logoHB

Privacy Notice

Legal & Compliance

Effective Date: 19 May 2026 Last Updated: 19 May 2026 Governed by: PDPA 2010 (Malaysia)

01 Introduction

Humanology Sdn Bhd (Registration No. 201701010259 (1224424-D)) ("Humanology", "we", "us", or "our") is committed to safeguarding the privacy and confidentiality of personal data entrusted to us by our clients, website visitors, partners, job applicants, and other individuals ("you").

This Privacy Notice describes how we collect, use, store, disclose, and otherwise process personal data in connection with our website at hba.com.my and all associated sub-domains (the "Website"), as well as our consultancy, training, tax advisory, human resource, and technology platform services (the "Services").

This Notice is issued pursuant to the Personal Data Protection Act 2010 (PDPA) of Malaysia and should be read together with any specific consent forms, contracts, or supplementary privacy notices that may apply to particular Services.

Your acceptance: By using our Website or engaging our Services, you acknowledge that you have read and understood this Privacy Notice. Where we rely on your consent as a legal basis, you will be asked to provide explicit consent at the point of collection.

02 Key Definitions

TermMeaning
Personal DataAny information that relates, directly or indirectly, to an identified or identifiable individual.
Sensitive Personal DataPersonal data relating to health, political opinions, religious beliefs, commission of offences, or other categories specified under the PDPA.
Data SubjectThe individual to whom the personal data relates.
ProcessingAny operation performed on personal data, including collection, recording, storage, use, disclosure, erasure, or destruction.
Data ProcessorA person or organisation that processes personal data on behalf of Humanology.
DPOData Protection Officer — the individual responsible for overseeing Humanology's data protection compliance.

03 Personal Data We Collect

Depending on your interaction with us, we may collect the following categories of personal data:

  • Identity & Contact Data — full name, NRIC / passport number, designation, employer name, business address, telephone number, and email address.
  • Professional & Employment Data — job title, employment history, qualifications, competency assessments, and workforce planning information provided as part of HR or consultancy engagements.
  • Financial & Tax Data — tax identification numbers, financial statements, invoices, payment records, and related information provided for our ETAS (Expert Tax Advising Services).
  • Platform Usage Data — account credentials, usage logs, assessment responses, and profiling results generated through our intelligent platforms (Humetrix, WorkAlign, TalentMap, BizCheck, FinCheck, TechMatch, E-Learning, Tax Track).
  • Technical & Device Data — IP address, browser type, operating system, referring URLs, pages visited, and session duration collected automatically via cookies and analytics tools.
  • Communications Data — correspondence via email, WhatsApp, web forms, or telephone, including content and metadata.
  • Recruitment Data — curriculum vitae, academic transcripts, references, and interview notes submitted in connection with job applications.
  • Marketing Preferences — your preferences for receiving marketing communications and event invitations.
Sensitive Personal Data: We do not ordinarily collect sensitive personal data. Where necessary for a specific engagement (e.g., health data for occupational safety assessments), we will seek your explicit consent beforehand.

04 How We Collect Personal Data

  • Directly from you — when you complete a contact form, register for training, subscribe to our newsletter, apply for a position, or engage our Services.
  • Through our platforms — when you create an account or complete assessments on any of our intelligent platforms.
  • From our clients — when a client organisation provides us with personal data about its employees or stakeholders as part of a consultancy or HR engagement.
  • From publicly available sources — such as company registries, professional directories, LinkedIn, and government databases, where relevant to a research or consultancy project.
  • Automatically via our Website — through cookies, web beacons, and analytics tools (see our Cookie Notice).
  • From referrals or third parties — such as recruitment agencies, business partners, or event organisers who refer you to our Services.

05 Purposes of Processing

PurposeLawful Basis
Delivering and managing our consultancy, tax advisory, training, and HR ServicesContract performance; legitimate interests
Operating and improving our intelligent digital platformsContract performance; legitimate interests
Processing enquiries, quotations, and communicationsPre-contractual steps; legitimate interests
Issuing invoices, processing payments, and financial record-keepingContract performance; legal obligation
Complying with tax, regulatory, and legal obligationsLegal obligation
Conducting research, data analytics, and service improvementLegitimate interests
Sending newsletters, event invitations, and marketing communicationsConsent; legitimate interests (existing clients)
Recruitment, onboarding, and employee managementPre-contractual steps; contract; legal obligation
Website analytics, security monitoring, and fraud preventionLegitimate interests
Personality profiling and workforce optimisation (platform services)Consent; contract performance

You may withdraw consent at any time where consent is the lawful basis, without affecting the lawfulness of processing prior to withdrawal.

06 Disclosure of Personal Data

We do not sell, rent, or trade personal data. We may share your personal data with the following categories of recipients on a strict need-to-know basis:

  • Service providers and data processors — cloud hosting, IT support, payment processors, email delivery platforms, and analytics providers, bound by data processing agreements.
  • Professional advisers — solicitors, auditors, and insurers where required in the course of our business.
  • Client organisations — where we deliver services to your employer, certain outputs (e.g., assessment results, workforce reports) may be shared with the commissioning organisation per the terms of our engagement.
  • Government and regulatory authorities — including LHDN, SSM, Ministry of Human Resources, and law enforcement, where required by law or valid legal process.
  • Business partners and collaborators — associate trainers and subject-matter experts who assist in delivering specific programmes, under appropriate confidentiality obligations.
  • Successors in business — in the event of a merger, acquisition, or restructuring, personal data may transfer to the successor entity.

