top of page
image_2a7b792 (1).png

PRIVACY POLICY

Home / Privacy Policy

Privacy Policy

AquaJoy Privacy Policy (Malaysia)

Effective date: 8 January 2025

 

1. Introduction

AquaJoy (“we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you purchase or use AquaJoy drinking water products and services (the “Services”), visit our websites, interact with our customer support, or otherwise engage with AquaJoy in Malaysia or from Malaysia. By using the Services, you consent to the collection, use, and disclosure of your information as described in this Policy.

 

2. Scope

This Policy applies to:

Personal data collected by AquaJoy through our websites, mobile apps, customer portals, subscription services, vending/dispenser devices, and other digital or physical services in Malaysia. Information we obtain from third parties in connection with the Services (where permissible). All AquaJoy customers, partners, employees, contractors, and visitors in Malaysia, unless otherwisestated.

 

3. What Information We Collect

We may collect the following categories of information:

A. Information you provide

  • Identity and contact: name, Malaysian postal address, email address, phone number, and government-issued identifiers if applicable.

  • Account and service data: account username, login credentials (encrypted), subscription details, delivery preferences, and billing information.

  • Payment information: card numbers or other payment instrument details, billing address, and transaction history (processed by our payment processors in compliance with applicable standards).

  • Health, safety, and usage data: information related to water quality preferences, feedback, complaints, service tickets, and usage of AquaJoy devices or appliances.

  • Communications: messages you send to us (emails, chat transcripts, customer support interactions).

 

B. Information collected automatically

  • Device and usage data: IP address, device type, operating system, browser type, language, time zone, pages viewed, interactions with our digital services, and referral sources.

  • Analytics and performance data: service performance metrics, error reports, and crash logs for AquaJoy apps or devices.

  • Location data: approximate location derived from device settings or delivery location (where you have provided consent or where allowed by law).

 

C. Information from third parties

  • Service providers, delivery partners, payment processors, and business partners may provide information about you.

  • Public sources and social media (where you have connected accounts and granted consent).

 

4. How We Use Your Information

We use your information to:

  • Deliver, operate, maintain, and improve the Services and AquaJoy drinking water products (e.g., water quality monitoring, device maintenance, delivery scheduling).

  • Create and manage your AquaJoy account(s) and profiles.

  • Process payments and manage billing; coordinate deliveries and service visits.

  • Communicate with you (order confirmations, service notices, safety alerts, support responses, and marketing communications if you opt in).

  • Personalize your experience and tailor recommendations or promotions.

  • Analyze usage, performance, and safety data to improve quality, reliability, and compliance.

  • Detect, prevent, and respond to fraud, abuse, and security incidents.

  • Comply with legal obligations and resolve disputes.

  • Administer surveys, feedback requests, and customer support interactions.

 

5. Legal Bases for Processing (Malaysia)

Under the PDPA and applicable laws in Malaysia, we rely on:

  • Legitimate interests: for service delivery, safety, quality assurance, analytics, and improvements (balanced against your rights).

  • Consent: where required for marketing communications or certain processing activities (explicit consent where applicable).

  • Compliance with legal obligations: to comply with laws and regulatory requirements.

  • Contractual necessity: to provide and manage the Services and obligations under our agreements.

 

6. How We Share Your Information

We may share your information with:

 

  • Service providers and contractors: for hosting, payments, analytics, customer support, delivery, device maintenance, and related services.

  • Affiliates and corporate entities: for operations and service delivery.

  • Business transfers: in connection with mergers, acquisitions, or asset sales; we will provide notice if applicable.

  • Legal disclosures: as required by law, to protect AquaJoy, customers, or the public, or to respond to lawful requests.

  • With your consent: to share information with third parties you authorize.

  • Subprocessors: where applicable, we will enter into data processing agreements with subprocessors and disclose categories of subprocessors upon request.

 

7. International Transfers

Your information may be transferred to and stored in servers located outside Malaysia. When transferring personal data out of Malaysia, we will rely on lawful transfer mechanisms, and implement safeguards appropriate under PDPA and applicable regulations (e.g., contract protections, security measures, and data processing agreements).

 

8. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and service use. When data is no longer needed, we securely delete or anonymize it, subject to legal and operational requirements.

 

9. Security

We implement reasonable security controls to protect your data, including technical measures (encryption, access controls, secure storage), administrative measures (policies, training, incident response), and physical safeguards for premises and devices. While no system is completely secure, we apply commercially reasonable measures to protect data.

 

10. Your Choices and Rights (Malaysia)

  • Access and correction: you may request access to and correction of your Personal Data.

  • Deletion: you may request deletion of Personal Data, subject to legal and operational requirements.

  • Restriction and objection: you may restrict or object to certain processing.

  • Data portability: you may request a portable copy of your Personal Data where feasible.

  • Withdrawing consent: if processing is based on consent, you may withdraw consent at any time (without affecting lawfulness of prior processing).

  • Marketing communications: opt out of marketing communications via unsubscribe options or account settings.

 

  • Do Not Track: there is no universal mechanism for Do Not Track in Malaysia; we respond to browser/device privacy controls as applicable. To exercise these rights, please contact us using the details in the “Contact Us” section.

 

11. Cookies and Tracking Technologies

  • We use cookies and similar technologies to operate, analyze, and improve the Services, personalize content, and deliver targeted advertising where applicable.

  • You can manage cookie preferences through your browser settings or our cookie banner (if available). Note that disabling cookies may affect functionality.

  • We may use analytics tools that collect data about your device and interactions.

 

12. Children’s Privacy

The Services are not intended for children under 18 in Malaysia, or as required by local law. We do not knowingly collect Personal Data from children. If you become aware that a child has provided us with Personal Data, please contact us to delete it.

 

13. Your Rights under PDPA (Notice and Choice)

  • Notice: we provide clear information about data collection and purposes at or before data collection.

  • Choice: you may choose how we contact you and what data we collect for certain purposes.

  • Access, Correction, and Data Accuracy: we provide access and correction rights, and we aim to keep Personal Data accurate.

  • Processing Limitation: we may limit processing in certain circumstances.

  • Data Security: we implement security measures appropriate to the data.

  • Data Retention: we retain data per policy and legal requirements.

  • Where legally applicable, you may lodge complaints with the Malaysian Personal Data Protection Commissioner (PDPC).

 

14. Your Choices Regarding Direct Marketing

If you have opted in to marketing communications, you may opt out at any time via unsubscribe options in emails, account preferences, or by contacting us.

 

15. Data Security Incident Notification

In the event of a data breach or security incident affecting your Personal Data, we will notify affected individuals and relevant authorities as required by law and our obligations, and take steps to contain and remediate the incident.

 

16. Third-Party Links and Services

Our Services may contain links to third-party websites or services. We are not responsible for their privacy practices. Review their privacy policies before sharing information.

 

17. Do Not Track

There is no standard Do Not Track mechanism in Malaysia; you can manage tracking through browser and device settings and by opting out of cookies as applicable.

 

18. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes and obtain consent where required by law. The “Effective date” at the top shows the last update.

 

19. How to Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, please

contact us at:

Email: info@aquajoy.ai

Address: AquaJoy Enterprise, VO-832, Common Ground Damansara Heights, Penthouse 16-1, Level 16, Wisma UOA Damansara II, No. 6 Changkat Semantan, Damansara Heights, 50490 Kuala Lumpur

Phone: +60 19 230 3183

 

Please replace placeholders with AquaJoy’s actual details.

 

Practical notes for Malaysia compliance and implementation

  • PDPA alignment: Ensure you have a clear consent mechanism for marketing; maintain a data inventory and purpose limitation mapping.

  • Data Protection Officer (DPO): Malaysia does not require a PDPO formal appointment for all, but appointing a privacy officer or designated person is best practice for governance and PDPC inquiries.

  • Subprocessors and data flows: maintain a written data processing agreement with subprocessors; provide a short list of subprocessors or a link to a full list.

  • Data transfers: if transferring data overseas, assess adequacy or implement appropriate safeguards per PDPA guidance, including contract protections and security measures.

  • Data retention: specify retention periods for water delivery data, device usage logs, and billing information, aligned with business and regulatory needs.

image.png
bottom of page