Committed to secure and responsible data handling

Privacy & Data Protection

DiriHubWay operates with a professional approach to personal data collected through DiriHubWay.pro and related services. This privacy policy describes what information we collect, why we collect it, how it is used, how long it is retained, and the rights available to users. We process personal data to deliver course content, manage accounts, handle payments, and maintain service quality in compliance with applicable laws.

14-05-2026 DiriHubWay, Business ID 294347257349 98700 Limbang, Sarawak, Malaysia [email protected]
01

Key definitions

This section clarifies terminology used in the policy. Clear definitions help you understand the scope of personal data processing and the responsibilities of DiriHubWay as the data controller.

Personal data means any information relating to an identified or identifiable individual, such as name, email address, phone number, billing details, and profile information used to provide and improve our services. Processing refers to any operation performed on personal data, including collection, storage, use, transfer, disclosure, erasure, and analysis, whether automated or manual. User refers to any individual who visits DiriHubWay.pro, registers for an account, enrolls in courses, subscribes to communications, or otherwise engages with our services. Service refers to the DiriHubWay online learning platform and associated offerings including live sessions, coaching, downloadable materials, assessments, and community features. Cookies are small text files placed on a device to store information about preferences and activity. We use cookies and similar technologies to support functionality, analytics, and personalization.
02

Data collection and types

We collect data directly provided by users, data generated by user activity, and data from third-party partners where necessary to deliver and enhance courses and administrative services.

Data you provide directly

When you register, enroll, or contact support, you provide information required to manage your account and learning experience.

  • Identity details: full name, preferred name, and profile information
  • Contact information: email address and phone number (+60127359727 for operational contact)
  • Account credentials and password hashes for authentication
  • Billing and payment details necessary to process course fees (handled by our payment processors)
  • Course-related data: enrollment choices, submitted assignments, assessment results, and completion records
  • Communications content: messages, support requests, and feedback submitted through our platform

Automatically collected data

Some information is collected automatically when you use our services to help maintain and improve the platform and to analyze usage patterns.

  • Technical data such as IP address, device type, operating system and browser information
  • Usage data including pages visited, course interaction events, session duration and feature usage
  • Analytics data collected via cookies and similar technologies for performance and behavior analysis
  • Location data inferred from IP address or device settings where applicable and with user consent
  • Error reports and diagnostics submitted when crashes or exceptional events occur
  • Aggregate or anonymized data derived from personal data for reporting and research purposes

Data from third parties

We may receive data about you from trusted third parties needed to provide or improve services, subject to contractual protections.

  • Payment processors and business partners for billing and fraud prevention
  • Analytics providers and platform partners to measure service performance and user engagement
  • Third-party content and integration partners (e.g., video hosting, webinar platforms) that facilitate course delivery
03

Purposes of processing

We process personal data for specific, documented purposes which are necessary to operate the service and support users effectively.

  • Account setup, authentication and management to enable access to course materials
  • Service delivery including hosting course content, live sessions, and assessments
  • Payments and billing administration for enrollment fees and related transactions
  • Operational analytics and product improvement to enhance curriculum quality and platform reliability
  • Communications such as administrative messages, course updates, and support responses
  • Marketing where permitted and based on your preferences; marketing emails can be opted out of at any time
  • Legal compliance and fraud prevention in response to lawful requests or regulatory obligations
  • Personalization of learning pathways and recommendations based on assessed needs and performance

Legal basis for processing

We rely on appropriate legal bases for processing personal data depending on the purpose and jurisdiction, such as consent, contractual necessity, legal obligation, or legitimate interests.

  • Performance of a contract: to provide the learning services you have requested
  • Consent: where you have explicitly agreed to certain processing activities (e.g., marketing communications)
  • Legal obligation: to comply with statutory duties or regulatory requirements
  • Legitimate interests: for platform security, fraud prevention, and service improvement, balanced against user rights

Rights under applicable data protection laws

Where applicable to users covered by EU/EEA law, DiriHubWay respects the rights afforded by data protection legislation and provides mechanisms to exercise those rights.

  • Right of access: request a copy of personal data we hold about you
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure: request deletion of personal data where lawful and appropriate
  • Right to restrict processing or object to certain processing activities
  • Right to data portability: receive personal data in a commonly used format where applicable
  • Right to withdraw consent where processing is based on consent without affecting lawfulness of prior processing
04

Cookies and similar technologies

We use cookies and similar technologies to provide core functionality, measure performance, and deliver personalized experiences. You can manage cookie preferences via your browser and our cookie settings.

Cookies used include session cookies, persistent cookies, and third-party cookies provided by analytics and integration partners to support functionality and measurement.

Cookie categories include: essential (required for service operation), performance (analytics), functional (preferences), and targeting (optional marketing).

