StoreHub and its subsidiaries, affiliates, related and associated companies (including but not limited to StoreHub Sdn Bhd, OneStoreHub Pte Ltd, StoreHub (Thailand) Co., Ltd.) and Storehub Philippines Inc. (collectively referred to as “we, us, our or StoreHub”) complies with the “Applicable Data Protection Laws” and other applicable privacy legislation when dealing with personal information.
“Applicable Data Protection Laws” means the personal data protection or data privacy laws (as amended from time to time) of the relevant country where the Merchant operates in, including those that are set out in the table below:
|Country||Applicable Data Protection Laws|
|Malaysia||Personal Data Protection Act 2010|
|Singapore||Personal Data Protection Act 2012|
|Thailand||Personal Data Protection Act B.E. 2562 (2019)|
|The Philippines||Data Privacy Act of 2012|
|Countries not listed above||Personal Data Protection Act 2012 of Singapore|
Personal information is any information relating to a natural person, which enables the identification of such a person, whether directly or indirectly, but not including the information of the deceased persons (“Personal Information”).
This Policy does not limit or exclude any of your rights under applicable legislation in your jurisdiction, except to the extent permitted by law.
We collect and maintain Personal Information that you enter or provide on storehub.com, storehub.me, storehubhq.com, beepit.com (“Website”) or give us in any other way for the use of our Service. You can choose not to provide certain information, but you may not be able to enjoy all the features of our Website and services provided by us. Personal Information we collect from you helps us to personalise and continually improve your online experience. Here are the types of Personal Information that we collect:
- Personally Identifiable information e.g. name, photo, gender, date of birth, nationality, passport/identification card number and country of residence, biometric data, marital status, religion, health information, vehicle and insurance information;
- Contact information e.g. address (billing and shipping), email address and phone numbers;
- Payment information e.g. credit or debit card information, including the name of cardholder, card number, card issuing bank, card issuing country, card expiry date and banking account details;
- Technical information e.g. IP address, time zone, device information; and
- Behavioural information e.g. features you use on our Services, transaction information.
CHANGES TO THIS POLICY
We reserve the right to change, amend and/or vary may change this Policy by uploading a revised Policy on our Website. The change will apply from the date that we upload the revised Policy. In case there are material changes that may affect your rights and privacy, we will inform you immediately. Your continued use of our Website shall be deemed that you acknowledge the changes of this Policy.
WHO DO WE COLLECT YOUR PERSONAL INFORMATION FROM
We collect Personal Information about you from the following sources and method:
- you, when you provide your Personal Information to us for using of our Service, including via the Service usage, Website and any related service provided by us, through any registration or subscription process, through any contact with us (e.g. telephone call or email), or when you buy or use our services and products; and
- third parties, including merchants that use our services, as part of the operation of the Service (such as your purchase of products or services from the merchants), where you have authorised this, or the information is publicly available.
- If possible, we will collect personal information from you directly where we need to verify your identity (for example, if there are concerns around identity theft, or if you call into support and we need to authenticate your account), we may request that you provide us with government-issued identification information.
HOW WE USE YOUR PERSONAL INFORMATION
We will collect, use or disclose your Personal Information for the following purposes:
- to verify your identity when using our Service.
- to provide services and products to you, including the Service.
- to manage your shared login that you can use for all Website.
- to personalise your experience when you use our Services and our communications when we contact you periodically to conduct performance improvement measures.
- to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose).
- to improve the services and develop new services for you.
- to undertake credit checks of you (if necessary).
- to collect money that you owe merchants, including authorising and processing credit card transactions.
- to provide advertisers with reports about the kinds of people seeing their ads and how their ads are performing.
- to respond to communications from you, including a complaint you have regarding the use of our Service.
- to help us conduct marketing and/or advertising campaigns, surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, usage and activity trends analysis in relation to our Services and our users’ demographics (on an anonymised basis).
- to conduct research and statistical analysis (on an anonymised basis).
- to share Personal Information to the merchant who you visit their store on Website when they request us to transfer Personal Information (for example, if they enable a third party app or use a service or product provided by us that accesses your personal information). The share of your Personal Information will be limited to the scope that it is Service related.
- to protect and/or enforce our legal rights and interests, including defending any claim.
- to comply with our legal obligation that we subject to certain jurisdiction.
Processing of your Personal Information depends on how you interact with us during your use of our Services. The lawful basis that we may rely on for processing your Personal Information may consists of:
- when you are giving consent / for processing one or many purposes as described under this Policy;
- when the processing is necessary for comply with contract or terms and conditions we have with you and/or before entering into a contract;
- when it is necessary for us to process your Personal Information to comply with our legal obligation;
- when the processing is necessary for the performance of a task carried out in the public interest by us, or it is necessary for the exercising of official authority vested on us; or
- when it is necessary for our legitimate interests or any other persons or juristic persons.
We or any third party acting on our behalf may obtain your consent and use your Personal Information before or at the time of collection, unless we are permitted by any applicable law to process your Personal Information without obtaining your consent. Where required by law, we will obtain your express written consent when collecting your Personal Information for processing specified purpose, such as for sending you marketing information about our services or products.
In certain circumstances, we may collect, use or disclose your sensitive personal information, such as health data, religion, biometric data (such as facial recognition data, iris recognition data, fingerprint recognition data) and any data which may affect you in the same manner as sensitive personal information. Before collecting or using this type of information, we will obtain consent from you unless we are permitted by any applicable law to process your sensitive personal information without your consent.
