2.THE PERSONAL DATA WE COLLECT FROM YOU
2.1During the course of your use of the Site and the provision of the Services, we may collect the following Personal Data from you:
(a)Identity data such as your name, gender, date of birth;
(b)Contact information such as your email address, billing address, shipping address, phone numbers;
(c)Bank account details, credit and debit card details including but not limited to: payment account number (PAN) or account number, card expiration date, CVC details, bank and/or issuer details and all other payment information including but not limited to alternative payment methods used e.g. bank transfer, FPX payment (Financial Process Exchange), eWallets accepted by our payment gateway service provider SenangPay and/or such other third-party payment service providers we may engage in the future;
(d)Transaction data such as details about orders placed by you and payments made, and other details of products and Services related to you;
(e)Profile data such as your password, orders related to you, your interests, preferences such as receipt of marketing data and your communication preferences, feedback, your product reviews and ratings and survey responses;
(f)Usage data, such as information on how you use the Site, products and Services or view any content on the Site, including the time spent on the Site, items and data searched for on the Site, access times and dates;
(g)Technical data, such as Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, international mobile equipment identity, device identifier, IMEI, MAC address, cookies (where applicable) and other information and technology associated with the devices you use to access the Site;
(h)Photographs, or audio or video recordings that you share with us;
(i)Government issued identification information e.g. ID cards and passport details and other information required for our due diligence, know your customer, identity verification, or fraud prevention purposes; and
(j)Statistical or aggregated data on content users engage with.
3.COLLECTION OF PERSONAL DATA
3.1We will /may collect Personal Data from you from various means, including but not limited to the following:
(a)When you access and use our Site and Services and/or register or open an account with us;
(b) When you browse our Site;
(c)When you place orders or make any transactions or purchases regarding the products available on the Site;
(d) When you activate or use any payment-related functions available on the Site or provided by our third-party service providers;
(e) When you make payments for products through the Site to ascertain /authenticate your identity in connection with fraud detection purposes;
(f) When you use any of the information, content, features and functionalities made available on the Site or through the Services;
(g) When you request information on products offered on the Site and/or the Services through the Contact Us section on the Site;
(h) When you provide us with feedback, reviews and ratings on our products, survey responses, your preferences in relation to receipt of marketing and/or promotional materials, participate in promotions or competitions or activities or campaigns on the Site;
(i) When you make a complaint about the products offered or Services provided or any other issues relating to your access and use of the Site and/or the Services;
(j) When you link your account on this Site to your account on any of the Social Sites, log in to your account on the Site or otherwise interact with us via the other Social Sites or use any of this Site’s social media features;
(k) When you interact with our staff /employees, customer service agents or us in store or through telephone calls (which may be recorded), letters, fax, emails; and
(l) When you submit your Personal Data to us for specific purposes as requested by us including any complaints lodged against you, any investigations and/or law enforcement purposes.
3.3 You must only submit Personal Data which is accurate and not misleading and you must keep it up to date and inform us of any changes to the Personal Data you have provided to us. We reserve the right at our sole discretion to require further documentation to verify the Personal Data provided by you to as part of our user verification processes or as required under law.
3.6 If you do not wish for us to collect and process your Personal Data and you choose not to provide us with your Personal Data or you subsequently withdraw your consent for us to collect, use and/or process your Personal Data, we may not be able to provide you with access and use of the Site and/or the Services, provide you with certain features and functionalities on the Site or transact with you.
4.COOKIES AND OTHER TRACKING TECHNOLOGIES
4.1We or our authorized third-party service providers may from time to time use "cookies" or other tracking technologies to allow us or third parties to collect or share information in connection with your use of our Services or the Site.
4.2When you visit the Site through your computer, mobile device, or any other device with Internet connectivity, our company servers will automatically record data that your browser sends whenever you visit and use this Site or the Services.
4.3This data is collected for analysis and evaluation in order to help us improve our Site and the Services and products we provide, as well as to help us to personalise the content to match your preferred interests more quickly, to provide targeted advertising related to products, services and features and to monitor usage of the Services.
4.4“Cookies” are identifiers that are stored on your computer or device that record data about your computer or device and how and when the Services or Site are used or visited, by how many people and other activity within our Site.
5.PURPOSES FOR COLLECTION, USE, DISCLOSURE AND PROCESSING OF PERSONAL DATA
5.1 We may collect, use, disclose and/or process your Personal Data for one or more of the following purposes:
(a)Providing the Services
•Administering, facilitating, processing and/or dealing in any matters relating to your access to the Site or use of the Services;
•Dealing with, processing, registering and/or administering the account that you may open with us, including to facilitate your transactions or activities on the Site;
•To respond to your customer service enquiries or complaints, feedback, claims or disputes, whether directly or through our third-party service providers;
•To facilitate your use of the features and functionalities available on the Site or provided by our third-party service providers;
•Assessing and processing your orders for products that you submit through the Site;
•To verify and carry out payment transactions (including any credit card and debit card payments, bank transfers, FPX payment, eWallet transactions) in relation to products ordered by you. In order to verify and carry out such payment transactions, payment information, which may include Personal Data, will be transferred to third parties such as our payment service providers;
•Implementing your transactions and delivering the products you have purchased through the Site. Without limiting the generality of the foregoing, should you make a purchase to be delivered to a third-party recipient, you consent to us disclosing Personal Data that identifies you, to the said third party recipient (such as but not limited to your name). Further, you acknowledge and agree that delivery of your purchase could involve disclosure of certain Personal Data about you to bring about delivery of the same such as your name and contact details, which may be disclosed on the cover of the parcel, on an envelope or a delivery related document, as the case may be, which could be seen by third parties who view such parcel, envelope or said document. We may also pass your Personal Data to our third-party logistics providers in order to make delivery of the product to you or any third-party recipient; and
•Contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing your use of the Site, and/or account with us, your relationship with us or any transactions made by you with us.
(b)Marketing and Advertising
•To send marketing and promotional materials to you about our products provided that you have opted to receive such information; and
•To use the Content (as defined in our Terms of Service) including product ratings and reviews and video content that you provide to us to help us conduct marketing and advertising campaigns to promote the Services and the Site.
(c)Analytics, Research and Business Development
•To conduct surveys, including carrying out research on our users’ demographics and behaviour;
•To conduct data analytics, product development and/or profiling, testing and research, monitoring and analysing usage and activity trends;
•To tailor your experience through the Services by displaying content according to your interests and preferences, providing a faster method for you to access your account and submit information to us and allowing us to contact you, if necessary;
•To derive further attributes relating to you based on Personal Data provided by you (whether to us or third parties), in order to provide you with more targeted and/or relevant information; and
•To help us operate, improve, customize, fix, and support the Site and our Services whether in terms of layout, design, content or functionalities.
(d)Legal, Regulatory and Operational Purposes
•To carry out due diligence, know your customer (“KYC”) procedures and other screening activities to comply with legal or regulatory obligations and our risk management that may be required by law or that may have been put in place by us;
•To ascertain /authenticate your identity in connection with fraud detection purposes;
•To prevent or investigate any actual or suspected violations of our Terms of Service, fraud, unlawful activity, omission or misconduct, whether relating to your use of our Services or any other matter arising from your relationship with us;
•To respond to any legal processes and comply with any legal or regulatory requests including law enforcement requests and any legal requirements to make disclosure that are binding on us;
•Where necessary to prevent a threat to life, health or safety;
•To produce statistics and research for internal and statutory reporting and/or record-keeping requirements;
•To facilitate and/or administer external audits or internal audits of our Services or our business;
•To respond to and process any complaints, feedback, enforcement action and threatened or actual claims that your Content violates the rights of third parties;
•To store, host and back up (whether for disaster recovery or otherwise) your Personal Data;
•To maintain and administer any software updates and/or other updates and support that may be required from time to time to ensure the smooth running of our Services;
•To deal with and/or facilitate a business asset transaction or a potential business asset transaction, where such transaction involves Petrotek as a participant or involves only a related corporation or affiliate of Petrotek as a participant or involves Petrotek and/or any one or more of Petrotek's related corporations or affiliates as participant(s), and there may be other third party organisations who are participants in such transaction. A “business asset transaction” refers to the purchase, sale, lease, merger, amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation; and
•To carry out anonymization of your Personal Data. In this regard, you acknowledge that Personal Data that has been anonymized is no longer Personal Data and the requirements of the PDPA would no longer apply to such anonymized data.
•Any other purposes which we notify you of at the time of obtaining your consent.
(collectively, the “Purposes”)
6.DISCLOSURE OF PERSONAL DATA
6.1In connection with one or more of the above stated Purposes, we may disclose your Personal Data to one or more of the following third parties located in Malaysia:
(a) Agents, contractors, and any third party service providers that we use to support our business who provide services to us including but not limited to financial services providers, logistics service providers, administrative or other services to us such as mailing houses, telecommunication companies, logistics companies, information technology companies and data centres;
(b) Our business partners;
(c)Our related corporations and affiliates in Malaysia;
(d) Law enforcement, regulatory, prosecuting, tax or governmental authorities, courts or other tribunals or dispute resolution bodies;
(e) Our professional advisors (lawyers, accountants, consultants, tax advisors);
(f) Any proposed sellers or buyers of our company, business or assets as in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Petrotek’s assets;
(g)Third parties to whom disclosure by us is for one or more of the Purposes and such third parties would in turn be collecting and processing your Personal Data for one or more of the Purposes;
(h)Any other third party to the extent the disclosure is required by a law or regulatory requirement which applies to us or pursuant to a court order.
6.2In disclosing your Personal Data to them, we endeavour to ensure that such third parties keep your Personal Data secure from unauthorised access, collection, use, disclosure, processing or similar risks and retain your Personal Data only for as long as your Personal Data is needed to achieve the above-mentioned Purposes.
6.4 At present, our business operations and business activities are local in nature and we do not need to transfer Personal Data to any third parties outside of Malaysia. If and when we need to transfer Personal Data out of Malaysia, we will ensure that we comply with the PDPA in doing so.
6.5For the avoidance of doubt, in the event that the PDPA or other applicable laws permit an organisation such as us to collect, use or disclose your personal data without your consent, such permission granted by the laws shall continue to apply.
7.WITHDRAWAL OF CONSENT
7.1You may withdraw your consent for us to collect, use, process, disclose and/or store your Personal Data by submitting your request to email@example.com or via the Contact Us section.
7.2We will process your request within a reasonable time and will subsequently cease to collect, use, process, disclose and/or store your Personal Data unless we are required by the PDPA and/or any applicable law to do so.
7.3However, withdrawal of your consent could result in certain legal consequences. Depending on the extent of your withdrawal of consent for us to process your Personal Data, we may not be able to continue providing the Services to you or continue our relationship with you or perform any contract we may have with you and we will not be liable in the circumstances. We reserve our legal rights and remedies in such an event.
7.4Marketing Information. You may opt not to receive marketing information by unsubscribing using the unsubscribe function within any electronic communication that we send you. We may use your contact information to send you any marketing and promotional materials from us.
8.REQUEST FOR ACCESS AND/OR CORRECTION OF PERSONAL DATA
8.1 If you have an account with us, you may personally access and correct your Personal Data currently in our possession or under our control through the account settings page on the Site. If you do not have an account with us, you may request to access and/or correct your Personal Data currently in our possession or control by submitting a written request to firstname.lastname@example.org or through the Contact Us section on our Site. We will need enough information from you in order to ascertain your identity as well as the nature of your request, to deal with your request.
8.2For a request to access Personal Data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant Personal Data within 21 days. Where we are unable to respond to you within the said 21 days, we will notify you of the soonest possible time within which we can provide you with the information requested. Please note that in accordance with the PDPA, we may refuse to comply with your access request under certain circumstances.
8.3For a request to correct Personal Data, once we have sufficient information from you to deal with the request, we will deal with your request in compliance with the PDPA, including correct your Personal Data within 21 days. Where we are unable to do so within the said 21 days, we will notify you of the soonest practicable time within which we can make the correction. Please note that we may refuse such correction requests where permitted under the PDPA.
8.4We may also charge you a reasonable fee for the handling and processing of your requests to access your Personal Data in accordance with the PDPA. If so, we will inform you of the fee before processing your request.
9.SECURITY OF YOUR PERSONAL DATA
9.1We are committed to maintaining the security and confidentiality of your Personal Data. We use SSL (secure sockets layer) technology to secure and encrypt network connection to our Site and protect the privacy of your Personal Data. We also limit access to Personal Data to a limited number of employees who require access and are required to keep the Personal Data confidential.
9.2We will endeavor to put in place such organizational, physical and technical security measures as may be necessary from time to time to safeguard the security and confidentiality of your Personal Data. However, whilst we strive to protect the security of your Personal Data, inevitably there can be no guarantee of absolute security. We cannot assume responsibility for any unauthorized use of your Personal Data by third parties which are wholly attributable to factors beyond our control.
10.RETENTION OF YOUR PERSONAL DATA
10.1We will only retain your Personal Data for as long as we are either required or permitted to by law or as relevant for the Purposes for which it was collected.
10.2We will also put in place measures such that your Personal Data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the Purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.
11.THIRD PARTY WEBSITES
11.1 The Site may contain links to other websites operated by other parties, such as our third-party service providers e.g. payment service providers, our business partners such as banks and financial institutions or payment gateways as well as Social Sites. We are not responsible for the privacy practices of websites operated by these other parties. You are advised to check on the applicable privacy policies of those websites to determine how they will handle any information they collect from you.
12.QUESTIONS, CONCERNS OR COMPLAINTS
12.2Alternatively, you may contact us at:
Petrotek Sdn. Bhd.
45-2, The Highway Centre,
46050, Petaling Jaya, Selangor.