Content Image
Trusted security awareness training
Trusted security awareness training

Employee awareness fundamentals

Practical courses for measurable risk reduction

Courses cover phishing awareness, password hygiene, device security, secure remote work practices, and reporting procedures. Content is designed to be role‑appropriate and updated to reflect current threat trends.

Explore course catalog Read course syllabus

General information

This privacy policy explains how SecureMSkill collects, uses, stores and shares personal information in connection with our IT security awareness and training services. The policy applies to visitors, trainees, clients and other users of our website and training platforms. It describes the categories of data processed, legal bases for processing, retention periods, and the rights available to data subjects. SecureMSkill operates from Malaysia and applies reasonable technical and organisational measures to protect personal data processed for training delivery and account management.

01-03-2026 SecureMSkill [email protected]

Key definitions

The following definitions are used in this policy to describe roles and types of data. They provide context for how information is collected and processed in the context of training and related services.

Personal data means any information relating to an identifiable individual, such as name, contact details, employment information, and account credentials used for course access.
Processing refers to any operation performed on personal data, including collection, storage, use, disclosure, archiving, deletion and other activities necessary for delivering training services.
User refers to any individual who visits the website, registers for a course, participates in training, or interacts with SecureMSkill staff or platforms.
Service refers to SecureMSkill training offerings, including online courses, assessments, corporate training programs, learning management systems and related support.
Cookies are small text files placed on a device to store preferences or collect technical information used to improve functionality and analytics on our website and learning platforms.

Data we collect

We collect data necessary to provide courses, manage accounts, process payments, and improve the learning experience. Data collection occurs through registration forms, platform usage logs, customer support interactions and third‑party integrations used for payment or analytics.

Data you provide directly

When you sign up for a course or contact support, we collect information you provide to register and manage your participation. Types of data include:

  • Name and job title used to create learner accounts and attendance records.
  • Contact details such as email address, phone number (+60126452327) and mailing address for communications and invoicing.
  • Organization and department information used to tailor corporate training and reporting.
  • Billing and payment information provided to process paid course registrations (processed via third‑party payment providers).
  • Training progress, assessment results and feedback submitted by learners during courses.
  • Support inquiries and correspondence submitted to SecureMSkill support channels.

Data collected automatically

Some data is collected automatically when you use our website and platforms to support service delivery, platform operation and analytics.

  • Device and browser information to ensure compatibility and troubleshoot issues.
  • IP addresses and approximate location for security monitoring and fraud prevention.
  • Usage logs and timestamps showing course access, module completion and assessment activity.
  • Technical performance metrics used to identify and fix platform issues.
  • Cookie identifiers and analytics data to understand site usage and improve content.
  • Error reports and diagnostic information when failures occur.

Data obtained from third parties

We may receive data from organizations you authorise or from service providers used to support our operations.

  • Corporate client HR or training administrators may supply participant lists and organizational data.
  • Payment processors provide transaction confirmations and billing information necessary for invoicing.
  • Third‑party analytics and platform providers may supply aggregate usage reports and technical metrics.

Purposes of processing

We process personal data for specific, limited purposes required to deliver training services and manage client relationships. Processing aims to be proportionate and relevant to those purposes.

  • Registering learners, creating user accounts and providing access to training materials.
  • Administering courses, assessing progress, issuing certificates and maintaining training records.
  • Processing payments and managing invoicing for paid services.
  • Communicating updates, reminders and administrative information related to training.
  • Improving course content, platform performance and user experience through aggregated analytics.
  • Ensuring platform and data security, monitoring for unauthorized access and responding to incidents.
  • Responding to support requests and managing customer service interactions.
  • Complying with legal obligations, recordkeeping and dispute resolution.

Legal bases for processing

Where applicable, we rely on one or more lawful bases to process personal data, in line with data protection principles and local regulations.

  • Performance of a contract — processing necessary to deliver training services you have requested.
  • Legal compliance — processing required to meet legal or regulatory obligations.
  • Legitimate interests — processing for security, fraud prevention, platform improvement and business administration, balanced against individual rights.
  • Consent — when you provide explicit consent for marketing communications or optional data uses; you may withdraw consent at any time.

Compliance and data subject rights

Although SecureMSkill operates in Malaysia, we describe common data subject rights to help users understand available controls and how to exercise them.

  • Right to access — you can request a copy of personal data we hold about you.
  • Right to rectification — you may ask us to correct inaccurate or incomplete information.
  • Right to erasure — in certain circumstances you can request deletion of your personal data subject to retention obligations.
  • Right to restrict processing — you can request restriction of specific processing activities while a matter is resolved.
  • Right to data portability — where applicable, you may request a machine‑readable copy of data you provided.
  • Right to object — you may object to processing based on legitimate interests, including profiling for direct marketing.

Cookies and tracking

SecureMSkill uses cookies and similar technologies to enable basic site functions, remember preferences and collect analytics data to improve the user experience. Cookies do not typically contain personal information on their own but may be associated with user accounts.

Types of cookies used include essential cookies for site operation, functional cookies for preferences, and analytics cookies that collect aggregated usage data. Third‑party cookies used by analytics or payment providers may also be present.

Cookies fall into categories such as strictly necessary, performance/analytics, and functional. Strictly necessary cookies are required for key features; analytics cookies help us understand and improve the site.

You can control cookie settings via your browser or device. For non‑essential cookies we provide options to manage consent on our site. Disabling certain cookies may affect site functionality and course features.