07 International Data Transfers

Humanology is primarily based in Malaysia. Certain cloud-based platforms and third-party service providers we use may store or process data outside Malaysia (including the EU, United States, or Singapore). Where such transfers occur, we ensure appropriate safeguards are in place — such as standard contractual clauses or data processing agreements — consistent with the PDPA 2010 and relevant subsidiary legislation.

08 Retention of Personal Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. General retention periods:

  • Client engagement records — minimum 7 years from end of engagement (Malaysian tax and company law).
  • Website analytics and technical data — up to 26 months.
  • Marketing and communication records — until you withdraw consent or opt out.
  • Recruitment records (unsuccessful candidates) — up to 12 months from the recruitment decision, unless you consent to a longer period.
  • Employee records — duration of employment plus a minimum of 7 years, or as required by the Employment Act 1955.
  • Platform assessment data — per terms agreed with the commissioning organisation; securely deleted upon contract expiry unless otherwise required.

Upon expiry of the relevant retention period, personal data is securely deleted or anonymised.

09 Your Rights as a Data Subject

Under the PDPA 2010, you have the following rights:

  • Right of Access — to request a copy of the personal data we hold about you.
  • Right of Correction — to request correction of inaccurate or incomplete personal data.
  • Right to Withdraw Consent — to withdraw consent to processing at any time where consent is the basis.
  • Right to Limit Processing — to request that we cease or limit processing in certain circumstances.
  • Right to Object — to object to processing for direct marketing purposes.
  • Right to Lodge a Complaint — with the Department of Personal Data Protection (JPDP) Malaysia if you believe your PDPA rights have been infringed.

To exercise any of these rights, please submit a written request to our Data Protection Officer (see Section 15). We will respond within 21 days, or such longer period as permitted by law. We may require you to verify your identity before processing your request.

Note: Certain rights may be subject to limitations under the PDPA 2010 — for example, where the data is necessary to comply with a legal obligation or to defend a legal claim.

10 Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest where applicable.
  • Role-based access controls and multi-factor authentication for internal systems.
  • Regular security assessments, vulnerability scanning, and staff awareness training.
  • Contractual obligations on all third-party data processors to maintain equivalent security standards.
  • Physical security controls at our office premises.

In the event of a personal data breach likely to result in high risk to your rights and freedoms, we will notify the relevant authorities and, where required, affected individuals in accordance with the PDPA 2010.

11 Cookies & Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and support our marketing activities. For full details — including the specific cookies we use, their purposes, and how to manage your preferences — please refer to our Cookie Notice.

12 Third-Party Links

Our Website may contain links to third-party websites and social media platforms (Facebook, LinkedIn, YouTube, Instagram, X, TikTok). This Privacy Notice does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit, as we have no control over or responsibility for their privacy practices.

13 Children's Privacy

Our Website and Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without appropriate parental consent, please contact us immediately and we will take steps to delete such data.

14 Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our data processing practices, applicable law, or regulatory guidance. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or a prominent notice on our Website. Your continued use of our Website or Services after the effective date constitutes acknowledgement of the updated Notice.

15 Contact Us & Data Protection Officer

For questions, concerns, or requests relating to this Privacy Notice or the processing of your personal data, please contact our Data Protection Officer:

Data Protection Officer — Humanology Sdn Bhd

73-3 Amber Business Plaza, Jalan Jelawat 1, Cheras, 56000 Kuala Lumpur, Malaysia

Email: info@hba.com.my

Tel: 018-213 6755  /  016-676 6755

You also have the right to lodge a complaint with Malaysia's regulatory authority:

Jabatan Perlindungan Data Peribadi (JPDP)

Aras 2, Blok F, Kompleks F, Pusat Pentadbiran Kerajaan Persekutuan, 62606 Putrajaya

Website: www.pdp.gov.my

Tel: 03-8885 1800

About Humanology

Humanology: Your Partner in Business Excellence

Humanology is a consortium of seasoned professionals and retired experts, offering specialized solutions through Technical KNOW-WHO and Technical KNOW-HOW. We go beyond traditional consultancy by combining deep industry knowledge with innovative problem-solving approaches.

Our Products and Services:

1. Research and Consultancy – Providing in-depth business analysis, strategic insights, and tailored solutions to help organizations navigate complex challenges.

2. Training and Development – Offering specialized training programs and learning platforms to enhance professional skills and business capabilities.

3. Expert Tax Advisory Consultancy – Led by former Inland Revenue Board (LHDN) officers, our tax division provides technical expertise and strategic advisory services to ensure tax compliance and efficiency.

At Humanology, we are more than just consultants; we are your strategic partners, committed to delivering excellence through research, education, and expert advisory services.

Connect With Us

Facebook X-twitter Youtube Instagram Linkedin Tiktok

Get In Touch

73-3 Amber Business Plaza, Jalan Jelawat 1, Cheras, 56000 Kuala Lumpur

018-213 6755 / 016-676 6755

Tax Helpline : 010-256 6755

info@hba.com.my

Follow us on Facebook

Copyright © HUMANOLOGY SDN BHD (201701010259 (1224424-D)).  All Rights Reserved.