PDPA &
PRIVACY
POLICY
PERSONAL DATA PROTECTION NOTICE AND PRIVACY POLICY
INTRODUCTION
Big Apple Donuts & Coffee values its customers’ privacy and we are dedicated to protecting your personal data in compliance with the Personal Data Protection Act 2010 (“the Act”).
To that end, we at Big Apple Interasia Sdn. Bhd (hereinafter referred to as either, “Company”, “We”, “Us” or “Our”) are committed to protecting the privacy of personal information and/or data of its customers and the public in general to whom may provide us on its website (“the Website”) and/or through other modes of communication such as online ordering, social media, emails, physical paper forms, and telephone communication. In accordance with the requirements of the Act, this Personal Data Protection Notice and Privacy Policy (“the Policy”) will be published for the benefit of all our valued customers and/or prospective customers.
By accessing and/or using or continue to access and/or use the Website and/or its related sites, services and tools, or by providing personal data to us or using our services, you hereby, unconditionally and voluntarily, accept the practices described in the Policy and consent to us processing your personal data in accordance with the Policy.
The acceptance and consent granted herein shall remain valid so long as you access and/or use the Website, its related sites, services and tools and/or provide personal data to us and/or use our services. Please do not access and kindly cease accessing and using the Website or any part thereof if you do not agree to the Policy or do not consent to us processing your personal data.
-
1.
Compliance with laws, rules and guidelines
We shall aim to comply with the Act for the purpose of the protection of personal data in Malaysia and relevant directives from the Ministry responsible for personal data protection (further known as “Ministry”) on collection, holding, storage, sharing, processing and the use of your personal data and other relevant matters as defined in the Act. “Personal data” and other terms defined under the Act when used in the Policy shall have the same meaning as defined under the Act.
-
2.
Particulars of Personal Data
Personal data is information that can be used to identify your identity either by itself or with other data we collect or have access to. In the case of personal data and other information combined (for example, personal data via login account details or demographic information), the information is categorized as personal data. This Privacy Policy applies to all personal data we collect. We may collect the following personal data:
- Personal contact information (name, residential home address or correspondence address, telephone number or e-mail);
- Login information;
- Demographic information (date of birth, age, etc.);
- Computerized technical information (IP address, computer operating system, web browser, etc.);
- The information filled by the customer, including but not limited to the information you fill and share to us or any other party including our social media sites, including but not limited to Facebook, Instagram, Youtube or Twitter;
- Social media information, including but not limited to information that is a part of your profile on third-party social media sites (such as but not limited to Facebook) for which you allow the social media to share information with us; and
- g. Payment information, including but not limited to credit card details, names and addresses on your transaction bill.
-
3.
Source of Collection of Personal Data
We and/or our third-party service providers may collect your personal data:
- where you access and interact with the Website;
- when you communicate with our customer service, delivery partners and other service providers;
- when you place an order;
- when you participate in any promotional events or contests;
- when you redeem for any gifts, vouchers, coupons or promotional items; and/or
- when you subscribe to our promotional updates.
-
4.
Purpose of Personal Data (“Purposes”)
You acknowledge and consent that by providing your personal data to us, we may use, disclose and otherwise process your personal data for the Purposes for which it was collected and/or for a related purpose, including without limitation:
- processing your request(s), order(s), purchase(s) and/or contest entry;
- processing payments from you, including authorising and processing online banking, credit/debit card transactions and sending receipts to you.
- delivering notices, services, products, updates, prizes and/or promotional materials to you;
- maintaining and improving customer relationship and services;
- conducting marketing survey and client satisfaction improvement activities;
- meeting any legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular, code applicable to us or any entity who are related or connected to us;
- enabling us to send you information by email, telecommunication means (telephone calls or text messages) or social media about products, services and/or promotions offered;
- to enforce our rights and remedies against you and/or any third party;
- for the reporting and assistance to various regulatory bodies and law enforcement officials and agencies to protect against fraud and for related security purposes;
- to our international third-party service providers to include in a database compiled by us or our third-party service provider for use in order and delivery management, direct marketing of promotions, product and services we think may interest you;
- to verify and carry out financial transactions in relation to payments you may make online;
- to assess and process applications for franchising and employment;
- for the purpose of record keeping in the ordinary course of our business; and
- for any purposes ancillary, relating to or in connection with the above, or the activities, dealings or transactions on the Website.
-
5.
Change of the Purpose concerning the Usage of Personal Data
We may change the Purposes of use as described above in the event of reasonable and relevant requirements catering to the purpose of the original use. In such a situation, we will notify our customers in advance and obtain the permission of each individual customer regarding the change in the terms concerning the usage of personal data on the Website or other platforms such as via e-mail and text messaging.
-
6.
Scope of Use
Personal data that has been collected will only be used within the required scope to achieve the Purposes of use as initially explained above. In the event of rare and unpredicted events, we shall obtain the individual’s permission first, unless it is for one of the following situations:
- prevention or detection of crime or any threat to life or health;
- arrest or prosecution of legal offenders;
- valuation or assessment of taxes or any other similar payments;
- other guidelines or instructions issued by the Ministry or any relevant authority or government body;
- to comply with any legal requirements applicable to or imposed on us;
- to protect your vital interests;
- for the administration of justice; or
- for the exercise of any functions conferred on any person by or under any law.
-
7.
Compilation of Sensitive Personal Data
If the need arises to process sensitive personal data for reasons as stated in the purpose of use, we will get the initial permission of the individual. Notwithstanding the foregoing, we may process sensitive personal data for the following circumstances without having to obtain separate permission:
- for the execution or claim of rights or obligation under the law against an individual in the regards of employment;
- to protect the interests of an individual or other person, where the truth cannot be granted by the individual or his representative or is impossible for us to obtain permission in a normal and reasonable manner;
- to protect the interests of an individual or other person, where the permission by the individual or his representative is deliberately not granted;
- for medical purposes – under the custody of a professional in the field of healthcare or a person who has the same confidentiality responsibility with professionals in the field of healthcare;
- for any relevant legal action;
- to seek legal advice;
- to create, carry or defend the rights under the law;
- to administer the system of legal justice;
- to carry out any function given to a person by or under the law;
- other purposes perceived by the Ministry; or
- the information contained in personal data has been publicly known as a result of an individual’s actions and in such instance, we will not be required to obtain the individual’s permission in respect of such personal data.
-
8.
Personal Data of Minors below the age of 18
We do not knowingly solicit or collect personal data from minor below the age of 18. In the event that we have unintentionally collected personal data from an individual below 18, we will remove that minor’s personal data from our records promptly. With the aforementioned notwithstanding, we may collect and process the personal data of a minor below the age of 18, provided that their parent, ward, or legal guardian has provided their own consent towards the processing of the personal data of the said minor. In this regard, we may also be required to collect and process of the personal data of the said parent, ward, or legal guardian.
-
9.
Access of Personal Data
You may request access to any personal data we hold that you had provided, at any time, by contacting us as per the details below and we shall provide you with suitable means of accessing it. Kindly note that we may charge a fee for processing your request for access or correction to the personal data.
-
10.
Limiting or Withdrawal of Consent towards Processing of Personal Data
Kindly note that you reserve the right to limit, restrict, or withdraw (in total or in part) the consent that was initially provided to use pertaining to the abovementioned Purposes. However, kindly note that the limiting or withdrawal of your consent may result in one or more of the following consequences:
- us being unable to provide you with the notices, services, delivery and/or products requested;
- us being unable to accept and process your entry to any contest or promotional events; or
- us being unable to update you on our latest products, services and promotions.
-
11.
Maintenance of the Accuracy of Personal Data
We take reasonable steps to ensure that the information we hold is accurate, complete and up to date. To assist us in doing this, please provide us with the correct information and inform us if there are any change to the details of your personal data. You reserve the right to access and correct your personal information held by us about you. Kindly contact us via the contact details below to amend your personal data. We may charge an administrative fee for the processing of such amendments.
In any event, you are responsible for ensuring that the personal data you provide us is accurate, complete and not misleading and that such personal data is kept up to date. Failure to provide the same may result in interruption in the usage of our services or Website.
-
12.
Limitation of Access and Modification etc toward Personal Data
Notwithstanding the above clauses 9, 10 and 11 and the rest of the Policy, we reserve the right to reject an application for access, withdrawal, restriction and/or amendments of personal data, if granting access to you may be a risk to your privacy, such access is deemed illegal, or the circumstances in which the rights of others may also be interrupted or jeopardized. We also reserve such rights of rejection in the event that we are not provided enough information or evidence to proceed with such application by you.
-
13.
Duration of Retention of Personal Data
We will not keep your personal data for longer than necessary for the purposes for which we collect and process it, except when we are required by laws to keep it for longer than that or have valid grounds for doing so. We undertake to take all reasonable steps to ensure that all personal data held by us are destroyed or permanently deleted if it is no longer required for the purpose for which it was to be processed.
-
14.
Security and Storage
We will take necessary and appropriate actions for security control purposes to protect personal data from unauthorized access, forgery, leakage, loss or damage to personal data. The Company shall also where necessary and practicable, implement the appropriate administrative and security safeguards and procedures in accordance with the applicable laws and regulations to prevent the unauthorized or unlawful processing or loss of the personal data.
Nevertheless, while care is taken to protect your personal data, unfortunately no data transmission is guaranteed as totally and definitely secure. Accordingly, we cannot ensure or warrant the absolute security of any information you send to us or receive from us.
-
15.
Disclosure of Personal Data to Third Parties.
We may disclose, share and transfer your personal data with mutual users as stated in the list of joint users below. (hereinafter referred to as “Joint Users”) and third parties acting on our behalf as our agent, contractor, service providers and/or professional advisors who provide us with administrative and business support services. The Joint Users may jointly use personal data operated in each company to provide the best service to all relevant parties.
In the event of any changes within the Joint User environment or the officer responsible for handling joint use, you will be informed in advance, or we will provide the convenience so you can easily access the information. You hereby clearly give us permission to transfer and store your personal data with any Joint User to whom may be based outside Malaysia.
-
16.
Transfer of Personal Data Abroad
It may be necessary, that for any of the Purposes to transfer your personal data to locations outside Malaysia. Additionally, our information technology facilities and storage servers and the Joint Users may be in other regions outside Malaysia, including but not limited to Japan (where our parent company Duskin Co. Ltd is based). As a result of this, your personal data may be disclosed or transferred to entities and/or stored in any place outside Malaysia or in any country where you access our Website, including but not limited to Japan.
Please be informed that this foreign entity may be established in countries that may not offer the level of data protection which is equivalent to the law in Malaysia. You hereby clearly give us permission to transfer and store your personal data to any place outside Malaysia. However, we will always strive to ensure that all third parties outside Malaysia will not use or process your personal data other than for the intended purposes and in accordance with the Policy and while upholding the confidentiality and privacy of your personal data properly.
-
17.
Use of Cookies
A cookie is a small file that is placed within the memory of a computer to capture and recognise certain information that can be retrieved by web page servers. The Website uses cookies to enhance your interaction and convenience and does not use cookies to record any personal data. Cookies help us remember and process the items in your shopping cart, understand and save your preferences for future visits and keep track of advertisements.
Cookies may record information about your visit, including the type of browser and operating system you use, the previous site you visited, your server’s IP address, the pages you access, and the information downloaded by you. While this anonymous statistical data may be aggregated and used in broader statistical analysis by us and our web monitoring service provider to improve our services, at no time can we personally identify you as the source of that data.
You may choose to limit the usage of cookies by using the necessary options in your web browser. However, please note that by deleting, restricting, and/or limiting cookies may limit the type services and/or the quality of services that we can provide via the Website.
-
18.
Third Party Links
In the course of using the Website or perusing physical documents printed by us, you may encounter links to websites or contact details belonging to other parties which are owned or operated by other parties. These third-party sites have separate and independent privacy policies. As such, we are not responsible for information on, or the privacy practices of, such parties.
-
19.
Language
In accordance with Section 7(3) of the Act, the Policy is issued in both Bahasa Malaysia and English languages. In the event of any inconsistency, the English language version of the Policy shall prevail.
-
20.
Amendment
From time to time, we may need to review and revise the Policy. In that regard, we reserve the right to change the Policy at any time without prior notice. The amended version will be posted on the Website and will be effective from the date of such posting, unless otherwise stated. By continuing with the access and/or use of the Website after such changes have been incorporated, you will be deemed to have accepted and agreed to these changes.
-
21.
Contact Details
In the event that you have any queries, concerns or questions towards the collection, processing, or usage of your personal data or the Policy in general, please contact us via the particulars below:
- Via telephone: +603-9081 8219
- Via email: talk2us@bigappledonuts.com
- Via mail: No. 1, Jalan KPB 2, Kawasan Perindustrian Budiman, Batu 10 3/4, 43200 Cheras, Selangor Darul Ehsan, Malaysia
Kindly attention such queries to Marketing Department.
-
22.
Joint Users
Kindly be informed that the Joint Users referred above shall consist of the following parties:
- Big Apple Worldwide Holdings Sdn Bhd;
- Duskin Co Ltd; and
- Other companies related to (a) and (b) above.
STAY CONNECTED
Sign up to stay up-to-date with Big Apple Donuts news and events