Privacy Policy — General Information

This Privacy Policy explains how ProMaxIlmu collects, uses, stores, and shares personal data in the course of providing continuous learning services for professionals and managers. The policy uses practical scenarios to show typical data flows: for example, when a manager signs up for a scenario workshop, we collect contact and billing details and use analytics to improve the learning pathway. We aim to be transparent about processing activities and how you can exercise your rights.

2026/03/23 ProMaxIlmu (Business ID: 311650084933) Jalan Simunul, 91308 Semporna, Sabah, Malaysia [email protected]

Definitions

To make the policy easier to follow, we define key terms used throughout. Definitions are illustrated with short scenarios so readers can see how each term applies in practice.

Personal data means any information that relates to an identified or identifiable person. For example: when a participant registers for a leadership case study, the name and email they provide constitute personal data.
Processing refers to any operation performed on personal data, such as collection, storage, analysis, modification, or deletion. In a practical case, processing includes tagging course progress and generating a competency report for a team leader.
User means anyone who accesses ProMaxIlmu services, including learners, managers, trainers, and administrators. A user scenario: a manager logs in to complete a negotiation simulation and receives tailored feedback.
Service refers to ProMaxIlmu learning products, including courses, workshops, assessments, and analytics dashboards delivered via ProMaxIlmu.club. A service example: an interactive module that guides a manager through a hiring case study.
Cookies are small data files stored on a device to remember preferences and improve site functionality. For example, a cookie can retain a user’s session when they resume a multi-part scenario module.

What data we collect

We collect a combination of user-provided details, automatic technical data, and limited information from third parties. The examples below illustrate common collection points during the learning lifecycle.

Data you provide directly

When you register, enroll in a course, or participate in workshops, you provide information necessary to deliver and improve the service. Example scenario: enrolling a team member in a management simulation requires contact and role details.

  • Contact details: full name, email address, mobile phone number.
  • Professional details: job title, employer, department, and industry sector used to tailor case scenarios.
  • Account credentials: username and password used to access ProMaxIlmu.club (stored securely).
  • Billing and transaction data: billing address, payment card voucher or invoice details for paid plans and corporate subscriptions.
  • Course inputs and assessments: responses to case exercises, uploaded documents, and peer feedback submitted during scenario workshops.
  • Communications: messages or support requests you send to ProMaxIlmu, including attachments used to resolve a specific training issue.

Data collected automatically

We collect technical and usage information automatically to operate the service, evaluate performance, and improve content relevance. A typical case: tracking which simulation steps are most challenging to adjust future scenarios.

  • Usage analytics: pages visited, modules accessed, time spent on scenarios, and interaction events for learning optimization.
  • Device and browser information: device type, OS, browser version to ensure compatibility with interactive case tools.
  • IP address and approximate location: used for security checks, fraud prevention, and localizing content.
  • Cookies and similar identifiers: to maintain session state and remember user preferences across visits.
  • Performance logs: error reports and diagnostics to resolve technical issues affecting course delivery.
  • Assessment metadata: timestamps and activity sequences generated when completing scenario-based assessments.

Data from third parties

In some cases we receive information from external services to provide or enhance the learning experience. For instance, a corporate customer may supply team lists for bulk enrolment.

  • Corporate provisioning: employee lists and role data provided by corporate administrators for group enrolment.
  • Payment processors: transactional confirmations and billing records from third-party payment providers.
  • Analytics and advertising platforms: aggregated engagement data used to improve learning pathways while respecting privacy controls.

How we use your data

We process personal data for specific, documented purposes. Below are the main purposes with practical examples of how data is used in everyday scenarios.

  • Service delivery: to register accounts, grant access to courses, and run scenario-based modules (example: enrolling a manager in a leadership simulation and tracking completion).
  • Account management: to authenticate users, manage subscriptions, and provide customer support (example: resetting access after a corporate system change).
  • Billing and payments: to process subscriptions, issue invoices, and manage refunds via secure payment partners.
  • Personalization and improvement: to analyze engagement with case studies and adjust content sequencing to better fit managerial learning paths.
  • Security and compliance: to detect fraud, respond to incidents, and verify identities when needed to protect user accounts.
  • Research and development: to aggregate anonymized data for improving simulations and designing new practical case workshops.
  • Marketing communications: where permitted, to share course updates and relevant program suggestions; recipients can opt out or manage preferences.
  • Legal obligations: to respond to lawful requests by authorities or to defend legal rights.

