Privacy policy
PERSONAL DATA PROTECTION POLICY
Big Bad Wolf Books Sdn. Bhd.
1. Introduction
1.1. Big Bad Wolf Books Sdn. Bhd. ("BBW", "we", "us" or "our") is committed to protecting your Personal Data in accordance with the Personal Data Protection Act 2010 ("PDPA") and other applicable data protection laws.
1.2. This Personal Data Protection Policy ("Policy") explains how we collect, use, disclose, and protect your Personal Data when you interact with us, whether through our website, mobile application, events, or other services.
1.3. By providing your Personal Data to us, you consent to the collection, use, and disclosure of your Personal Data in accordance with this Policy.
2. Collection of Personal Data
2.1. We may collect your Personal Data when you:
• Register for an account on our website or mobile application
• Purchase products or services from us
• Participate in our events, contests, or promotions
• Subscribe to our newsletters or marketing communications
• Contact us for enquiries or support
• Visit our website or use our mobile application
• Provide feedback or reviews
• Apply for employment with us
2.2. The types of Personal Data we may collect include:
• Name and contact details (including email address, phone number, and mailing address)
• Date of birth and age
• Gender
• Identification documents (such as NRIC, passport number)
• Payment and billing information
• Purchase history and preferences
• Device information and IP address
• Location data
• Any other information you choose to provide to us
The above does not purport to be exhaustive and sets out some common instances of when your Personal Data may be collected.
2.3. In addition to the above, we may use a variety of technologies to automatically collect information about your activities on the mobile application(s), (if any), such as web beacons, clear pixels or pixel tags, analytical tags, geo-location technologies and quick response (QR) code, or cookies through the use of our website.
2.4. All information which are requested to be filled, in the relevant forms and documents, are obligatory to be provided by you unless stated otherwise. Should you fail to provide the obligatory information, we may be unable to process your request and/or provide you with the relevant services and/or products.
3. Purpose of Collecting and Further Processing (including Disclosing) Personal Data
3.1. Your data is collected and further processed by us as required or permitted by law to effectively provide you with the products and services that you require, including the following:
• 3.1.1. to process your requested products or services
• 3.1.2. to facilitate your participation in any contests or events
• 3.1.3. to administer and communicate with you in relation to our services and/or events
• 3.1.4. to process any payments related to your requested service
• 3.1.5. to operate our premises in a manner which is physically safe, secure, and befitting of health and safety requirements
• 3.1.6. for internal investigations, audit, or security purposes
• 3.1.7. to collect and support internal marketing and data analysis of customer patterns, choices, and engagement with our related companies, subsidiaries, holding companies, and affiliate companies
• 3.1.8. to be collected and stored into a central repository that is accessible by our related companies, subsidiaries, holding companies, and affiliate companies
• 3.1.9. to create and deliver personalised products and services that are unique to you to enhance your customer experience
• 3.1.10. verify or update your personal particulars
• 3.1.11. to provide you with a more seamless customer experience
• 3.1.12. to support research and innovation of our products and services
• 3.1.13. to store and carry out data analytics processes
• 3.1.14. to improve our products and services
• 3.1.15. for collaboration with a business partner to advertise and market products and services to you
• 3.1.16. to comply with our legal and regulatory obligations in the conduct of its business
• 3.1.17. to contact you regarding products, services, upcoming events, promotions, advertising, marketing, and commercial materials which we may feel interest you
• 3.1.18. to send you season's greetings, special occasion messages, or other similar communications
• 3.1.19. to allow third parties to contact you for advertising, promotional, or marketing campaigns conducted by any third-party entities
• 3.1.20. to ensure that the content from our website is presented in the most effective manner for you and for your computer and/or device
• 3.1.21. for our internal records management, customer relations events and activities, and customer loyalty reward programme, or
• 3.1.22. any other purposes related to any of the above.
The purposes listed above are not exhaustive and depending on the nature of your relationship with us, we may collect, use and disclose your Personal Data for additional purposes which you will be notified of, in accordance with the applicable terms and conditions.
3.2. We want to share and consolidate your data into a single platform to be shared across BBW. We will use and share your data for analytics and measurement purposes to understand how our products and services are used, to help improve the products and services we offer, to provide you with more personalised products and services, and to provide a more seamless customer experience.
4. Disclosure of Personal Data
4.1. Your Personal Data provided to us is processed by and disclosed to entities (in or outside of Malaysia) within BBW (including related companies, subsidiaries, holding companies, associated companies, and outsourcing partners).
4.2. Your Personal Data will be protected and kept confidential but subject to the provisions of any applicable law, your Personal Data may, depending on the products and/or services concerned, be disclosed to third parties which may include the following:
• 4.2.1. other divisions, departments or entities within BBW
• 4.2.2. our affiliates, joint venture partners, business partners, investors and/or assignee or transferee to facilitate business asset transactions (including any merger, acquisition or asset sale)
• 4.2.3. our agents, contractors, consultants, third party service providers and specialist advisers who have been contracted to provide us with services such as management, administrative, financial, legal, audit, insurance, research, telecommunications, public utilities, information technology, payment, training, market research and storage
• 4.2.4. relevant government authority, regulator or law enforcement agency to comply with any laws or rules or regulations imposed by the government
• 4.2.5. banks, financial institutions and their respective service providers
• 4.2.6. credit reporting agency or in the event of default or disputes, any debt collection agencies or dispute resolution centres; and
• 4.2.7. law enforcement agencies and relevant governmental authorities, statutory authorities, local councils, and industry regulators; and
• 4.2.8. any other party as may be consented to by you, as specified by you or as may be notified to you by us in subsequent notices.
