Privacy Policy

1. Introduction

Stratos ("we", "us", "our") is committed to handling personal data responsibly. This Privacy Policy explains what personal data we collect when you use our website or engage with our programmes, how we use it, and your rights in relation to it.

This policy applies to all personal data collected through our website at stratosm.club, through our enquiry forms, and in connection with our operational risk awareness programmes delivered in Malaysia. Stratos operates in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).

If you have questions about this policy, please contact us at [email protected].

2. What Personal Data We Collect

We collect the following categories of personal data:

• Contact enquiry data: Name, email address, and optionally phone number and a message — collected when you submit our website enquiry form.
• Programme enrolment data: Name and email address, collected when you or your organisation enrols participants in the online course or registers for a workshop.
• Communications data: Content of emails or messages you send to us directly.
• Technical data: IP address, browser type, and pages visited — collected automatically through website analytics tools.

We collect only what is necessary for the purposes described in this policy. We do not collect sensitive personal data (such as identification numbers or financial details) through our website.

3. How We Collect Personal Data

Personal data is collected through:

• Enquiry forms submitted on our website
• Direct email or phone communications
• Workshop registration forms provided at the time of engagement
• Cookies and analytics tools operating on our website (see Section 6)

Legal basis for processing: We process personal data on the basis of consent (where you have submitted a form or opted in to communications), legitimate interest (for website analytics and follow-up on enquiries), and contract performance (for delivering programme services).

4. How We Use Personal Data

We use personal data for the following purposes:

• Responding to enquiries submitted through our website or by email
• Delivering and administering our operational risk awareness programmes
• Sending programme-related communications, such as course access details or workshop reminders
• Improving our website based on aggregated usage analytics
• Maintaining records of engagements as required for business operations

We do not use personal data for unsolicited marketing. If you receive a follow-up communication from us, it will be in response to an enquiry you initiated or as part of a confirmed engagement.

Data retention: Enquiry data is retained for up to 12 months if no engagement follows. Programme participant data is retained for up to 3 years for administrative and quality review purposes, after which it is deleted. Analytics data is retained per our analytics provider's standard terms (typically 26 months).

5. Sharing of Personal Data

We do not sell, rent, or share personal data with third parties for marketing purposes. We may share data with:

• Service providers: Hosting and email service providers who process data on our behalf under appropriate data processing agreements.
• Analytics providers: Google Analytics (or similar) for website usage data. These providers may set cookies as described in our Cookie Policy.
• Legal or regulatory requirements: If required to do so by applicable Malaysian law.

No international transfer of personal data is undertaken outside of Malaysia and jurisdictions covered by our service providers' standard data protection commitments.

6. Cookies

Our website uses cookies for essential site functionality and optional analytics. Essential cookies are necessary for the site to operate and cannot be disabled. Analytics cookies are optional and require your consent.

For full details of the cookies we use and how to manage your preferences, please see our Cookie Policy.

7. Data Protection Measures

We take reasonable technical and organisational measures to protect personal data from unauthorised access, disclosure, or loss. These include:

• HTTPS encryption for all data transmitted through our website
• Access controls limiting who within our team can view personal data
• Use of established hosting and email service providers with documented security practices

In the event of a data breach that is likely to affect your rights and interests, we will notify you and the relevant authorities as required under the PDPA within a reasonable timeframe.

8. Your Rights Under the PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Withdraw consent: Where processing is based on consent, withdraw that consent at any time (without affecting the lawfulness of prior processing).
• Cease processing: Request that we stop processing your personal data for certain purposes.

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days. We may need to verify your identity before processing your request.

If you have a concern about how we handle your personal data that we have not resolved satisfactorily, you may contact the Department of Personal Data Protection Malaysia (pdp.gov.my).

9. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and recommend reviewing their privacy policies independently before providing personal data.

10. Age Restriction

Our programmes and website are intended for individuals aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have done so inadvertently, we will delete the data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be published on this page with a revised "Last Updated" date. Continued use of our website or services after a policy update constitutes acceptance of the revised terms.

12. Contact for Privacy Matters

For questions or requests relating to this Privacy Policy or your personal data, please contact:

• Email: [email protected]
• Address: Stratos, Level 32, Menara TM, Jalan Pantai Baharu, 50672 Kuala Lumpur, Malaysia