General Data Protection Regulation (GDPR)
11/23/2025 2026-02-01 18:12General Data Protection Regulation (GDPR)
Last Updated: February 1st, 2026
PORTMAN College (“we”, “us”, “our”) is committed to protecting the privacy and personal data of all students, prospective students, parents, partners, affiliates, employees, and visitors within Malaysia, in accordance with the Personal Data Protection Act 2010 (PDPA Malaysia).
This Data Protection & Privacy Policy explains how we collect, use, store, and protect personal data when you access or use our platforms and services, including our website, Learning Management System (LMS), AI-assisted learning tools, chat systems, call bots, CRM systems, email platforms, and related online services.
By accessing or using our platforms and services, you agree to the terms of this policy.
1. Data Controller
PORTMAN College
Email: info@portman.edu.my
PORTMAN College acts as the Data Controller for all personal data processed under this policy in accordance with the PDPA Malaysia.
2. Personal Data We Collect
Depending on your interaction with PORTMAN College, we may collect the following types of personal data:
2.1 Identity & Contact Data
- Full name
- Email address
- Phone number
- Nationality & identification documents
- Mailing address
2.2 Academic Data
Application and enrollment information
Academic records and transcripts
Assignments, submissions, and assessments
AI-assisted grading feedback
Attendance records and LMS activity logs
2.3 Financial & Billing Data
Payment information (processed via secure third-party payment providers)
Invoices, receipts, and scholarship or financial aid records
2.4 Technical & System Data
IP address
Device and browser information
LMS login records
Chat and call bot interaction logs
Usage analytics
2.5 Marketing & Communication Data
Enquiry and form submissions
Lead generation data
Email and WhatsApp communications
Referral or affiliate tracking data (where applicable)
3. Legal Basis for Processing (PDPA Malaysia)
We process personal data in accordance with the Personal Data Protection Act 2010 (PDPA Malaysia) based on:
Consent provided by the data subject
Performance of contractual obligations
Compliance with legal or regulatory requirements
Legitimate educational and administrative purposes
Purpose limitation and data minimisation principles
4. How We Use Your Data
We use personal data for the following purposes:
Managing applications, admissions, and student enrollment
Delivering academic programmes and online learning services
Operating and improving our Learning Management System (LMS)
Providing AI-assisted academic feedback and learning support
Issuing certificates, transcripts, and official academic documents
Providing student support, academic advising, and communications
Improving our services, systems, and learning technologies
Conducting marketing and outreach activities (with consent)
Meeting regulatory, accreditation, and institutional requirements
All AI-assisted processes are subject to human oversight by academic or authorised staff.
5. Sharing of Data
We may share personal data with:
LMS and educational technology service providers
AI and automation service providers supporting academic functions
Payment service providers (e.g. Stripe, PayPal)
CRM, communication, and marketing platforms
Accreditation bodies and regulatory authorities where required by law
All third-party service providers are required to comply with applicable data protection and confidentiality obligations.
6. International Data Transfers
Personal data is primarily stored and processed within Malaysia or on secure cloud infrastructure.
Where data is processed or stored outside Malaysia, PORTMAN College ensures:
Adequate security safeguards
Data processing agreements
Compliance with PDPA requirements
Secure transmission and encryption protocols
7. Data Retention
We retain personal data only for as long as necessary:
Student academic records: 7–10 years
Financial and billing records: as required by Malaysian tax and audit laws
Marketing and communication data: 12–24 months
Academic submissions: in accordance with institutional academic policies
Data that is no longer required is securely deleted or anonymised.
8. Your Rights Under PDPA Malaysia
You have the right to:
Access your personal data
Request correction of inaccurate or incomplete data
Withdraw consent (subject to legal and contractual limitations)
Request deletion of personal data where applicable
Be informed of how your data is processed
You may also lodge a complaint with the relevant Malaysian authority if you believe your data has been mishandled.
9. AI, Automation & Profiling
PORTMAN College uses AI technologies for:
Academic assessment support
Learning analytics and recommendations
Identity verification (where applicable)
Chat and call bot interactions
Administrative process automation
Students may request human review of any AI-assisted or automated decision affecting them.
10. Data Security
We protect personal data through:
SSL/TLS encryption
Role-based access controls
Secure cloud hosting and encrypted backups
Two-factor authentication (2FA) for staff systems
Regular system monitoring and security reviews
11. Cookies & Tracking Technologies
We use cookies for:
Essential website functionality
Analytics and performance monitoring
Personalisation and user experience improvement
Marketing activities (where consent is required)
Users may manage or disable cookies through their browser settings.
12. Contact: Data Protection Officer (DPO)
For any data protection or privacy-related enquiries, please contact:
Data Protection Officer
PORTMAN College
Email: info@portman.edu.my
13. Policy Updates
This policy may be updated from time to time due to:
Changes in Malaysian laws or regulations
Updates to our systems or AI tools
Accreditation or institutional requirements
Improvements to internal processes
The latest version will always be published on our official website.
