Privacy Policy

Last updated: January 30, 2026

1. Introduction

Nxwlto Coaching ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage with our coaching services.

This policy has been developed in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and other applicable privacy laws. By accessing our website or using our services, you consent to the practices described in this policy.

2. Data We Collect

We may collect the following categories of personal data:

2.1 Personal Identification Information

  • Name
  • Email address
  • Phone number
  • Company name and position
  • Business address

2.2 Business Information

  • Business objectives and challenges
  • Industry sector and market information
  • Company structure and team information
  • Business performance data (when voluntarily shared during coaching)

2.3 Website Usage Data

  • IP address
  • Browser type and version
  • Pages visited and time spent on pages
  • Referral sources
  • Device information

2.4 Communication Data

  • Email correspondence
  • Contact form submissions
  • Coaching session notes and action items
  • Feedback and testimonials (with explicit consent)

3. How We Collect Your Data

We collect data through the following methods:

3.1 Direct Interactions

You may provide personal data when you:

  • Complete forms on our website
  • Subscribe to our newsletters or publications
  • Request information about our services
  • Engage in coaching sessions or consultations
  • Provide feedback or contact us

3.2 Automated Technologies

As you navigate our website, we may automatically collect technical data about your equipment, browsing actions, and patterns through cookies and similar technologies. Please see our Cookie Policy for more details.

3.3 Third Parties

We may receive personal data about you from various third parties, such as:

  • Analytics providers (e.g., Google Analytics)
  • Business partners (with appropriate consent and data sharing agreements)
  • Publicly available sources

4. Purpose and Legal Basis for Processing

4.1 Service Provision

We process your data to provide coaching services, including:

  • Facilitating coaching sessions and consultations
  • Creating personalized coaching plans
  • Tracking progress against established goals
  • Managing our relationship with you

Legal basis: Performance of a contract with you

4.2 Legitimate Business Interests

We process data to pursue our legitimate business interests, including:

  • Improving our services and website
  • Developing new coaching methodologies
  • Conducting business analytics
  • Ensuring security of our systems

Legal basis: Our legitimate interests

4.3 Marketing Communications

We may process your data to send relevant content, including:

  • Newsletters and insights
  • Information about services that may interest you
  • Invitations to events or webinars

Legal basis: Your consent or our legitimate interests (which you can opt out of at any time)

4.4 Legal Compliance

We may process your data to comply with legal obligations, including:

  • Responding to legal requests
  • Complying with regulatory requirements
  • Maintaining business records

Legal basis: Legal obligation

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Different retention periods apply for different types of data:

  • Contact Information: Retained for the duration of our business relationship plus 3 years
  • Coaching Records: Retained for the duration of the coaching engagement plus 5 years
  • Website Usage Data: Retained for 26 months
  • Financial Records: Retained for 7 years in accordance with tax regulations

We regularly review our retention periods to ensure we only keep data as long as necessary. When personal data is no longer needed, we securely delete or anonymize it.

6. Data Sharing and Transfers

6.1 Categories of Recipients

We may share your personal data with the following categories of recipients:

  • Service Providers: IT service providers, cloud storage providers, analytics providers, and other vendors who help us deliver our services
  • Professional Advisers: Lawyers, accountants, auditors, and insurers who provide professional services
  • Regulatory Bodies: Government agencies or other authorities where required by law
  • Business Partners: With your consent, we may share data with trusted partners who collaborate with us on coaching programs

6.2 International Transfers

We may transfer your personal data to countries outside Malaysia. When we do so, we ensure appropriate safeguards are in place to protect your data, such as:

  • Standard contractual clauses approved by relevant data protection authorities
  • Ensuring recipient countries have adequate data protection laws
  • Obtaining your explicit consent for the transfer

7. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way. These measures include:

  • Encryption of sensitive data
  • Secure access controls and authentication systems
  • Regular security assessments and vulnerability testing
  • Staff training on data protection and security practices
  • Data backup and disaster recovery procedures

We limit access to your personal data to employees, agents, contractors, and other third parties who have a business need to know. They are subject to strict contractual confidentiality obligations.

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Your Rights

Under the PDPA and other applicable privacy laws, you have several rights regarding your personal data:

8.1 Right to Access

You have the right to request access to your personal data that we hold. This allows you to receive a copy of your data and verify that we are processing it lawfully.

8.2 Right to Correction

You have the right to request correction of incomplete or inaccurate personal data we hold about you.

8.3 Right to Erasure

You have the right to request erasure of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

8.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

8.5 Right to Data Portability

You have the right to request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.

8.6 Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interest as the legal basis for processing.

8.7 Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided in Section 11. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.

9. Cookies

Our website uses cookies and similar technologies to distinguish you from other users. This helps us provide you with a good experience when browsing our website and allows us to improve our site.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For detailed information about the cookies we use and the purposes for which we use them, please see our Cookie Policy.

You can change your cookie preferences at any time by clicking on the Cookie Settings button available on every page of our website.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Data Protection Officer
Nxwlto Coaching
Block K Unit 6, Level 4, Block K
Pusat Bandar Puchong
47160 Puchong, Selangor
Malaysia

Phone: +60322466175

Email: [email protected]

If you are not satisfied with our response to your inquiry or believe we are processing your personal data not in accordance with the law, you can lodge a complaint with the relevant data protection authority.