You can control cookies through browser settings, device preferences, and our consent management tool where presented. Disabling certain cookies may affect functionality of the platform.

Cookie Policy

Data sharing and subprocessors

We share personal data only with entities that provide services necessary for operations and subject them to contractual data protection requirements.

  • Payment and billing providers that process transactions on our behalf
  • Cloud hosting and infrastructure providers that store and serve platform content
  • Analytics and performance vendors who help us understand usage patterns
  • Trusted partners and affiliates involved in course delivery and certification
  • Legal advisors and authorities where disclosure is required by law or to protect legal rights
  • Marketing and communication platforms for sending newsletters and announcements when you have opted in

International transfers

Data may be transferred and processed outside your jurisdiction, including to service providers located in other countries, to deliver global infrastructure and support. Transfers are governed by appropriate safeguards and contractual protections.

When data is transferred internationally we implement safeguards such as standard contractual clauses, data processing agreements, encryption, and access controls to maintain protection equivalent to local requirements.

Data retention

We retain personal data only for as long as necessary to fulfill the purposes described, to comply with legal obligations, and to resolve disputes or enforce agreements.

Account information and profile data are retained for the duration of your active account and for a limited period after account closure to meet legal, tax, and security obligations (generally up to 7 years where required).

Support communications, enquiries, and related messages are retained for an operationally appropriate period to ensure continuity of service and to resolve issues.

System logs and technical records are typically retained for operational and security purposes for periods such as 12 months unless longer retention is required by law.

When data is deleted we take reasonable steps to remove it from active systems. Residual copies may remain in backups for a limited time in accordance with our retention schedules.

Security measures

DiriHubWay applies technical and organizational measures to protect personal data against unauthorized access, loss, misuse and alteration. Security practices are reviewed regularly and updated in line with technology and risk assessments.

  • Encryption of data in transit (TLS) and encryption at rest for sensitive records where applicable
  • Role-based access controls, secure authentication practices, regular audits, and vulnerability management
  • Regular third-party security audits and patch management to maintain up-to-date defenses against known vulnerabilities.
05

User rights and choices

As a user of DiriHubWay, you have specific rights regarding your personal data. We describe these rights below and provide clear steps to exercise them. Our approach focuses on transparency, minimal data retention, and accountable handling consistent with applicable Malaysian data protection expectations.

  • Right to access: You may request a copy of the personal data we hold about you and information about how it is processed.
  • Right to rectification: If your information is inaccurate or incomplete, you can request corrections to ensure records are up to date.
  • Right to erasure: Where permitted by law, you can request deletion of personal data that is no longer necessary for the purposes collected or processed.
  • Right to restriction of processing: You may ask us to limit processing while a dispute about accuracy or lawful basis is resolved.
  • Right to object: You can object to certain types of processing, such as profiling or direct marketing, and we will review and respond based on the legal basis for processing.
  • Right to portability: Where technically feasible and lawful, you may request a structured, commonly used, machine-readable copy of your personal data for transfer to another service provider.
  • Right to withdraw consent: If processing is based on your consent, you may withdraw that consent at any time; this will not affect processing done prior to withdrawal.
  • Right to lodge a complaint: If you believe your data rights have been infringed, you may contact DiriHubWay or file a complaint with the relevant supervisory authority.

How to Submit a Rights Request

To exercise any of the rights above, submit a written request including your name, email address, and a brief description of the request. Provide any information that helps us verify your identity to protect your privacy. Send requests to our data protection team via the contact details listed below.

[email protected]

We will acknowledge receipt of your request within 10 business days and aim to respond fully within 30 calendar days. Complex requests or requests requiring supplementary verification may take longer; we will notify you if additional time is necessary.

Marketing Communications

DiriHubWay may use contact details to send information about courses, workshops, and updates relevant to self-improvement and leadership transformation. Marketing messages are based on your expressed preferences and legitimate interest where permitted. We limit frequency and tailor content to professional development interests.

You may opt out of marketing communications at any time by using the unsubscribe link in emails, updating your communication preferences in your account, or contacting our support team. Opting out will not affect transactional messages related to enrollments or account administration.

Children's Data

DiriHubWay services are intended for adults and professionals. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a minor without appropriate consent, we will take steps to delete that data promptly.

Third-Party Links

Our website and course materials may contain links to third-party sites or tools. Those sites are governed by their own privacy practices and DiriHubWay is not responsible for their content or data handling. Review third-party privacy notices before providing personal data.

Changes to This Privacy Notice

We periodically review and update this privacy notice to reflect operational, legal, or regulatory changes. When updates are material, we will publish the revised notice on DiriHubWay.pro and indicate the effective date. Continued use of our services after such updates signifies acceptance of the revised terms.