Privacy Policy

BarberPro Technologies Sdn. Bhd. (Company No. [SSM Registration No. to be inserted]) ("BarberPro", "we", "us", or "our"), with its principal place of business at Level 12, Menara XYZ, Jalan Ampang, 50450 Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, Malaysia, is the Data User (as defined under the Personal Data Protection Act 2010 of Malaysia, "PDPA") of the personal data processed in connection with the BarberPro.my platform and related services (the "Service").

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data in accordance with the PDPA and other applicable Malaysian laws. It applies to: (a) visitors to our website (https://barberpro.my); (b) subscribers and users of the Service; and (c) individuals whose personal data is processed through the Service.

We are committed to complying with all seven principles of the PDPA: General, Notice and Choice, Disclosure, Security, Retention, Data Integrity, and Access. This Policy explains how we give effect to each of these principles.

We collect personal data in the following categories:

(A) Identity and Contact Data: Full name, email address, telephone number (including WhatsApp), business name, job title, and billing address.

(B) Account Data: Username, password (stored in hashed and salted form and never in plaintext), account preferences, and subscription details.

(C) Business and Transaction Data: Payment method details (processed by third-party payment processors; we do not store full card numbers), transaction history, subscription tier, and billing records.

(D) Usage Data: Log files, IP addresses, browser type and version, device information, pages visited, time and date of visits, referring URLs, and other diagnostic data generated by your use of the Service.

(E) Your Customers' and Employees' Data: When you use the Service to manage your barber shop, you may input personal data of your customers (e.g. name, phone number, visit history, preferences) and employees (e.g. name, IC number, bank account details for payroll). For this data, you are the Data User and we are the Data Processor. Please see Section 10 for further details.

(F) Communication Data: Records of communications you send us via email, WhatsApp, or the contact form, including the content of those communications.

We do not knowingly collect sensitive personal data (as defined under the PDPA, including data relating to racial or ethnic origin, political opinions, religious beliefs, health, or criminal records) unless strictly necessary and with your explicit consent.

We collect personal data through the following means:

(A) Directly from you: When you register an account, subscribe to the Service, contact us, fill in a form on our website, or participate in surveys or promotions.

(B) Automatically: Through cookies, web beacons, and similar tracking technologies when you visit our website or use the Service. See Section 9 for our Cookie Policy.

(C) From third parties: From payment processors (e.g., Stripe, iPay88, Billplz), social media platforms if you sign up using a social account, or from referral partners with your consent.

We collect and process your personal data for the following purposes:

(A) Provision of the Service: To create and manage your account, process payments, provide customer support, and deliver the features of the Service.

(B) Contract Performance: To fulfil our obligations under our Terms of Service and any agreement with you.

(C) Billing and Payments: To process subscription fees, issue invoices, and manage payment disputes.

(D) Service Improvement and Analytics: To analyse usage patterns, monitor performance, fix bugs, and develop new features. Where possible, this is done using anonymised or aggregated data.

(E) Direct Marketing and Communications: With your consent, to send you updates about new features, promotions, and news about BarberPro.my. You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email or by contacting us at privacy@barberpro.my.

(F) Legal and Regulatory Compliance: To comply with our obligations under Malaysian law, including tax laws (Income Tax Act 1967, Goods and Services Tax Act 2014, Service Tax Act 2018), anti-money laundering regulations, and court orders.

(G) Security and Fraud Prevention: To monitor for suspicious activity, detect and prevent fraud, and protect the integrity of the Service.

By providing your personal data, you consent to its processing for the purposes listed above. Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

We do not sell, rent, or trade your personal data to third parties. We may disclose your personal data only in the following circumstances:

(A) Service Providers (Data Processors): We engage trusted third-party vendors who process data on our behalf to provide the Service, including cloud hosting providers (e.g., Supabase, Vercel), payment processors, email delivery services, and customer support tools. All such providers are contractually bound to process your data only on our instructions and to maintain appropriate security measures.

(B) Legal Obligations: We may disclose your data to government authorities, law enforcement agencies, or courts when required to do so by Malaysian law, court order, or lawful government direction.

(C) Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of BarberPro.my's assets, your personal data may be transferred to the successor entity, subject to the same privacy protections.

(D) With Your Consent: For any other purpose with your explicit prior consent.

We take reasonable steps to ensure that any third party to whom we disclose your personal data provides an adequate level of data protection consistent with this Policy and the PDPA.

BarberPro.my implements industry-standard technical and organisational security measures to protect your personal data against unauthorised access, use, disclosure, alteration, or destruction. These measures include:

(A) Encryption: All data is encrypted in transit using TLS 1.2 or higher. Sensitive data at rest (including passwords and financial information) is encrypted using AES-256 or equivalent standards.

