‘Company’ means AstonM Enterprise Registered Number (003235818-H)
‘PDPA’ means the Personal Data Protection Act 2010
‘ITIS’ means the Information Technology Infrastructure System
‘Website’ means the AstonM Enterprise website (astonm.com.my)
‘Products’ means the products made available for sale on the Platform, including any instalment of product(s) or any parts thereof
‘Services’ means the use of any services, information, and functions made available by the Company on this Platform
‘SSL’ means Secure Socket Layer technology used on the Company’s servers
3.1 The Company values your privacy and endeavours to protect your data according to the PDPA.
3.2 Physical and logical security measures are employed to prevent various threats from compromising the Company’s IT IS and the information stored on the subsequent systems.
4.1 Information is collected when users register on the Website, place an order, subscribe to newsletters or complete any forms.
4.2 Registration or orders placed on the Website requires a user to fill in the following details: -
i) Full name as stated in National identification card or Passport
ii) National Identification Card (I/C) or Passport number
iii) Email address
iv) Billing & Shipping address
v) Telephone number
vi) Credit/Debit card information
4.4 At any time, users can decide not to provide their personal information or can revoke consent from the Company to process the data. The Company may not offer Product(s) and/or Service(s) should users fail to provide personal information or withdraw consent from the Company to process their user information.
5.1 Information collected from users is used in any of the following ways: -
• To personalise user experience – User data enables the Company to curate user experience based on individual’s needs
• Website Improvement – Information and feedback received from users assist in the improvement of the Website
• Customer Service Improvement – User inquiries and support is delivered effectively with the completion of user information.
• Assessment of user application for any Product(s) and/or Service(s) offered by the Company
• Transaction Processing – User information, whether public or private, will not be sold, exchanged, transferred, or given to any party for any reason whatsoever, without user consent, other than for the express purpose of the delivery of purchased Product(s) or Service(s) requested.
• To administer a contest, promotion, survey or other Website features
• To send periodic emails
• To respond to user enquiries, complaints and to resolve any disputes
• For internal functions – Evaluation of the Company’s effectiveness in its marketing, market research, statistical analysis and modelling, reporting, audit, and risk management
• Crime Detection and Prevention – Including but not limited to fraud, money-laundering, and bribery
• Legal and Regulatory compliance – Complying with any legal and/or regulatory requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular, or code appropriate to the Company.
5.2 User subscription to the newsletter entails information regarding updates, company news, promotions and campaigns, products and services.
5.3 Users that wish to unsubscribe to the Company newsletter can do so by clicking the ‘Unsubscribe’ from any emails that you receive from the Company. The unsubscribing process may take up to seven working days to be in effect.
6.1 Security measures employed by the Company are there to ensure the safety and security of the user’s personal information.
6.2 The company offers the use of a secure server. Sensitive information is transmitted via SSL technology and encrypted onto the Company’s payment gateway provider database.
6.3 Accessibility to the database requires authorised personal to keep the information confidential. Authorised personnel with exclusive access rights to the database is limited to key individuals.
7.1 An IP address is a number that is automatically assigned to a user’s computer when registering with an internet service provider. A user’s IP address is logged onto the Company’s server upon each visit.
7.2 The user’s IP address aids in diagnosing issues related to the server and administration of the Website. The IP addresses collected may provide identifying information such as the general geographic area that the user is accessing the Website.
7.3 The Company does not link user IP addresses to any software that can enable the identification of the user unless required by law and/or regulation.
8.1 Cookies are small files that a site or its service providers use to transfer to a user’s computer through their web browser (should it be permitted). The purpose of cookies is to enable service providers or a website to capture and retain certain information.
8.2 The Company utilises cookies to help retain and process items included in a user’s shopping cart, analyse and save user preferences for future visits, and compile data regarding site traffic and interaction. User experience shall be improved with the information obtained from users.
8.3 Users should refer to their browser documentation to investigate if cookies are enabled or to request not to receive cookies.
9.1 At our discretion, the Company may include or offer third-party Product(s) or Service(s) on the Website. Third-party websites have separate and independent privacy policies.
9.2 The Company does not assume responsibility or liability for the content and activities of these linked sites. Nonetheless, the Company seeks to protect the integrity of the Website and welcomes user feedback on these linked sites.
10.1 User security is the utmost priority when a user surfs the Website. The Company employs physical, technical, and organisational measures to ensure the protection and confidentiality of personal data.
10.2 Disclosure of a user’s data to the Company’s authorised agents or service providers is subjected to necessary safeguarding of the information.
11.1 The Company retains user data for as long as necessary to fulfil the purpose(s) for which it was collected and/or to comply with legal, regulatory, and internal requirements.
11.2 Destruction or permanent deletion of personal data is carried once the purpose(s) has been completed.
12.1 The Company strives to ensure that user data is accurate, complete, not misleading and up to date. Any changes made to user data or should a user believe that the information is inaccurate, incomplete, or misleading, or not up to date, the user must immediately contact the Company to update.
12.2 Users have the right to access their personal data at any time. Any request to access personal data requires the user to contact the Company and provide a written statement.
12.3 The company shall take several steps to verify a user’s identity before fulfilling the request to review, delete or modify personal data.