Privacy Policy

DUA BEAUTY SDN. BHD. (Company No.: 202301009092 (1503013-K)) (“Company” or “DUA BEAUTY”) is a private limited company incorporated under the laws of Malaysia and is primarily in the business of selling, distributing, marketing and/or making available beauty and/or cosmetic products (“Products”) (“Business”), under the trade name of “DUA” or such other trade names as may be determined by the Company from time to time.

Any reference to “DUA BEAUTY”, “we”, “us” or “our” shall be a reference to the Company, our shareholders, directors, employees, managers, beauty consultants, representatives, agents, partners, Authorised Parties and/or our data processors and any of its group of companies including its respective subsidiaries, affiliates, associates and other related companies which DUA BEAUTY has direct or indirect interest in (as applicable). Any reference to “you” and “your” in this Privacy Policy refers to the Data Subject (as applicable). If you are an entity, references to “you” and “your” shall also include your shareholders, directors, employees, managers, officers, representatives, agents and partners, respectively.

We take seriously the importance of protecting your Personal Data and our team is at all times committed to ensure compliance with all relevant laws as well as this Privacy Policy.

This Privacy Policy serves as a notice pursuant to the Act in respect of and during the course of our Engagement and this Privacy Policy is applicable to the

Data Subject. It explains the manner in which the Company records, stores, processes, discloses, transfers and otherwise uses Personal Data collected during the course of our Engagement as well as the rights available to you as a data subject, on the handling of Personal Data.

By entering into an Engagement with us and providing us with your Personal Data, it is deemed that you have read and understood this Privacy Policy and have agreed to our processing of your Personal Data in accordance with this Privacy Policy.

 

GLOSSARY

Account(s)

:

means the official Customers’ account created by and registered with DUA BEAUTY on any one of the applicable modes under the Sites in respect of each Customer for the purchase of and/or enquiry into the Products.

Act

:

means the Personal Data Protection Act, 2010, the applicable regulations, guidelines, orders and any statutory amendments or re-enactments made pursuant thereto.

Authorised Parties

:

means 3rd party distributors, retailers, authorised agents, entities, service providers, parties and/or online platforms which DUA BEAUTY formally and/or officially authorises to represent DUA BEAUTY and/or make available and sell its Products and/or execute any other forms of engagements related to DUA BEAUTY with its Customers.

Customer(s)

:

means any individual and/or entity which either purchases the Products and/or engages with DUA BEAUTY in any manner in connection with the Products (whether or not a sale is concluded).

Data Subject

:

refers to any party who is the subject of the Personal Data which shall include but is not limited to our Customers, business partners, service providers, agents, Authorised Parties and/or other stakeholders (as applicable).

Engagement

:

means any type and/or category of engagement, dealings, tasks and/or transactions which the Company enters into and/or is involved with the Data Subject, including but not limited to any commercial transactions in connection with the Products, registrations of Accounts, the Company’s Business, any correspondences and/or communication established with the Company.

Personal Data

:

means any information collected by DUA BEAUTY, which relates directly or indirectly to a data subject that is identified or identifiable from that information. The categories/types of Personal Data collected depend on the purpose for the collection.

Privacy Policy

:

means this privacy policy including any revision(s) thereof subject to the terms hereunder.

Sites

:

means the Website, the Account and/or platforms connected to DUA BEAUTY for purposes of its Business, including without limitation to the following:

(a)       mobile application operated and/or maintained by DUA BEAUTY (if any);

(b)       any official social media messaging platform of DUA BEAUTY;

(c)       authorised third party platforms (including e-commerce platforms); and/or

(d)       any such other platform as DUA BEAUTY may include as part of its authorised channel of engaging with the Data Subject.

Website

:

refers to the official website and online store of DUA BEAUTY at www.wearedua.com.

 

WHY DOES DUA BEAUTY COLLECT YOUR PERSONAL DATA 

We wish to inform you that we may collect your Personal Data from time to time in the course of our Engagement in order to accordingly carry out and fulfil our Engagement. In the case of a Customer, we collect your Personal Data in order to process and fulfil your orders for the Products.  

 

 WHAT PERSONAL DATA DOES DUA BEAUTY COLLECT FROM YOU

Where appropriate, the type of Personal Data which we may collect during our Engagement includes (but is not limited to) your:

  • full name (legal or otherwise);
  • NRIC number or passport number;
  • date of birth;
  • gender;
  • age;
  • address (including correspondence address, billing address and delivery address);
  • occupation;
  • contact number;
  • email address;
  • credit card details or details of other payment method(s);
  • bank account details (including name of bank and bank account number);
  • password and username created for your Account;
  • health or skin condition;
  • details in relation to your entity (in any form); and
  • any such information as our team may require from you and/or you may provide to us from time to time pursuant to and in the course of our Engagement.

You are responsible for the accuracy and completeness of all Personal Data provided by you to us (which accuracy we have assumed), and that none of such Personal Data is misleading or out-of-date. Should there be any changes/updates to your Personal Data, you will promptly update us in writing in the manner indicated in this Privacy Policy.

In the case where Personal Data of another data subject is provided by you (e.g. Personal Data related to your family members, child, spouse or other dependent for emergency contact purposes), you confirm that you have explained or will explain to them the processing of their Personal Data in accordance with this Privacy Policy and you represent and warrant the accuracy, truthfulness and completeness of their Personal Data.

 

HOW DOES DUA BEAUTY COLLECT YOUR PERSONAL DATA

Your Personal Data may be collected by us at any point in the course of the following acts:

  1. as a Customer, when you enter into an Engagement via our Sites (including but not limited to the act of creating an Account, placing an order for the Products, enquiring into the Products, making a purchase and/or interacting with our team member(s));
  2. as a Customer, when you enter into an Engagement in person, whether at physical stores or outlets connected to us and/or our Authorised Parties, any of our participating or organised events and activities (including but not limited to trade fairs, shows, exhibitions, expositions, conferences, pop-up stores, workshops and talks);
  3. as an Authorised Party, when you enter into an Engagement physically or virtually, in the course of carrying out and completing the commercial arrangement and/or contractual obligation between the Authorised Parties and the Company;
  4. as a Data Subject, during any other forms of Engagement with the Company in connection with the Business (including but not limited to establishment of contractual relationships, establishment of partnerships, engagement of services and/or the overall operation of the Business);
  5. as a Data Subject, when you visit any of our Sites, via cookies, web beacons and/or other similar technologies which we utilise to provide you with a better service, assist with our analytics for the Business/Sites and/or to increase the general efficacy of our operations. Upon your visit to our Sites, our servers and/or equivalent technological equipment may record your Personal Data (which includes browser type, other visited webpages and/or any other related information); and
  6. upon our access to your Personal Data via any publicly available resources.

The collection, recording, storage, disclosure, transfer, transmission or otherwise usage of the Personal Data shall constitute an act of us “processing” your Personal Data.

Please take note that if you visit our Sites as a guest without signing up for an Account and/or entering into an Engagement, we may obtain and retain your Personal Data in a limited manner for promotional and marketing purposes.

 

HOW DOES DUA BEAUTY PROCESS YOUR PERSONAL DATA

The purposes for which DUA BEAUTY may use your Personal Data include amongst others the following and such purposes may be carried out by any means or methods as DUA BEAUTY deems fit, subject to the laws of the relevant jurisdictions:

  1. for the registration, opening, maintenance and administration of an Account;
  2. for the use and access to DUA BEAUTY’s Sites and internal operation and administration, including data analysis, market research and consumer analysis and assessment;
  3. processing, facilitating, dealing with, arranging, administering, managing our Engagement with you;
  4. processing orders of any Products and sharing any of your Personal Data to a third party for the delivery of such Products;
  5. processing your payment or where appropriate at the discretion of our management, any refund process;
  6. responding, addressing or attending to your queries and/or requests and to take actions related to such queries and/or requests;
  7. verifying the authenticity of your identity with a third party data holder or authorised verification body;
  8. as applicable, meeting any billing requirements and service charges;
  9. as applicable, for marketing and advertising purposes and to send to you all the marketing and promotional materials in relation to the Business (subject to your consent);
  10. complying with any requirements or obligations of the laws of the relevant jurisdictions;
  11. adhering to any rulings, guidelines and orders imposed by any regulatory body;
  12. subject to your consent given at the time of registration or at any time thereafter, providing any updates, promotions, activities or information in relation to DUA BEAUTY and/or the Business, or through any of our appointed third party agencies, by way of text messages, phone calls, electronic mails, social media announcement and/or any other appropriate channels of communication;
  13. analysing Customers’ profiling to identify, analyse and understand the supply and demand of the Products;
  14. sharing your Personal Data for purposes of seeking legal and/or financial advice (including for purposes of preparing such legal documentation);
  15. sharing any of your Personal Data with a third party business partner or service provider (such as the Authorised Parties) for purposes of a potential joint collaboration of services;
  16. sharing any of your Personal Data with a third party such as event company or outsourcing company for administration, marketing or promotional purposes;
  17. to share any of your Personal Data with our accountants or auditors for our internal audit and reporting purposes;
  18. to detect, investigate and prevent any fraudulent or illegal activity, omission or conduct;
  19. to upgrade, improve or revamp our Sites;
  20. for our storage, hosting back-up (whether for disaster recovery or otherwise) of your Personal Data, whether within or outside of Malaysia; and/or
  21. any other purposes as we may deem fit for purposes of your Engagement with DUA BEAUTY.

We will only process your Personal Data in accordance with the Act as well as this Privacy Policy.

 

DISCLOSURE AND TRANSFER OF PERSONAL DATA

Subject to the laws of the relevant jurisdictions, the Company may disclose your Personal Data to the following persons under any of the circumstances set out below:

  1. our shareholders, directors, employees, consultants, staff, subsidiary companies (local or foreign), related entities (local or foreign), independent contractors, service providers, Authorised Parties, business associates, agents and any other party who assists the Company in the processing of the Personal Data and the management of the operation and maintenance, in support of the Business;
  2. our subsidiaries, affiliates, associates and other related companies which DUA BEAUTY has direct or indirect interest in as deemed necessary by DUA BEAUTY for the purposes of the Business;
  3. if required to do by operation of law or by regulatory or compliance bodies in order to identify risks or threats relating to fraud, money laundering, terrorism financing and/or any other illegal or criminal activities;
  4. auditors, accountants and/or solicitors in the preparation of documents of the Company for statutory filing purposes or any other document required to be submitted to adhere to the statutory or regulatory compliance owed by the Company to governmental authorities or compliance bodies;
  5. to the extent permitted by any relevant laws, any third parties (including financial advisers / legal advisers / professional advisers) carrying out due diligence review in connection with any proposed merger, acquisition, sale, reorganisation, joint venture or any other corporate activity related to the Company or any of its subsidiaries, related or associated companies;
  6. any third party data processor or authorised verification body;
  7. data centres and/or servers, storage facilities and/or records managements companies located within or outside of Malaysia for purpose of storing your Personal Data;
  8. government agencies, law enforcement agents, courts, tribunals, regulatory / professional bodies, if required to do so in satisfaction of any applicable law, regulation, order or judgment; and/or
  9. any other person which requires your Personal Data in order to operate and maintain the Business and to carry out and complete the Engagement.

We will take reasonable measures to procure compliance with this Privacy Policy by any foreign entities handling your Personal Data to adequately protect the confidentiality and privacy of your Personal Data. Except as indicated in this Privacy Policy, it is our strict policy that we must not sell, rent, transfer or disclose any of your Personal Data to any third party without your consent.

 

RETENTION AND DESTRUCTION OF YOUR PERSONAL DATA

We will retain your Personal Data for as long as any of the purpose indicated in this Privacy Policy subsists notwithstanding the cessation of your Engagement with us or the termination of your Account with us. Thereafter, we will delete from or keep anonymous your Personal Data in our records and system, unless otherwise required to be retained for legal, regulatory, tax or accounting requirements.

