Privacy Policy

SRIHATI Platform Legal Policies

Privacy Policy

Introduction: This Privacy Policy explains how SRIHATI (“we” or “us”) collects, uses and protects personal data of users on our Continuing Professional Development (CPD) platform for healthcare professionals. We are committed to compliance with the Malaysian Personal Data Protection Act 2010 (Act 709) and its amendments. All handling of personal data is in line with PDPA principles and other applicable Malaysian laws.

Personal Data We Collect:
  • Identification and Contact Details: Name, professional designation, employer or institution, email address, mailing address, telephone number and professional registration or licence number (if applicable).
  • Account and Usage Data: Username, login credentials, profile information and records of CPD modules or courses accessed or completed on the platform.
  • Technical Information: IP address, browser type, device information and cookies or similar tracking data (as detailed in our Cookies Policy, if any) when you use our website.

Provision of certain personal data may be mandatory for registration or use of specific services. Where data is marked as optional, you may choose not to provide it without impact on your use of the platform.

Purpose of Collection and Use:
  • Service Delivery: To register and manage your user account, authenticate your identity and provide you access to CPD courses and platform features.
  • CPD Tracking and Certification: To record your progress and completion of educational modules, generate CPD certificates or points and facilitate reporting to relevant professional bodies if required.
  • Communication: To inform you of platform updates, new CPD offerings, maintenance downtime or changes to our policies. We may also send notifications or reminders related to your CPD activities.
  • Personalisation and Improvement: To analyse user engagement and preferences in order to improve our content and services. Any analytical use of data will be in aggregate or anonymised form where possible.
  • Legal and Compliance: To comply with legal obligations under Malaysian law and to respond to lawful requests or orders from regulatory authorities.

We will obtain your consent before using your personal data for any additional purposes not outlined above. In particular, explicit consent will be sought if we intend to process sensitive personal data or use your data for marketing communications. In all cases, personal data is processed fairly and lawfully and only to the extent necessary for the purposes stated.

Consent and Choices:

By providing your personal data to us (for example, by registering an account or submitting information on our platform), you consent to the processing of your data in accordance with this Policy and PDPA requirements. Where consent is required by law (such as for collecting sensitive data or sending marketing emails), you will be presented with a clear choice to agree or decline. You have the right to withdraw any consent given, at any time, by contacting us (see Contact section below). Withdrawal of consent may affect our ability to continue providing you certain services, but we will inform you of such consequences if they arise.

Disclosure of Personal Data:
  • Within SRIHATI and Affiliates: To our parent company, subsidiaries or related corporations (if any) for purposes consistent with this Policy, on a need-to-know basis.
  • Service Providers: To third-party service providers or partners engaged by us to perform functions on our behalf (such as IT support, data hosting or analytics services). These parties are contractually obligated to keep your data secure and use it only for the instructed purposes, in compliance with PDPA.
  • Legal Requirements: If required by law, regulation or court order or in response to a lawful request by government or regulatory authorities, we may disclose necessary data. Any disclosure is limited to what is lawfully required.
  • Protection of Rights: Where necessary to establish, exercise or defend our legal rights (for example, to enforce our Terms of Service or to investigate suspected fraud or security issues), we may process and disclose relevant data to lawyers, consultants or law enforcement.

We will never disclose your personal data to unrelated third parties for their own marketing or other purposes without your explicit consent. If the platform offers sponsored content or collaborations, we will inform you at the point of data collection and seek consent where required.

Cross-Border Data Transfer:

As of now, all personal data is stored on servers located in Malaysia. If in future we need to transfer your personal data outside Malaysia, we will ensure such transfer complies with Section 129 of the PDPA and relevant regulations, including ensuring adequate data protection in the recipient jurisdiction and obtaining your consent where required by law.

Data Security:

We implement appropriate technical and organisational security measures to protect your personal data against loss, misuse, unauthorised access or disclosure, alteration or destruction. Measures include access controls, encryption and SSL for data transmission where applicable, regular security audits and staff training on data protection. We will notify you and the relevant authorities of any notifiable data breach as required by law.

Data Retention:
  • Account information and profile data are kept for as long as you maintain an account. Upon termination, we remove or anonymise data within a reasonable timeframe, except where retention is required by law.
  • CPD activity records may be retained to provide you and accrediting bodies with a transcript of completed courses; we periodically review and delete or anonymise records no longer needed.
  • Financial transaction data is retained to comply with tax, audit and financial regulations. Backups are retained for disaster recovery for a limited period and destroyed securely.

We ensure personal data is kept accurate, up-to-date and not kept longer than necessary. You can request earlier deletion in line with Your Rights below.

Your Rights Under PDPA:
  • Right of Access: Request confirmation and a copy of personal data we hold (subject to identity verification and any prescribed fee).
  • Right of Correction: Request correction of inaccurate or outdated data.
  • Right to Withdraw Consent: Withdraw consent to processing at any time (may affect service availability).
  • Right to Prevent Unwarranted Processing: Object to or restrict processing in certain situations, including direct marketing.
  • Data Portability: When applicable under Malaysian law, request transfer of your data to another data controller in a machine-readable format.
Cookies and Tracking Technologies:

We may use cookies or similar technologies to enhance user experience and collect usage analytics. You can control cookies via your browser; blocking certain cookies may affect platform functionality. Continued use of our site indicates consent to cookies in accordance with applicable law.

Third-Party Websites:

External links on our platform lead to third-party sites with their own privacy practices. This Policy applies solely to data handled by SRIHATI.

Updates to this Policy:

We may update this Policy to reflect changes in law or data practices. Material changes will be communicated via the platform or email. Please review this page periodically. Effective date: 1 November 2025.

Contact Information:

Email: info@corelifetraining.com.my

Need help? Contact support.