Privacy Policy

1. Who We Are

MEDSS Training and Consultancy Sdn. Bhd. is a registered training provider and consultancy firm based in Kuala Lumpur, Malaysia. We are registered with HRD Corp (Human Resource Development Corporation) and provide HRDC claimable training programmes, HR consulting, ISO management system advisory, security consulting, and OSH & environmental monitoring services to organisations across Malaysia.

Our registered office is at Suite 33-01, 33rd Floor, Menara Keck Seng, 203 Jalan Bukit Bintang, 55100 Kuala Lumpur.

2. What Information We Collect

We only collect information that is necessary to respond to your enquiry or deliver our services.

Information you give us directly

• Contact details — your name, email address, phone number, and company name when you submit an enquiry through our website or contact us by email, phone, or WhatsApp.
• Training requirements — the type of service or training you're enquiring about, number of participants, preferred dates, and any specific requirements you share with us.
• HRD Corp registration details — if you engage MEDSS to conduct HRDC claimable training, we may collect your company's HRD Corp employer code and related registration information to process your claim.

Information collected automatically

• Website usage data — standard server logs including your IP address, browser type, pages visited, and time of visit. This is used solely for maintaining the security and performance of our website.

We do not use advertising trackers, retargeting pixels, or third-party analytics services on this website. We do not collect sensitive personal data (such as identification numbers, health information, or financial data) unless you specifically provide it as part of a consultancy engagement.

3. How We Use Your Information

We use the information you provide for the following purposes:

• To respond to your enquiry and follow up about training or consultancy requirements.
• To prepare training proposals, quotations, and programme schedules tailored to your organisation.
• To coordinate and deliver training sessions, including liaising with your HR team or designated contact person.
• To process HRD Corp training grants and claims on your behalf where you have engaged us to do so.
• To send you relevant updates about our programmes, services, or upcoming public training sessions — only where you have indicated interest or given consent.
• To comply with our legal obligations as a registered HRD Corp training provider.

We do not use your information for any purpose unrelated to the services you have enquired about or engaged us for. We will never sell your personal data to third parties.

4. Who We Share Your Information With

We treat your information with care and only share it where genuinely necessary:

• HRD Corp (Human Resource Development Corporation) — if you engage us for HRDC claimable training, we are required to submit participant and employer details to HRD Corp as part of the grant application and claim process. This is a regulatory requirement we cannot fulfil without sharing this information.
• Our trainers and facilitators — when a confirmed training session is scheduled, we share the necessary participant list and logistics details with the assigned trainer. They are bound by the same confidentiality standards we hold ourselves to.
• Service providers — our website is hosted on secure servers. Our hosting provider may technically have access to server logs, but they do not process your personal data for any other purpose.

We do not share your information with marketing companies, data brokers, or any third party for commercial purposes.

5. How Long We Keep Your Information

We keep your enquiry and contact details for as long as necessary to manage our relationship with you — typically up to three years from our last interaction, unless you ask us to remove it sooner or unless we are legally required to retain it for longer (for example, financial and tax records related to completed training engagements).

HRD Corp-related records are kept in line with HRD Corp's requirements and Malaysian accounting regulations, which generally require retention for a minimum of seven years.

6. Your Rights Under the PDPA 2010

Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:

• Access the personal data we hold about you.
• Correct any inaccurate or incomplete information.
• Withdraw consent for us to process your data (where processing is based on consent), including opting out of any communications from us.
• Request deletion of your personal data, subject to any legal obligations that require us to retain certain records.

To exercise any of these rights, please contact us at consultant@medss.com.my with your name and a description of your request. We will respond within 14 business days.

7. Keeping Your Information Safe

We take reasonable precautions to protect the personal information we hold. Our website uses HTTPS encryption. Access to client records is limited to MEDSS staff who need it to perform their role. We do not store credit card or financial information on our systems.

No system is completely secure, but we take the protection of your data seriously and will notify you promptly if we become aware of any breach that may affect your personal information.

8. Links to Other Websites

Our website may contain links to external sites such as HRD Corp's portal or partner organisations. Once you leave our site, this privacy policy no longer applies. We encourage you to review the privacy policies of any site you visit.

9. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the "last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of our website after any changes constitutes your acceptance of the updated policy.

10. Contact Us About Privacy

If you have any questions about this policy or how we handle your personal data, please get in touch: