1.1 As a corporation, Damansara Technology Sdn. Bhd. (hereinafter shall be referred to as “DTech”, “we”, “us”, or “our”) takes your privacy seriously. We are committed to complying with the Personal Data Protection Act 2010 and any regulation therein (“PDPA”) that are applicable to us.
1.2 In the course of providing you with our Services (as defined in the Terms and Conditions) or access to our Platform (as defined in the Terms and Conditions), we will be collecting, using, retaining and storing all data provided by you, including your Personal Data (as defined herein).
1.4 It is important that you read this Policy together with any other applicable notices we may provide on specific occasions when we are collecting or processing your Personal Data, so that you are fully aware of how and why we are using your Personal Data.
1.6 We may update this Policy from time to time. Any changes we make to this Policy in the future will be posted on our Platform and, where appropriate, notified to you by email, whereupon your continued use of our Services, access to our Platform, or use of the Services, including placing order(s) and/or purchase(s) on our Platform, shall constitute your acknowledgment and acceptance of the changes we make to this Policy, as may be notified to you by email. Please check back our Policy frequently to see any updates or changes thereto.
1.7 This Policy applies in conjunction with other notices, contractual clauses and consents clauses that apply in relation to the collection, use, retention, and disclosure of your Personal Data by us, and is not intended to override them unless otherwise stated by us.
1.8 You can visit our Platform, and browse without having to provide personal details. However, you will be required to sign up for an account if you wish to use our Services.
1.9 If you have any comment, suggestion, feedback, or complaint in relation to your Personal Data, please contact our Personal Data Protection Officer as provided under sub-clause 9.3 of this Policy.
2. THE PERSONAL DATA WE COLLECT FROM YOU
2.1 Personal Data” means any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual, as governed under the PDPA.
2.2 We may collect, retain, and store the following Personal Data from you:
- personal information, such as your name, national registration identity card number or passport number, gender, date of birth, and other relevant information;
- contact information, such as correspondence address, billing address, shipping or delivery address, email address, and phone number(s);
- banking information, such as bank account, credit and debit cards information, and payment details;
- transactional information, such as details about payments to and from you, and other details of product(s) and/or service(s) you have ordered and purchased from us;
- technical information, such as internet protocol (“IP”) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the computer and/or devices you use to access our Platform;
- bigR account information, such as your username and password, purchase(s) or order(s) made by you, your interests, preferences, feedback, survey responses, and other information we may find relevant;
- usage information, such as information on how you use our Platform, product(s) and service(s); and
- marketing, promotional, and communications information, such as your preferences in receiving marketing and promotions from us and/or our Merchants, and your communication preferences; and
- other information such as your thumbprints and facial images, as may be collected either directly from you or indirectly from your devices.
2.3 During the course of your use of our Platform, we may receive your Personal Data in the following situations:
- when you create a bigR account with us;
- when you order or purchase any product and/or service available on our Platform;
- when you use any of the features or functions available on our Platform;
- when you subscribe to our publications or marketing collaterals;
- when you enter a competition, promotion or survey conducted and/or organised by us and/or our Merchants;
- when you login into your account on our Platform, or otherwise interact with us via an external service or application, such as Facebook, Twitter or Google; and
- when you interact with us offline, including when you interact with our customer service agents.
2.4 You must only submit your Personal Data, which is accurate and not misleading, and you must keep it updated by informing us of any change. We shall have the right to request for documentation to verify the Personal Data provided by you as part of our customer due diligence and verification processes.
2.5 We are only able to collect your Personal Data if you voluntarily submit the Personal Data to us. Unfortunately, if you choose not to submit your Personal Data to us or subsequently withdraw your consent to our use of your Personal Data, we are unable to provide you with our services or access to our Platform.
2.6 You may access and update your Personal Data submitted to us at any time through our Platform.
2.7 If you provide Personal Data of any third party to us, you shall represent and warrant that you have obtained the necessary consent from that third party to share and transfer his/her personal data to us, and for us to collect, use, disclose, and retain that Personal Data in accordance with this Policy.
