Privacy Policy

1. Introduction
‍GIFT ED SDN BHD (Company Registration No. 202101043700 (1444000-U)),  a company incorporated under the laws of Malaysia having a business address at WeWork Mercu 2, 38-006, No. 3, Jalan Bangsar, KL Eco City, 59200 Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, Malaysia and its related companies ('Company', 'we', 'us', or 'our',) (“GIFT.ed”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data.

This Privacy Policy is formulated in accordance with the Malaysian Personal Data Protection Act 2010 (“PDPA”) and explains how and why we collect, store, use, disclose, and otherwise process your personal data when you use our services (“Services”), including when you:
- visit our website at https://www.gift-ed.com;
- register for an account;
- subscribe to or use our services;
- communicate with us; or
- otherwise interact with us in connection with our business.

By accessing our website, communicating with us, or voluntarily providing your personal data, you consent to the collection, use, disclosure, and processing of your personal data in accordance with this Privacy Policy.

Our services are intended for individuals aged 18 and above. We do not knowingly collect or process personal data from children under the age of 18, and we do not intentionally process sensitive personal data unless required by law or with your explicit consent.

Under the PDPA, individuals have certain rights in respect of their personal data, and organisations have corresponding obligations when processing such data. This Privacy Policy outlines how we comply with those obligations and how you may exercise your rights.

This Privacy Policy should be read together with our Terms of Use, which govern your access to and use of our website and services. If you do not agree with this Privacy Policy, you should discontinue use of our Services.

If you have any questions or concerns regarding this Privacy Policy or your personal data, please contact us at hello@gift-ed.com.

‍2. Key Highlights
‍This summary highlights the key points of this Privacy Policy. You should read the full Privacy Policy for more detail, and it should be read together with our Terms of Use.

‍What personal data do we process? We collect personal data you provide (such as name, email, and account details) and certain technical information collected automatically when you use our Services (such as IP address and usage data).

‍Do we process sensitive personal data? We do not intentionally process sensitive personal data unless required by law or with your explicit consent.

‍Do we receive personal data from third parties? Generally, we collect personal data directly from you. In some cases, we may receive limited information from service providers that support our Services (for example, payment processing or hosting providers).

‍How do we use your personal data? We use personal data to provide and improve the Services, manage accounts, communicate with you, protect the security of our platform, prevent fraud, and comply with legal obligations.

‍When do we share personal data? We may share personal data with trusted service providers who support our operations (such as hosting, analytics, and payment processing), and where required by law.

‍What rights do you have? You may request access to and correction of your personal data, and you may withdraw consent (subject to PDPA and service limitations). You may also opt out of marketing communications at any time.

‍How can you exercise your rights? You can contact us at hello@gift-ed.com. Where available, we may also provide a data subject request form.

‍3. What Personal Data We Process
‍We collect personal data that you provide to us directly, as well as certain information automatically when you use our services.

‍A. Personal Data You Provide
‍The personal data we may collect includes:
- Your name
- Nationality
- Email address
- Job title or professional information
- Username and account credentials
- Contact preferences
- Feedback, enquiries, or communications you send to us
- Any other information you voluntarily provide

You are not required to provide personal data; however, if you choose not to provide certain information, you may not be able to access certain features or services.

You are responsible for ensuring that the personal data you provide is accurate and up to date.

‍B. Information Collected Automatically
‍When you use our Services, we may automatically collect technical and usage information that helps us operate and secure the platform. This may include:
- Log and usage data, such as date/time of access, pages viewed, searches performed, and feature usage
- Device data, such as device type, operating system, browser settings, and device identifiers
- Diagnostics and performance data, such as error reports or crash information (where applicable)
- Location data, which may be approximate (derived from IP address) and, if you enable device location settings, may include more precise location information.

This information may comprise (but not limited) to the following technical information:
- Internet Protocol (IP) address
- Device type and operating system
- Browser type and version
- Pages visited and time spent on the Site
- Referring website or source
- Approximate location derived from IP address
- Log and diagnostic data

This information does not directly identify you but helps us maintain the security, performance, and functionality of our services.

You may disable location access through your device settings. If you do so, certain features (where location is required) may not function as intended.

