Legal
Privacy Policy
Last Updated: 12 May 2025 · Effective: 12 May 2025
Kernel Atlas (referred to as "we", "us", or "our") is committed to handling personal information responsibly. This policy explains what data we collect, how we use it, and the rights available to individuals whose data we hold. It applies to all personal data collected through our website and in connection with our educational programmes.
1. Data We Collect
When you use our contact form, register for a programme, or communicate with us, we may collect:
- Full name and email address (required for enrolment and programme communication)
- Phone number (if provided voluntarily in enquiry forms)
- Message content submitted through the contact form
- Programme participation records (session attendance, notebook submissions, project work)
- Technical data collected automatically: IP address, browser type, pages visited, and time of visit (via analytics cookies, where consent is given)
Legal basis for processing: Data collected through enquiry forms is processed on the basis of your consent. Data required to deliver programme services is processed on the basis of contractual necessity. Analytics data is processed on the basis of consent, where provided.
Retention: Enquiry data is retained for 12 months from the date of receipt unless it leads to programme enrolment. Programme participation records are retained for 3 years from programme completion. Analytics data is retained for 26 months.
2. How We Use Your Data
- To respond to enquiries and process programme enrolments
- To deliver programme materials, schedule sessions, and provide mentor pairings
- To issue course completion records to eligible participants
- To send programme-related updates and information relevant to your enrolment
- To improve our website and course content through aggregated usage analysis
Marketing communications: We do not send promotional messages without prior consent. If you have enrolled in a programme, we may send you information about related Kernel Atlas programmes unless you opt out.
Third-party sharing: We do not sell personal data. We may share data with service providers who assist in delivering our programmes (such as video conferencing platforms and payment processors), under contractual obligations that restrict their use of the data to the purposes for which it was shared.
3. Data Protection Measures
We take reasonable technical and organisational steps to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- HTTPS encryption for all website pages and data transmission
- Access controls limiting personal data access to staff who require it for their role
- Regular review of data handling practices and third-party service agreements
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, within a reasonable period of becoming aware of the breach.
4. Cookies
Our website uses cookies for essential functionality (such as storing your cookie consent preference) and, where you consent, for analytics. A full description of the cookies we use, their purpose, and how to manage your preferences is available in our Cookie Policy.
5. Your Rights Under Malaysian Law
Under the Personal Data Protection Act 2010 (PDPA) of Malaysia, you have the following rights in relation to your personal data:
- Right to access: You may request a copy of the personal data we hold about you.
- Right to correction: You may request correction of inaccurate or incomplete personal data.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
- Right to prevent processing for marketing: You may ask us to stop using your data for direct marketing purposes.
- Right to lodge a complaint: You may direct complaints about our data handling to the Department of Personal Data Protection Malaysia (JPDP).
To exercise any of these rights, contact us at [email protected]. We will respond within 21 days of a valid request.
6. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We recommend reviewing the privacy policy of any external site you visit.
7. Age Restrictions
Our programmes and services are intended for individuals aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected such data, we will take steps to delete it promptly.
8. Changes to This Policy
We may update this policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. We will notify active programme participants of material changes via email. Continued use of our website or services after changes are posted constitutes acceptance of the updated policy.
9. Contact for Privacy Matters
Data Controller: Kernel Atlas
Lot 6, Jalan Tun Razak, 50400 Kuala Lumpur, Malaysia
+60 3-2692 4837