Privacy and Cookie policy
This privacy notice is written following Malaysia's Personal Data Protection Act 2010 and any implementing, derivative or related legislation, rule, regulation, and regulatory guidance, as amended, extended and re-enacted from time to time (“PDPA 2010") and it applies to all personal data that DKSH collects through the use of this website commonly referred to as “Labshop” (hereinafter the “Website”).
This Privacy Notice applies to personal data collected by DKSH, such as through this Website, email and other tools and applications related to the Website, but not to offline collection.
1. Organization
DKSH Technology Sdn. Bhd. of ______ (‘DKSH’) respects your privacy and is committed to complying with applicable data protection laws and to safeguard your personal data. This Privacy and cookie policy describes the way in which we, DKSH as the data controller user defined under the PDPA 2010, collect, use and share personal data about you, how we safeguard your personal data and interact with third parties that may have access to your personal data and finally, how you can contact us in case of questions or requests.
You may contact us at the following email support.labshop.my@dksh.com or by sending us a post mail to B-10-01, The Ascent Paradigm, 1, Jalan SS 7/26a, SS7, 47301 Petaling Jaya, Selangor.
To be able to deliver our products and services to you, we need to share your personal data with approved partners or other members of the DKSH Group who generally act as our “data”processors". Such approved partners include Flexfin (operated by Intelligent Mobility System Sdn. Bhd.), our appointed payment aggregator and billing partner for B2C transactions. All are bound by an obligation to implement appropriate security measures to protect personal data in their possession and are bound by a strict confidentiality agreement and specific contractual terms on “how” and “when” they are allowed to use your personal data on our behalf.
Please be aware that certain approved partners, such social media, could also determine “why” and “how” your data is used. They have their own privacy and cookies policies, so remember that the personal data you give them will be subject to their rules and not ours.
2. Purposes of processing,
DKSH will collect, record, hold, organize, structure, store, update, adapt, combine, consult, use, transfer and disclose your personal data for the purposes described in this section. Your personal data will not be further used for purposes incompatible or inconsistent with the purposes for which it was collected, unless permitted by the applicable legislation.
Where we share your data with third parties for the purposes mentioned below, such sharing is carried out in accordance with PDPA 2010.
3.1 WEBSITE USAGE
Every time you visit our Website, we collect data automatically transmitted by your browser in order to enable your visit to the Website. In particular, this data may include the following:
Domain name or IP address of the requesting device;
Client file request (file name and URL);
http response code;
Date and duration of visit and request;
Browser and operating system;
IDs (e.g. device identifier, Session-IDs);
Address of accessed website and requesting website.
This data must be processed in order to enable you to visit the Website and ensure the uninterrupted functionality and security of our systems.
This data is processed with your consent or as permitted under the PDPA 2010, including where necessary for the performance of a contract or for our operational purposes in enabling the Website to be accessed and ensuring the permanent functionality and security of our systems.
The data retention period for this data is 180 days.
3.2 USER ACCOUNT / REGISTRATION
If you register on our Website, we will set up a password-protected area (customer account) where you can access the personal data concerning you that we have saved. In your customer account, you can view, update and correct data relating to your completed, pending, and recently sent orders your payment data, and your personal data. We have highlighted the data you are required to provide by marking them as mandatory fields. Registration is not possible without this data.
This data is processed with your consent or as permitted under the PDPA 2010, including where necessary for the performance of a contract or for our operational purposes in maintaining an accurate and up-to-date customer account.
Data retention period: until the user requires de-activation (with no purchase history).
3.3 ORDERS
In the case of an order process, we collect the mandatory information required to finalize a contract with you such as:
Salutation (Mr/ Ms etc.)
First and last name
E-mail address
Billing and shipping address
Telephone number
Credit card token
Company name (where applicable)
Order details (including product, quantity, and price)
Payment method details
any other personal data reasonably required to process and fulfil your order.
This data is processed as necessary for the performance of a contract with you, as permitted under the PDPA 2010.
Data retention period: Seven (7) years from contract conclusion (i.e. execution of the order).
3.3.1 PAYMENT DATA
We process your payment data, via external service providers, for the purpose of processing your payment. Depending on how you choose to pay, we will pass on your payment data to the financial institution or a payment service provider handling the payment.
Payment data may include, but is not limited to, the following:
billing addresses,;
credit or debit card details (such as card number, cardholder name, and expiry date), online banking information (such as FPX transaction details), e-wallet account information (such as Touch 'n Go eWallet, GrabPay, WeChat Pay, or Alipay identifiers); and
preferred payment method and related transaction data, which may be transmitted to our payment service providers, including Flexfin (where applicable for B2C transactions).
