PDPA

Home
PDPA

PDPA



PDPA POLICY


 1. SCOPE OF POLICY

 

1.1 Introduction

This document constitutes the Personal Data Protection Policy (“Policy”) of Eco-shop Marketing Berhad,(“we”, “us”, or “our”).

This Policy governs the collection, use, disclosure, and processing of personal data belonging to natural persons, including but not limited to customers, vendors, distributors, suppliers, service providers, joint venture partners, business affiliates, employment candidates, and employees (collectively referred as “data subjects”), in our possession. The processing of personal data is undertaken strictly in accordance with the provisions of the Personal Data Protection Act 2010 and any applicable subsidiary legislation, regulations, standards, orders, or statutory modifications and re-enactments thereof (collectively, the “PDPA”), together with the terms set out herein.

 

1.2 Legal Obligation to Inform and Obtain Consent

Pursuant to the requirements under the PDPA, we are obligated to notify you of your rights relating to the personal data that is being or will be collected and processed by us, as well as the purposes for such data processing. Additionally, the PDPA mandates that we obtain your explicit or implied consent prior to the processing of your personal data. In this regard, we reaffirm our commitment to ensuring the confidentiality, integrity, and protection of all personal data under our stewardship.

By submitting your personal data to us and/or by accessing or using our website or apps (“Site”), you acknowledge that you have reviewed, comprehended, and agreed to the terms of this Policy, and you hereby consent to the collection, use, and processing of your personal data in the manner described herein.

 

1.3 Amendments and Updates

We reserve the right to revise, update, or amend this Policy at our sole discretion from time to time, subject to the provision of reasonable prior notice. Notification of any such changes may be communicated through announcements posted on the Site or via any other means deemed appropriate by us. We encourage you to review this Policy periodically to stay informed of any revisions. Your continued use of our services or access to the Site following such notifications shall constitute your acceptance of and agreement to the revised terms of this Policy.

 

2. PERSONAL DATA

 

2.1 Definition and Scope

For the purposes of this Policy, “Personal Data” refers to any information, whether recorded in material form or not, that is capable of identifying an individual, either directly or indirectly, and which is in our possession or under our control. This includes but is not limited to an individual's name, residential or mailing address, contact number, identification card or passport number, date of birth, image or likeness, email address, and household-related details.

The term further encompasses “Sensitive Personal Data” as defined under the PDPA, which may include, without limitation, data concerning an individual’s physical or mental health condition, religious beliefs, or any other information categorized as sensitive under applicable law.

The types and extent of Personal Data collected are determined by the specific purposes for which the data is gathered. The term “processing” shall include, without limitation, the acts of collecting, recording, retaining, storing, using, disclosing, or otherwise dealing with Personal Data.

 

2.2 Methods of Collection

Your Personal Data may be obtained throughout the course of your interactions, transactions, or other engagements with us, whether verbal, written, or electronic in nature. Such data may also be acquired through a range of sources, including but not limited to events or promotional activities organized by us, as well as through publicly accessible channels.

Furthermore, we may receive, collect, store, and process your Personal Data that has been lawfully provided to us by third parties. These may include, without limitation, credit reporting agencies, business affiliates, regulatory bodies, and law enforcement authorities. The processing of such data may be carried out for various legitimate purposes, including but not limited to: facilitating the provision and delivery of our products and services; fulfilling our contractual obligations; enforcing our rights under relevant agreements; and ensuring compliance with applicable legal and regulatory requirements.

 

3. OBJECTIVES FOR COLLECTING AND PROCESSING PERSONAL DATA

The Personal Data that you have provided to us, or that has been collected by us directly from you or through authorized third-party sources, shall be processed for purposes that were made known to you at the time of collection or are reasonably related thereto (collectively referred to as the “Purposes”). These Purposes include, but are not limited to, the following:

  • To establish, manage, and enhance our relationship with you as a customer or business contact;
  • To evaluate, process, and deliver our products, services, and/or facilities as requested by you;
  • To administer, process, and facilitate payments related to the provision of products, services, or facilities;
  • To address your inquiries, respond to complaints, and resolve any disputes arising from interactions with us;
  • To provide updates and information regarding our products, services, promotional offerings, and events organized by us or selected third-party partners that may be of interest to you;
  • For direct marketing initiatives conducted via SMS, telephone, email, facsimile, postal mail, social media, or other suitable communication platforms;
  • To enable your participation in, and our administration of, promotional events, contests, or marketing campaigns;
  • To maintain accurate and up-to-date internal records;
  • To perform credit assessments and determine your credit standing where necessary to deliver products or services;
  • To manage and execute your commercial transactions with us, including tenders, contracts, and tenancy agreements;
  • To process payments arising from commercial dealings with us;
  • To conduct market research, customer profiling, trend analysis, and statistical reviews related to our offerings;
  • To disclose your Personal Data to joint venture partners or business collaborators for co-development of products, services, or promotional initiatives;
  • For audit, compliance, risk management, and security monitoring purposes;
  • To enable the performance of our obligations and the enforcement of our rights under contractual agreements to which we are a party;
  • To fulfil legal and regulatory reporting obligations, or to comply with any applicable laws, regulations, directives, court orders, by-laws, guidelines, circulars, or codes;

 

4. DISCLOSURE OF YOUR PERSONAL DATA

We affirm that your Personal Data will not be sold, leased, transferred, or otherwise disclosed to any third party without your prior consent, except as expressly provided under this Policy or as permitted by applicable law. Nevertheless, your Personal Data may be disclosed, shared, or otherwise made available to third parties for the fulfilment of one or more of the Purposes outlined in this Policy. Such third parties may include, but are not limited to, the following:

  • Parties subject to confidentiality obligations, including individuals or organizations contractually engaged to assist in fulfilling our obligations to you;
  • Our appointed professional advisors, including auditors, legal counsel, consultants, accountants, or financial institutions, strictly for purposes related to our business and under conditions of confidentiality;
  • Third-party service providers, whether appointed solely by us or jointly with other parties, for the purpose of establishing and maintaining shared databases where we have a legitimate commercial interest;
  • Data storage providers and hosting servers, located within Malaysia, engaged for data management or backup purposes;
  • Payment channels and financial institutions, for processing, verifying, and facilitating payment transactions relating to the purchase of our products or services;
  • Regulatory, governmental, judicial, or statutory authorities, including law enforcement agencies, courts, tribunals, ministries, or municipal councils in any applicable jurisdiction, where disclosure is mandated or authorized under prevailing laws, regulations, directives, or court orders;
  • Our business affiliates, strategic partners, vendors, contractors, suppliers, and agents, engaged to deliver services related to our operations or in fulfilment of the above-stated Purposes. This includes, but is not limited to, customer service providers, telecommunications companies, logistics providers, IT service vendors, insurance companies (for policy applications and administration), and data processors;
  • Merchants and credit card companies for purposes related to your commercial transactions with us;
  • Third parties involved in corporate transactions, including potential or actual mergers, acquisitions, divestitures, reorganizations, funding arrangements, or asset transfers involving our business. In such cases, your Personal Data may be disclosed to relevant stakeholders, including legal and financial advisors, and may be transferred to acquiring or surviving entities as part of the transaction.

 

 

5. VERIFICATION AND ACCURACY OF PROVIDED PERSONAL DATA

 

5.1 Commitment to Data Accuracy

We are committed to ensuring that all Personal Data under our custody is maintained in an accurate, complete, up-to-date, reliable, and non-misleading manner. However, the integrity and accuracy of such data are significantly reliant on the information you furnish to us.

Accordingly, as a condition precedent to our provision of products, services, and/or facilities, you hereby:

a. Represent, warrant, and undertake that all Personal Data submitted to us—whether presently or in the future—is true, accurate, complete, current, and not misleading in any respect. You further acknowledge and agree that we are entitled to assume the veracity and currency of the information you provide for purposes of processing such Personal Data; and

b. Agree to notify and update us should any of your previously submitted Personal Data become inaccurate, incomplete, misleading, outdated, or otherwise change in any respect, by contacting us using the contact details provided in this Policy.

 

 

6. DATA PROTECTION RIGHTS

 

6.1 Access and Correction of Personal Data

Subject to the exceptions and limitations prescribed under the Personal Data Protection Act 2010 (“PDPA”), you have the legal right to:

a. Request access to your Personal Data in our possession;

b. Request a copy of such Personal Data; and/or

c. Request that we update or correct any inaccuracies or omissions in your Personal Data.

While we will make reasonable efforts to accommodate your request, we reserve the right to deny any request for access or correction of Personal Data where such refusal is permitted or required by applicable law. For example, we may decline a request if providing access is excessively burdensome relative to the risks to your privacy, or if it would involve a breach of the rights or confidentiality of another individual.

 

6.2 Limiting the Processing of Personal Data

You have the right, at any time, to request that we restrict or cease the processing of your Personal Data for specific purposes. This includes, for example, opting out of receiving marketing or promotional communications from us, or requesting that we do not contact you for marketing-related purposes.

 

6.3 Withdrawal of Consent

You are also entitled to withdraw, whether in full or in part, any consent previously granted to us for the processing of your Personal Data. Such withdrawal must be submitted to us in writing and is subject to:

a. Any applicable legal or regulatory restrictions;

b. Contractual obligations in force at the time; and

c. A reasonable period required to implement the withdrawal.

 

 

7. RETENTION AND DISPOSAL OF PERSONAL INFORMATION

We will retain your Personal Data for as long as is necessary to fulfil the purposes for which it was originally collected, as outlined in this Policy. Once it is determined that the Personal Data is no longer required for such purposes, it will be securely deleted, destroyed, or anonymized in accordance with our internal data retention and destruction policies.

 

 

8. EFFECT OF NON-CONSENT

The provision of your Personal Data to us may be either mandatory or discretionary, depending on the specific purposes for which the data is being collected and processed. In instances where the submission of certain Personal Data is a legal or contractual requirement, or is otherwise necessary for us to fulfill the stated purposes, your failure or refusal to furnish such information—or to consent to the terms of this Policy—may result in our inability to:

a. Provide you with the requested products, services, or facilities;

b. Enter into or continue any commercial or contractual relationship with you;

c. Effectively communicate with you or respond to your inquiries; or

d. Fulfil our obligations under any applicable laws or regulations.

 

 

9. PERSONAL DATA SECURITY MEASURES

We are fully committed to maintaining the security and integrity of your Personal Data. To protect against unauthorized access, disclosure, alteration, or other unlawful forms of processing, we employ a combination of technical, physical, electronic, and procedural safeguards. These security measures are implemented in accordance with applicable laws, regulations, and recognized industry standards, and are designed to prevent the accidental loss, destruction, damage, or unauthorized access to your Personal Data. 

All employees, business partners, agents, contractors, vendors, service providers, and any third parties engaged by us who have access to your Personal Data are bound by strict confidentiality obligations and are required to process such data in accordance with this Policy and applicable legal requirements.

 

 

10. LIMITATION OF LIABILITY 

While we take reasonable precautions to protect Personal Data transmitted through our website and digital platforms, it is important to note that the Internet is inherently not a fully secure medium. we cannot and do not guarantee the security of data transmitted via the Internet. Accordingly, we disclaim responsibility for any unauthorized access, interception, alteration, or loss of Personal Data that occurs during transmission and which is beyond our reasonable control.

 

 

11. WEBSITE TERMS AND EXTERNAL LINK DISCLAIMER

 

11.1 External Links and Third-Party Platforms

a. Our Website may contain links to external websites that are not operated or maintained by us. Please be aware that such third-party websites are not governed by this Privacy Policy. We disclaim all responsibility and liability for the content, security, practices, and privacy policies of these external websites, and any Personal Data that you provide to such sites is entirely at your own risk.

b. Similarly, if you access or subscribe to any application, digital content, or product that is provided directly by one of our strategic partners or third-party providers—and you submit your Personal Data directly to that party—such data will be subject to the privacy policy of the respective third party. We do not assume any liability for the handling or processing of your Personal Data by those entities.

 

 

12. CONTACT DETAILS 

If you have any questions about this Policy, or have any further queries, or would like to make a complaint or data access or correction request in respect of your Personal Data, you may contact us at the contact details below:

Eco-Shop Marketing Sdn. Bhd.
Lot 3913 - 3914, Kampung Sungai Siput,
85200 Jementah,
Segamat, Johor,
Contact No.: +607-947 5502
Email Address: info@eco-shop.com.my

 

Effective Date of this Personal Data Privacy Policy: 24 June 2025