We at Roses & Thorns (“Company”, “us”, “we”, “our” or “ours”), understand the importance of personal data (“Personal Data” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual) and sensitive personal data which includes but is not limited to, information pertaining to the physical or mental health or condition of an individual and religious beliefs, or any other sensitive personal data (“Sensitive Personal Data”) as defined under the applicable regulations, guidelines, orders made under the Personal Data Protection Act 2010 and any statutory amendments or re-enactments made of the Personal Data Protection Act 2010 from time to time (collectively referred to as the “PDPA”). We endeavor to protect Personal Data through our compliance with the PDPA and this privacy policy for processing of personal data (“Privacy Policy”), and by appropriately processing the Personal Data of our customers, shareholders, employees and applicants for potential employment or recruitment activities by the Company.

  • We will collect Personal Data and Sensitive Personal Data during your course of dealings with us in any way or manner including pursuant to any transactions, any event and/or communications made from/with us in an appropriate manner not limiting to using for performance of contract, entering into contract, legal obligation, vital interests, and administration of justice.
  • We will inform you regarding the purpose of use for your Personal Data and Sensitive Personal Data, and use such information within the scope of such lawful, direct purpose and/or for secondary purposes.
  • We will take necessary and appropriate measures to safely manage Personal Data and Sensitive Personal Data.
  • We will collect/use/disclose personal data without the consent of individual in case of: necessary for purpose, life threatening situation, publicly available data, national interest, investigations, evaluation purpose, artistic purpose, news activity, provision of legal services, collected by credit bureau, employment purpose, disclosed by public agency, etc.
  • Except where otherwise specified, we will not share, disclose or sell Personal Data or Sensitive Personal Data to any third parties without the consent of the individual.
  • We will respond appropriately in the event that an individual contacts the appropriate point of contact regarding display, correction, deletion, withdrawal (in full or in part) and/or termination of use of their respective Personal Data or Sensitive Personal Data.
  • We will maintain records of application, notice, requests, etc. related to personal data being processed by the Company.
  • The collection of your Personal Data by us may be mandatory or voluntary in nature depending on the Purposes for which your Personal Data is collected. Where it is obligatory for you to provide us with your Personal Data, and you fail or choose not to provide us with such data, or do not consent to the purposes of collection or this Privacy Policy, we will not be able to provide products and/or services or otherwise deal with you.

PURPOSE OF USE FOR PERSONAL DATA AND SENSITIVE PERSONAL DATA

We use Personal Data provided to us by individuals for only the following purposes (“Purposes”):

(1) PERSONAL DATA AND SENSITIVE PERSONAL DATA OF OUR CUSTOMERS (INCLUDING USERS OF OUR APPLICATION SOFTWARE)

  • to communicate with you;
  • to maintain and improve customer relationship;
  • to assess, process and provide products, services and/or facilities to you;
  • to administer and process any payments related to products, services and/or facilities requested by you;
  • to establish your identity and background;
  • to respond to your enquiries or complaints and resolve any issues and disputes which may arise in connection with any dealings with us;
  • to provide you with information and/or updates on our products, services, upcoming promotions offered by us and/or events organised by us and selected third parties which may be of interest to you from time to time;
  • for direct marketing purposes via SMS, phone call, email, fax, mail, social media and/or any other appropriate communication channels to members of our loyalty programmes in accordance with their consent;
  • to facilitate your participation in, and our administration of, any events including contests, promotions or campaigns;
  • to maintain and update internal record keeping;
  • for internal administrative purposes;
  • to send you seasonal greetings messages from time to time;
  • to send you invitation to join our events and promotions and product launch events;
  • to monitor, review and improve our events and promotions, products and/or services;
  • to process any payments related to your commercial transactions with us;
  • to process and analyse your Personal Data either individually or collectively with other individuals;
  • to conduct market research or surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products and/or services;
  • to share any of your Personal Data with the auditor for our internal audit and reporting purposes;
  • to share any of your Personal Data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
  • to share any of your Personal Data with our joint venture/business partners to jointly develop products and/or services or launch marketing campaigns;
  • to share any of your Personal Data with insurance companies necessary for the purpose of applying and obtaining insurance claims, if necessary;
  • for audit, risk management and security purposes;
  • for detecting, investigating and preventing fraudulent, prohibited or illegal activities;
  • for enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
  • to transfer or assign our rights, interests and obligations under any agreements entered into with us;
  • for meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
  • to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws, legislation and regulations;
  • for other purposes required to operate, maintain and better manage our business and your relationship with us, which we notify you of at the time of obtaining your consent;

(2) PERSONAL DATA AND SENSITIVE PERSONAL DATA OF OUR SHAREHOLDERS

  • Exercise of rights and/or performance of obligations under the Personal Data Protection Act 2010; and
  • management relating to our stockholders, such as preparation of records pursuant to various laws and orders

(3) PERSONAL DATA AND SENSITIVE PERSONAL DATA OF EMPLOYMENT APPLICANTS

  • Contacting and/or providing information to employment applicants, and other uses necessary for employment and recruiting activities.
  • If your application is unsuccessful, we will keep your Personal Data for a reasonable period in accordance with our internal policies and procedures and for administration and statistical analysis purposes.
  • If your application is successful, we will process your Personal Data for purposes regarding employment with us, including to communicate with you, manage, improve and maintain effective human resources administration, process your payroll, respond to your enquiries or complaints, improve and facilitate employee performance and salary reviews, monitor compliance with our internal policies and procedures, rules and regulations, handbooks and guidelines, code of conduct, evaluate your performance, enable us to plan and monitor training requirements, conduct health checks on you, facilitate your secondment and transfer within the Company and/or the Company’s group of companies and other purposes that are necessary or related to your employment with us as set out in our internal employee policies.

(4) PERSONAL DATA AND SENSITIVE PERSONAL DATA OF THOSE PERSONS WHO POST/SUBMIT PERSONAL DATA AND SENSITIVE PERSONAL DATA ON OUR WEBSITE OR APPLICATION SOFTWARE

  • Use of works posted/submitted on our website or application software in advertisements for the Company or its affiliates.

All rights of publicity, copyrights and other industrial property rights in such posted/submitted works shall be attributed to the user who posted/submitted such works; provided, however, that upon posting/submitting such works, the user shall be deemed to have granted the Company a global, royalty-free and non-exclusive license (with right of sublicense to third parties) to use (including, without limitation, reproduce, publicize, send, distribute, assign, loan, translate and adapt) such works, and such user agrees that he or she shall not assert any moral rights in such works.

  • Use of works posted/submitted on our website or application software in advertisements for the Company or its affiliates.

All rights of publicity, copyrights and other industrial property rights in such posted/submitted works shall be attributed to the user who posted/submitted such works; provided, however, that upon posting/submitting such works, the user shall be deemed to have granted the Company a global, royalty-free and non-exclusive license (with right of sublicense to third parties) to use (including, without limitation, reproduce, publicize, send, distribute, assign, loan, translate and adapt) such works, and such user agrees that he or she shall not assert any moral rights in such works.