DISCLOSING YOUR PERSONAL INFORMATION
We will not sell, rent, transfer or disclose any of your Personal Information to any third party without your consent. However, we may disclose your Personal Information to the following persons:
- merchants that open accounts or have a store on StoreHub eCommerce / beepit as part of providing the Service.
- within our organization, affiliates and group companies to pursue with purposes specified under this Policy.
- any business or service provider that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide our Service to you, our website or other services and products that you may use from us.
- a credit reference agency for the purpose of credit checking where necessary and applicable for us.
- other third parties (for anonymised statistical information) for pursuing with the purposes specified under this Policy.
- a government authority who can require us to supply or disclose your Personal Information or any government authorities which we are obliged to disclose your Personal Information, such as submit your financial information or tax information to authorities that regulate tax matters.
- any other person authorised by applicable law (e.g. a law enforcement agency) and requested us to disclose your Personal Information.
- data centres and/or servers located within or outside your country for data storage purposes.
- storage facility and records management service providers.
- auditors, consultants, lawyers, accountants or other financial or professional advisers appointed in connection with our business on a strictly confidential basis, appointed by us to provide services to us; any party nominated or appointed by us either solely or jointly with other service providers, who provide services or conduct data processing on our behalf, or for data centralization and/or logistics purposes.
- any other person authorised by you for disclosing your Personal Information.
- your Personal Information may also be disclosed to an entity that acquires our business, in which such entity will be obliged to protect your Personal Information in the same manner with our practice.
A business that supports our services and products may be located in a country outside your residence. This may mean your Personal Information is held and processed outside your location.
HOW LONG DO WE RETAIN YOUR PERSONAL INFORMATION
- We will keep and retain your Personal Information for as long as you still have a relationship with us by the use of our Services and as long as necessary to pursue with purposes specified under this Policy. Therefore, your Personal Information will be destroyed or anonymised from our records and back-up systems in the event your Personal Information is no longer required for the purposes specified under this Policy.
- Once you terminate your relationship with us or you are no longer using our Service, we generally will continue to store archived copies of your personal information for legitimate business purposes such as to defend a contractual claim or for audit purposes and to exercise our rights as we entitled under applicable law, except when we receive a valid erasure request, or, if you are a merchant, you terminate your account and your Personal Information is purged pursuant to our standard purge process.
PROTECTING YOUR PERSONAL INFORMATION
We endeavor to protect your Personal Information by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical safeguard and access controls. In addition, our staffs, employees, business partners and service providers are obliged to maintain the confidentiality of your Personal Information by complying with the data security standards and policies when any of your Personal Information is being used, transmitted, transferred or processed
RIGHTS AS A DATA SUBJECT
When you provide us with your Personal Information, you have the rights regarding your Personal Information through which you can exercise your rights free of charge, unless the applicable law specified to be otherwise. You may have legal rights with respect to your Personal Information which allow you to exercise any of these rights:
- Right to withdraw consent: If you have given consent to us to collect, use or disclose your Personal Information, you have the right to withdraw such consent at any time throughout the period your Personal Information available and under our possession. However, the withdrawal of consent shall not affect the processing of Personal Information you have already given consent to us legally.
- Right to access: Subject to applicable grounds for refusal set out in applicable law, you may have the right to access your readily retrievable Personal Information that we hold and to request corrections to your Personal Information to ensure that the Personal Information you provide to us is correct, complete and accurate. Before you exercise this right, we may need evidence to confirm that you are the individual to whom the Personal Information is related to.
- Right to rectification: You have the right to rectify your Personal Information to be updated, complete and not misleading. In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the Personal Information, we will make the correction. If we do not make the correction, we will take reasonable steps to note the Personal Information that you requested.
- Right to data portability: You have the right to obtain your Personal Information if we organize such Personal Information in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request us to send or transfer the Personal Information in such format directly to other data controllers if doable by automatic means; and to request to obtain the Personal Information in such format sent or transferred by us directly to other data controllers unless not technically feasible.
- Right to objection: You have the right to object to collection, use or disclosure of your Personal Information at any time if such doing is conducted for legitimate interests of us, corporation or individual or for carrying out public tasks, unless such processing is within your reasonable expectation.
- Right to be forgotten: You have the right to request us to erase, destroy or anonymize your Personal Information if you believe that the collection, use or disclosure of your Personal Information is against relevant laws; or retention of the Personal Information by us is no longer necessary in connection with related purposes under this Policy; or when you request to withdraw your consent or to object to the processing as earlier described under this clause.
- Right to restriction of processing: You have the right to request us to suspend processing your Personal Information during the period where we examine your rectification or objection request; or when it is no longer necessary, and we must erase or destroy your Personal Information pursuant to relevant laws, but you request us to suspend the processing instead.
- Right to lodge a complaint: You have the right to complain to competent authorities pursuant to relevant laws in your jurisdiction if you believe that the collection, use or disclosure of your Personal Information is violating or not in compliance with any applicable law regarding Personal Information protection.
If you want to exercise either of the above rights, you can do so by email us at email@example.com. Your email should provide evidence of who you are and set out the details of your request (e.g. the right that you wish to exercise with us, the detail of your Personal Information, or the correction that you are requesting). We will notify the result of your request without delay upon receipt of your request. If we deny the request, we will inform you of the reason via email.
We may charge you our reasonable costs of providing you copies of your personal information or correcting that information.
While we take reasonable steps to maintain secure internet connections, if you provide us with your Personal Information over the internet, the provision of that information is at your own risk.
If you have any questions about this Policy or would like to exercise your rights, you can contact us by using the following details: