🌍 BNOVA WORLDWIDE SDN BHD
ADVANCED PRIVACY POLICY (GDPR-READY VERSION)
⸻
1. INTRODUCTION
This Privacy Policy explains how BNOVA WORLDWIDE SDN BHD (“Company”, “we”, “us”, “our”) collects, processes, and protects your personal data.
This Policy complies with:
* General Data Protection Regulation (GDPR) principles
* Personal Data Protection laws (PDPA equivalent)
* Global data protection standards
⸻
2. DATA CONTROLLER
The data controller responsible for your personal data is:
BNOVA WORLDWIDE SDN BHD
⸻
3. PERSONAL DATA WE COLLECT
3.1 Identity Data
* Full name
* Identification number (where required)
3.2 Contact Data
* Phone number
* Email address
* Address
3.3 Transaction Data
* Purchase history
* Payment records
* Wallet & Reward Unit (RU) activity
3.4 Technical Data
* IP address
* Device type
* Browser information
* Login activity
⸻
4. LEGAL BASIS FOR PROCESSING (GDPR CORE)
We process your data based on:
* Contractual necessity (to provide services)
* Legal obligations
* Legitimate interests (fraud prevention, security)
* User consent (where applicable)
⸻
5. PURPOSE OF DATA PROCESSING
Your data is used for:
* Account management
* Payment processing
* Product delivery
* Reward system operation
* Fraud detection & prevention
* Customer support
* Compliance with laws
⸻
6. DATA SHARING
We may share data with:
* Payment processors
* Logistics providers
* IT service providers
* Legal authorities (if required)
We do NOT sell personal data.
⸻
7. INTERNATIONAL DATA TRANSFER
Your data may be transferred outside your country.
We ensure:
* Adequate protection measures
* Secure data handling standards
⸻
8. DATA RETENTION
We retain your data:
* As long as necessary for service provision
* As required by law
Data may be deleted upon valid request.
⸻
9. YOUR RIGHTS (GDPR RIGHTS)
You have the right to:
* Access your data
* Correct inaccurate data
* Request deletion (“Right to be forgotten”)
* Restrict processing
* Object to processing
* Data portability
Requests must be submitted via official BNOVA channels.
⸻
10. DATA SECURITY
We implement:
* Encryption
* Secure servers
* Access control systems
However, users must protect their own login credentials.
⸻
11. BREACH NOTIFICATION
In case of a data breach:
* BNOVA will take immediate action
* Users will be notified where required by law
⸻
12. AUTOMATED DECISION-MAKING
BNOVA may use automated systems for:
* Fraud detection
* Reward system processing
These do not constitute legal or financial decision-making.
⸻
13. CHILDREN POLICY
Services are not intended for users under 18.
We do not knowingly collect data from minors.
⸻
14. POLICY UPDATES
We may update this policy at any time.
Continued use = acceptance.
⸻
15. USER CONSENT
“I confirm that I have read and understood BNOVA’s Privacy Policy and consent to the processing of my personal data.”
⸻
⸻
🍪 COOKIE POLICY (SEPARATE – MUST HAVE FOR COMPLIANCE)
BNOVA COOKIE POLICY
⸻
1. WHAT ARE COOKIES
Cookies are small text files stored on your device to improve user experience.
⸻
2. TYPES OF COOKIES USED
* Essential cookies (system operation)
* Performance cookies (analytics)
* Functional cookies (user preferences)
⸻
3. PURPOSE
Cookies help to:
* Maintain login sessions
* Improve platform performance
* Analyze usage
⸻
4. USER CONTROL
Users can:
* Accept or reject cookies
* Disable cookies via browser settings
⸻
5. CONSENT
By using BNOVA, you consent to cookie usage.
⸻
⸻
📄 DATA PROCESSING AGREEMENT (DPA – B2B / PARTNERS)
⸻
1. PURPOSE
This DPA governs data processing between:
* BNOVA (Data Controller)
* Service Providers (Data Processors)
⸻
2. PROCESSOR OBLIGATIONS
Processors must:
* Process data only as instructed
* Maintain confidentiality
* Implement security measures
⸻
3. DATA SECURITY
Processors must ensure:
* Encryption
* Access control
* Secure storage
⸻
4. SUB-PROCESSORS
Processors must not appoint sub-processors without approval.
⸻
5. DATA BREACH
Processors must notify BNOVA immediately upon breach.
⸻
6. TERMINATION
Upon termination:
* All data must be deleted or returned