Hand-styled in Kuala Lumpur · 吉隆坡匠心定制 · 巴生谷区配送
Fu Luxe Bloom 福乐丝绽

Data Protection · PDPA Malaysia · 数据保护

Privacy Policy
隐私政策

How Fu Luxe Bloom Enterprise collects, uses, and protects your personal data — in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).

1) Who we are

Business name
Fu Luxe Bloom Enterprise
SSM Registration
202603026429 (CA0416043-D)
Location
Kuala Lumpur, Malaysia
Online shop · Klang Valley delivery

In this Privacy Policy, "we", "us", "our", and "Fu Luxe Bloom" refer to Fu Luxe Bloom Enterprise. "You" and "your" refer to you, the person using our website or services.

2) Personal data we collect

We collect the following categories of personal data when you interact with us:

  • Identity data: Full name, recipient name (if gifting).
  • Contact data: Email address, phone number / WhatsApp, residential or delivery address.
  • Order data: Order details, product preferences, occasion, message card content, special requests, order history.
  • Payment data: Payment is processed by our third-party payment provider (Billplz). We do not store your full card or banking details on our servers — we only see confirmation that payment was successful, the transaction ID, and the amount paid.
  • Technical data: Device information, browser type, IP address, and basic analytics — collected via Cloudflare Web Analytics, which is privacy-respecting and does not use cookies for tracking.
  • Communications data: Messages, enquiries, and feedback you send us via WhatsApp, email, or our enquiry form.

3) How we use your data

We use your personal data only for the following purposes:

  • Order fulfilment — to prepare, customise, and deliver your order.
  • Communication — to confirm orders, send delivery updates, respond to enquiries, and resolve issues via WhatsApp, email, or phone.
  • Payment processing — to process your payment securely through Billplz.
  • Customer support — to handle requests for changes, refunds, or special arrangements.
  • Record-keeping — to maintain order records as required by Malaysian tax and business law.
  • Service improvement — to understand how our website is used and improve it (anonymised analytics only).
  • Marketing (with consent) — to send promotional offers or new collection updates, only if you have explicitly opted in. You can unsubscribe at any time.

4) Legal basis for processing

  • Contract performance. Most data is processed to fulfil your order — the contract you enter when placing an order with us.
  • Legitimate interest. Some data is processed for fraud prevention, business records, and improving our services.
  • Consent. Marketing communications are sent only with your explicit consent, which you may withdraw anytime.
  • Legal obligation. We may process and retain data where required by Malaysian law (e.g., tax records).

5) How we share your data

We do not sell, rent, or trade your personal data. We share data only with these trusted third parties to operate our business:

  • Payment processor: Billplz Sdn Bhd — handles your payment securely.
  • Delivery partners: Local courier services or our own delivery team — receive only the recipient's name, address, phone number, and any delivery instructions.
  • Hosting & infrastructure: Cloudflare (website hosting and analytics) and Google (Gmail email service).
  • Professional advisors: Accountants, lawyers, or auditors — only when strictly necessary and under confidentiality obligations.
  • Authorities: Malaysian regulators or law enforcement — only if legally required (e.g., court order, tax investigation).

All third parties are required to handle your data securely and only for the specific purpose for which it was shared.

6) Data security

  • We use HTTPS encryption across our entire website to protect data in transit.
  • Order data is stored on secure infrastructure (Cloudflare) with access restricted to authorised personnel.
  • Payment information is handled exclusively by Billplz, which is registered with and regulated by Bank Negara Malaysia.
  • We use strong, unique passwords and two-factor authentication on business accounts where available.
  • Despite our best efforts, no system is 100% secure. In the unlikely event of a data breach affecting your data, we will notify you and the Malaysian Personal Data Protection Department as required by law.

7) How long we keep your data

  • Active customer data: Retained while you remain an active customer.
  • Order records: Retained for at least 7 years after the order, in compliance with Malaysian tax and accounting regulations.
  • Marketing consents: Retained until you withdraw consent.
  • Website analytics: Aggregated and anonymised after a short period (typically 6 months).
  • Enquiry & chat logs: Retained for up to 24 months for customer support and dispute resolution purposes.

8) Your rights under PDPA

Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to correct — request that we correct inaccurate or incomplete data.
  • Right to withdraw consent — withdraw any consent you have given, especially for marketing.
  • Right to limit processing — ask us to stop or limit how we use your data, where appropriate.
  • Right to lodge a complaint — with the Malaysian Personal Data Protection Department (JPDP) if you believe we have mishandled your data.

To exercise any of these rights, please email fuluxebloom2026@gmail.com with your request. We will respond within 21 working days, as required by law.

9) Cookies & tracking

  • Our website uses minimal essential cookies to enable shopping cart functionality (the cart is stored in your browser's local storage, not on our servers).
  • We use Cloudflare Web Analytics, which is a privacy-respecting analytics service that does not use cookies for cross-site tracking and does not collect personal information.
  • We do not use Google Analytics, Facebook Pixel, or any other third-party advertising tracking.
  • You can clear your browser's local storage at any time to remove cart data.

10) International transfers

  • Some of our service providers (Cloudflare, Google, Billplz) may store or process data on servers located outside Malaysia.
  • We only use providers that offer adequate data protection standards equivalent to Malaysian PDPA requirements.
  • By using our services, you consent to such transfers where necessary for the operation of our business.

11) Children's privacy

  • Our services are intended for adults aged 18 and above.
  • We do not knowingly collect personal data from children under 18.
  • If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

12) Marketing & social media

  • We may post photos of completed orders on our social media or website for marketing purposes — but only those that do not show personal information of recipients (no names, addresses, or identifying details).
  • If you tag us in your social posts, we may repost with credit to you. You can request removal at any time.
  • We will never share your messages, names, or order details publicly without your explicit permission.

13) Changes to this policy

  • We may update this Privacy Policy from time to time. The "last updated" date below shows when it was last revised.
  • For material changes affecting how we use your data, we will notify you via email or a prominent notice on our website before the changes take effect.

14) How to contact us

For privacy questions, data access requests, or complaints, please contact us:

For postal correspondence, please email us first to request our service address.

You may also lodge a complaint with the Malaysian Personal Data Protection Department (JPDP) at www.pdp.gov.my.

Last updated: