Last Updated 17 June 2025
This Privacy Policy explains how collabx.my (“CollabX”, “we”, “us”, “our”) collects, uses, discloses and safeguards your personal information when you visit collabx.my or interact with any of our online or offline services (the “Services”). It is drafted to meet the requirements of the Malaysian Personal Data Protection Act 2010 (PDPA).
By accessing or using the Services you confirm that you have read and understood this Policy. If you do not agree, please do not use the Services.
1. Updates To This Policy
We may revise this Policy to reflect changes in law or business practice. When we do, we will publish the new version here and update the date above. Where required, we will notify you and obtain consent to material changes.
2. How PDPA Applies To CollabX
CollabX is a “data user” under the PDPA. We adhere to the Act’s seven Personal Data Protection Principles:
- Notice & Choice – this Policy serves as our notice; you choose what data to provide.
- Purpose Limitation – data is processed only for the purposes set out in section 4.
- Disclosure Limitation – data is shared only as described in section 5.
- Security – safeguards are detailed in section 7.
- Retention – retention periods appear in section 8.
- Data Integrity – we keep data accurate and up to date.
- Access & Correction – your rights are listed in section 9.
3. What Personal Information We Collect
| Category | Examples | Mandatory? | If You Decline |
|---|---|---|---|
| Contact Details | name, billing & shipping address, telephone, email | Yes | We cannot deliver your order or contact you |
| Order & Payment | items purchased, FPX / card authorisation, delivery status | Yes | Order cannot be processed |
| Account Credentials | username, password | Optional | You may check out as a guest but lose account benefits |
| Customer Support Content | emails, WhatsApp messages, photos of damage | Optional | We may be unable to resolve your enquiry efficiently |
| Usage Data | IP address, browser type, pages visited, cookies | Collected automatically | Some site functions may fail; analytics less accurate |
We obtain data directly from you, automatically via cookies, and from trusted providers such as WooCommerce (store host), Stripe (payments) and Lalamove / GD Express (logistics).
4. Why We Use Your Information
| Purpose | PDPA Basis |
|---|---|
| Process Orders & Deliver Goods | Contract (s.6) |
| Administer Your Account | Contract; legitimate interests |
| Customer Support | Legitimate interests |
| Marketing Emails & Offers | Consent (opt‑out any time) |
| Fraud & Security Monitoring | Legitimate interests; legal obligation |
| Analytics & Site Improvement | Legitimate interests |
| Statutory Compliance (tax, accounting) | Legal obligation |
We do not profile you in a way that produces legal or similarly significant effects.
5. How We Disclose Personal Information
We share data only for the purposes above and only with:
- Service Providers – e.g. WooCommerce, Stripe, Lalamove, GD Express, email‑marketing platforms; they act on our instructions.
- Affiliates – internal administration on a need‑to‑know basis.
- Professional Advisers / Regulators / Law‑Enforcement – where required by law.
- Prospective Investors or Buyers – in a merger or acquisition, under confidentiality.
We never sell or rent your personal data.
6. Cookies & Similar Technologies
We and our partners use first‑party and third‑party cookies to:
- remember your basket and language;
- secure checkout;
- collect anonymous analytics via WooCommerce Analytics and Google Analytics 4.
You can refuse cookies in your browser; some features (e.g. cart, login) may stop working.
7. Data Security
Safeguards include:
- TLS 1.2/1.3 encryption in transit;
- role‑based staff access and optional two‑factor authentication;
- continuous network monitoring and malware scanning.
8. Retention Schedule
| Data Type | Retention |
|---|---|
| Order & Tax Records | 7 years (statutory) |
| Active Account | Lifetime of account |
| Inactive Account | Deleted 12 months after last order or login |
| Abandoned Cart | 30 days |
| Marketing Consent | Until withdrawn |
| Support Correspondence | 24 months after ticket closure |
| Server Logs | 12 months |
On expiry, data is securely deleted or anonymised.
9. Your PDPA Rights
Subject to identity verification, you may:
- Access your personal data;
- Correct inaccurate or outdated data;
- Withdraw consent for marketing;
- Object / Restrict processing that causes unwarranted distress.
Email sales@collabx.my or WhatsApp +60 18‑989 6137. We may charge the statutory RM10 fee for a Data Access Request and will respond within PDPA timelines (21 days for access, 7 days for correction).
10. Cross‑Border Transfers
CollabX is hosted on WooCommerce (a WordPress plugin), whose primary servers are in the United States, Canada and Ireland. By purchasing, you consent to this transfer. Such transfers comply with the Malaysian Personal Data Protection (Transfer) Order 2013, and WooCommerce (a WordPress plugin) contractually guarantees protection comparable to the PDPA.
11. Children
Our Services are intended for persons aged 18 and above. We do not knowingly collect data from minors. Parents who believe a child has provided data should contact us for deletion.
12. Contact Us
collabx.my
Email: sales@collabx.my
Tel: +60 18‑989 6137
© 2025 CollabX. All rights reserved.