‍C. Sensitive Personal Data
‍We do not intentionally collect or process sensitive personal data (such as information relating to health, religion, or biometric data), unless required by law or with your explicit consent.

‍D. Children’s Data
‍Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will take reasonable steps to delete it.

‍4. How We Collect Your Data
‍We collect personal data when you register an account, log in, subscribe to our Services, communicate with us, or submit information through our platform. We may also collect personal data when we verify identity or account ownership (where necessary), or when you sign consent forms electronically.

‍5. Why We Collect and Use Your Data
‍We collect and use your personal data only for purposes that are directly related to our business and services. These purposes include:
- Creating and managing user accounts
- Providing access to our courses and learning tools
- Authenticating users and maintaining platform security
- Responding to enquiries and providing support
- Processing subscriptions and payments
- Sending administrative communications (e.g. updates, service notices)
- Sending marketing communications (with your consent)
- Improving our services through analytics and feedback
- Preventing fraud and misuse of the platform
- Complying with legal or regulatory obligations

We will not use your personal data for purposes unrelated to the above without obtaining your consent, unless permitted by law.

‍6. Legal Basis for Processing
‍Under the PDPA, we process personal data primarily on the basis of:
- Your consent;
- The performance of a contract with you;
- Compliance with legal obligations; or
- Other circumstances permitted under the PDPA.

You may withdraw your consent at any time by contacting us. However, withdrawal of consent may affect your ability to continue using certain services.

‍7. Disclosure of Personal Data
‍We treat your personal data as confidential. We may disclose personal data only where necessary and for legitimate business or legal purposes.We may share personal data with:
- Website hosting and cloud service providers
- Payment processors
- Data analytics providers
- Professional advisers (e.g. auditors, lawyers)
- Regulatory or governmental authorities where required by law

All third-party service providers engaged by us are required to protect personal data and to process it only in accordance with our instructions.

We do not sell personal data to third parties.

‍8. International Transfers
‍Our services are operated and hosted in Malaysia. In some cases, personal data may be processed by service providers located outside Malaysia.

Where personal data is transferred outside Malaysia, we will take reasonable steps to ensure that such transfers comply with the PDPA and that appropriate safeguards are implemented.

‍9. Cookies and Tracking Technologies
‍We use cookies and similar technologies to:
- Maintain session integrity
- Improve user experience
- Analyse website performance
- Enhance security

Cookies allow us to recognise your browser and remember certain preferences.

You may disable cookies through your browser settings. However, disabling cookies may limit certain features or functionality of the Site.

‍10. AI Assistant
‍Our platform includes an AI-powered assistant designed to enhance your learning experience.

The assistant may use your profile information (such as your name or learning preferences) to personalise responses during a session.

Feedback provided on the assistant may be linked to your user account for the purpose of improving the service.

Unless otherwise stated, chat conversations are not retained across sessions and are not shared with third parties for marketing purposes.

‍11. Data Retention
‍We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy or to comply with legal obligations.

When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our internal retention policies.

‍12. Security of Personal Data
‍We implement reasonable technical and organisational measures to safeguard personal data against unauthorised access, misuse, alteration, or loss.

These measures may include:
- Encryption of data during transmission
- Access controls and authentication mechanisms
- Secure hosting infrastructure
- Internal data handling procedures

While we take reasonable steps to protect personal data, no system can guarantee absolute security.

‍13. Your Rights Under the PDPA
‍Subject to the PDPA, you have the right to:
- Request access to your personal data;
- Request correction of inaccurate or incomplete data;
- Withdraw consent (where processing is based on consent);
- Request deletion where permitted by law.

We may charge a prescribed fee for access requests and will respond within the timeframe required under the PDPA.

To exercise your rights, please contact us at hello@gift-ed.com.

‍14. Updates to This Privacy Policy
‍We may update this Privacy Policy from time to time to reflect changes in law or our practices.

Any updates will be published on our website and will take effect upon posting. We encourage you to review this Privacy Policy periodically.

‍15. Contact Us
‍If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
GIFT ED SDN BHD
Email: hello@gift-ed.com
Address: WeWork Mercu 2, 38-006, No. 3 Jalan Bangsar, KL Eco City, 59200 , Kuala Lumpur, Malaysia.