Privacy Policy

We take the confidentiality and security of your personal data very seriously. Our goal is to provide you with personalized services while respecting your privacy and giving you control over your data.

This Privacy Policy is meant to inform you in a clear and concise way about how we process the personal data you provide or that we collect through various channels of interaction (e.g. in store, customer service, our website, social media, digital apps, events). It also explains any potential transfers of your personal data to third parties, as well as your rights and options for controlling your data and protecting your privacy.

Who we are

Our website address is: https://lefreshgrocer.com. We are the data user under the Malaysian Personal Data Protection Act 2010 with regard to the processing of your personal data (hereinafter “PDPA”). 

What data are we collecting about you?

“Personal data” refers to any information that can identify you directly (such as your name) or indirectly (such as a unique client ID number).

The type of personal data we collect depends on the channel of our interaction and is limited to what is relevant and appropriate for that interaction. For example, website visitors who browse our site and view our products, information, and offerings can do so without identifying themselves, and the same applies to in-store and social media browsing. Unless you choose to interact with us through those channels, such as by making a purchase on our site, signing up for one of our programs or services, or posting a comment or like online, our data collection is limited to the use of cookies for website visitors.

For customers and other individuals who sign up for programs or services, we need to collect certain relevant information from you. The information we collect is related to the specific transaction as well as our overall relationship with you. For example, if you make purchases from our website or in our stores, we need to collect information to process (and, if relevant, fulfill and ship) your order. For customers and other individuals who sign up for our programs or services, we generally collect your contact details, contact preferences, and information that will allow us to recommend our products or services to you that may be of interest. We may centralize the information relating to our customers to have it organized in one place, as this helps us manage our relationship with you as well as your choices and preferences.

Depending on the data you provide or share with us, the type of personal data we may collect and process may include information related to:

• Your identity (such as name, age, gender, date of birth, citizenship, nationality, race, identification card/passport details) and your contact details (such as email address, phone number)
• Your interests and personal preferences
• Your purchases (in store or online, including your orders, tracking numbers, and purchase invoices, the amount, and type of your purchase)
• Payment information such as information related to your credit card, debit card, and/or other payment details
• Your online journeys with us (such as when you use our website, official social media pages, partner websites and databases), specifically information gathered about you (such as your profile picture, photos, likes, location, and friend list)
• Your requests or information you have shared with us through our customer service or public relations department (whether in written or verbal form) or provided by you in connection with your interaction with us
• Our events you attend
• Specific health data (such as skin and physical condition) if you notify us of any negative side-effects related to any of our products
• Any such information we deem necessary or appropriate from time to time in connection with your dealings and/or relationships with us
• Publicly available or publicly accessible information
• Regarding your purchases, your bank details are encrypted through our servers. Payments are made through a secure payment platform PCI-DSS certified, supplemented by control measures, to ensure the security of purchases made and to prevent fraud.

The personal data essential to us is indicated by an asterisk on each personal data collection form, and it is mandatory for you to provide us with the requested information. If you do not provide the data marked with an asterisk, this may affect our ability to provide you with the requested products and/or services and our ability to enter into the necessary agreement related to the provision of our products and/or services to you. Other information is optional and allows us to know you better and improve our communication and services to you.

If you do not agree to allow us to process your personal data for marketing purposes, we and/or our selected authorized third parties will be unable to send you information by email, mail, or telecommunication (phone calls, SMS, MMS) about related and unrelated products and services offered by us and our affiliated business partners that we believe may be of interest to you.

We encourage you to keep us informed of any changes to your contact details in writing by contacting us using the information provided in the “Contact Us” section below.

How do we collect and/or recieve your personal data?

As part of our relationships, we may collect certain data through the following channels:

• When you use our website, specifically when you register an account with us, make purchases, or interact with us through our website
• When you visit us at our physical stores
• When you attend our events
• When you engage with or contact our Public Relations Department or Customer Department
• When you fill out and/or complete our forms (in store or online)
• When you use our digital apps
• When you participate in any loyalty program with us
• When you visit our social media pages (including making comments or likes)
• Your social media pages on which you post content or comments
• When you click on digital media advertising relevant to us
• When you click on search engine paid advertising relevant to us
• When you share information with third-party data providers
• When you consent to receiving our communications (through email, telecommunication means such as SMS, MMS, mail, or social media platforms)
• When you participate in and/or answer our surveys or satisfaction questionnaire
• If you disclose any personal data of another individual to us, we will assume without independent verification that you have obtained that individual’s consent for the disclosure and processing of their personal data in accordance with the terms of this policy.

For what purposes are your personal data used by us?

As part of our relationship, we will use the personal data that you have provided to us for a variety of purposes, including but not limited to:

• Managing your orders
• Managing personalized content and communication with us (digital or otherwise)
• Managing your account and profile
• Managing your loyalty program
• Managing requests or complaints that you may send to us via our website, customer service department, or social media pages
• Managing our events that you register for/attend
• Managing alerts that you send to us as part of our cosmetovigilance obligations (if applicable)
• Managing our website and digital apps
• Managing and improving our products and services, image, and reputation
• Managing payments (securing online transactions, preventing fraud, handling payment issues, and collecting debts)
• Managing tailored services (such as your consultations with us)
• Managing your browsing through cookies
• Managing your access to your customer account, processing and tracking your orders, and complying with legal obligations or requirements (e.g. retaining purchase invoices, cosmetovigilance for our products)
• Improving our products and services, preventing fraud, securing our tools, and tailoring our communication
• Using your personal data for marketing purposes and research
• Sending you information about our offers, news, and events
• Fulfilling any purpose directly related to the above purposes

How long do we retain your personal data?

We will not retain personal data for longer than is necessary to fulfill legal obligations. We only keep your personal data for as long as we need it to achieve the purpose it was collected for, meet your needs, or fulfill our legal or business obligations.

As a general rule, your personal data will be retained in our client database:

• If you are a “client” (i.e. you have already purchased a product): for no more than 10 years after your first purchase for customer relationship management, but no more than 5 years for business development; this period will be renewed each time you interact with us (e.g. make a purchase)
• If you are a “prospective client” (i.e. you have never purchased a product but you are interested in the brand): for no more than 3 years; this period will be renewed each time you interact with us (e.g. participate in an event)
• If you are in contact with the Public Relations department: for no more than 10 years after initial contact; this period will be renewed each time you interact with us (e.g. request information from us)

Cookies placed on your computer will be kept for no more than 13 months.

When we no longer need to use your personal data, it is removed from our systems and records or anonymized so that you can no longer be identified from it.

Who may access your personal data?

Your data is used by us to handle your requests. We ensure that only authorized individuals have access to your personal data when necessary for the purposes mentioned above.

We do not share your data with third parties unless you have given us consent to do so or it is legally permitted by law. We may also disclose data about you to third parties in order to comply with legal, regulatory, or industry obligations, or in response to requests from legally competent authorities.

We share your information only when necessary, and if possible in a form that does not allow direct identification, with the following parties:

• Any of our related and associated companies, affiliates, and subsidiaries, including any other entity and any entities within our group of companies
• Our trusted third-party suppliers, including other entities of our group of companies, acting as processors according to our instructions and solely on our behalf. For example, we entrust certain services to third parties in charge of managing food vigilance alerts, third parties who assist us in organizing our events, third parties providing IT services, digital communication, and public relations agencies, third parties who assist us with customer service and logistics services.
• Stores where you purchase our products
• Our trusted third-party partners, vendors, service providers, agents, contractors, and sub-contractors. For example, logistics service providers (including those who assist us in managing your orders), payment service providers, providers securing transactions against fraud, marketing solutions service providers, marketing and commercial prospecting management service providers via social media, customer service providers, event organization service providers, and our auditors, consultants, accountants, lawyers, or other financial or professional advisers. Please note that these partners may act as data controllers; in such cases, they have their own privacy policies.
• Third parties in the event of a change of control, for legal reasons, or with your prior consent.

You may also choose to disclose your personal data to our partners, advertisers, or affiliates by following a link to and from their websites. Please note that these websites have their own privacy policies and that we have no control over how they may use your personal data. If you choose to log in to our website or app using your social media account, you are allowing us to access certain personal data from your social media profile. The data we have access to may vary depending on your privacy settings on the social media platform. It is important to note that the privacy policies of these social media platforms will apply to the data we access. We have no control over how they may use your personal data.

How do we protect your personal data and keep it confidential?

We take appropriate measures to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include implementing physical, electronic, and administrative safeguards as well as requiring our partners and affiliates to do the same. We regularly review and update these measures in order to stay current with new threats and legal requirements. To create an account on our website, you must create a personal password that meets our security standards, which is a requirement of our privacy policy.

How are consumer preferences and individual rights be addressd?

We are committed to protecting the privacy and security of your personal data and respecting your individual rights. In accordance with PDPA, we have put in place measures to address your rights in relation to the personal data we hold about you. This includes:

• The right to be informed: you have the right to clear, transparent, and easily understandable information about how we use your personal data and your rights. You can find this information in our Privacy Policy.
• The right of access: you have the right to know about the data we hold about you or to request a copy of it.
• The right to request correction/rectification: you have the right to have your personal data corrected if it is incorrect or outdated and/or completed if it is incomplete.
• The right to withdraw or limit the processing of your data: you can limit or withdraw your consent to our processing of your data when such processing is based on consent.
• The right to object to direct marketing: you can unsubscribe or opt out of our direct marketing communications at any time by clicking on the “unsubscribe” link in any email or communication we send you. You can also request to receive non-personalized communications about our products and services.

We encourage individuals who have entrusted their data to us to keep it current, such as by updating their email address, address, or phone number, so that we have the correct information on file. We also encourage consumers to update their preferences with us, such as in relation to products and the frequency of contact, so that we can personalize our service to meet their expectations and needs. Finally, we offer individuals the right to withdraw consent from our programs and offerings at any time. To do so, or to exercise any of these other rights, please contact us using the details provided in the section titled “Contact Us” below. For individuals seeking access to their data, we may require authentication to ensure that we are not providing personal data to an unauthorized person. In withdrawing or limiting your consent to the processing of your personal data, the consequences described in the section titled “How do we collect and/or recieve your personal data?” will apply. In order to fulfill your request, we may need to verify your identity and gather more information about your request. We will provide you with more detailed information about the potential consequences of your request based on its specific nature.

Contact Us

If you have any questions or concerns regarding the processing and use of your personal data, or if you wish to exercise any of your rights as described above, please contact us by calling our customer service department at (+60) 18-2733685, sending an email to customercare@lefreshgrocer.com, or using the form on lefreshgrocer.com available at https://lefreshgrocer.com/contact-us.

Information About Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

Infromation About Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Information About Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Information About Embedded Content from Other Websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Modification for this Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in our policies, practices, or the law. If we make any changes to the policy, we will post the updated policy on this page and update the “Effective Date” at the top of the policy. We encourage you to review the policy periodically to stay informed about our collection, use, and sharing of personal data. If we make any material changes to the policy, we will also provide you with a special notice, such as by email or through a notification on our website.

Version updated on 31 Dec 2022