Privacy Policy
This document must comply with the Personal Data Protection Act 2010 (PDPA), which requires clear consent, notice, and transparency.
Personal Data Protection Act (PDPA) Notice and Consent
- Notice: State that you are collecting and processing personal data in accordance with the PDPA.
- Data Collected: List all data collected (Name, IC/Passport, Delivery Address, Email, Phone, Payment Details, IP address, etc.).
- Voluntary Provision: State that the provision of data is voluntary, but if the user withholds it, you may be unable to process their order or provide certain services.
Purpose of Collection
- Processing Orders: For payment processing, shipping, and order fulfillment.
- Communication: To send order updates, receipts, and respond to inquiries.
- Marketing (Opt-in/Opt-out): State clearly that if the data is used for direct marketing, the user must be given a clear choice to opt-out (or provide explicit consent to opt-in).
Disclosure of Data (Third Parties)
Explicitly list the parties with whom data may be shared:
- Payment Gateways/Processors
- Logistics/Delivery Companies
- Service providers (e.g., website hosting, email marketing, analytics).
Cross-Border Transfer
If you transfer data outside of Malaysia (e.g., using international cloud servers), you must state this and ensure the destination has a comparable level of data protection or obtain explicit consent.
Data Subject Rights (PDPA Rights)
The user has the right to:
- Access their data.
- Correct their data.
- Withdraw consent to process their data (subject to certain restrictions).
Security and Retention
- Security: State the technical and organizational measures you use to protect the data (e.g., SSL encryption, restricted staff access).
- Retention: State that data will be retained for only as long as necessary to fulfill the purposes for which it was collected.