This also includes data that is directly related to payment processing, such as data that external payment service providers (including Flexfin, where applicable for B2C transactions) use for identification (e.g. first and last name, address, gender, email address, IP address, telephone number, payment account identifiers), device information (e.g. IP address, device type, operating system) or data that are required to create an invoice or e-invoice such as number of items, item number, invoice amount, taxes in percent, and company information (where applicable). These payment service providers can also process data on your previous payment behaviours as well as probability values for behaviours in the future. For the purpose of checking payments, e.g. to approve purchased goods, we also receive corresponding information about payment from the payment service providers. We also receive master and financial information from the payment service providers as part of any legally required identity checks or fraud screening processes.
This data is processed as necessary for the performance of a contract with you, as permitted under the PDPA 2010.
For sake of clarity, please note that such external payment service providers also carry out processing activities in parallel for their own purposes, acting then as data controllers. In this respect, our privacy policy does not extend to the processing activities carried out by these external payment service providers where the latter are acting on their own account, as data controller for the performance of their services. This can be the case when external service provider carries out fraud detection processes. These other companies have their own privacy policies in place, so remember that the way they use any personal information you give them will be subject to their rules and not ours.
Therefore, any data protection queries can most efficiently be submitted to the respective payment service provider, as only these providers have access to the data and can take appropriate measures directly.
3.4 DIRECT MARKETING
We may also process your personal data for direct marketing purposes such as for sending you generic information or special promotions related to our products. Permission to process your personal data for this purpose is voluntary only by opting-in during registration of your user account. In this connection, please note that:
(a) Your personal data such as your name, contact details and purchase history held by us may be used for such purpose;
(b) To indicate consent to the use of your personal data for direct marketing purposes, you shall opt-in during registration of your user account; and
(c) If you do not wish that we process your personal data for direct marketing purposes in the future after you have opt-in during registration, you may, without charge, exercise the right to opt-out by contacting us.
Data retention period: until consent is revoked or Seven (7) years from the date of collection.
In order to perform such processing activity, we may employ different service providers such as also social media platforms.
3.5 PROFILED MARKETING
Subject to your express consent we may also process your personal data for profiled marketing activities therefore for sending you personalized offers or suggestions based on your interests and or purchasing history.
Data retention period: until consent is revoked or Seven (7) years from the date of collection.
For performing such activity, we employ different tools such as marketing cookies, tag managers or other similar technologies like pixels to collect data along with different services providers such as the most common social medias (e.g. Facebook).
For any further information you are always entitled to enforce your rights described below as per applicable laws.
3.6 REMARKETING/ RETARGETING
We may also use the so called “Remarketing” or “Retargeting” technologies via different tools including but not limited to cookies.
Remarketing is the activity of showing targeted results based on previous browsing activity or purchasing ones using e-commerce or other platforms. In doing so, we expect to show you better advertising more in line with your expectations and desires.
Data retention period: until consent is revoked or Seven (7) years from the date of collection.
3.7 LEGAL DEFENSE AND CLAIM MANAGEMENT
Personal data stored from the Website browsing as described in 3.1 above , orders processing as described in 3.3, and/or payment data as described in 3.3.1 and any other relevant personal data, may also be used where necessary for the establishment, exercise, or defence of legal claims, including but not limited to defending ourselves in a court of law, responding to any claim you may raise against us, managing payment disputes, chargebacks, or fraud investigations in connection with transactions processed via our payment service providers. Any dispute arising out of or in connection with the processing of your personal data or any transaction conducted through the Website shall be governed by and construed in accordance with the laws of Malaysia, and the courts of Malaysia shall have exclusive jurisdiction to settle any such dispute.
This data is processed as permitted under the PDPA 2010, including under Part 3Section 40 thereof, for the purposes of establishing, exercising, or defending legal claims.
Data retention period: Seven (7) years from contract conclusion (i.e. execution of the order).
3.8 LEGAL OBLIGATION
We may also process your personal data to abide by any legal obligations imposed on us by applicable laws including but not limited to fraud prevention and detection.
This data is processed as permitted under the PDPA 2010, including under Section 40 thereof, in order to comply with applicable legal obligations.
Data retention period: Seven (7) years from the collection of the personal data.
3.9 USE OF COOKIES AND SIMILAR TECHNOLOGIES
This Website uses cookies and similar technologies (together “tools”) provided either by ourselves or by third parties.
What is a cookie?
Cookies are small files which are stored on your computer to keep track of your visit to the website and your preferences; as you move between pages, and sometimes to save settings between visits. Cookies help the builders of websites gather statistics about how often people visit certain areas of the site and help in tailoring websites to be more useful and user-friendly.
Cookies and usage tracking
We use cookies directly or through third parties, such as web analytics services like Google Analytics. Cookies allow us to store information, such as your domain name, your internet service provider, your operating system, the date and time of access, the pages you visit or the types of searches you perform.
We may use this information to store your preferences and settings, help improve the contents of our website, to enable you to register to websites and applications, to compile aggregated statistics to evaluate visitors’ use of our website or website activity and for internal and market research purposes.
You have the right to choose whether or not to accept cookies and to opt out of Google Analytics. You can block cookies by changing your browser settings so that cookies from the website cannot be placed on your computer or mobile device. However, please note that if you choose to refuse cookies, you may not be able to use the full functionality of the website.
How to control and deactivate cookies
Most browsers are set so that they automatically accept cookies. You may however, deactivate the storage of cookies or set your browser in a manner that it will notify you as soon as cookies are set.
Links to other websites
The Website may contain links to other websites. Please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for the privacy practices or the content of other websites but only for the websites controlled by DKSH.
4. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
In some cases, we transfer your personal data to third parties. The types of third parties with whom we share personal information are described below:
Other DKSH Group companies
We may share your personal data with other companies belonging to the DKSH Group, including our companies for technical support, who may use your personal information for purposes and in a manner consistent with the information set out in this privacy statement.
Service providers
We may disclose your personal data to companies that provide services to us and other members of the DKSH Group. Examples of the types of service providers we work with include:
IT companies that operate the Website on our behalf,
Delivery companies, such as couriers, that deliver our products to you,
Direct marketing companies who help us manage our electronic communications with you,
Customer services companies who operate and manage our call centers,
Payment service providers who manage our online payments where you purchase products through our Sites
Our service providers are required to keep your personal data confidential and are not allowed to use it for any other purpose than to carry out the services they are performing for us.
Payment aggregator and billing partner (Flexfin)
Where you make a purchase on the Website as a business-to-consumer ("B2C") customer and select Flexfin as your payment method, your personal data will be shared with Flexfin (operated by Intelligent Mobility System Sdn. Bhd.), our appointed payment aggregator and billing partner for B2C transactions, for the purposes of payment processing, invoicing (including e-invoicing), payment confirmation, and refund processing.
The categories of personal data shared with Flexfin in connection with B2C purchases include: (i) name; (ii) email address; (iii) telephone number; (iv) billing address; (v) delivery address; (vi) order details (product, quantity, price); (vii) payment method details (as required for processing); and (viii) company information (where applicable, for e-invoicing purposes).
Flexfin's collection, use, and processing of your personal data in connection with B2C transactions is governed by Flexfin's Privacy Policy, available at https://flexfin.com.my/privacy-policy/. We encourage you to review Flexfin's Privacy Policy before completing your purchase. In respect of B2C transactions processed via Flexfin, DKSH remains the data user in respect of your personal data collected through the Website. Flexfin processes your personal data as a data processor on behalf of DKSH, in accordance with DKSH's instructions and the terms of the partnership agreement between DKSH and Flexfin. Flexfin shall not use your personal data for any purpose other than as instructed by DKSH or as required by applicable law. Flexfin processes personal data primarily on behalf of DKSH; however, for certain activities (e.g. fraud checks), Flexfin may act as an independent data controller.
Third parties where required by law
We may disclose your personal data to a third party if it is necessary to comply with a legal obligation or the decision of a judicial authority, a public authority or a government body or if disclosure is necessary for national security, law enforcement or other issues of important public interest.
Business partners
We may share your personal data with our business partners for their own purposes if it is necessary for providing products and services to you.
We may also transfer your personal data to third parties for their direct marketing purposes but only where you have given your consent at the time you supply your personal data.
We may also share your user profile data for online advertising purposes with our third-party advertising and analytics partners including organisations which we collaborate with on advertising campaigns and various advertising platforms.
Professional advisors
We may disclose personal data to professional advisors, such as lawyers, auditors and insurers, as necessary in the course of the professional services they provide us with.
Third parties in connection with a business sale
If we make a sale or transfer of assets or are otherwise involved in a merger or business / asset transfer, we may transfer your personal data to one or more third parties as part of that transaction. If a change happens to our business, the new owners may use your personal data in the same way as set out in this privacy notice.
Other third parties with your consent
We may also share your personal data with other third parties when you consent to such sharing.
5. TRANSFER OF DATA TO THIRD COUNTRIES
We operate globally and may transfer your personal information to other companies of the DKSH Group or to approved partners in locations around the world. We want you to have the best service and customer experience. For this purpose, we may have to share your personal information outside the country where you have first shared it with us. When we do so, it will always be for the purposes described in this privacy policy and where we are satisfied with the levels of protection and security implemented in compliance with applicable privacy legislation. This sharing of your personal information is necessary to enable us to perform the contracts we have with you or take steps at your request, prior to entering into a contract.
The personal information we collect from you will be mainly stored in cloud servers hosted by our service providers where it will be afforded the level of protection required by applicable privacy legislation.
When we share, use, or transfer personal information outside the country in which the information is collected, we will put in place appropriate measures to legitimize such transfer under applicable privacy legislation, which may include, as applicable, obtaining your consent or implementing adequate contractual safeguards.
In particular, if we transfer your personal data outside Malaysia, as applicable, we will take steps to ensure that your data will receive the same level of protection as if it was being processed within Malaysia as applicable. For example, we may include standard contractual clauses in our contracts with third parties or our group companies to ensure there are safeguards in place to protect your personal data.
6. YOUR RIGHTS
You have a right of access to your personal data held by us at any time. We will explain our data processing procedures to you and provide you with a summary of the personal data concerning you that we hold.
If data we have stored is incorrect or obsolete, you have the right to have this data corrected (right to correction).
Where technically feasible and upon your request, we may, at our discretion, provide you with a digital copy of the personal data concerning you that you have provided to us. Please note that the right to data portability is not expressly provided for under the PDPA 2010, and any such provision by DKSH is made on a voluntary basis.
In order to assert your rights described here, you may contact us at any times using the contact details given above. This also applies should you wish to obtain copies of guarantees to prove an adequate level of data protection.
Your requests regarding your assertion of data protection rights and our replies to these requests will be stored for documentation purposes for a period of two (2) years and, in some cases in relation to the assertion, exercise, or defence of legal claims, for a longer period. Such storage is permitted under the PDPA 2010, , based on our interest in defending against possible claims, the avoidance of enforcement actions pursuant to Part IX of the PDPA 2010, and compliance with our accountability obligations pursuant to PDPA 2010.
You have the right to withdraw consent once given to us at any time. As a result, we will not continue to process data based on this consent in the future. Withdrawal of consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to withdrawal.
If we process your data on a basis other than your consent, you may contact us to raise any concerns regarding such processing. Should you wish to object to data processing for direct marketing purposes, you may withdraw your consent at any time pursuant to, and we shall comply with your request without requiring you to state any reasons for your objection.
Should you wish to exercise your right to withdraw or object, simply send an informal email to the contact details given above. In order to help protect your privacy and maintain security, we will take steps and may require you to provide certain information to verify your identity before granting you access to your personal information or complying with your request.
Where permissible under applicable law, we reserve the right to charge a fee for instance if your request is manifestly unfounded or excessive, to cover the administrative costs incurred by your request. We will endeavour to respond to your request as soon as possible and in any case within the applicable timeframe. Finally, you have the right to lodge a complaint with the Commissioner appointed under the PDPA 2010 if you consider that the processing of your personal information infringes applicable law.
Under applicable legislation, you may have the right to bring complaints relating to the processing of your personal information before civil courts.
7. CHANGES TO THIS PRIVACY NOTICE
We may occasionally make changes to this privacy policy, for example to comply with new requirements imposed by applicable laws or technical requirements. We will post the updated privacy policy on the Website. We therefore encourage you to review this page every so often.
We may also notify you in case of material changes and, where required by applicable law, we will seek your consent to those changes.
If we wish to process your personal information for a new purpose not described in this privacy policy, where necessary we will inform you and where required we will seek your consent.
8. COMPLIANCE WITH THE PERSONAL DATA PROTECTION ACT 2010
DKSH is committed to complying with all applicable data protection laws and regulations, including the Personal Data Protection Act 2010 ("PDPA 2010") in respect of all personal data collected through the Website.
For any inquiries, requests, or complaints relating to the processing of your personal data under the PDPA 2010, including requests for access or correction, withdrawal of consent, or any other data protection matter, please contact us at support.labshop.my@dksh.com or by post to the address set out in Section 1 above.