Privacy Policy.

Who we are and why this policy exists.

Tetra Exponus (M) Sdn Bhd and Tetra Exponus Travels & Tours Sdn Bhd (collectively, "Tetra Exponus", "we", "us", "our") respect your privacy and are committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website (www.tetra.com.my) or interact with our training, travel, and consulting services. By providing your personal data to us, you consent to its collection, use, and disclosure in accordance with this Privacy Policy.

Who is responsible for your data.

The data user under this policy is:

• Tetra Exponus (M) Sdn Bhd — corporate training arm (Co. Reg. No. 201801027822 / 1289848-W)
• Tetra Exponus Travels & Tours Sdn Bhd — travel & experiential engagement arm (Co. Reg. No. 20240105638 / 1596481-H)

What data we collect, by category.

• Identification data — name, organisation, job title.
• Contact data — email address, phone number, business address.
• Enquiry data — details of training programmes you express interest in, travel preferences, message content from our contact forms.
• Technical data — IP address, browser type, device information, pages visited (collected via cookies and standard server logs).
• Marketing preferences — your subscription status and communication preferences.

We do not knowingly collect sensitive personal data (race, religion, political opinions, health, criminal record) unless required by law or with your explicit consent.

Sources of your personal data.

• Directly from you — when you submit our contact form, request a quote, or correspond with us via email or phone.
• From your organisation — when you participate in a corporate training programme or travel arrangement booked by your employer.
• Automatically — through cookies and similar technologies as you browse our website.
• From public sources — such as professional listings, business directories, or LinkedIn profiles relevant to our engagement.

Why we process your data.

We use your personal data for the following purposes:

• To respond to enquiries and provide requested information.
• To deliver training programmes, travel services, and consulting solutions.
• To process registrations, bookings, invoicing, and payments.
• To issue HRD Corp claimable training documentation.
• To send programme updates, schedules, and operational communications.
• To comply with legal, regulatory, and tax obligations under Malaysian law.
• To improve our website, services, and customer experience.
• To send marketing communications — only with your consent and with a clear opt-out option.

How we comply with the PDPA.

We process your personal data on one or more of the following grounds:

• Consent — when you submit personal data through our contact form or subscribe to our communications.
• Contractual necessity — when you engage our training, travel, or consulting services.
• Legitimate interests — for business administration, fraud prevention, and service improvement, balanced against your rights.
• Legal obligation — where processing is required by Malaysian law, including tax records, HRD Corp reporting, and statutory record-keeping.

Who we share data with — and why.

We may disclose your personal data to:

• Service providers — form-handling services (Web3Forms), hosting providers (Hostinger), and email systems used to deliver our services.
• Training partners — where a programme involves co-delivery with another HRD Corp registered provider.
• Travel partners — airlines, hotels, tour operators, and visa processing agents, as required to fulfil your travel arrangements.
• HRD Corp — for claimable programme registration and reporting under HRDF requirements.
• Legal authorities — where required by law, regulation, or court order.
• Professional advisors — legal, accounting, and audit firms, all bound by confidentiality.

We do not sell your personal data to third parties.

How long we keep your data.

We retain personal data only for as long as necessary for the purposes stated, or as required by Malaysian law:

• Active client records — for the duration of the engagement plus 7 years (per the Companies Act and Income Tax Act).
• Enquiry records (no engagement) — 24 months from last interaction.
• Marketing data — until you withdraw consent.
• Anonymous analytics — retained indefinitely as it cannot be linked to you.

How we protect your data.

We implement appropriate technical and organisational measures to safeguard your personal data:

• HTTPS / TLS encryption for all data in transit.
• Restricted access to authorised personnel on a need-to-know basis.
• Secure cloud-based storage with reputable, vetted providers.
• Regular security reviews and software updates.
• Confidentiality obligations on all employees, contractors, and partners.

While we take reasonable steps to safeguard your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but we will notify affected parties promptly in the event of a confirmed data breach involving personal data.

How our website uses cookies.

Our website uses cookies and similar technologies to:

• Remember your preferences (e.g. theme, language) where applicable.
• Analyse aggregate traffic patterns (anonymous, no personal identification).
• Provide essential site functionality (e.g. form submission).

You may disable cookies in your browser settings, though some features of our website may not function correctly without them. Where third-party analytics are used, we ensure they comply with PDPA standards.

What you can do with your data.

You have the following rights regarding your personal data:

• Right of access — request a copy of personal data we hold about you.
• Right of correction — correct inaccurate, incomplete, or outdated data.
• Right to withdraw consent — opt out of communications or processing where consent is the basis.
• Right to restrict processing — limit how we use your data in specific circumstances.
• Right to lodge a complaint — with the Department of Personal Data Protection (JPDP) Malaysia.

To exercise any of these rights, contact us at info@tetra.com.my. We will respond within 21 days as required under the PDPA.

We do not collect data from minors.

Our services are intended for corporate clients and adult professionals. We do not knowingly collect personal data from individuals under 18 years of age. If you believe we have inadvertently collected such data, please contact us at info@tetra.com.my for prompt review and deletion.

When data leaves Malaysia.

Where personal data is transferred outside Malaysia — for example to overseas training partners, travel suppliers, or cloud service providers — we ensure adequate protection through:

• Contractual safeguards in our agreements with overseas partners.
• Reputable providers with PDPA-equivalent or stronger data protection standards.
• Your explicit consent for transfers involving sensitive or high-risk data.

When this policy is updated.

We may update this Privacy Policy from time to time to reflect changes in our services, technology, or legal requirements. The "Last updated" date at the top reflects the current version. Material changes will be communicated by email or website notice where practicable.

Speak to our data protection contact.

For questions, concerns, or to exercise your data protection rights:

This Privacy Policy was last updated on 4 May 2026 and is governed by the laws of Malaysia.