Privacy Policy

Last updated: 22 August 2025

Applies to: WHIP on wghtc.com, operated by Weststar-Engineering Sdn Bhd (WESB) (Malaysia).

This Privacy Policy explains how WHIP collects, uses, shares, and protects personal data and business data submitted through our certification management platform.

1) What We Collect

Account & identity data: name, email, phone, role/title, login identifiers.
Organization data: company name, registration details, address, contacts, facility details.
Certification application data: scope, product/service details, supporting documents, declarations, audit-related files.
Payment & transaction data: invoice references, payment confirmation status, transaction IDs (we may not store full card details if processed by a payment gateway).
Usage data: IP address, device/browser info, access logs, and activity timestamps for security and troubleshooting.
Communications: emails/messages you send to us (support queries, refund requests, scheduling).

2) How We Use Data

To create and manage user accounts and platform access.
To process and manage certification applications and workflows with participating CBs and auditors.
To schedule audits, coordinate communications, and track application status.
To reconcile payments, issue invoices/receipts, and support refund/cancellation handling.
To provide customer support and respond to inquiries.
To improve platform reliability, security monitoring, and fraud prevention.
To comply with legal obligations and enforce our Terms & Conditions.

3) Sharing & Disclosure

We may share data with:

Certification Bodies (CBs) and auditors involved in your application, to review and process certification and audits.
Payment providers (banks, gateways, FPX/card networks) for payment processing and reconciliation.
Service providers (hosting, email delivery, logging/monitoring) who support platform operations under appropriate safeguards.
Authorities / regulators where required by law, court order, or to protect rights and safety.

We do not sell personal data.

4) Data Storage, Security & Retention

We apply reasonable administrative, technical, and organizational safeguards to protect data.
Retention depends on certification lifecycle, legal requirements, dispute handling, and audit trails.
We may retain records needed for compliance, reconciliation, fraud prevention, and system integrity.

5) Cross-Border Transfers

Your data may be processed in Malaysia and/or other locations where our service providers operate.
Where required, we will use reasonable safeguards for cross-border transfers.

6) Cookies & Similar Technologies

We may use essential cookies for login sessions, security, and site functionality.
We may use analytics logs to improve performance and detect errors (where enabled).
You can control cookies through your browser settings; disabling cookies may affect functionality.

7) Your Rights & Choices

You may request access, correction, or update of your personal data.
You may request deletion where applicable (subject to legal retention and certification record requirements).
You may object to certain processing where allowed by law.

We may need to verify your identity/authority before acting on requests.

8) Children’s Privacy

WHIP is intended for business and certification operations and is not directed at children.

9) Compliance

We aim to handle personal data in accordance with applicable Malaysian privacy laws (including the Personal Data Protection Act 2010, where applicable).

10) Updates to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date reflects the latest version.

11) Contact Us

Email: info@weststar-engineering.com

Business Hours: Mon–Fri, 9:00–18:00 (Malaysia time), excluding public holidays

Data Controller / Operator: Weststar-Engineering Sdn Bhd (WESB), Malaysia

Related links (placeholders): Terms & Conditions • Refund & Cancellation Policy