(5) PERSONAL DATA AND SENSITIVE PERSONAL DATA OF OUR VENDORS, CONTRACTORS AND SUPPLIERS

  • to communicate with you;
  • to maintain and improve business relationship;
  • to establish your identity and background;
  • to respond to your enquiries or complaints and resolve any issues and disputes which may arise in connection with any dealings with us;
  • to maintain and update internal record keeping;
  • for internal administrative purposes;
  • to send you the invitation to join our events and promotions and product launch events;
  • to conduct credit reference checks and establish your creditworthiness, where necessary;
  • to administer and give effect to your commercial transactions with us (such as a tender award, contract for service, tenancy agreement);
  • to process any payments related to your commercial transactions with us;
  • to process and analyse your Personal Data either individually or collectively with other individuals;
  • to share any of your Personal Data with the auditor for our internal audit and reporting purposes
  • to share any of your Personal Data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
  • to share any of your Personal Data with our joint venture/business partners to jointly develop products and/or services or launch marketing campaigns;
  • to share any of your Personal Data with insurance companies necessary for the purpose of applying and obtaining insurance policy(ies), if necessary;
  • to share any of your Personal Data with financial institutions necessary for the purpose of applying and obtaining credit facility(ies), if necessary;
  • for audit, risk management and security purposes;
  • for detecting, investigating and preventing fraudulent, prohibited or illegal activities;
  • for enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
  • to transfer or assign our rights, interests and obligations under any agreements entered into with us;
  • for meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
  • to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws, legislation and regulations;
  • or other purposes required to operate, maintain and better manage our business and your relationship with us, which we notify you of at the time of obtaining your consent;

You agree and consent to us using and processing your Personal Data for the Purposes in the manner as identified in this Policy. If you do not consent to us processing your Personal Data for one or more of the Purposes, please notify us at the contact details below.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

WE WILL NOT PROVIDE PERSONAL DATA TO ANY THIRD PARTIES WITHIN OR OUTSIDE MALAYSIA, UNLESS WHERE NECESSARY, FOR THE PURPOSES MENTIONED ABOVE, WITHOUT YOUR CONSENT EXCEPT IN THE FOLLOWING CASES:

  • If you have agreed to the provision of your Personal Data;
  • If it is necessary for the preservation of life, body or property, and the relevant consent(s) cannot be easily obtained;
  • If the handling of Personal Data has been entrusted in whole or in part to a third party within the scope necessary to fulfill the purposes of use (we take measures to prevent leakage, loss, or falsification of Personal Data, such as by carefully selecting our contractors, entering into agreements with contractors regarding the handling of personal data, and directing and supervising our contractors as necessary);
  • If your Personal Data is processed on the behalf of the Company by third party intermediaries providing an adequate level of data protection.
  • If Personal Data is provided in connection with the succession of business due to merger or other reason; and;
  • Where required by applicable laws or regulations.

YOUR RIGHTS UNDER THE PERSONAL DATA PROTECTION ACT 2010:

As an individual, you have the following rights under PDPA:

  1. You have the right to be informed whether Personal Data pertaining to you shall be, are being or have been processed
  2. You have the right to be furnished the following information before the entry of your Personal Data into our processing system, or at the next practical opportunity:

(1) Description of the personal data to be entered into the system or our work processes;

(2) Purposes for which they are being or are to be processed;

(3) Scope and method of the personal data processing;

(4) The recipients or classes of recipients to whom they are or may be disclosed;

(5) Methods utilized for automated access, if the same is allowed by you, and the extent to which such access is authorized;

(6) The identity and contact details of our Company or our representative;

(7) The period for which the personal data will be stored; and

(8) The existence of your rights, i.e., to access, to correct, to request for a copy of, to request to update, and to withdraw (in full or in part) consent to process your Personal Data held by us, as well as the right to lodge a complaint before the Personal Data Protection Commissioner.

Any personal data supplied or declaration made to you on these matters shall not be amended without prior notification to you.

  1. To the extent that the applicable law allows, you have the right to request for access to, request for a copy of, request to update or correct and withdraw (in full or in part) of your consent given previously) in relation to your Personal Data held by us.

You have the right to have reasonable access , by notice in writing, to the following information:

(1) Contents of your personal data that were processed;

(2) Sources from which personal data were obtained;

(3) Names and addresses of recipients of the personal data;

(4) Manner by which such personal data were processed;

(5) Reasons for the disclosure of the personal data to recipients;

(6) Information on automated processes where the personal data will or likely to be made as the sole basis for any decision significantly affecting or will affect you;

(7) Date when your personal data were last accessed and modified; and

(8) The designation, or name or identity and address of the data user;

Notwithstanding the foregoing, we reserve our rights to rely on any statutory exemptions and/or exceptions to collect, use and disclose your Personal Data

  1. You have the right to dispute the inaccuracy or error in the personal data and have the Company correct it accordingly, unless the request is vexatious or otherwise unreasonable.
  2. You have the right to suspend, withdraw (in full or in part) or order the blocking, removal or destruction of your personal data from our filing system upon discovery and substantial proof that the personal data are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected.

PERSONAL DATA COLLECTED/USED

Please be aware that communications over the Internet, such as emails/webmails are not secure unless they have been encrypted. Your communications may be routed through a number of countries before being delivered – this is the nature of the World Wide Web/Internet. We cannot and do not accept responsibility for any unauthorised access or interception or loss of Personal Data that is beyond our reasonable control.

Certain activities, such as special promotions, may be linked with those from other unrelated third party companies that offer you the option to disclose your Personal Data with the third party. We will not disclose your Personal Data with those third party companies; only you can if you make that choice. Links provided on the third party websites are provided as a convenience to you and we do not control those sites or their privacy practices, which may differ from ours. We do not endorse or make any representations about any third party sites that may be accessible through the sites. Third party advertising networks may issue their separate cookies to your hard drive when serving advertisements. We encourage you to review the privacy policy of any company before submitting your Personal Data. The Personal Data you choose to give to unrelated third parties is covered by their privacy policies, not this Privacy Policy.

To provide you with product and styling recommendations and improve our services to you, (in addition to the uses described above) we will also collect and use customer identifying information, site browsing/action history and computer/connection information, including such information obtained via Cookies* (collected information may contain, but is not limited to, customer Personal Data). We may also collect other information which may be collected via conventional internet technologies and use such data for analysis.

*What are Cookies?

“Cookies” are small files that are stored on your device when accessing our website. They allow us to recognize whether there has been any contact made between us and your end device in the past.

Roses & Thorns uses Cookies to record the preferences of users to make navigation easier and to increase the user-friendliness of our website. Cookies can also be issued by our authorized third-party providers (“Third-Party Cookies”) in order to offer you personalised advertising when you access other websites. Please note that only the issuer of Cookies may read or modify information contained therein.

We issue Cookies for the following purposes:

  • Establish traffic statistics (number of visits, page views, abandonment during the order process) to monitor and improve the quality of our services
  • Adapt the presentation of our website to the display preferences of your end device;
  • Memorize information entered in forms, manage and secure access to specific and personal places such as your account, manage your shopping cart. Provide you with content related to your preference and customize the promotion we send to you.

The Third-Party Cookies issued from our website are designed to:

  • Establish statistics on advertisements (such as how many times it was displayed, which advertisements were displayed, number of users having clicked on each advertisement, etc)
  • Identify the products seen or purchased on our website in order to personalize the advertising offer sent to you when you access other websites such as Facebook.com, YouTube.com etc.
  • Send you cart reminder email if you have authorized them when creating the account
  • Send you promotion and news alert via browser notification if you have chose to opt-in or accept it upon visited our website

The use of Third-Party Cookies are subject to the privacy policies of these third parties providers. We have no access or control over Third-Party Cookies. However, we make sure that our partner providers treat the information collected on our website exclusively for our needs and in compliance with any applicable data privacy laws and regulations.

By using our website, you consent to the use and storage of Cookies on your end device. However, you can also view our website without Cookies. Most browsers accept cookies automatically. You can prevent Cookies from being saved on your end device by setting your browser to not accept cookies. You can delete Cookies stored on your end device at any time. The exact instructions for how to do this can be found in the manual for your browser or end device.

“For the purpose of distributing advertisements, we may obtain and use behavior information from Cookies issued by contractors. Details of cookies from contractors and the information obtained will be handled in accordance with the applicable contractor’s privacy policy. If you wish to invalidate advertisement deliveries via the Cookies of contractors, please invalidate them from the site of the relevant company below:

GoogleAnalytic

AppsFlyer

TURNAROUND TIME

We will respond as soon as possible but in all cases within twenty one days from the date of your request on personal data relating to you.

