General Privacy Statement

Definitions

To help you understand this policy we define commonly used terms below and provide mentoring-specific examples and scenario contexts so the definitions are practical and actionable.

Personal data means any information relating to an identifiable individual. For NexaVGuide this includes name, contact details, CV and professional history, mentoring session notes and recordings, and payment details. Example: a mentor note summarizing a candidate's interview practice session that directly identifies the participant is personal data.

Processing covers any operation on personal data such as collection, recording, structuring, storage, adaptation, retrieval, use, disclosure, erasure and destruction. In practice this includes scheduling sessions, creating anonymized case studies from consented material, and sending session reminders.

User refers to anyone who visits NexaVGuide.best or uses our services, including mentees, mentors, workshop participants and employers that engage with our scenario-based content.

Service refers to the provision of career growth content, one-to-one and group mentoring, scenario workshops, recorded sessions, learning materials and related administrative functions delivered via NexaVGuide.best.

Cookies are small data files placed on a device to enable website functions, remember preferences, and analyze how visitors use the site. We use cookie categories that support session functionality, analytics and optional personalization for mentoring recommendations.

Why we use your data

We process personal data to operate NexaVGuide, deliver mentoring services, run scenario-based workshops and improve outcomes based on practical case analyses. Below are specific purposes with mentoring-relevant examples.

• To provide and manage mentoring sessions, schedule bookings, match mentees with suitable experts and deliver requested materials.
• To process payments, issue invoices and manage billing relationships with third-party processors.
• To communicate session confirmations, reminders, follow-up actions and administrative notices related to your account.
• To analyze anonymized usage and session outcomes for improving case-study content, mentor training and program formats.
• To store recordings and notes of sessions when you consent, enabling review and constructive feedback in subsequent scenario workshops.
• To detect, contribute and respond to security incidents, abuse or fraud affecting the platform or mentoring environment.
• To comply with legal and regulatory obligations, including tax and accounting record keeping.
• With your consent, to send marketing communications about relevant programs, case-study reports and events; consent can be withdrawn at any time.

Legal bases for processing

We rely on appropriate legal bases for processing personal data depending on the purpose and jurisdiction. Below are the typical bases we use for core activities.

• Performance of a contract: processing necessary to deliver mentoring services you request, such as scheduling and session delivery.
• Consent: where you opt in to recordings, marketing communications or inclusion in non-identifiable case studies.
• Legitimate interests: for platform administration, fraud prevention, security and improving anonymized educational content, balanced against your privacy rights.
• Legal obligation: processing required to comply with statutory obligations such as tax, accounting and disclosure under applicable law.

EU and EEA data protection rights

If EU or EEA data protection rules apply to you, you have certain statutory rights. We aim to support those rights where applicable and describe how you can exercise them below, including examples tied to mentoring records and scenario data.

• Right of access: you can request a copy of personal data we process about you, for example your account profile and submitted mentoring materials.
• Right to rectification: you can ask us to correct inaccurate personal information such as an outdated CV or contact details.
• Right to erasure: you may request deletion of personal data in certain circumstances; session notes used in anonymized trend analysis may be retained in aggregated form.
• Right to restriction of processing: you may ask us to limit processing while a dispute over accuracy is resolved.
• Right to data portability: where technically feasible, you can request a machine-readable copy of data you provided for transfer to another service.
• Right to object and the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

Cookies and similar technologies

We use cookies and similar technologies to enable core functionality, analyze usage and provide optional personalization. Cookies support session features, appointment flows and the analytics that inform our scenario-based improvements.

Common types include session cookies (temporary, deleted when the browser closes), persistent cookies (remember preferences) and third-party cookies from analytics or integration partners.

We categorize cookies as necessary (site function), analytics (usage measurement), functional (preferences) and marketing (optional recommendations). Necessary cookies cannot be disabled without affecting basic service.

You can manage cookie preferences via the website cookie banner, by adjusting your browser settings to block or delete cookies, or by disabling certain third-party services. Changes may affect functionality such as saved session state or personalized recommendations.

Cookie Policy

How we share data

We share personal data only with parties necessary to deliver services, comply with law, or with your consent. We require partners to protect data and limit use to authorized purposes such as delivering mentoring and processing payments.

• Mentors and session facilitators who receive attendee information required to conduct scheduled sessions and provide feedback.
• Payment processors and invoicing providers that handle transactions and billing metadata.
• Scheduling, conferencing and recording platforms used to run live mentoring sessions and workshops.
• Analytics and monitoring providers that supply aggregated insights to improve scenario-based content.
• Legal, tax and professional advisors when disclosure is necessary for compliance or legal processes.
• Potential buyers, supporter or partners in the event of a merger or business transfer, with appropriate contractual protections and notifications where required.

International data transfers

Personal data may be transferred to service providers or partners located outside Malaysia. Transfers occur only when necessary for service delivery, such as cloud hosting, payment processing or conferencing, and we apply suitable safeguards.

Safeguards include data processing agreements, encryption, standard contractual clauses where applicable, and selecting providers with recognized security certifications. We document transfers and apply technical and contractual measures to protect data.

Data retention

We retain personal data only as long as necessary for the purposes described, including operational needs, legal obligations and legitimate interests related to service improvement and training scenarios.

Account and profile data is retained while your account is active and for a limited period after account closure for administrative, legal and tax compliance; typical retention for closed accounts is up to 7 years in line with accounting and compliance needs.

Communications, session notes and mentoring materials are retained according to their purpose: for active coaching relationships they are kept for the duration of the engagement and a reasonable period after (commonly up to 3 years) to support follow-up. Session recordings are stored only with consent and retained for a documented period (commonly up to 2 years) unless you request earlier deletion.

System logs, analytics records and aggregated usage data are retained in anonymized or pseudonymized form for analysis and platform improvement, typically for periods such as 12–24 months depending on the data type and operational needs.

You may request deletion of personal data where permitted by law. We will evaluate requests against legal obligations, contractual requirements and legitimate interests such as fraud prevention, and respond within applicable timeframes. Deletion requests do not normally remove anonymized or aggregated insights used for case-study analysis.

Security measures

We maintain technical and organizational measures designed to protect personal data appropriate to the risks posed by our operations. Measures include access controls, encryption in transit and at rest, monitoring, regular security reviews and staff training focused on secure handling of mentoring materials and participant information.

• Encryption of data in transit (TLS) and encryption at rest for stored sensitive records where supported by our providers.
• Role-based access controls and logging to limit who can view mentoring materials, recordings and personal data to authorized personnel only.
• Regular vulnerability assessments, third-party security reviews and staff training on privacy-aware handling of case-study materials and participant data.

Your rights

Subject to applicable law, you may exercise a range of rights regarding your personal data. We explain the available rights and provide guidance on how to submit requests in the contact section below.

• Right to access: request a copy of the personal data we hold about you and information about processing purposes and recipients.
• Right to rectification: request correction of inaccurate or incomplete personal data such as an updated CV or contact details.
• Right to deletion or restriction: request erasure or restriction of processing where legal conditions apply, for example when data is no longer necessary for the original purpose.
• Right to data portability: where applicable, request a machine-readable copy of data you provided for transmission to another service.
• Right to object and to withdraw consent: object to certain processing activities and withdraw consent for optional processing such as marketing or recordings; withdrawing consent does not affect processing based on other lawful grounds.
• Right to withdraw consent for specific processing activities — for example, withdrawing email marketing consent while keeping account access active.
• Right to data portability — request a machine-readable copy of profile data and mentoring history to transfer to another provider or personal archive.
• Right to lodge a complaint with a supervisory authority in Malaysia if an individual believes their personal data is processed improperly, with examples of typical complaint scenarios.

How to exercise your data rights

To request access, correction, deletion, portability, or restriction of your personal data held by NexaVGuide, send a signed request to our registered address or email. Include your full name, Business ID if applicable, and a brief description of the request. Practical case: when a user requests deletion of mentoring notes, we verify identity then outline what data will be removed and what must be retained for legal or accounting purposes.

[email protected]

We typically respond to verified requests within 30 days. For complex requests involving multiple data sources we will acknowledge receipt within 7 days and provide an estimated completion timeline with step-by-step case notes.