(B) Access Controls: Access to personal data is restricted to authorised personnel on a need-to-know basis. All staff with access to personal data are required to comply with strict confidentiality obligations.

(C) Security Monitoring: We employ automated systems to detect and respond to security incidents, including intrusion detection systems and regular vulnerability scanning.

(D) Regular Audits: We conduct periodic security reviews and penetration testing of our infrastructure.

Despite these measures, no method of transmission over the internet or method of electronic storage is 100% secure. In the event of a personal data breach that is likely to affect your rights and freedoms, we will notify you and the relevant Malaysian authorities in accordance with our obligations under the PDPA and applicable regulations.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by Malaysian law.

(A) Account Data: Retained for the duration of your subscription and for 90 days after account cancellation or termination, after which it will be permanently deleted or anonymised.

(B) Transaction and Financial Records: Retained for a minimum of 7 years as required under Malaysian tax and accounting regulations (Income Tax Act 1967).

(C) Communications: Retained for up to 3 years for dispute resolution and legal purposes.

(D) Usage Logs: Retained for up to 12 months for security and performance monitoring purposes.

You may request early deletion of your personal data (subject to our legal retention obligations) by contacting us at privacy@barberpro.my.

As a data subject under the Personal Data Protection Act 2010, you have the following rights:

(A) Right of Access: You have the right to request a copy of the personal data we hold about you, and to verify that it is being processed lawfully. We will respond to access requests within 21 days of receipt. We may charge a reasonable fee for this service.

(B) Right of Correction: You have the right to request that we correct any inaccurate, incomplete, or outdated personal data we hold about you. We will investigate and make corrections as appropriate within 21 days.

(C) Right to Withdraw Consent: Where we process your data on the basis of consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing prior to withdrawal.

(D) Right to Limit Processing: You may request that we limit the processing of your personal data for direct marketing purposes at any time by contacting us or using the unsubscribe link in any marketing email.

(E) Right to Data Portability: You may request an export of your personal data and Your Customers' Data in a machine-readable format (CSV or JSON).

To exercise any of these rights, please submit a written request to: privacy@barberpro.my. We may need to verify your identity before processing your request. We will not charge a fee for processing a right of access request unless it is manifestly unfounded or excessive.

Our website and Service use cookies and similar tracking technologies to enhance your experience, remember your preferences, and collect usage analytics.

(A) Essential Cookies: Required for the Service to function correctly (e.g., session authentication, security). These cannot be disabled.

(B) Analytics Cookies: Used to collect anonymous, aggregated data about how visitors use our website. We use this to improve our content and services.

(C) Marketing Cookies: Used to track visitors across websites to display relevant advertisements. These are only used with your consent.

You may control cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service. On your first visit, we will request your consent for non-essential cookies in compliance with applicable laws.

When you use the Service to manage your customers' and employees' personal data (e.g., customer visit history, employee payroll data), you act as the Data User and we act as the Data Processor under the PDPA.

In this capacity: (a) we only process that data on your documented instructions; (b) we do not use that data for any purpose other than providing the Service to you; (c) we implement appropriate security measures as described in Section 6; and (d) we will assist you in fulfilling your obligations as a Data User, including responding to requests from data subjects.

You are responsible for: (a) ensuring you have a lawful basis to collect and process your customers' and employees' personal data; (b) informing your customers and employees about how their data is being processed; (c) ensuring the data is accurate and kept up to date; and (d) complying with all applicable provisions of the PDPA in your capacity as Data User.

The Service is hosted on cloud infrastructure that may be located outside of Malaysia, including in Singapore and the United States. By using the Service, you consent to the transfer of your personal data to these jurisdictions.

Where we transfer data outside Malaysia, we ensure adequate safeguards are in place, including contractual clauses that provide protections equivalent to those required under the PDPA. We only use service providers that maintain strong data protection standards.

The Service is intended for use by businesses and is not directed at children under the age of 18. We do not knowingly collect personal data from individuals under 18.

If you believe we have inadvertently collected personal data from a person under 18, please contact us at privacy@barberpro.my and we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the Service. When we make material changes, we will notify you by email or by posting a prominent notice within the Service at least 14 days before the changes take effect.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Policy periodically.

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Data Protection Officer BarberPro Technologies Sdn. Bhd. Level 12, Menara XYZ, Jalan Ampang, 50450 Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, Malaysia Email: dpo@barberpro.my

For general privacy enquiries: privacy@barberpro.my

If you believe your rights under the PDPA have been violated and you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia at www.pdp.gov.my.