Legal bases for processing

Where applicable, we rely on lawful bases to process personal data. Below are common legal bases with examples tied to typical ProMaxIlmu scenarios.

  • Performance of a contract: processing needed to provide training services, for example when you subscribe to a paid plan and we manage access and billing.
  • Consent: where you opt in to marketing communications or non-essential features like public learner profiles for case competitions.
  • Legitimate interests: for fraud prevention, platform security, and improving course quality based on aggregated feedback, balanced against user privacy.
  • Legal compliance: processing required to meet statutory obligations or respond to lawful requests by public authorities.

GDPR and data protection rights

For users within the scope of the GDPR, the following lists summarize rights and illustrative steps on how they can be exercised with ProMaxIlmu.

  • Right of access: you can request a copy of personal data we hold about you. Example scenario: a manager requests their course participation records for internal HR reporting.
  • Right to rectification: if information is inaccurate, you can ask us to correct it, such as updating a job title used in tailored scenarios.
  • Right to erasure: you may request deletion of data where retention is no longer necessary; we will explain any operational reasons we cannot immediately remove certain records.
  • Right to restriction of processing: you can request limited processing while a dispute about data accuracy is resolved.
  • Right to data portability: where applicable, you can request a structured, machine-readable copy of data you provided to ProMaxIlmu.
  • Right to object: you may object to processing based on legitimate interests or direct marketing; we will assess and respond based on legal requirements and operational needs.

Cookies and similar technologies

We use cookies and similar tools to improve functionality and measure engagement. Practical examples: maintaining progress in a multi-part case study or remembering language preferences between sessions.

Cookies we use include essential session cookies, preference cookies, performance analytics cookies, and optional marketing cookies used only with consent.

Essential cookies enable core functionality. Performance cookies collect aggregated usage statistics. Preference cookies remember settings such as language and display options. Marketing cookies are used for personalised recommendations and require consent.

You can control cookies via your browser settings and our cookie preference tool on ProMaxIlmu.club. Disabling certain cookies may affect the functionality of scenario-based modules.

View the full cookie policy on ProMaxIlmu.club

How we share data

We share personal data only as needed to provide services, comply with the law, or as part of operational requirements. Example: sharing anonymized cohort analytics with a corporate training lead to help plan team development.

  • Service providers: third parties that host our platform, process payments, or deliver email and support services.
  • Analytics partners: providers that help us understand usage patterns and improve scenario effectiveness on an aggregated basis.
  • Corporate customers: when a corporate administrator enrolls a team, basic enrolment details and progress metrics may be shared with that employer.
  • Legal and regulatory authorities: where required by law, court order, or to defend legal claims.
  • Affiliates and acquirers: in the event of a business reorganization, acquisition, or sale, personal data may be transferred as part of that process.
  • Public forums and user-generated content: data you post to public areas such as discussion boards or case competition leaderboards may be visible to other users.

International data transfers

ProMaxIlmu operates from Malaysia and may transfer personal data to service providers located in other jurisdictions to support platform operations or analytics. Transfers are carried out only when appropriate safeguards are in place and when necessary for service delivery.

When we transfer data internationally, we use appropriate safeguards such as standard contractual clauses, access controls, and encryption. We assess partner practices and require contractual commitments to protect personal data.

Data retention

We retain personal data only as long as necessary for the purposes described and to comply with legal, accounting, or security requirements. Retention periods vary by data type and processing purpose.

Account information is retained for as long as the account is active and subsequently for a limited period to support legal obligations and allow recovery of records related to completed courses or corporate reporting needs.

Messages and support communications are kept for a reasonable period to resolve ongoing issues and to maintain a record of interactions, typically not exceeding industry-standard retention windows unless required otherwise.

System logs and diagnostic data are retained for a period necessary to contribute incidents and improve platform resilience, with sensitive logs retained only as required for security purposes.

When data is no longer needed, we securely delete or anonymize it. Deletion requests will be evaluated against operational constraints such as contractual obligations and regulatory requirements.

Security

We implement technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorized access. Security practices evolve in response to new threats and platform changes; we document measures and run periodic reviews.

  • Technical protections: encryption of data in transit and at rest for sensitive records, secure authentication, and role-based access controls.
  • Organizational controls: staff training on data handling, least-privilege access, and incident response procedures informed by practical breach scenarios.
  • Operational reviews: regular security audits, penetration testing, and review of third-party provider controls before onboarding.

Your rights

You can exercise your data protection rights by contacting us. Below is an example process to request access or correction: submit a request with your account details, we verify identity, and respond within a reasonable timeframe while safeguarding other users' data.

  • To exercise your rights or for privacy enquiries contact: Data Protection Officer, ProMaxIlmu, Jalan Simunul, 91308 Semporna, Sabah, Malaysia. Phone: +60127251347. Email: [email protected]. Please include your full name, Business ID if applicable, and a description of the request.
  • Access: Request a copy of personal data we hold about you to review records related to your learning history, course enrollments, certifications and communication logs maintained by ProMaxIlmu for professional development purposes.
  • Correction: If your profile, employment details or progress records contain inaccuracies, you may request corrections or updates. We apply practical verification steps and record change scenarios to preserve audit trails.
  • Deletion: You can request removal of personal data that is no longer necessary for the training services we provide. Deletion requests are handled case by case to preserve required administrative records such as completed course certificates and business transactions where lawful retention is necessary.
  • Portability: Where applicable, you may request a structured, commonly used and machine-readable copy of certain personal data (for example training history and certificates) to transfer to another provider or internal HR system.
  • Restriction: You may ask to restrict processing of certain personal data while we verify a dispute about accuracy or while a deletion request is evaluated, particularly when data relates to ongoing credentialing or compliance cases.
  • Objection: You can object to direct marketing processing or profiling used solely for promotional learning recommendations. We describe scenario-based options to opt out from automated recommendation flows without interrupting mandatory compliance training.
  • Complain: If you believe your rights are not respected, you may file a complaint with our Data Protection Officer or escalate to the relevant supervisory authority in Malaysia. We maintain case summaries and response logs for transparency.

How to exercise your data rights

To exercise any of the rights above submit a request to our privacy team. Include your full name, Business ID (if applicable), and specific details of the data or action requested. We may need to verify identity and provide examples of documents or account scenarios to complete requests securely.

[email protected]

We aim to acknowledge data rights requests within 7 business days and resolve routine requests within 30 calendar days. Complex cases that require cross-system reconciliation, such as bulk training record transfers, may take additional time and we will notify you with a case timeline.

Marketing communications and learning recommendations

ProMaxIlmu uses preference-based and scenario-driven messaging to share course updates, cohort invitations and case study webinars relevant to professionals and managers. Marketing messages are tailored using anonymized learning trends and explicit user preferences to ensure relevance.

You may opt out of promotional emails or SMS at any time using the unsubscribe link in messages or by contacting [email protected]. Unsubscribing from marketing does not stop service messages such as enrollment confirmations, billing notices or critical credential updates.

Children and minors

ProMaxIlmu focuses on services for professionals and managers. We do not target or knowingly collect personal data from children under 16. If we discover that a minor’s personal information has been submitted without proper consent, we will take steps to delete that data and document the corrective action in our case logs.

Links to third party services

Our platform may link to external resources, partner learning platforms, or employer portals. Each third party has its own privacy practices; when a link opens an external service we provide context and practical scenarios on data flow so you can make informed choices before sharing information.

Changes to this privacy policy

We update privacy practices to reflect product improvements, regulatory changes and new case studies about learning data use. Notice of material changes will be published on ProMaxIlmu.club and, where appropriate, emailed to affected users with examples explaining how the changes affect typical training scenarios.