4.3. Such disclosure may be subject to additional legal requirements under applicable law, depending on the nature of such transfer to the third parties. Your Personal Data will, in each case, only be disclosed, to the extent it is necessary.
5. Transfer of Personal Data
5.1. It may be necessary for us to transfer your personal data outside of Malaysia if any of the third parties mentioned in Section 4 (Disclosure of Personal Data) above, including our service providers or business partners who are involved in providing any services to us, are located or have processing facilities in countries outside of Malaysia.
5.2. You consent to us transferring your personal data outside Malaysia to such third parties and for the purposes set out in Section 3 (Purpose of Collecting and Further Processing (including Disclosing) Personal Data).
5.3. We shall take necessary steps to ensure that any such third parties, whether within Malaysia or based outside of Malaysia, are contractually bound to protect your personal data to a relevant standard that is comparable to applicable laws and that they can only process your personal data under our instructions.
6. Data Security
6.1. We are committed to take all reasonable steps to ensure your Personal Data is kept confidential and secure, and to take appropriate administrative and security safeguards, policies and procedures to prevent any unauthorised and/or unlawful processing of, and the accidental loss, destruction or damage to your Personal Data.
6.2. However, your Personal Data is accessible by a limited number of employees who have special access rights to such systems through the use of a unique identifier and password for the purpose of performing their official duties.
6.3. Your Personal Data is maintained on systems protected by secure networks and appropriate security arrangements to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration.
7. Right to Access, Correct and Withdraw Consent of Personal Data
7.1. You have the rights, under applicable data protection laws, to request access and/or correct your Personal Data currently in our possession or control, which can be exercised by contacting our Data Protection Officer at the contact details provided in Paragraph 9 below. We will need sufficient information from you in order to ascertain your identity as well as the nature of your request so as to be able to deal with your request. Where mandated under the applicable data protection laws, your exercise of the rights described or referred to above shall be free of charge. In all other situations, we may charge a fee to cover the cost of verifying the request and locating, retrieving and copying any material requested.
7.2. We reserve the right to decline your request where the applicable data protection laws exempt certain types of Personal Data from being subject to your request and situations when correction need not be made by us despite your request.
7.3. Where we rely on your consent to use your Personal Data, you have the right to withdraw your consent at any time. This withdrawal will however not affect the lawfulness of processing based on your consent before your withdrawal.
7.4. We will process your request within a reasonable time once we have verified your identity and received your clear withdrawal instructions. In this regard, if you withdraw your consent to any or all Purposes mentioned in Section 3 and depending on the nature of your request, we may not be in a position to continue to provide our products or services to you.
8. Data Breach Measures and Notifications
8.1. A Personal Data breach refers to any event/ incident that leads or is likely to lead to the breach, loss, misuse or unauthorised access of Personal Data, whether a Personal Data breach may be caused by accidental or deliberate actions, either internally or externally.
8.2. Once notified of the occurrence of the Personal Data breach, or that we have detected a security incident, we shall conduct a preliminary investigation to determine whether a Personal Data breach has occurred.
8.3. Where we have reason to believe that a Personal Data breach has occurred, which is likely to cause any significant harm to you, we will notify you via email, SMS, direct messaging or postal communication, whichever form of communication that you have provided to[/]PS with, without unnecessary delay.
8.4. In the event direct notification is not practicable or requires a disproportionate effort, we may use alternative means of notification, such as public communication or any similar method that effectively informs you and other affected data subjects of the personal data breach. Such public communication includes the following means:
• 8.4.1. Notification on the official website
• 8.4.2. Notice in printed media
• 8.4.3. Social media posts through our official pages or accounts; or
• 8.4.4. Automated notifications (push notification).
9. Data Protection Officer
9.1. If you have any questions about this Policy or any queries relating to your Personal Data, or you would like to obtain access and/or make corrections to your Personal Data, or in the event that there occurs a breach of your Personal Data in connection with BBW, please contact our Data Protection Officer at:
Name: Brian Yee Hong Keat
Address: Wolf House, 5, Jalan Trompet 33/8 Taman Alam Indah, Seksyen 33, 40400, Shah Alam, Selangor, Malaysia.
Email: dataprotection@bbwbooks.com / dataprotection@bookxcess.com
Tel. No.: +603 5614 4884 / 4994 / 4664
10. Retention of Personal Data
10.1. We will process your personal data for as long as we have a legal basis to do so. Your personal data will be stored only for the period necessary to fulfil the purposes stated above after which we will ensure that your personal data is deleted if it is no longer necessary to store it.
11. Conflict
11.1. In the event of any conflict between this English language Policy and its corresponding Bahasa Malaysia Policy, the terms in this English language Policy shall prevail.
12. Governing Law
12.1. This Policy shall be governed in all respects by the laws of Malaysia. For the avoidance of doubt, the applicable data protection laws will apply to the processing of your Personal Data.