Privacy Policy

Last updated: January 2026

1. Introduction

Sprytani Academy Sdn Bhd (SSM 202301045678), operating as Sprytani Academy ("we", "us", "our"), is committed to protecting the privacy and personal data of our students, parents, guardians, website visitors and business contacts. This Privacy Policy explains how we collect, use, disclose, store and protect your personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA) and its associated regulations.

By using our website at sprytani.com, enrolling in our programs, or otherwise providing personal data to us, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Sprytani Academy Sdn Bhd
Level 8, Menara Felda, 11 Jalan Raja Laut,
50350 Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3-7890 2145

3. Personal Data We Collect

We collect different categories of personal data depending on your interaction with us:

3.1 Information You Provide Directly

  • Identity data: full name, date of birth, nationality, gender, photograph (for student ID cards)
  • Contact data: email address, phone number, residential address
  • Enrolment data: program selections, preferred schedule, academic background, prior technology experience
  • Payment data: billing address, payment method details (processed securely through our payment service provider; we do not store full card numbers)
  • Communication data: enquiry form submissions, email correspondence, phone call records, feedback and survey responses
  • Parent or guardian data: name, contact details and relationship to the student for enrolments involving minors

3.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device type, screen resolution
  • Usage data: pages visited, time spent on pages, referring URLs, navigation paths, click patterns
  • Cookie data: information collected through cookies and similar tracking technologies (see our Cookie Policy for details)

3.3 Information from Third Parties

  • Referral information from partner organisations or educational institutions
  • Background verification data for instructor and staff recruitment
  • Analytics data from third-party services such as Google Analytics

4. How We Use Your Personal Data

We process your personal data for the following purposes:

  • Enrolment and administration: processing applications, managing student records, scheduling classes, issuing certificates and communicating about program logistics
  • Payment processing: collecting fees, issuing invoices and receipts, managing refunds and resolving billing disputes
  • Communication: responding to enquiries, sending program updates, sharing important notices about schedule changes, campus closures or policy updates
  • Marketing: sending newsletters, promotional materials and information about new courses or events, where you have provided consent or where we have a legitimate interest to do so
  • Improving our services: analysing enrolment trends, gathering feedback, conducting satisfaction surveys and improving our website, curriculum and facilities
  • Safety and security: maintaining campus security through CCTV monitoring, managing visitor access and ensuring the safety of students, particularly minors
  • Legal compliance: fulfilling our obligations under Malaysian law, including tax reporting, record-keeping and responding to lawful requests from regulatory authorities

5. Legal Basis for Processing

Under the PDPA, we process your personal data based on one or more of the following grounds:

  • Consent: you have given explicit consent for us to process your data for specified purposes, particularly for marketing communications
  • Contractual necessity: processing is necessary to fulfil our obligations under an enrolment agreement or service contract
  • Legal obligation: processing is required to comply with applicable Malaysian laws and regulations
  • Legitimate interest: processing is necessary for our legitimate business interests, such as improving our services, provided these interests do not override your fundamental rights

6. Sharing and Disclosure of Personal Data

We do not sell your personal data to third parties. We may share your data with:

  • Service providers: trusted third parties who assist us with payment processing, email delivery, cloud hosting, analytics and IT support, bound by contractual data protection obligations
  • Sprytani Academy group entities: other Sprytani Academy campuses for administrative purposes, student record transfers and quality assurance
  • Regulatory authorities: government bodies, law enforcement or regulatory agencies when required by law or to protect our legal rights
  • Professional advisors: auditors, accountants and legal counsel as necessary for business operations and compliance

When personal data is transferred outside Malaysia, we take reasonable steps to ensure it receives an adequate level of protection consistent with the PDPA.

7. Children's Data

A significant portion of our programs serve children aged 5 to 18. We take the protection of children's personal data very seriously and apply the following safeguards:

  • Personal data of students under 18 is collected only with the explicit consent of a parent or legal guardian
  • We collect only the minimum data necessary for enrolment, attendance tracking and safety management
  • Children's photographs are used solely for student identification purposes and are not published on our website or social media without written parental consent
  • Parents and guardians may review, correct or request deletion of their child's personal data at any time by contacting us
  • Our online platforms do not knowingly collect data from children without parental involvement

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Student records: retained for seven years after the completion of the last enrolled program, as required for certification verification and regulatory compliance
  • Financial records: retained for seven years in accordance with Malaysian tax and corporate regulations
  • Marketing data: retained until you withdraw consent, after which it is deleted within 30 days
  • Website analytics data: retained for 26 months in aggregated, anonymised form
  • Enquiry and communication records: retained for two years after the last interaction

When personal data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with an identifiable individual.

9. Your Rights Under the PDPA

As a data subject under the PDPA, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Correction: request that inaccurate or incomplete data be corrected
  • Withdrawal of consent: withdraw your consent to processing at any time, where consent is the basis for processing (this does not affect the lawfulness of processing carried out before withdrawal)
  • Restrict processing: request that we limit the use of your data in certain circumstances
  • Complaint: lodge a complaint with the Department of Personal Data Protection Malaysia if you believe your rights have been violated

To exercise any of these rights, please contact us at [email protected] or write to our registered address. We will respond to valid requests within 21 days.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of sensitive data at rest using AES-256
  • Access controls restricting personal data to authorised personnel on a need-to-know basis
  • Regular security assessments and vulnerability testing of our systems
  • Staff training on data protection practices and incident response procedures
  • Physical security controls at our campus, including access card systems and CCTV monitoring

While we take every reasonable precaution, no method of data transmission or storage is completely secure. We encourage you to protect your own account credentials and to contact us immediately if you suspect any unauthorised access to your data.

11. Third-Party Links

Our website may contain links to external websites operated by third parties. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any external sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make material changes, we will post the updated policy on this page with a revised "Last updated" date. We encourage you to review this page periodically.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Sprytani Academy Sdn Bhd
Level 8, Menara Felda, 11 Jalan Raja Laut,
50350 Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3-7890 2145