WHERE WE STORE YOUR PERSONAL DATA?

The Internet is used in a global environment, using it to collect and process personal data may involve the transmission of data on an international basis. The personal data that we collect from you may be transferred to, accessed in and stored at, a destination outside Malaysia, this data will always be held securely and in line with the requirements of any applicable laws and regulations regarding data protection. Please be aware that communications over the Internet, such as emails/webmails are not secure unless they have been encrypted.

We may need to transfer your personal information outside of Malaysia. You hereby expressly consent to us transferring your Personal Data outside of Malaysia for such Purposes. Your Personal Data may also be processed by third-parties operating within or outside the Malaysia, working for us or for one of our suppliers, where necessary, for the Purposes mentioned above, to any party who undertakes to keep your Personal Data confidential or to whom we are compelled or required under the data protection laws to disclose to. Such third parties may be engaged in, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services. When we transfer Personal Data to third parties outside Malaysia, we ask them to provide adequate guarantees to implement appropriate technical and organizational security measures in such a manner that processing will meet the requirements of Malaysia data protection laws and regulations to ensure the protection of your rights as an individual.

SECURITY OF YOUR PERSONAL DATA

We will take reasonable steps to protect the personal data from loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.

We will undertake technical and organizational security measures governing the processing to be carried out and ensure compliance with the measures.

RETENTION OF YOUR PERSONAL DATA

We will cease to retain the documents containing Personal Data or remove the means by which the Personal Data can be associated with the individuals when it can be assumed that: the Purpose for which the Personal Data was collected is no longer being served by retention of personal data, and the retention is not necessary for legal or business purposes. However, we reserve the right to retain and keep your Personal Data for a period necessary for business, tax, or legal purposes.

PERSONAL INFORMATION FROM MINORS AND OTHER INDIVIDUALS

To the extent that you have provided (or will provide) Personal Data about your family members, spouse and/or other dependents, you confirm that you have explained to them that their Personal Data will be provided to, and processed by, us and you represent and warrant that you have obtained their consent to the processing (including disclosure and transfer) of their Personal Data in accordance with this Privacy Policy.

Our website is intended only for persons who are at least eighteen (18) years old. If you are an individual under 18 years of age (“Minors”) or individuals not legally competent to give consent, you will require a parent or legal guardian to consent on your behalf to the processing (including disclosure and transfer) of your Personal Data in accordance with this Privacy Policy. We neither offer products or services to, nor knowingly collect personal data of Minors without any legal basis. Should we learn that we were provided with personal data of Minors without any legal basis, we will delete the same from our database. If you are a Minor, please do not provide any Personal Data to us, such as your name, age, gender, email address, contact information and the like, and kindly consult your parent(s) or legal guardian(s) first before visiting any website.

OTHERS

The Company reserves the right to change or revise this Privacy Policy from time to time without prior notice to incorporate any changes in its procedures for protecting personal data or any regulatory changes. We will notify you of any amendments to this Privacy Policy via announcements on our Company website or any other appropriate means. Please check our website from time to time to see if there are amendments to this Privacy Policy. Any amendments to this Privacy Policy will be effective upon notice to you. If we amend this Privacy Policy, the amendment will only apply to Personal Data collected after we have posted the revised Privacy Policy

Further, by continuing to use the services, purchasing products from the Company or by your continued engagement with the Company following the change or revision to this Privacy Policy, you will be treated as having agreed to and accepted those amendments.

If you do not agree to this Privacy Policy or any amendments to this Privacy Policy, we may not be able to render all services to you and you may be required to terminate your relevant agreement with us and/or stop accessing or using our website.

In accordance with Section 7(3) of the PDPA, this Privacy Policy is issued in both English and Bahasa Malaysia. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail.

Date of issuance of this Privacy Policy: 13 September 2021


SHOP NOW

© Copyright 2024 | Roses & Thorns.