Cookie policy and consent options

Data sharing and disclosure

We share personal data only when necessary to deliver services, comply with legal obligations, or when using trusted service providers under contract. Data sharing is limited to the minimum required for the intended purpose.

  • Learning management and hosting providers that store course content and user progress.
  • Payment processors and invoicing providers to complete business transactions.
  • Analytics and monitoring services used to improve platform performance and content.
  • Corporate clients and training administrators who request participant reports and completion records.
  • Professional advisors such as legal or accounting firms when required for compliance or dispute resolution.
  • Authorities or courts when disclosure is required by law or to respond to lawful requests.

International transfers

Personal data may be transferred to service providers or partners located outside Malaysia to support platform hosting, payments and analytics. When transfers occur, we apply contractual safeguards and select providers that implement appropriate technical and organisational measures.

Safeguards for cross‑border transfers include standard contractual clauses, data processing agreements, and security controls required of third‑party providers. Transfers are limited to necessary processing and reviewed as part of vendor assessments.

Data retention

We retain personal data only as long as needed for the purposes described, subject to legal or contractual obligations. Retention periods vary by type of data and purpose of processing.

Account information for active learners is retained for the duration of the relationship and a reasonable period afterward to support records and potential reactivation.

Support communications and correspondence are kept as necessary for service improvement, dispute resolution and compliance, then deleted or archived according to retention schedules.

Technical logs and access records may be retained for a limited period to facilitate troubleshooting, security contribute and compliance monitoring.

When retention periods expire or upon validated deletion requests, personal data is securely deleted or anonymized except where legal obligations require longer retention.

Security measures

SecureMSkill implements administrative, technical and physical measures to protect personal data against unauthorized access, disclosure, alteration and destruction. Security practices are periodically reviewed and updated in response to evolving threats and operational needs.

  • Access controls and role‑based permissions to limit data access to authorized personnel.
  • Encryption of data in transit and at rest for systems that store sensitive information.
  • Regular backups, security monitoring and incident response procedures to address potential breaches promptly.

Your rights

Depending on applicable law, you may exercise rights relating to your personal data. Requests can be submitted using the contact details provided below, and we will respond in accordance with legal timeframes and required verifications.

  • Access personal data we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of data where retention is no longer necessary and no legal requirement prevents removal.
  • Request restriction or objection to certain processing activities.
  • Request portability of data you have provided in a structured, commonly used format where applicable.
  • Withdraw consent for processing activities based on consent, without affecting processing prior to withdrawal.
  • Complain to a supervisory authority if you believe data processing violates your rights.
  • Request details of any disclosures to third parties and transfers outside Malaysia.

How to submit a rights request

To exercise your rights, contact SecureMSkill at the email address or postal address below. Provide sufficient information to identify yourself and the request. We may require verification to protect personal data and prevent unauthorized disclosures.

[email protected]

We aim to respond to verified requests within a reasonable period, typically within 30 days. Complex requests or those requiring additional verification may take longer; you will be informed if an extension is necessary.

Marketing communications

We may send marketing messages about relevant courses and services if you have consented or where permitted by applicable law. Marketing content will clearly identify the sender and provide an option to opt out.

You can unsubscribe from marketing emails using the unsubscribe link in any marketing message or by contacting [email protected]. Unsubscribing does not affect transactional communications related to services you receive.

Children's privacy

Our services are intended for adult learners and corporate users. We do not knowingly collect personal data from children under the age of 16. If we become aware that personal data of a child has been collected without appropriate consent, we will take steps to delete that data.

Third‑party links

The SecureMSkill website may contain links to external sites and services. We are not responsible for the privacy practices of those third parties. Review the privacy policies of any external site before providing personal information.

Changes to this policy

We may update this privacy policy to reflect changes in our services, legal requirements, or operational practices. Material changes will be communicated via our website or direct communication where appropriate. The effective date at the top indicates the current version.

Get started

Enroll in practical security awareness courses

SecureMSkill offers structured steps to assess current awareness, deliver targeted training and measure progress over time. This approach helps organisations prioritize resources and track outcomes based on assessment data and simulation results.

Request a program overview

Corporate training packages

SecureMSkill offers structured corporate programs designed to address common human‑centric cyber risks. Programs include administrator dashboards for tracking completion, customizable content aligned to organizational policies, and periodic refresher modules to reinforce learning.

Training is delivered through a mixture of short interactive modules, scenario‑based assessments and reporting tools that help organizations monitor progress and identify areas for targeted improvement. Course content is updated regularly to reflect evolving threat patterns and best practices.

Interesting fact about human risk

Human factors account for a significant portion of security incidents; social engineering and credential reuse remain frequent vectors. Training and awareness help reduce risky behaviors by improving recognition of real-world tactics such as phishing, but measurable risk reduction depends on ongoing reinforcement and contextual application within an organization.

Illustration of phishing awareness training
Employee completing an online security course

Core elements of effective awareness

Effective IT security awareness combines accessible training content, role-specific scenarios, and periodic reinforcement. Programs that include interactive simulations and measurable assessments enable organizations to track learning progress and adjust content to address observed weaknesses.

Role-based modules tailored to job responsibilities
Regular short refreshers and simulated exercises
Assessments and reporting to inform improvements

How organizations can use training

Organizations typically integrate awareness training into onboarding and ongoing professional development. Training complements technical controls by helping staff recognize and respond to suspicious activity, and by promoting consistent security practices across teams.