2.8 If you sign up to our bigR account using your social media account (such as Facebook, Twitter or Google account), or link your bigR account to any of your social media account, or use certain other bigR social media features, we may access your Personal Data which you have voluntarily provided to your social media provider in accordance with the provider's policies, and we will manage your personal data in accordance with this Policy.
3. USE AND DISCLOSURE OF PERSONAL DATA
3.1 The Personal Data we have collected from you may be used by us, or shared with, or transferred to Authorized Third Parties (as defined in the Terms and Conditions), for some or all of the following purposes:
- to facilitate your use of and access to our Platform, including responding to your queries, feedback, claims or disputes through our customer service agents;
- to process your order(s) or purchase(s) made through our Platform, whether the product(s) and/or service(s) is/are sold by us, or our Merchants;
- to facilitate and process the payment(s) made by you our Platform for product(s) and/or service(s), whether sold by us or our Merchants, will be processed by our Authorized Third Parties;
- to ship, courier, or deliver the product(s) or service(s) ordered and/or purchased by you through our Platform, whether such product(s) or service(s) is/are sold by us or our Merchants. We have the right to pass your Personal Data to any courier company in order to make shipment or delivery of such product(s) or service(s) to you (for example to our courier or supplier), whether the product(s) or service(s) is/are sold by us or our Merchants;
- to update you on the shipment or delivery of the product(s) or service(s), whether sold through our Platform by us or our Merchants, and also for our and our Merchants’ customer support purposes;
- to compare information and verify with Authorized Third Parties in ensuring that the information provided is accurate;
- to administer your account with us;
- to verify and carry out financial transaction(s) in relation to payments you have made online;
- to audit the downloading of data from our Platform;
- to improve the layout and/or content of our Platform, and customise them for our Users and Merchants;
- to identify visitors on our Platform;
- to carry out research on our Users’ demographics and behaviour;
- to provide you with information, we think you may find useful or which you have requested from us, including information and marketing about bigR and our Merchants, provided that you have indicated that you agree to be contacted for this purpose;
- subject to your consent in accordance with the PDPA, we may also use your Personal Data to send you our and/or our Merchants’ marketing and/or promotional materials about us and/or our Merchants from time-to-time; and
- we may also conduct automated-decision making processes in accordance with any of these purposes.
3.2 You may unsubscribe from receiving marketing information from us and/or our Merchants at any time by using the ‘unsubscribe’ function within the electronic marketing material we have provided to you either through our Platform or email. We may use your contact information to send newsletters from our Merchants and us.
3.3 In exceptional circumstances, we may be required to disclose Personal Data, such as when there are grounds to believe that the disclosure is necessary to prevent a threat to life or health, or for law enforcement purposes, or for fulfilment of legal and regulatory requirements and requests.
3.4 We may share and permit the sharing of your Personal Data with Authorized Third Parties, our affiliates and Merchants, for any of the abovementioned purposes, including but not limited to, facilitating your use of our Platform, completing a transaction with you, managing your account and our relationship with you, marketing and fulfilling any legal or regulatory requirements and requests as deemed necessary by us. In sharing your Personal Data with them, we endeavour to ensure that the Authorized Third Parties, our affiliates and our Merchants keep your Personal Data secure from unauthorised access, collection, use, disclosure, or similar risks and retain your Personal Data only for as long as they need your Personal Data to achieve the abovementioned purposes.
3.5 If you are located in Malaysia, we may transfer or permit the transfer of your Personal Data outside of Malaysia for any of the purposes set out in this Policy. In disclosing or transferring, or permitting the transfer of, your Personal Data to Authorized Third Parties, our affiliates and our Merchants located overseas, we take steps to ensure that the receiving party has in place a standard of protection accorded to Personal Data that is comparable to the protection under or up to the standard of the PDPA.
4. WITHDRAWAL OF CONSENT, DELETION OR ANONYMISATION OF PERSONAL DATA
4.1 You may communicate the withdrawal of your consent to the continued use or disclosure of your Personal Data for any of the purposes and in the manner as stated above at any time, or request the deletion or anonymisation of your Personal Data, by contacting our Personal Data Protection Officer using the contact details provided in sub-clause 9.3 below.
4.2 Please note that if you communicate your withdrawal of your consent to our use or disclosure of your Personal Data for the purposes and in the manner as stated above, or request the deletion or anonymisation of your Personal Data, we may not be in a position to continue to provide our product(s) and/or service(s) to you or perform on any contract (current or future) we have with you, and we will not be liable in the event that we do not continue to provide our products and/or services to, or perform our contract with you. Our legal rights and remedies are expressly reserved in such an event.
5. UPDATING YOUR PERSONAL DATA
5.1 It is important that the Personal Data you provide to us are accurate and up-to-date. You shall be responsible in informing us of any change to your Personal Data, or in the event where you believed that your Personal Data we have collected and stored are inaccurate, incomplete, misleading or out-of-date. You can update your Personal Data anytime by accessing your account on bigR Platform. If you are unable to update your Personal Data through your account, you may contact our Personal Data Protection Officer using the contact details provided in sub-clause 9.3 below.
5.2 We shall have the right to share the updates to your Personal Data with Authorized Third Parties and our affiliates with whom we have shared your Personal Data if your Personal Data are still necessary for the above-stated purposes.
6. ACCESSING YOUR PERSONAL DATA
6.1 If you would like request information about your Personal Data, which we have collected, or inquire about the ways in which your Personal Data may have been used or disclosed by us, please contact our Personal Data Protection Officer using the contact details provided in sub-clause 9.3 below. In order to facilitate processing of your request, it may be necessary for us to request further information relating to your request.
6.2 We reserve the right to charge a reasonable administrative fee for retrieving your Personal Data records. If so, we will inform you of the fee before processing your request.
6.3 We will respond to your request as soon as reasonably possible. Should we are unable to respond to your request within twenty-one (21) days from the date of your request, you will be informed in writing. If we are unable to provide you with any Personal Data or to make a correction requested by you, we would generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
7. SECURITY OF YOUR PERSONAL DATA
7.1 In safeguarding and safekeeping your Personal Data from any unauthorised access, collection, use, disclosure, copying, modification, disposal, breach, or similar risks, we have introduced appropriate administrative, physical and technical measures as follows:
- restricting access to our Users’ and Merchants’ Personal Data to our authorised officers, or relevant individuals (allowable under the PDPA), and/or Authorities (as defined herein in sub-clause 12.1 below) who require access;
- maintaining our server(s) and database to prevent unauthorised computer access;
- deleting or anonymising your Personal Data in compliance with the standards mandated under the PDPA, when it is no longer needed for any legal or business purpose; and
- using 128-bit SSL (secure sockets layer) encryption technology when processing your financial details.
7.2 If you believe that your Personal Data have been breached by DTech, our affiliates, or any of our Merchants, please contact our Personal Data Protection Officer using the contact details provided in sub-clause 9.3 below.
7.3 You are expected to be aware, nevertheless, that no method of transmission over the Internet, or method of electronic storage is absolutely secure. While we are unable to guarantee the security of the storage of your Personal Data, we assure you that we have put reasonable efforts, measures and duty of care in protecting the security of your Personal Data, and we will constantly review and enhance (to the extent possible) our Users’ and Merchants’ Personal Data security measures.
8. PROTECTION OF YOUR USERNAME AND PASSWORD
8.1 Your username and password is the key to your account. Please use numbers, letters and special characters, or a unique combination of all; and do not share your bigR username and password to anyone. We will not be held responsible for any action taken in the name of your account and the consequences if you share or disclose your password and/or username with anyone. If you lose access to your username and password, you may lose substantial control over your Personal Data and other information submitted to and shared with DTech.
8.2 You may also be subject to legally binding actions taken on your behalf. Therefore, if your username and password have been compromised for any reason or if you have grounds to believe that your username and password have been compromised, you should immediately contact us and change your username and/or password. You are reminded to log out of your account, and close our Platform when you have finished using a shared computer or mobile device.
9. RETENTION AND REMOVAL OF PERSONAL DATA
9.1 We will only retain your Personal Data for as long as we are either required to by law or as is relevant for the purposes for which it was collected.
9.2 We will cease to retain your Personal Data, or remove the means by which the Personal Data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the Personal Data was collected, and is no longer necessary for any legal or business purpose.
9.3 You may request for us to remove, or to cease, or not to begin processing your Personal Data for purposes of direct marketing, retained and stored by us by writing to our Personal Data Protection Officer through email at firstname.lastname@example.org or at Wisma Chase Perdana, Lot 10.3 Level 10, Off Jalan Semantan, Bukit Damansara, 50490 Kuala Lumpur. You may also send an official request through a notice under subsection 43(1) of the PDPA, which the sample of such notice may be available at the Personal Data Protection Department’s website.
10. CHILDREN AND MINORS UNDER 18 YEARS OF AGE
10.1 DTech does not sell products for purchase by children under 18 years of age, nor does it intend to provide any of our Services, or the use of our Platform to children under 18 years of age. We do not knowingly collect any Personal Data relating to children under 18 years of age.
10.2 If you are under 18 years old, you may use our Platform only with the involvement, supervision and/or consent of a parent or guardian.
10.3 If you think that we might have mistakenly collected, used, and/or collected any personal datum of a person below 18 years old, please write to our Personal Data Protection Officer for removal of such information.
11. COLLECTION OF COMPUTER AND MOBILE DEVICE DATA
11.2 Our servers will record and store your Personal Data, whenever you are visiting our Platform through your computer, mobile device, and/or any other device with Internet connectivity that your browser sends whenever you visit our Platform. This data may include but not limited to:
- your computer’s or device's IP address;
- browser type;
- webpage you were visiting before you came to our Platform;
- the pages within our Platform which you may have visited; and
- the amount of time spent on those pages, items and data searched for on our Platform, access times and dates, and other statistics.
11.3 These collected data will be analysed and evaluated in helping us to improve our Platform and our Services.
11.4 Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. They allow us to recognize a particular device or browser and help us to personalise the content to match your preferred interests more quickly, and to make our Services and Platform more convenient and useful to you.
11.5 You may be able to manage and delete cookies through your browser and/or device settings. For more information on how to do so, visit the help material of your browser or device.
11.6 Web beacons are small graphic images that may be included on our website, app and platform. Web beacons will allow us to count users who have viewed these pages of our Platform so that we can better understand your preference and interests.
11.7 When you are using and accessing our Platform through your mobile device, we may also access, collect, and/or store your personal information, including the current location, calendar, contact information, reminders, and photos. As such, by using and accessing our Platform through your mobile device, you hereby give consent for us to access, collect, and store your personal information available or stored in the mobile device.
12. DISCLOSURE OF PERSONAL DATA TO RELEVANT AUTHORITIES
You acknowledge and agree that DTech has the right to disclose your Personal Data to any legal, regulatory, governmental, tax, law enforcement or other authorities (“Authorities”), if DTech has reasonable grounds to believe that disclosure of your Personal Data is necessary for the purpose of meeting any obligations, requirements or arrangements, whether voluntary or mandatory, as a result of cooperating with an order, an investigation and/or a request of any nature by such parties. To the extent permissible by applicable law, you agree not to take any action and/or waive your rights to take any action against DTech and/or its holding company and/or any of it subsidiaries for the disclosure of your Personal Data in these circumstances.
13. LINKS TO THIRD-PARTY SITES
13.1 The bigR Platform may contain links to other websites, apps and/or platforms operated by our Authorized Third Parties, such as our business affiliates, Merchants and Payment Gateway (as defined in the Terms and Conditions). We are not responsible for the privacy practices of websites, apps and platforms operated by these Authorized Third Parties. You are advised to check on the applicable privacy policies of those websites, apps and/or platforms to determine how these Authorized Third Parties will handle any information they have collected from you.
13.2 The inclusion of any link does not imply DTech endorsement of the external site company, its website, or the products and services it promotes or sells. DTech is not responsible or liable for the independent privacy policies of these Third Parties’ sites. You should consult the privacy policies at these sites to determine how your information may be used.
[As at 1 September 2019]