1. About this Policy
StemErgy ("we", "us", or "our") is committed to protecting your personal data in accordance with the Malaysian Personal Data Protection Act 2010 (PDPA). This privacy policy explains how we collect, use, disclose, and protect your personal information when you visit our website or purchase our products.
By using our website at stemergy.com.my or our online store at shop.stemergy.com.my, you consent to the practices described in this policy.
2. Personal Data We Collect
We may collect the following categories of personal data when you interact with us:
- Identity & Contact Information: Name, email address, phone number, billing and shipping address.
- Transaction Data: Order details, payment information, purchase history, and correspondence related to your orders.
- Technical Data: IP address, browser type, operating system, device information, and browsing behaviour on our websites.
- Communication Data: Any information you provide when contacting us via email, contact forms, or social media.
3. How We Collect Your Data
We collect your personal data in the following ways:
- Directly from you: When you place an order, fill in a contact form, subscribe to our newsletter, or communicate with us via email or social media.
- Automatically: When you browse our websites, we collect technical data such as your IP address, browser type, and pages visited through cookies and similar technologies.
- From third parties: Payment processors (for transaction verification purposes only) and analytics providers.
4. How We Use Your Data
We use your personal data for the following purposes:
- To process and fulfil your orders, including payment processing and delivery.
- To communicate with you regarding your orders, inquiries, and customer support requests.
- To improve our website, products, and customer experience.
- To send you promotional materials and updates about our products, only with your explicit consent.
- To comply with legal and regulatory obligations.
5. Legal Basis for Processing (PDPA)
Under the Malaysian Personal Data Protection Act 2010, we process your personal data based on the following grounds:
- Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications).
- Contractual Necessity: Processing is necessary for the performance of a contract with you (e.g., processing your order and delivering products).
- Legal Obligation: Processing is necessary to comply with applicable laws and regulations.
- Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services and preventing fraud, provided your rights do not override these interests.
6. Disclosure of Your Data
We may share your personal data with the following categories of third parties:
- Payment Processors: To process your payments securely (DuitNow, bank transfers, and other payment methods). We do not store your payment card or banking details.
- Delivery Partners: To ship your orders to your provided address.
- IT Service Providers: Web hosting, email services, and analytics platforms that help us operate our business.
- Regulatory Authorities: When required by law or to protect our legal rights.
We do not sell, rent, or trade your personal data to third parties for their marketing purposes.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- SSL/TLS encryption for data transmitted between your browser and our servers.
- Secure servers and restricted access to personal data.
- Regular security reviews of our systems.
Please note that no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Typically:
- Order data is retained for 7 years to comply with Malaysian tax and legal requirements.
- Marketing data is retained until you withdraw your consent or unsubscribe.
- Technical data (logs, analytics) is retained for up to 12 months.
9. Your Rights Under PDPA
Under the Malaysian Personal Data Protection Act 2010, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete data.
- Right to Withdraw Consent: Withdraw your consent to our processing of your data at any time.
- Right to Limit Processing: Request restriction of processing your data in certain circumstances.
- Right to Data Portability: Request transfer of your data to another party, where technically feasible.
To exercise any of these rights, please contact us at info@stemergy.com.my. We will respond to your request within a reasonable timeframe as required by applicable law.
10. Cookies
Our websites use cookies to enhance your browsing experience. Cookies are small text files stored on your device by your browser.
Types of cookies we use:
- Essential Cookies: Required for the website to function properly (e.g., shopping cart functionality). These are set automatically.
- Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous information about pages visited and browsing patterns.
- Preference Cookies: Remember your settings and preferences for future visits.
You can control cookies through your browser settings. Disabling cookies may affect the functionality of our websites, particularly the shopping cart and checkout process.
11. Third-Party Links
Our websites may contain links to third-party websites (such as social media platforms). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.
12. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:
StemErgy
Email: info@stemergy.com.my
Website: stemergy.com.my
14. Complaints
If you believe we have not complied with the Malaysian Personal Data Protection Act 2010 in the handling of your personal data, you may lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia.