This website is operated by Bella Notion Sdn Bhd and their respective affiliates and/or related entities (collectively “Bella Notion ”, “us”, “we”, “our”), a retailer of BONOTOX branded skin care products (the “Product).
What Personal Data do we collect and process?
When you visit the Website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device.
As you browse through the Website, we also collect information about the individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website. We refer to this automatically-collected information as “Device Information.”
Additionally, when you make a purchase or attempt to make a purchase through the Website, or apply for a membership or account with our BONOTOX Beauty Treats Program (“BBT”), or access your existing BBT membership through the Site, we collect certain information from you, such as your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Order Information.”
“Personal Data” in this Private Policy refers to both Device Information and Order Information.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags” and “pixels” are electronic files used to record information about how you browse through the Website.
We may also collect Personal Data from you through various means, including but not limited to instances when you:
- Provide your Personal Data through our Site for the purpose of registering for and creating an account;
- Apply for a membership or account with our Loyalty Program or access your existing membership through the Site;
- Participate in a promotion or other website features;
- Request for a product or services information or to receive any marketing, promotional or other types of communications;
- Provide your ratings and review of products as a customer;
- Make purchases through our Site;
- Make enquiries or comments through our Customer Department through email@example.com
You have no obligation to provide any of the Personal Data requested by us. However, depending on circumstances, it may be the case that if you do not provide the requested Personal Data, we may not be able to provide you with certain products and services, or transact with you, that depend on the collection, use or disclosure of your Personal Data.
Collection of Order Information
Our store is hosted on Shopify Inc., which provides us with the online e-commerce platform that allows us to sell you our products and services. Consequently, your data is stored through Shopify’s data storage, databases and the general Shopify application, on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data after encrypting it through the Payment Card Industry Data Security Standard (PCI-DSS). In fact, all direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. So, PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Your purchase transaction data is only stored as long as necessary to complete your purchase transaction, and then it is deleted.
We do not and do not intend to, transact through the Site directly with anyone we know to be under the age of 18. If you are under the age of 18, you should use the Site only with the involvement of a parent or guardian and should not submit any Personal Data to us. By providing any Personal Data to us, you declare that you are over the age of 18.
Provision Of Third Party Personal Data By You
Should you provide BELLA NOTION with Personal Data of individual(s) other than yourself, you represent and warrant to BELLA NOTION and you hereby confirm that :prior to disclosing such Personal Data to us, you would have and had obtained consent from the individuals whose Personal Data are being disclosed to us, to:
- permit you to disclose the individuals’ Personal Data to BELLA NOTION for the Purposes; and
- permit BELLA NOTION to collect, use, disclose and/or process the individuals’ Personal Data for the Purposes, as set out in paragraph 3 above;
any Personal Data of individuals that you disclose to us is accurate; and you are validly acting on behalf of such individuals and that you have the authority of such individuals to provide their Personal Data to BELLA NOTION and for BELLA NOTION to collect, use, disclose and process such Personal Data for the Purposes.
How is your Personal Data used?
We use the Order Information that we collect generally to fulfil any orders placed through the Website (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud;
- Process Loyalty program related information or enquiry; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services, as well as other information which may be of interest to you.
We may send this information by mail, email, on or via social media or other online channels (including by customising online content advertised or displayed on our websites or social media channels).
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Website (for example, by generating analytics about how our customers browse and interact with the Website, and to assess the success of our marketing and advertising campaigns).
Our Site contains areas where you can submit information to us (such as our registration service), and we also have features (such as cookies and performance tracking technology) that automatically collect information from the visitors to our Site. During the registration process, you must provide us with a password, your name, address and a valid email address, etc. It is your responsibility to keep your password strictly confidential.
Request For Access And/ Or Correction Of Personal Data
You may request to access and/or correct your Personal Data currently in our possession or control by submitting a written request to us. We will need enough information from you in order to ascertain your identity as well as the nature of your request, to deal with your request. Please submit your written request to firstname.lastname@example.org
For a request to correct Personal Data, once we have sufficient information from you to deal with the request, we will deal with your request in compliance with the PDPA, including correct your Personal Data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of Personal Data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request.
We may also charge you a reasonable fee for the handling and processing of your requests to access your Personal Data. If so, we will provide you with a written estimate of the fee. Please note that we are not required to respond to or deal with your access request unless you have agreed to pay the fee.
How do we protect your Personal Data?
We take reasonable steps to ensure that your Personal Data is protected from unauthorised access, loss, misuse, disclosure or alteration, both online and offline.
Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure. and we cannot guarantee the security of your data transmitted to any of our websites; any transmission is at your own risk. However we will endeavour to take all reasonable steps to protect the Personal Data you may transmit to us. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Access to and use of Personal Data within our organization is limited by us to prevent misuse or unlawful disclosure of that Personal Data by others. Our employees, contractors and service providers are obliged to respect the confidentiality of any Personal Data held by us.
Do we hold your Personal Data forever?
We will destroy or anonymize your Personal Data as soon as we can reasonably assume that the purpose for which the information was collected is no longer served by its retention, and retention is no longer necessary for legal or business purposes.
Do we share your Personal Data?
We do not sell, rent, lease, or release your Personal Data to third-parties.
We may contract with third-party service providers to assist us in better understanding our Website visitors. However, these service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business. For example, we use Shopify to run our online store - you can read more about how Shopify uses your Personal Data here: https://www.shopify.com/legal/privacy.
We also use Google Analytics to help us understand how our customers use the Website -you can read more about how Google uses your Personal Data here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
If you intend to participate in any promotions, competitions, sweepstakes, surveys, questionnaires or other events proposed on the Website, please note that the rules or terms and conditions for those events may indicate that your Personal Data will be shared with third parties. By choosing to participate and submitting your Personal Data in that manner, you consent to disclose your Personal Data to such third parties.
We may also share your Personal Data to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Where your consent has been provided, the Personal Data you provide us may be transferred to third parties as may be advised to you, either within or outside Malaysia, as may be necessary for any of the purposes stated above. We will comply with our obligations under the PDPA in relation to such transfer, or processing for as long as the data remains within our possession or control.
Finally, if our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell you our products.
As described above, we use your Personal Data to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
Your right of access to, updating and opting-out
Subject to the exceptions referred to in section 21(2) of PDPA, you have the right to request a copy of the information that we hold about you. You may exercise this right by contacting us at email@example.com.
We want to ensure that your Personal Data is accurate and up to date. If any of the information that you have provided to us changes, for example if you change your email address, name or contact number, please let us know the correct details by sending an email to firstname.lastname@example.org
Additionally, you have the right to ask us not to collect, use, process, or disclose your Personal Data in any of the manner described herein. For that, you can give us notice of your intention at any time by contacting us at email@example.com .You can also opt out of some of our services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/. Please note that this may affect or remove our ability to provide you with certain or all the services.
Do Not Track
Please note that we do not alter our Website’s data collection and use practices when we see a Do Not Track signal from your browser.
Third-party links to other websites
Problems, queries or complaints
You may also contact us at the details above if you have a complaint about how we have handled your Personal Data. We will investigate your complaint and will use reasonable endeavours to respond to you in writing as soon as possible.
For the avoidance of doubt, in the event that Singapore Personal Data protection law permits an organisation such as us to collect, use or disclose your Personal Data without your consent, such permission granted by the law shall continue to apply.