Privacy Policy

1. Introduction

TheNext.CEO ("we," "our," "us," or "the Platform") protects your privacy and personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our leadership assessment platform.

By using TheNext.CEO, you agree to this Privacy Policy. If you do not agree, please do not use our services.

2. Information We Collect

We collect three types of information:

• Information you give us directly
• Information collected automatically when you use our services
• Information from third-party sources

The information we collect depends on how you use our Platform.

2.1 Personal Information You Provide

When you use TheNext.CEO, you may provide us with the following personal information:

• Account Information: Name, email address, and any other information you provide when creating an account or profile
• Assessment Responses: Your answers to the 98-question leadership assessment, which are used to generate your personalized report
• Payment Information: Billing details, payment card information (processed securely through third-party payment processors), transaction history, and purchase records
• Communication Data: Information you provide when contacting us for support, including email correspondence, support tickets, and feedback
• Report Preferences: Your preferences regarding report delivery, format, and communication preferences

2.2 Automatically Collected Information

When you access and use our Platform, we automatically collect certain technical information, including:

• Device Information: IP address, browser type and version, device type, operating system, screen resolution, and device identifiers
• Usage Data: Pages visited, time spent on pages, click patterns, navigation paths, assessment completion rates, and interaction with features
• Log Data: Access times, dates, referring website addresses, and error logs
• Location Data: General geographic location based on IP address (country and city level, not precise location)
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixel tags, and similar technologies (see our Cookie Policy for details)

2.3 Information from Third Parties

We may receive information about you from third-party services, including:

• Payment Processors: Transaction confirmations and payment status from Stripe or other payment providers
• Analytics Providers: Aggregated usage statistics and performance metrics
• Email Service Providers: Email delivery status and engagement metrics
• Cloud Service Providers: Infrastructure and hosting service logs

3. How We Use Your Information

We use your information for several purposes:

• Providing our assessment services
• Improving your experience
• Keeping your data secure
• Following legal requirements

Below are the specific ways we use your information:

3.1 Service Delivery

• Process and administer your assessment responses
• Generate and deliver your personalized leadership assessment results and reports
• Process payments for premium reports and manage your account
• Send you assessment results, reports, and related communications
• Maintain your account and assessment history
• Provide customer support and respond to your inquiries

3.2 Service Improvement

• Analyze usage patterns and user behavior to improve our assessment methodology
• Conduct research and development to enhance our scoring algorithms and archetype models
• Test new features and functionality
• Monitor and improve Platform performance, security, and reliability
• Personalize your experience and content recommendations

3.3 Communication

• Send you important updates about your account, assessment, or reports
• Respond to your support requests and inquiries
• Send you service-related notifications and administrative messages
• Provide information about changes to our services, terms, or policies (with your consent where required)

3.4 Legal and Security

• Comply with applicable laws, regulations, and legal processes
• Respond to government requests and court orders
• Enforce our Terms and Conditions and other agreements
• Detect, prevent, and address fraud, security breaches, and other harmful activities
• Protect the rights, property, and safety of TheNext.CEO, our users, and third parties

3.5 Aggregated and Anonymized Data

We may combine and anonymize your personal information to create statistics. This data cannot identify you. We use it for:

• Research and analytics
• Improving our services
• Business intelligence

We may share this anonymized data with third parties for these purposes.

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your data based on these legal reasons:

• Consent: You give us permission for specific activities, such as marketing emails
• Contract: We need your data to provide assessment services and deliver reports
• Legal Requirement: We must follow laws and regulations
• Legitimate Interest: We use your data to improve services, ensure security, prevent fraud, and run our business. We only do this when it doesn't harm your rights

5. Data Sharing and Disclosure

We may share your information only in these limited cases:

5.1 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Platform and conducting our business, including:

• Payment Processors: Stripe and other payment providers for processing transactions
• Cloud Hosting Providers: For data storage and infrastructure services
• Email Service Providers: For sending emails and notifications
• Analytics Providers: For analyzing website usage and performance
• Customer Support Tools: For managing support requests and communications

These service providers are contractually obligated to protect your information and use it only for the purposes we specify. They are not permitted to use your information for their own purposes.

5.2 Legal Requirements

We may share your information if required by law. This includes:

• Court orders
• Subpoenas
• Search warrants
• Other legal requests

We may also share information to protect our rights, privacy, safety, or property, or that of our users or third parties.

5.3 Business Transfers

If our business is sold, merged, or transferred, your information may be transferred to the new owner. We will notify you of any such change.

5.4 With Your Consent

We may share your information with third parties when you have provided explicit consent for such sharing.

6. Data Security

We use strong security measures to protect your personal information. Our security includes:

• Encryption: Your data is encrypted when stored and when sent over the internet (TLS/SSL)
• Secure Servers: We use secure cloud platforms with regular security updates
• Access Controls: Only authorized staff can access your data
• Security Testing: We regularly test our systems for security issues
• Backups: We regularly backup your data securely
• Staff Training: Our team is trained on data security
• Incident Response: We have plans to respond to security issues quickly

7. Your Rights and Choices

Depending on your location and applicable data protection laws, you may have the following rights regarding your personal information:

7.1 Access Rights

You have the right to request access to your personal information and receive a copy of the data we hold about you, including assessment responses, scores, and report history.

7.2 Correction Rights

You have the right to request correction of inaccurate or incomplete personal information. You can update your account information directly through the Platform or by contacting us.

7.3 Deletion Rights

You can ask us to delete your personal information (also called "right to be forgotten"). However:

• We may need to keep some information for legal reasons
• We may keep information needed for business purposes

7.4 Restriction of Processing

You have the right to request restriction of processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or object to processing.

7.5 Data Portability

You can ask for your personal information in a digital format. You can then transfer it to another service if technically possible.

7.6 Objection to Processing

You can object to how we use your information, especially for marketing. We will stop unless we have strong reasons to continue.

7.7 Withdrawal of Consent

You can withdraw your consent at any time. This does not affect how we used your data before you withdrew consent.

7.8 How to Exercise Your Rights

To use any of these rights, contact us at privacy@thenext.ceo.

• We will respond within 30 days (or as required by law)
• We may need to verify your identity first
• We may charge a small fee if your request is unreasonable or excessive

8. PDPA Compliance (Malaysia)

As a Malaysian company, we follow the Personal Data Protection Act 2010 (PDPA). Under the PDPA, you have these rights:

• Access your personal data
• Correct inaccurate or incomplete data
• Withdraw consent (subject to legal restrictions)
• Prevent processing that may cause harm or distress
• Stop direct marketing

We follow the seven PDPA principles: General, Notice and Choice, Disclosure, Security, Retention, Data Integrity, and Access.

9. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), we follow the General Data Protection Regulation (GDPR). We process your data:

• Lawfully and fairly
• Transparently
• Only for clear, legitimate purposes

If you are in the EEA, you have extra rights under GDPR. You can file a complaint with your local data protection authority if you believe we violated your rights.

10. Data Retention

We keep your personal information only as long as needed. We base retention periods on:

• Service Delivery: We keep assessment data and reports while your account is active, and for a reasonable time after so you can access your results
• Legal Requirements: We may keep some information as required by law (e.g., financial records for taxes)
• Business Needs: We may keep anonymized data forever for research and analytics
• Disputes: We may keep information related to ongoing legal disputes

When we no longer need your personal information, we securely delete or anonymize it according to our policies and the law.

11. International Data Transfers

Your information may be sent to and processed in countries other than your own. These countries may have different data protection laws. We use safeguards to protect your data, including:

• Standard contracts approved by data protection authorities
• Certification schemes
• Other legally recognized transfer methods

By using our services, you agree to transfer your information to countries outside your jurisdiction, including Malaysia and other countries where our service providers work.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information about how you use our Platform. For more details, see our Cookie Policy.

13. Children's Privacy

If you are a parent or guardian and believe your child gave us personal information, contact us immediately at privacy@thenext.ceo. If we find we collected information from a child without permission, we will delete it right away.

14. Third-Party Links

Our Platform may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by TheNext.CEO.

15. Marketing Communications

With your permission, we may send you marketing emails about our services, new features, and special offers. You can stop these emails anytime by:

• Clicking unsubscribe in any marketing email
• Updating your preferences in account settings
• Emailing us at privacy@thenext.ceo

Note: Even if you opt out of marketing, we may still send important service messages like account notifications, assessment results, and security alerts.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of important changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending you an email (for big changes)
• Showing a notice on our Platform (for major changes)

If you keep using our services after changes, you accept the updated Privacy Policy. If you don't agree, stop using our services and contact us to delete your account.

17. Data Protection Officer

For questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact our data protection team at:

Email: privacy@thenext.ceo

We will respond to your inquiry within 30 days or as required by applicable law.

18. Complaints

If you believe we have violated your privacy rights or data protection laws, you have the right to lodge a complaint with:

• Malaysia: Personal Data Protection Commissioner, Department of Personal Data Protection, Ministry of Communications and Digital
• European Union: Your local data protection authority in your country of residence

However, we encourage you to contact us first at privacy@thenext.ceo so we can address your concerns directly.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to protecting your privacy and will respond to your inquiries promptly and professionally.