SOM1

Privacy Policy

Effective date: 18 August 2024

1. Introduction

SOM1 ECOMMERCE SDN BHD LIMITED ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, store, and protect your personal data when you use our website, mobile applications, and related services (the "Services"). We are a data user under the Personal Data Protection Act 2010 (PDPA) of Malaysia where it applies. We process personal data in accordance with the PDPA and other applicable laws. By using the Services, you consent to the practices described in this Policy. If you do not agree, please do not use the Services. We may update this Policy from time to time; the effective date at the top indicates when it was last revised.

2. Personal Data We Collect

Data you provide: We may collect personal data that you give us directly, including: (a) contact and account information such as your mobile number, email address, and verification codes when you register or log in; (b) profile information such as your name, delivery address, and billing address when you make a purchase or update your account; (c) payment information necessary to process transactions (we use third-party payment processors who may collect and process card or other payment details; we do not store full card numbers); (d) communications you send to us, including feedback, complaints, or enquiries; and (e) any other information you choose to provide.

Data collected automatically: When you access the Services, we or our service providers may automatically collect: (a) device information such as device type, operating system, unique device identifiers, and mobile network information; (b) log data such as IP address, access times, pages viewed, and referring URL; (c) location data if you grant permission or to the extent derived from your IP or similar; and (d) information collected via cookies, pixels, and similar technologies. We use this to operate, secure, and improve the Services, and for analytics as described below.

Data from third parties: We may receive information from third parties, for example payment processors, delivery partners, or social sign-in providers, where you have authorised such sharing or where permitted by law.

3. Purposes of Processing (Notice and Choice under PDPA)

We process your personal data for the following purposes, in each case where we have a lawful basis (including consent where required, contract performance, legal obligation, or legitimate interest as permitted under the PDPA and other laws):

  • To create, manage, and authenticate your account and to provide the Services, including processing registrations and logins via phone number and SMS or other verification.
  • To process and fulfil orders, to arrange delivery, and to communicate about your purchases, returns, and refunds.
  • To send you service-related messages, including verification codes, order confirmations, shipping updates, and security or account alerts.
  • To send you marketing communications (e.g. promotions, new products, offers) where you have consented. You may opt out at any time via the unsubscribe link in messages, in your account settings, or by contacting us.
  • To respond to your enquiries, feedback, or complaints, and to provide customer support.
  • To improve, develop, and personalise the Services, and to conduct analytics and research (including in aggregated or de-identified form).
  • To detect, prevent, and address fraud, security issues, and abuse, and to enforce our User Agreement, Terms of Service, and this Privacy Policy.
  • To comply with legal and regulatory obligations, including responding to lawful requests from authorities, and to protect our rights and the rights of others.

Where the PDPA requires it, we will give you notice of the purposes and obtain your consent before or at the time of collecting your personal data. For marketing and certain optional uses, we will seek your separate consent. You may withdraw consent for processing that is based on consent, subject to legal or contractual restrictions; note that withdrawal may affect our ability to provide the Services.

4. Disclosure of Personal Data

We may disclose your personal data to: (a) service providers who assist us in operating the Services (e.g. hosting, analytics, payment processing, SMS or email delivery, customer support, delivery and logistics). We require them to use the data only for the purposes we specify and in accordance with applicable law, including the PDPA; (b) business partners or affiliates where necessary for the Services or with your consent; (c) regulatory bodies, law enforcement, or other authorities when required by law or to protect our rights, your safety, or the safety of others; and (d) successors in the event of a merger, acquisition, or sale of assets, subject to the same privacy protections.

We do not sell your personal data to third parties for their marketing. We may share aggregated or de-identified data that does not identify you. Where we transfer data to service providers or others outside Malaysia, we take steps to ensure appropriate safeguards are in place as required by the PDPA and other applicable law.

5. Your Rights (PDPA and Other Laws)

Under the PDPA and other applicable laws, you may have the right to: (a) request access to your personal data that we process; (b) request correction of inaccurate or incomplete data; (c) request deletion or limitation of processing where the law allows; (d) withdraw consent where processing is based on consent; and (e) lodge a complaint with the relevant data protection authority (in Malaysia, the Department of Personal Data Protection, JPDP).

To exercise these rights, please contact us using the details below. We may need to verify your identity. We will respond within the timeframes required by applicable law (under the PDPA, generally within 21 days for access requests). We may charge a fee for access requests as permitted by the PDPA. If you wish to opt out of marketing messages, you may use the unsubscribe link in our emails or SMS, or update your preferences in your account.

6. Accuracy and Retention

We take reasonable steps to ensure that your personal data is accurate, complete, not misleading, and up to date, in line with the PDPA. Please notify us if your information changes. We retain your data for as long as necessary to fulfil the purposes set out in this Policy, including to provide the Services, to comply with legal, tax, or regulatory requirements, and to resolve disputes and enforce our agreements. When data is no longer needed, we will delete or anonymise it in accordance with our retention policy and the PDPA.

7. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, in accordance with the PDPA and industry standards. These measures include encryption (e.g. for data in transit and, where appropriate, at rest), access controls, and regular reviews of our practices. Despite our efforts, no method of transmission or storage is completely secure. You are responsible for keeping your account credentials and verification codes confidential and for notifying us of any suspected unauthorised access.

8. Cookies and Similar Technologies

We and our partners may use cookies, pixels, local storage, and similar technologies to: (a) enable essential functions (e.g. session management, security); (b) remember your preferences and settings; (c) analyse how the Services are used and to improve performance; and (d) deliver relevant advertising where you have consented. You can control cookies through your browser settings; disabling certain cookies may affect the functionality of the Services. For more detail, we may provide a separate cookie notice on our website.

9. Children

The Services are not intended for individuals under the age of 18 (or the applicable age of majority). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

10. Cross-Border Transfer

Your personal data may be processed and stored in Malaysia or in countries where our service providers operate. Where we transfer data outside Malaysia, we ensure that appropriate safeguards are in place as required by the PDPA, such as standard contractual clauses, adequacy decisions, or your consent. By using the Services, you acknowledge that such transfers may occur.

11. Third-Party Links

The Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We are not responsible for their privacy practices. We encourage you to read their privacy policies before providing any personal data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated Policy on this page and update the effective date. For material changes, we may notify you by email, in-app notification, or by a prominent notice on the Services. Your continued use after the effective date constitutes acceptance of the revised Policy. If you do not agree, you should stop using the Services and may contact us to delete your account and data where applicable.

13. Contact and Data Protection Officer

For any questions about this Privacy Policy, to exercise your rights, or to make a complaint, please contact us at:

SOM1 ECOMMERCE SDN BHD LIMITED
Room 1508, 15/F., Office Tower Two, Grand Plaza, 625 Nathan Road, Mong Kok, Hong Kong
Phone: +60 3 2716 8820
Email: info@som1.biz

You may also contact our data protection officer (if designated) at the same channels. We will endeavour to respond within a reasonable time. If you are not satisfied with our response, you may lodge a complaint with the Department of Personal Data Protection (JPDP), Malaysia.