Privacy Notice

Publication Date: 28 April 2020

Last Updated: 28 October 2021

When you use the Wondaleaf Shop or subscribe to our newsletter (including wondaleaf.com, wordpress.com, jetpack.com, SiteGround.com, mailchimp.com and woocommerce.com) the “Site”), some personal data is collected from and about you. We are committed to protecting the security of this information and safeguarding your privacy.

This privacy notice sets out the details of the personal data collected, the manner in which it is collected, by whom as well as the purposes for which it is used. At registration, or upon provision of your information, you accepted the terms of this Privacy Policy and your use of the Site signifies your continued acceptance thereof.

This Privacy Policy may be revised from time to time. In order to use the Site, you will be required to consent to the terms of the Privacy Policy as revised from time to time.

1. INFORMATION COLLECTED AND MANNER OF COLLECTION

• When you use the Site or submit your details on the Site, the following personal data may be collected from you (hereinafter described as “User Data”):

1. Name;
2. Phone number;
3. Home Address;
4. Billing Address;
5. Email Address;
6. Contents and attachments of any email you send to us; and
7. Site browsing / action history and computer connection information, including such information obtained via Cookies (see Clause 6)

• The Site collects your data upon submission of the appointment form that you submit to us voluntarily through creating an account, signing up for our newsletter, emailing us, or filling out the Contact Us form.
• We may receive Personal Information about you from other sources with which you have expressly consented to.

2. USE OF INFORMATION

• User Data will be used and/or stored by the Site:

1. to send your purchased items to you or to contact you via telephone, instant messaging, registered post or email in respect thereto if you provide your details at Checkout; 
2. to send you our newsletter via email if you sign up for our newsletter; 
3. to communicate with you or to reply any inquiry, complaints, comment, feedback inter alia submitted by you via the Site or directly to us;
4. to maintain and improve customer relationship;
5. to assess, process and provide products, services and/or facilities to you;
6. to administer and process any payments related to products, services and/or facilities requested by you;
7. to establish your identity and background;
8. to maintain internal record keeping;
9. for internal administrative purposes;
10. to process any payments related to your commercial transactions with us;
11. to conduct market research or surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and statistical and trend analysis in relation to our products and/or services;
12. to share any of your User Data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
13. to audit, risk management and security purposes;
14. to store your User Data for faster checkout (by using ‘My Account’ features); 
15. to process and analyze your User Data either individually or collectively; or
16. for any other purposes required to operate, maintain and better manage our business and your relationship with us, which we notify you of at the time of obtaining your consent.

• The personal data collected will not be used for any purpose other than those mentioned above save as required in order to comply with any legal obligation.

3. RETENTION

• All personal data provided at the time of registration will be kept for a period of 10 years from the date of submission in our servers.
• Your personal data may be provided to third-parties who we have service agreements with (such as Mailchimp, Woocommerce, or WordPress) for storage in their servers. Our service agreements ensures that your data can only be viewed and amended by us, unless required to be disclosed by law. 

4. RIGHTS

As an individual, you have the following rights under Personal Data Protection Act 2010:

1. You have the right to be informed whether Personal Data pertaining to you shall be, are being or have been processed
2. You have the right to be furnished the following information before the entry of your Personal Data into our processing system, or at the next practical opportunity:

• Description of the personal data to be entered into the system or our work processes;
• Purposes for which they are being or are to be processed;
• Scope and method of the personal data processing;
• The recipients or classes of recipients to whom they are or may be disclosed;
• Methods utilized for automated access, if the same is allowed by you, and the extent to which such access is authorized;
• The identity and contact details of our Company or our representative;
• The period for which the personal data will be stored; and
• The existence of your rights, i.e., to access, to correct, to request for a copy of, to request to update, and to withdraw (in full or in part) consent to process your Personal Data held by us, as well as the right to lodge a complaint before the Personal Data Protection Commissioner.

Any personal data supplied or declaration made to you on these matters shall not be amended without prior notification to you.

3. To the extent that the applicable law allows, you have the right to request for access to, request for a copy of, request to update or correct and withdraw (in full or in part) of your consent given previously) in relations to your Personal Data held by us.

You have the right to have reasonable access , by notice in writing, to the following information:

• Contents of your personal data that were processed;
• Sources from which personal data were obtained;
• Names and addresses of recipients of the personal data;
• Manner by which such personal data were processed;
• Reasons for the disclosure of the personal data to recipients;
• Information on automated processes where the personal data will or likely to be made as the sole basis for any decision significantly affecting or will affect you;
• Date when your personal data were last accessed and modified; and
• The designation, or name or identity and address of the data user;

Notwithstanding the foregoing, we reserve our rights to rely on any statutory exemptions and/or exceptions to collect, use and disclose your Personal Data

4. You have the right to dispute the inaccuracy or error in the personal data and have the Company correct it accordingly, unless the request is vexatious or otherwise unreasonable.
5. You have the right to suspend, withdraw (in full or in part) or order the blocking, removal or destruction of your personal data from our filing system upon discovery and substantial proof that the personal data are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected.

5. DATA SECURITY

• The Site is equipped with standard security features to protect the confidentiality and security of your Information.
• Personal information and User Data provided at the time of registration are uploaded to the server that belongs to Twin Catalyst through its contracts with Siteground where it is stored in a secure server. 
• User Data may be transferred to, accessed in and stored at, a destination outside Malaysia. This data will always be held securely and in line with the requirements of any applicable laws and regulations regarding data protection. 
• You hereby expressly consent to us transferring your User Data outside of Malaysia for the purposes outlined in this Privacy Notice. 
• We will do our best to protect your personal data, we cannot, however, guarantee the security of your data transmitted to our site; any transmission is at your own risk and you agree not to hold us responsible for any breach of security while accessing the internet that is out of our control.
• Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

6. COOKIES

To provide you with product and styling recommendations and improve our services to you, (in addition to the uses described above) we may also collect and use customer identifying information, site browsing/action history and computer/connection information, including such information obtained via Cookies (collected information may contain, but is not limited to, customer User Data). We may also collect other information which may be collected via conventional internet technologies and use such data for analysis.

*What are Cookies?

“Cookies” are small files that are stored on your device when accessing our website. They allow us to recognize whether there has been any contact made between us and your end device in the past.

Twin Catalyst uses Cookies to record the preferences of users to make navigation easier and to increase the user-friendliness of our website.  Cookies can also be issued by our authorized third-party providers (“Third-Party Cookies”) in order to offer you personalised advertising when you access other websites. Please note that only the issuer of Cookies may read or modify information contained therein.

We issue Cookies for the following purposes:

• Establish traffic statistics (number of visits, page views, abandonment during the order process) to monitor and improve the quality of our services
• Adapt the presentation of our website to the display preferences of your end device;
• Memorize information entered in forms, manage and secure access to specific and personal places such as your account, manage your shopping cart. Provide you with content related to your preference and customize the promotion we send to you.

The Third-Party Cookies issued from our website are designed to:

• Establish statistics on advertisements (such as how many times it was displayed, which advertisements were displayed, number of users having clicked on each advertisement, etc)
• Identify the products seen or purchased on our website in order to personalize the advertising offer sent to you when you access other websites such as Facebook.com, YouTube.com etc.
• Send you cart reminder email if you have authorized them when creating the account
• Send you promotion and news alert via browser notification if you have chose to opt-in or accept it upon visited our website

The use of Third-Party Cookies are subject to the privacy policies of these third parties providers. We have no access or control over Third-Party Cookies.

By using our website, you consent to the use and storage of Cookies on your end device. However, you can also view our website without Cookies. Most browsers accept cookies automatically. You can prevent Cookies from being saved on your end device by setting your browser to not accept cookies. You can delete Cookies stored on your end device at any time. The exact instructions for how to do this can be found in the manual for your browser or end device.

You will find more information on how to reject or control Cookies on http://www.aboutcookies.org.uk/

7. DISCLOSURE

• Save as otherwise set out in Clause 2.1 above or described in the Clause herein, no personal data collected by the App will be disclosed to any third party for commercial purposes or direct marketing.
• Twin Catalyst has contracts in place with data processors including Siteground, WooCommerce, WordPress.com, Mailchimp, & Jetpack.com, which means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organization apart from us. They will hold it securely and retain it for the period we instruct.
• The data processing consisting of hosting provider services (storage and maintenance of databases containing your User Data, protected by password) is performed on our behalf and under written confidentiality agreements by our authorized data processors. 
• We may disclose your Personal Information if we believe in good faith that such disclosure is necessary to:
  1. Comply with relevant laws or to respond to subpoenas or warrants served on us; or
  2. To protect and defend our rights or property, you, or third parties.

8. THIRD PARTY WEBSITES

Our website may contain links to other sites (“Linked Sites”). We are not responsible for the privacy policies or practices of such other Linked Sites. You agree to waive any claim against us with respect to the Linked Sites.                               

9. CONTACT & REVISIONS

• If you have any questions or concerns about our Privacy Policy, please contact us at admin@wondaleaf.com.
• This Privacy Policy is subject to occasional revision at our discretion. If you object to any such changes, you must cease using our platform and any further use shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.