Privacy Policy

This privacy policy describes how Seri Kraf Malaysia collects, uses, and protects your information when you use our online platform and services. We are committed to protecting your privacy in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Malaysian laws.

Information We Collect

We collect various types of information when you interact with our service. This includes information you provide directly to us, such as:

• Identification and contact details: your name, delivery address, billing address, phone number, and potentially email address (though we will not use email for privacy correspondence as per instruction).
• Payment information: details necessary to process payments for orders (note: we do not store full payment card details).
• Account information: if you create an account, we store your login credentials, order history, saved addresses, and preferences.
• Communication information: records of your correspondence with us.
• Workshop or service registration details: information provided when signing up for workshops or custom design services.
• Other information: any other information you voluntarily provide to us, such as feedback, reviews, or survey responses.

We also automatically collect certain information when you visit or use our site, including:

• Usage data: information about how you interact with our online platform, such as the pages you view, the products you browse, the features you use, and the time spent on our site.
• Technical data: information about the device and technology you use to access our site, including your IP address, browser type and version, operating system, and referring website addresses.
• Location data: general location information derived from your IP address.

How We Use Your Information

We use the collected information for several purposes:

• To provide and maintain our services: processing your orders, fulfilling purchases, managing your account, providing customer support, and delivering products.
• To improve our services: understanding how you use our platform to enhance functionality, optimize user experience, and develop new features and services.
• To communicate with you: sending you updates about your orders, responding to your inquiries, and providing information about our services (excluding promotional communication without consent).
• To conduct workshops and provide custom design services: managing your registration and participation in these activities.
• For internal business purposes: conducting data analysis, identifying usage trends, auditing, and ensuring the security of our operations.
• To comply with legal obligations: meeting legal, regulatory, or compliance requirements.

Legal Basis for Processing (Relevant under GDPR)

We process your personal data based on various legal grounds:

• Performance of a contract: processing is necessary to fulfil an order or provide a service you have requested.
• Legitimate interests: processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, and securing our systems, provided these interests are not overridden by your data protection rights.
• Compliance with a legal obligation: processing is necessary to comply with laws and regulations.
• Your consent: where required by law, we will obtain your explicit consent for specific processing activities, such as sending marketing communications.

Data Sharing and Disclosure

We do not sell your personal data. We may share your information with third parties only in limited circumstances:

• Service providers: we may share data with trusted third-party companies that perform services on our behalf, such as payment processing, shipping, data analysis, marketing assistance, and customer service. These providers are obligated to protect your data and use it only for the purposes for which it was shared.
• Legal requirements: we may disclose your information if required to do so by law, in response to a court order, or to protect the rights, property, or safety of Seri Kraf Malaysia, our users, or others.
• Business transfers: in the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity.

Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. While we strive to use commercially acceptable means to protect your information, no method of transmission over the internet or electronic storage is entirely secure, and we cannot guarantee absolute security.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period varies depending on the type of data and the purpose of processing.

Your Data Protection Rights (Relevant under GDPR and other laws)

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• The right to access: request a copy of the personal data we hold about you.
• The right to rectification: request correction of inaccurate or incomplete data we hold about you.
• The right to erasure: request the deletion of your personal data under certain circumstances.
• The right to restrict processing: request that we limit the way we use your data under certain circumstances.
• The right to object to processing: object to the processing of your data based on legitimate interests or for direct marketing purposes.
• The right to data portability: receive your data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller under certain circumstances.
• The right to withdraw consent: withdraw your consent at any time if our processing is based on your consent.

To exercise any of these rights, please contact us using the physical address provided below.

International Data Transfers

As Seri Kraf Malaysia is based in Malaysia, your data will be processed and stored in Malaysia. If we transfer your data to a country outside of Malaysia or the European Economic Area (EEA), we will take steps to ensure that your data is protected by appropriate safeguards, such as standard contractual clauses or other lawful mechanisms, in compliance with applicable laws.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at the address below.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page. We encourage you to review this policy periodically.

Contact Information

If you have questions about this privacy policy or our data practices, please contact us via postal mail at:

Seri Kraf Malaysia
18, Jalan SS 21/58, Ground Floor,
Petaling Jaya, Selangor, 47301, Malaysia