1. General Statement

This Privacy Statement is prepared by Rayas & Plaid Sdn Bhd (1466439-M) pursuant to the Personal Data Protection Act 2010 which describes how your personal data is collected, compiled, processed and maintained.

It explains our policies and practices regarding how we collect, use, and disclose the personal data that we collect through our Digital Platforms, our stores or during our events.

We recommend that you read this Privacy Policy carefully as it provides important information about your personal data.

2. What personal data do we collect and how is it collected?

Personal data is information, whether true or not, about an individual who is or can be identified from that data, or from that data and other information to which the organisation has or is likely to have access to. For example, it may include an individual’s name, address and gender.

We may collect personal data either directly from you (for example when you purchase a product in a store) or indirectly (for example from your electronic devices that interact with our websites, electronic forms or mobile applications (“Digital Platforms”)).

Information you provide directly to us

You may provide us with information:

– When you create an account online or in our stores;

– When you subscribe to our newsletter;

– When you use our Digital Platforms;

– When you purchase products or services on our Digital Platforms or in our stores;

– When you visit our stores;

– When you participate in one of our events;

– When you contact our customer-services.

Depending on what you provide us with, such information may include:

– Your identity (including your first name, last name, gender, image);

– Your contact details (including your postal address(es), email address(es), phone number(s));

– Your personal status (including your title);

– Your purchases and repairs (including purchase history, order details);

– Your preferences (including your size);

– Certain payment information (including billing information, payment type or method, charge or credit card number);

– Other information you may provide by filling forms or by contacting us (including your feedback, or other communications with us).

We will inform you when your information is required to process your request, to respond to your queries or to provide you with our products and services. If you do not provide this information, then it may delay or prevent us from processing your request, responding to your query, or providing products or services to you.

We hope to ensure that the personal data we possess is accurate at all times and therefore we encourage you to update your information in case any changes have occurred. We also may ask you to update your information from time to time.

We recommend that you only provide the data requested or necessary for your query, with the exception of any sensitive information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health, sex life or sexual orientation.

We remind you that we do not provide our services or products directly to, nor collect personal data of, persons who have the legal capacity to purchase. Therefore, we ask you not to provide us with personal data of persons who do not have the legal capacity.

Information indirectly collected

We may collect information when you use our Digital Platforms, such as your IP address or other browsing information (including browser, operating system, device model), through cookies or similar technologies placed on your device. Some cookies are required for the proper functioning of our Digital Platforms and other are used for analytics purposes which help us to provide you with more personalized and customized services and a better digital experience. For more information about cookies and to know how you can edit your preferences.

We may also collect information about you from third parties, such as a spouse who contacts us on your behalf or from your friends who provide us with your information in order to invite you to events you may be interested in.

If you provide personal data to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by data protection laws, we may collect, use and disclose such information for the purposes described in our Privacy Policy. For example, you should ensure the individual concerned is aware of the various matters detailed in our Privacy Policy, including that (i) his or her personal data has been or will be disclosed to us and that (ii) his or her personal data will be collected, used, disclosed or otherwise processed by us in the manner and for the purposes as set out in this Privacy Policy. The individual must also provide the consents set out in this Privacy Policy in respect of how we will deal with their personal information.

3. Why do we collect your personal data and how do we use it?

We collect and use your personal data based on one or many of the following legal basis:

– we have obtained your prior consent (for example, when you subscribe to our newsletter). Please note that for this specific legal basis, you have the right to withdraw your consent at any time (see below “What rights do you have on your personal data?”);

– the processing is necessary in connection with any contract between RAYAS & PLAID SDN BHD  and you (for example, when you make a purchase);

– we have to process your personal data to comply with applicable laws and regulations.

Depending on the context, we may use your personal data in order to:

– provide you with the products or services you requested;

– conduct checks to identify you and verify your identity;

– send you Promotional Communications – with your prior consent

– provide you after-sale services;

– respond to your queries, requests and suggestions;

– manage the events you registered and/or participated in;

– detect any fraudulent or illegal activity, including to secure your transactions by detecting and preventing fraud against you and RAYAS & PLAID SDN BHD;

– protect you, employees and other individuals in our stores as well as our property;

– manage the stock of certain types of rare products to allow a fair allocation of the products we sell;

– monitor and improve our Digital Platforms;

– conduct statistical analysis;

– improve our products and services;

– fulfil our legal obligations corresponding to preventing and combating fraud and money-laundering;

– provide information to regulatory bodies when legally required.

4. How long do we retain your personal information?

Your personal data are processed for the period necessary for the purposes for which they have been collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.

5. How do we protect your personal data?

All your personal data is strictly confidential and will only be accessible, on a need-to-know basis, to duly authorized personnel of RAYAS & PLAID SDN BHD and third providers acting on our behalf with appropriate technical and organizational security safeguards.

We have implemented security measures to protect your personal data against unauthorized access and use. We follow appropriate security procedures in the storage and disclosure of your personal data so as to prevent unauthorized access by third parties and to prevent your data being accidentally lost. We limit those who access your personal data to those who have a genuine business need to access it. Those who do access your data are subject to a duty of confidentiality towards RAYAS & PLAID SDN BHD.

6. What rights do you have on your personal data?

In accordance with the applicable data protection laws, you can, at any time, request access, rectification, erasure, and portability of your personal data or restrict and object to the processing of your personal data. A summary of these rights is provided below:

Your right of access: the right to be provided with a copy of your personal data.

Your right to rectification: the right to require us to correct any mistakes in your data or to complete your information.

Your right to be forgotten: the right to require us to delete your personal data — in certain situations.

Your right to restriction of processing: the right to require us to restrict processing of your personal data — in certain circumstances, for example if you contest the accuracy of the data.

Your right to data portability: the right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party — in certain situations.

Your right to object to processing: the right to object:

— at any time to your personal data being processed for direct marketing;

— in certain other situations to our continued processing of your personal information,

You may at any time decide to withdraw your consent to the processing of your personal data. If your consent is withdrawn, it does not prevent us from processing your personal data based on other legal bases if any, such as fulfilling your orders and storing your order data as required by applicable law.

If you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic promotional message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request within twenty-one (21) days from the date of request, but we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.

7. Changes to our Privacy Policy

Our Privacy Policy reflects our current practices and is subject to change and update from time to time. When we post changes to our Privacy Policy, we will modify the “Effective Date” at the top of this document to indicate when such changes have come into effect.