collects, uses, stores, and shares personal data in the context of career development and qualification programs offered at KerjaTopWay.info. It includes practical examples and scenarios to help participants understand what data is needed for program delivery, assessment, and placement services. Contact details: Jalan Bubul, 91308 Semporna, Sabah, Malaysia. Phone: +60126015443. Business ID: 490817777592. Date of policy reference: 28-02-2026.
Definitions
To make the policy clearer, we define key terms used in the document and illustrate each with short program-related examples and scenarios.
- Personal data: any information that identifies you directly or indirectly. Example: a participant's name, email, phone number, or collection submitted for a qualification assessment.
- Processing: any operation performed on personal data, such as collection, storage, analysis, or sharing with training partners. Example: grading an assignment submitted via our learning platform.
- User: an individual who registers or interacts with KerjaTopWay services, including learners, mentors, and employer representatives participating in simulated cases.
- Service: the career development programs, qualification pathways, mentoring, and placement support provided through KerjaTopWay and partner platforms.
- Cookies: small data files placed on devices to enable login sessions, remember preferences, or track progress in scenario-based exercises and assessments.
Data We Collect
We collect data needed to deliver educational services, assess competencies, and manage placements. Below we outline categories, with practical case examples for clarity.
Data You Provide Directly
Examples of user-provided data include registration details, assessment submissions, and communication with mentors or employers during project simulations.
- Identification: full name, national ID or passport number when required for official certification verification.
- Contact details: email address and phone number used to schedule interviews, virtual coaching sessions, or placement follow-ups.
- Profile and CV: educational background, work history, and collection files submitted for case-based assessments.
- Assessment content: assignments, project deliverables, mentor feedback, and competency self-assessments.
- Payment information: transaction records and billing contact details required for paid qualification pathways (payment processors retain card data separately).
- Communications: messages platform with support, mentors, or employers during simulated hiring scenarios.
Automatically Collected Data
When you use our website and learning portals we automatically collect technical and usage data to improve service delivery and measure learning outcomes.
- Device and browser information to ensure compatibility of assessment tools and interactive case simulations.
- Usage logs showing module completion, timestamps of submitted case tasks, and performance metadata for anonymised program analytics.
- IP addresses and approximate location used for security checks and to present regionally relevant training resources.
- Cookies and session identifiers that enable persistent logins during multi-stage assessments and mentor sessions.
- Error and diagnostics data collected to troubleshoot platform issues that affect assessment reliability.
- Engagement metrics such as video watch time and quiz attempts used to refine scenario designs and workshop schedules.
Third-Party Data
We may receive data from approved partners when collaborating on employer-led projects, placements, or accreditation procedures. Examples and controls are described below.
- Employer partners: job briefs, evaluation templates, and anonymised outcome data from placement pilots used to align our qualification modules with market needs.
- Accreditation bodies: verification details required to issue official micro-credentials or certificates linked to program cases.
- Payment processors: confirmation of payments and invoice details; card numbers are handled directly by the processor.
How We Use Data
We process personal data for specific, limited purposes related to program delivery. Below are the main purposes with concrete examples of how data is used in practice.
- Program delivery: to register learners, assign them to cohorts, and provide access to course materials and scenario-based tasks.
- Assessment and certification: to evaluate submitted case projects, record scores, and coordinate issuance of qualifications with accrediting partners.
- Placement facilitation: to share required participant information with employer partners when a placement match is requested by the participant.
- Support and communication: to answer queries, schedule mentoring sessions, and provide personalised learning recommendations based on case performance.
- Platform improvement: to analyse anonymised usage data and refine practical scenarios, templates, and workshops.
- Legal and safety: to comply with regulatory requirements, contribute misuse, and ensure platform integrity during live simulations.
- Analytics and reporting: to compile aggregated outcomes from cohort case studies for continuous program development and partner reports.
- Marketing (with consent): to share program updates, case-study summaries, and opportunities tailored to your career interests.
Legal Basis for Processing
We rely on appropriate legal bases to process personal data. Practical examples are provided to clarify when each basis applies.
- Performance of a contract: processing required to deliver the courses and mentorship you sign up for, e.g., managing your enrolment and assessments.
- Consent: for optional communications, marketing, and certain analytics beyond what is necessary for core services.
- Legal obligation: where we must retain or disclose data in response to legal or regulatory requests from Malaysian authorities.
- Legitimate interests: for fraud prevention, platform security, and improving educational content through anonymised analytics, balanced against user privacy.
Data Protection Rights
Although KerjaTopWay operates in Malaysia, we adopt recognised data protection practices. Below are common rights participants may have, illustrated with practical steps to exercise them.
- Right to access: request a copy of personal data we hold, for example, records of completed case assessments and mentor feedback.
- Right to rectification: ask us to correct inaccurate profile information used in placement matching.
- Right to erasure: request deletion of your account and related personal data where retention is not otherwise required for legal or certification reasons.
- Right to restrict processing: request suspension of certain processing activities, such as marketing communications, while maintaining access to course materials.
- Right to data portability: where feasible, receive a machine-readable copy of your assessment records and collection submissions.
- Right to object: object to processing based on legitimate interests, for example analytics beyond anonymised program improvements.
Cookies and Similar Technologies
Cookies and similar technologies support learning continuity and the delivery of interactive case simulations. We explain categories, examples, and how to manage them.
Types: session cookies for login continuity, preference cookies for language and interface settings, performance cookies for analytics, and functional cookies for assessment tool operation.
Categories: essential (login and assessment integrity), functional (interface preferences), performance (usage analytics for scenario improvements), and advertising (only with consent for external offers).
Manage cookies by adjusting browser settings or using the cookie management tool available on KerjaTopWay.info. Disabling certain cookies may affect access to multi-stage assessments or live simulation features.
Detailed Cookie Policy
When We Share Data
We share personal data only when necessary to provide services, meet legal obligations, or with your explicit request. Each sharing instance is tied to a specific, documented purpose.
- With employer partners for placement matching and simulated project feedback when you apply to participate.
- With accreditation bodies to verify certification completion and issue official credentials.
- With service providers (hosting, payment, analytics) that process data on our behalf under contract and specific instructions.
- When required by law or to respond to lawful requests from public authorities in Malaysia.
- With potential acquirers or advisors in the event of a business transfer, subject to confidentiality safeguards.
- With your explicit consent for other purposes not listed above, such as employer introductions beyond placement matching.
International Data Transfers
Some service providers may be located outside Malaysia. When data is transferred internationally, we use appropriate safeguards such as contractual clauses, data minimisation, and provider assessments to maintain protections aligned with applicable laws.
Safeguards include data processing agreements, limited access controls, and encryption where appropriate. Transfers are limited to what is necessary for service provision (e.g., hosting, accreditation verification).
Data Retention
We retain personal data only as long as necessary for the purposes described, including program delivery, certification obligations, and legal requirements. Retention periods are explained with examples below.
Account data: retained for the duration of your active account and for a reasonable period after inactivity to allow reactivation or certification verification, typically up to five years for audit purposes tied to qualification records.
Messages and support records: retained for up to three years to resolve disputes, review mentor feedback history, or evaluate program outcomes in case-study analyses.
System logs and diagnostics: retained in anonymised or aggregated form where possible for platform improvement; raw logs retained only as long as needed for security and troubleshooting.
Deletion requests are handled in line with legal obligations. Certain accreditation records or business transaction records may be retained longer if required by law, with options to restrict further processing where feasible.
Security Measures
KerjaTopWay applies administrative, technical, and physical measures to protect personal data. Measures include access controls, encrypted connections for data in transit, and role-based access to assessment systems. Practical scenarios: access to student collection is limited to assigned mentors and accreditation verifiers; logs monitor unusual access patterns to detect potential misuse. While these measures reduce risk, no system is invulnerable; we maintain incident response procedures and notify affected users as required by applicable law.
- Role-based access control limiting who can view personal data, with regular reviews of permissions tied to active project cases and training cohorts.
- Encrypted storage for personal records and certificates in transit and at rest, complemented by routine backups and incident response playbooks based on practical breach scenarios.
- Periodic staff training and simulated phishing exercises; secure development lifecycle practices for KerjaTopWay.info platform updates.
User Rights and Requests
KerjaTopWay recognizes several data subject rights. Below are the common rights, described with brief practical examples and the steps you can take when exercising them.
- Right of access — you may request a copy of personal data we hold about you. Example: request your enrolment record and completion status for a leadership program.
- Right to rectification — request corrections to inaccurate or incomplete personal details. Scenario: update a misspelled name on a certificate.
- Right to erasure (where applicable) — ask us to delete data that is no longer required. Practical case: remove a profile created in error before a training cohort starts.
- Right to restriction of processing — request temporary suspension of data use. Scenario: place a hold on marketing contacts while you decide about newsletters.
- Right to data portability — request your training and certification records in a commonly used electronic format to transfer to another provider.
- Right to object — object to processing for direct marketing or profiling. Practical example: opt out of employer-matching for a career pathway.
- Right to withdraw consent — where processing is based on consent, you can withdraw it. Case: withdraw consent for photo usage in case studies.
- Right to lodge a complaint — if you believe your rights were not respected, you may lodge a complaint with a supervisory authority in Malaysia.
How to exercise your privacy rights
To submit a request, provide a clear description of the right you want to exercise and any supporting details about the affected records (for example: program name, enrollment date, or certificate ID). Include a copy of a valid ID for verification when needed. Send requests to our privacy contact below or use the contact form on KerjaTopWay.info.
We aim to acknowledge requests within 7 calendar days and provide a substantive response within 30 calendar days of verification. Complex requests may require additional time, in which case we will inform you and explain the reasons and expected timeline.
Marketing and communications
KerjaTopWay uses contact details to send training updates, course invitations, and case-study newsletters. Communications are tailored using past enrollment and expressed preferences. We run small A/B tests and scenario-based outreach to improve relevance; recipients can change preferences at any time.
You can unsubscribe from marketing messages via the link in any email or by contacting our privacy team. Unsubscribing stops promotional communications but may not stop operational messages about active enrollments or certification records.
Children and young learners
KerjaTopWay.info is designed for adult learners and professionals. We do not knowingly collect personal data from individuals under 16. If a parent or guardian believes we have collected such data in error, please contact us with details so we can take appropriate steps.
Third-party links
Our website may link to third-party services for payments, certification validation, or learning materials. These links are provided for convenience and do not imply endorsement. Third parties operate under their own privacy policies; review those policies before submitting personal data.
Changes to this privacy policy
We periodically update this policy to reflect changes in services, legal requirements, or operational practices. Major updates will be posted on KerjaTopWay.info with the effective date. We document material changes and explain practical impacts on learner data handling.