Rosie On Fire Sdn Bhd (1257443-P), together with other members of its group (“ROF/we/us/our”) are committed to safeguarding the privacy of our customers and users (“you/your”) and the Personal Information you have entrusted to us. It is important for you to understand what Personal Information we will collect, how we will use it, and who may access it.
Personal Information means information about an identifiable individual. It includes information that you have provided to us or was collected by us from other sources. It may include details such as your name and address, age and gender, personal financial records, identification numbers and personal references, to the extent permitted by local laws.
Our websites may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your Personal Information. Please check these policies before you submit any Personal Information to such third party websites.
(a) What Personal Information about you we may collect
(b) How we may use your Personal Information
(c) Who we may share your Personal Information with
(d) How we protect your Personal Information
(e) Your rights to prevent marketing and to access and update your Personal Information
(f) Method of contacting us
2. Information we may collect about you
We will collect and process all or some of the following Personal Information about you:
(a) Information you provide to us. Personal Information that you provide to us, such as the use of contact/subscription form or registration of an account on our website, including your name, email address, and other contact details;
(b) Our correspondence. If you contact us, we will typically keep a record of that correspondence;
(c) Information about how you use our products and services. Such as the product pages you visit on our website and other information about your activities while using our website. We collect this in order to develop our products and services and to understand what your preferences are so that our marketing is relevant to you;
(d) Survey information. We may also ask you to complete surveys that we use for research purposes. In such circumstances, we shall collect the information provided in the completed survey;
(e) Promotions. We may require your Personal Information to administer your participation in sales, contests or other promotions that we organise;
(f) Device Information. Such as information about your operating system, browser, software applications, IP address, geolocation, security status and other device information in order to improve your experience, to protect against fraud and manage risk;
(g) Marketing preference information. Details of your marketing preferences (e.g. product or communication preferences) and information relevant to selecting appropriate products and services to offer you;
(h) Website and communication usage. Details of your visits to our websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs, other communication data, and the resources that you access;
(i) Activities on Social Networking Sites (SNS). If you choose to participate (for example, by “liking” ROF’s profile or post on Facebook or Instagram, or posting a comment), we will have access to the information you divulge on the SNS, which may include your Personal Information, depending on your SNS privacy settings.
3. Uses made of your Personal Information
In this section, we set out the purposes for which we use Personal Information that we collect via our website and, in compliance with our obligations under European law and the Malaysian law, identify the “legal grounds” on which we rely to process the information.
These “legal grounds” are set out in European Data Protection Law, which allows companies to process personal data only when the processing is permitted by the specific “legal grounds” set out in law:
Consent: where you have consented to our use of your information
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party have a legitimate interest to do so, you have the right to object to that use.
Please note that in addition to the disclosures we have identified below, we may disclose Personal Information for the purposes we explain in this notice to service providers, contractors, agents, advisors (e.g. legal, financial, business or other advisors) and affiliates of ROF that perform activities on our behalf.
(a) To provide and manage products and services you have requested - to administer our services, including to carry out our obligations arising from any agreements entered into between you and us, or to notify you about changes to our services and products.
Use justifications: contract performance; consent, legitimate interests (to enable us to perform our obligations and provide our services to you or to notify you about changes to our service)
(b) To communicate with you regarding products and services that may be of interest - to provide you with updates and offers, where you have chosen to receive these. We may also use your information to market our own and our selected business partners’ products and services to you by way of post, email, or online or social media advertisement. Where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option on the appropriate platform to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you.
Use justifications: legitimate interests (to keep you updated with news in relation to our products and services); consent
(c) To understand our customers and to develop and tailor our products and services - we may analyse the Personal Information we hold in order to better understand your usage patterns, preferences and marketing requirements, as well as to better understand our business and develop our products and services;
Use justifications: legitimate interests (to ensure the quality and legality of our services and to allow us to improve our services);
Use justifications: contract performance, legal obligations, legal claims, legitimate interests (to ensure that the quality and legality of our services)
(e) To inform you of changes - to notify you about changes to our services and products;
Use justifications: legitimate interests (to notify you about changes to our service)
(f) To ensure website content is relevant - to ensure that content from our website is presented in the most effective manner for you and for your device, which may include passing your data to our business partners, suppliers and/or service providers;
Use justifications: legitimate interests (to allow us to provide you with the content and services on the websites)
(g) To reorganise or make changes to our business - in the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your Personal Information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your Personal Information to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy;
Use justifications: legitimate interests (in order to allow us to change our business)
(h) In connection with legal or regulatory obligations - we may process your Personal Information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your Personal Information to third parties, the court and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Use justifications: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities)
4.Profiling and Automated Decision Making
The advertisements and recommendations which we show you are chosen by analysing the Personal Information you provide to us, including information about your past purchases from us, the way in which you use our products and/or services, and previous advertisements which you have clicked on. To choose advertisements which are tailored and most likely to be of interest to you, we may compile and analyse information received from all our customers to gain a better understanding of your preferences from customers similar to you. We may also use similar predictive techniques to combat payment fraud.
5. Sharing your Personal Information (and transfers outside of the EEA)
Sharing outside the ROF: Personal Information may be provided to third parties, including anti-fraud organisations, legal, regulatory or law enforcement authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations, or to comply with a court order or for the protection of our assets.
Sharing within the ROF group: We may share your Personal Information within the ROF group, including locations inside or outside of the EEA where we do business, for marketing purposes, for legal and regulatory purposes, to manage credit risk and other business risks, to perform analytics, to ensure we have correct or up to date information about you (such as your current address or date of birth) and to better manage your relationship with us.
Business sale or reorganisation: Over time, we may buy new businesses or sell some of our businesses. Accordingly, Personal Information associated with any accounts, products or services of the business being purchased or sold will be reviewed as part of the due diligence process and subsequently transferred as a business asset to the new business owner. We may also transfer Personal Information as part of a corporate reorganisation or other change in corporate control.
Sub-contractors and agents: We may use affiliates or other companies to provide services on our behalf such as data processing, account administration, website administration, courier services, tracking of product delivery, fraud prevention and detection, analytics and marketing. Such companies will be given only the Personal Information needed to perform those services and we do not authorize them to use or disclose Personal Information for their own marketing or other purposes.
6. Security of your Personal Information
We use physical, electronic and procedural safeguards to protect against unauthorized use, access, modification, destruction, disclosure, loss or theft of your Personal Information in our custody or control.
We have controls in place with third party service providers requiring that any information we provide to them must be safeguarded and used only for the purpose of providing the service we have requested the company to perform.
Security over the Internet
No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Information in accordance with data protection legislative requirements.
All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
Retention of your Personal Information
Our retention periods for personal data are based on business needs and legal requirements. We retain your Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Information is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.
7. Your data privacy rights
Marketing and adverts
Most of our processing is permitted by “legal grounds” other than consent. In relation to Direct Marketing, where we are required to do so, we will obtain your consent before using your Personal Information for this purpose. If you prefer not to receive our Direct Marketing communications and/or not have your Personal Information shared among the members of the ROF group for the purpose of marketing, you can have your name deleted from our Direct Marketing and/or shared information lists.
Direct Marketing means our communication with you such as mail, telemarketing or email, using your contact information, to inform you about products and services that we think may be of interest and value to you. This does not include communications regarding products or services that you currently have, including improved ways to use the products, or additional features of the products as well as transactional information.
We may also engage in online advertising to keep you aware of our products and services. We may target ROF banners and ads to you when you are on other websites and/or mobile applications. We do this using a variety of marketing networks and ad exchanges. We may use a range of advertising technologies as well as specific services offered by some sites or social networks. The banners and ads you see will be based on Personal Information we hold about you, or your previous use of ROF website or ads you have previously clicked on.
We will use reasonable endeavours to ensure that your Personal Information is accurate. In order to assist us with this, you should notify us of any changes to the Personal Information that you have provided to us by contacting us as set out in the “Contact Us” section below.
If you have any questions in relation to our use of your Personal Information, you should first contact us as set out in the “Contact Us” section below. Under certain conditions, you may have the right to require us to:
(a) provide you with further details on the use we make of your information;
(b) provide you with a copy of information that you have provided to us;
(c) update any inaccuracies in the Personal Information we hold;
(d) delete any Personal Information the we no longer have a lawful ground to use;
(e) where processing is based on consent, to withdraw your consent so that we stop that particular processing;
(f) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
(g) restrict how we use your information whilst a complaint is being investigated.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
8. Contact us
If you have any questions or concerns about our privacy practices, the privacy of your Personal Information or you want to change your privacy preferences, please contact us at email@example.com.