Notwithstanding the representations made in this Privacy Policy, you acknowledge that transmissions over the internet (e.g. emails/webmails/data transmission) are not secured unless they have been encrypted. As internet communications may be routed through different countries before being delivered, we cannot guarantee a risk-free transmission and do not accept responsibility for any unauthorised access or interception or loss of Personal Data that is beyond our reasonable control.

 

SECURITY OF PERSONAL DATA

In order to ensure that adequate protection and measures are in place to protect your Personal Data, we will use our reasonable endeavours to utilise appropriate software, hardware, programming systems and/or servers and other information technology equipment which we deem suitable and fit for the purpose of storing and securing your Personal Data.

Against compliance with the Act, we endeavour to take reasonable and practical measures to mitigate and reduce the risks of unauthorised exposure, destruction, accidental loss, damage and alteration, to your Personal Data by restricting the access of any unidentified or unauthorised third parties to your Personal Data. We may from time to time implement and improve our technical, electronic and procedural security measures to safeguard your Personal Data.

Our Sites may contain links to external websites. The Company is not responsible for the veracity of such websites and does not substantiate or endorse the content, information, services or any other details contained or featured on such external websites. You are advised to read the terms of use and/or privacy policy of such third party website(s) before accessing or using these websites.

 

YOUR RIGHTS TO ACCESS YOUR PERSONAL DATA

To the extent permitted under the Act and applicable laws, you have the right to request for access to or request for a copy of, your Personal Data for purposes of checking, correcting or updating such Personal Data.

Access to your Personal Data or correction of such data can be effected and processed by reaching out to us (i) vide interactive communication channel available on our Sites; or (ii) at our contact details below.

Upon receipt of a request for correction of Personal Data from you, we reserve the right to reject and demand that you resubmit your request if such correction cannot be effected due to insufficient information or such correction cannot be verified against the documents requested (as the case may be).

Please be informed that, subject to any legal restrictions and/or contractual conditions, you have the right to withdraw your consent to our processing of your Personal Data with reasonable notice by sending an email to us at our contact details below, indicating your intention to withdraw your consent. Please however note that, upon such withdrawal of your consent, we might not be able to continue to serve you and we will construe the withdrawal of consent as your intention to discontinue our Engagement and where applicable, we will close your Account accordingly.

 

IF YOU REFUSE TO PROVIDE US WITH YOUR PERSONAL DATA

During the course of our Engagement, it may be obligatory or voluntary for you to provide and for us to collect and process your Personal Data. If the provision of Personal Data is mandatory and you fail, refuse or are unwilling to provide your Personal Data and/or provide your consent to this Privacy Policy, we may not or will not (as the case may be) be able to enter into an Engagement with you.

 

UPDATES TO OUR PRIVACY POLICY

We have the absolute right to modify, vary, update and/or amend all or any part of this Privacy Policy at any time from time to time with reasonable notice to you by publishing an updated version of this Privacy Policy on our Website.

Any such modification, variation, update and/or amendments shall be effective at the end of the twenty one (21) days’ notice provided by the Company to you and by continuing your Engagement and/or communication with us thereafter, you shall be deemed to have agreed and accepted our modified, varied, updated and/or amended Privacy Policy.

 

TRANSLATION

This Privacy Policy is prepared and issued in both the English and Malay language in accordance with the Act. In the event of any inconsistency or discrepancy between the versions, the English version shall prevail.

 

OUR CONTACT DETAILS

If you have any queries or concerns relating to this Privacy Policy or if you wish to have access to or correct your Personal Data or make a complaint, you may contact us at:

 

Address

:

No. 7, Jalan Serendah 26/41, Hicom Industrial Estate, 40400 Shah Alam, Selangor.

Attention of

:

Personal Data Protection Officer

Contact No.

:

+6011 3999 7222

Email Address

:

hello@wearedua.com

 

Last Updated: 8 December 2023