-
Your shopping cart is empty!
1. Our Commitment
We value the trust that you place in us. We are committed to
protecting your privacy and will take all reasonable precautions to protect
your personal data from misuse and keeping it secure by complying with all
applicable data protection laws and regulations. This Privacy Policy aims to
help you understand what personal data we collect, how we use and protect your
data, and provide you with information on your rights and choices.
2. What Types of Personal Data We Collect
The types of personal data we collect may include but not
limited to:
a. your title, name, gender, telephone number, email
address, home, mailing, billing, delivery address or other contact information,
your day and month of birth, your payment or credit card information, username
and password, and other personal data you voluntarily provide to us; and
b. IP address, real-time geographic location data, browser
settings, browsing records, referring websites, and other internet log on
information of your computer, mobile, or other electronic/communication
devices.
3. How We Collect Personal Data
We may obtain personal information about you in a number of
ways, such as:
a. when you shop at our online or physical stores;
b. when you participate in our events or promotions;
c. when you apply for or use our membership card or
participate in any of our loyalty or promotion programs;
d. when you register an account with us;
e. when you participate in any surveys or marketing
campaigns;
f. when you login to visit our websites, use our mobile applications
or view any of our social media pages;
g. when you use the wifi service at our stores or events;
h. when you contact us whether in person, by phone, by email
or via any social media platforms, to make enquires or provide information;
i. when verifying your identity; and
j. when you subscribe to our marketing or promotional
materials.
You are not required to provide the personal information
that we request, but we may not be able to provide you with our products,
services or benefits or you may not be able to login to our platforms or use
certain features without such information.
You have the right to request access to the personal
information we have about you, and to request us to make correction of, update
or delete the information. If you live in the EU, you have certain additional
rights to your personal information. Please refer to “Your Rights as a Data
Subject” in paragraph 11 below.
4. Purposes of Collection
Your personal data may be used for one or more of the
following purposes (“Purposes”):
a. communicating with you;
b. verifying your identity and any accounts you have with
us;
c. administering any loyalty or other marketing, promotional
or corporate programs that we are involved in, including providing you with the
benefits that you are entitled;
d. processing your orders for products and services you
place with us (such as maintaining your shopping cart, attending to billing,
payments, refunds and delivery arrangements);
e. handling and responding to your inquiries, suggestions or
complaints;
f. conducting customer surveys or organizing events for
customers;
g. providing you with customer service;
h. conducting analysis to help us better understand our
customers and to improve our services and products;
i. customising the information displayed on our shopping
websites/apps and social networking/media platforms to create better customers
experience;
j. designing targeted promotional offers;
k. conducting advertising activities, including targeted
advertising;
l. conducting direct marketing activities;
m. fulfilling our obligation to maintain records of
processing activities;
n. meeting legal, regulatory or compliance requirements,
dealing with enquires from law enforcement or regulatory bodies or for the
purpose of obtaining legal advice; and
o. any other purposes directly related to any of the above
purposes.
We only collect personal data we actually need for or
directly related to our specific Purposes. If we intend to use the personal
information for purposes other than the above, we will seek your consent prior
to using your personal data.
5. Direct marketing
We intend to use your personal information for direct
marketing which will include the marketing and promotion of all products and
services offered by the Sa Sa Group (comprising all companies wholly-owned by
Sa Sa International Holdings Limited which are engaged in the sale of cosmetic
and beauty-related products/services). We will not provide your personal
information to third parties for use in their direct marketing activities.
You may withdraw your consent for us to use your personal
information in our direct marketing activities by indicating your preference
where appropriate or request us to change your preference (without any fees),
at any time by contacting our representative listed in the “Contact Us” section
below. For direct marketing sent by emails, you may also unsubscribe with the
link provided at the bottom of our emails.
For customers in Hong Kong and Singapore, we will not use
your personal information for the purpose of direct marketing without your
consent. We will use your personal information such as name, mobile phone
number, email address and/or residential address to inform you of our new
beauty products and/or latest promotional and marketing events.
For customers in Singapore and Malaysia, we are able to use
your personal data to the extent it is required for the provision of products
or services to you. You consent to the processing of your personal data in
accordance with this Privacy Policy. Should you provide your consent for the
use of your personal data for advertising or direct marketing purposes, we will
continue to send you such advertising and direct marketing materials until you
withdraw your consent.
For customers in the EU, we rely on our legitimate interests
as the legal basis to send you direct marketing materials unless you object to
our use of your personal information in directly marketing. You have the right
to opt-out of our direct marketing activities at any time. You can do this by:
(a) contacting our representative listed in the “Contact Us” section below; or
(b) in the case of emails, by clicking the unsubscribe link at the bottom of
the emails. Your withdrawal will be properly documented and withdrawal will not
affect the lawfulness of processing before the withdrawal.
6. How We Will Use Your Personal Data
We will process (including without limitation collect,
store, hold, use, transfer and disclose) the information you provide in a
manner compatible with the required laws and regulations. We will endeavour to
keep your information secured, accurate and up to date, and not keep it for
longer than is necessary.
7. Our Legal Basis for Processing Personal Data for
Customers in the EU
There are a number of different ways that we are lawfully
able to process your personal data. We have set these out below:
Where using your data is in our legitimate interests
We are allowed to use your personal data where it is in our
interests to do so, and those interests are not outweighed by any potential
prejudice to you.
We believe that our use of your personal data is within a
number of our legitimate interests, including but not limited to:
• conducting business by providing services to you,
including verifying your identity and any accounts you have with us;
administering any loyalty or other marketing activities, processing your orders
for products and maintaining your shopping cart, attending to billing,
payments, refunds and delivery arrangements; handling and responding to your
inquiries, suggestions or complaints; conducting analysis and for other
Purposes, providing you with direct marketing communication as you can
reasonably expect at the time and in the context of collection of your personal
information that processing for direct marketing purpose may take place;
• to help us satisfy our legal obligations (for example, in
relation to prevention of money laundering and anti-terrorism);
• to help us understand our customers better and provide
better, more relevant services to them;
• to ensure that our service runs smoothly;
• to help us keep our systems secure and prevent
unauthorised access or cyber-attacks; and
• to drive commercial value for the benefit of our
shareholders.
We do not think that any of the activities set out in this
Privacy Policy will prejudice you in any way. However, you do have the right to
object to our processing your personal data on this basis.
Where you give us your consent to use your personal data
We are allowed to use your data where you have specifically
consented. In order for your consent to be valid:
• It has to be given freely, without us putting you under
any type of pressure;
• You have to know what you are consenting to – so we will
make sure we give you enough information;
• You should only be asked to consent to one thing at a time
– we therefore avoid "bundling" consents together so that you do not
know exactly what you are agreeing to; and
• You need to take positive and affirmative action in giving
us your consent – we are likely to provide a tick box for you to check so that
this requirement is met in a clear and unambiguous fashion.
You have the right to withdraw your consent at any time. We
have set out details regarding how you can go about this in the “Contact Us”
section below.
Where using your personal data is necessary for us to carry
out our obligations under our contract with you
We are allowed to use your personal data when it is
necessary to do so for the performance of our contract with you. For example,
we need to collect your credit card and bank account details in order to be
able to process your payments.
Where processing is necessary for us to carry out our legal
obligations
As well as our obligations to you under any contract, we
also have other legal obligations that we need to comply with and we are
allowed to use your personal data when we need to in order to comply with those
other legal obligations.
8. Cookies and Other Automated Means
Cookies are small pieces of information that your web
browser stores on your computer or other Internet-connected device when you
visit a website. We use cookies for a different purpose:
a. Strictly Necessary Cookies. These cookies are essential,
as they enable you to browse our website and use its features, such as
accessing log-in or secured areas. These cookies cannot be switched off or
otherwise the website would not work properly. However, these cookies do not
store any personal data.
b. Functionality Cookies. These cookies are used to enhance
your shopping experience. For example, they allow us to remember what your
preferred country is and what items you have added to your shopping cart when
you visit our website again. The information these cookies collect may be
anonymous, and they are not used to track your browsing activity on other sites. They are optional to users.
c. Targeting Cookies. Many of these are provided by third
parties. These cookies can remember that your device has visited a site, and
may also be able to track your device’s browsing activity on other sites.
Examples of what we are using are Google Analytics and Adobe Analytics. Such
information may be shared with other advertising networks to deliver the
advertising. Again, you can block these cookies.
If you continue without changing your setting, you have
consented to use of all our cookies in this website.
How to control and delete cookies
You can set your browser to block some or all cookies.
Please refer to the following links for your browser:
• Chrome: https://support.google.com/chrome/answer/95647
• Internet Explorer:
https://support.microsoft.com/en-gb/help/17442/
• Firefox:
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Safari: https://support.apple.com/kb/ph21411
Note that if you set your browser to disable cookies, you
may not be able to access certain parts of our website and other parts of our
service may not work properly.
Apart from cookies, we may also collect information by
automated means when you visit any of our mobile or on-line platforms, such as
web server logs. Web server logs are records of activity created by the mobile
device or computer that delivers the webpages you request to your browser. For
example, a web server log may record the search term you entered or the link
you clicked to bring you the webpage. The web server log also may record
information about your browser, such as your IP address and the cookies set on
your browser by the server. Information collected from these automated means may
be used for some of the Purposes.
9. CCTV
Our stores are equipped with CCTV cameras for security
reasons. Information obtained through the CCTV system will only be used in
compliance with the requirements of the applicable data protection laws in your
jurisdiction and will not be kept for longer than is necessary.
10. What Information We Share and How We Share Them
We may disclose or transfer your personal data to companies
within the Sa Sa Group or to any third party service providers or business partners,
whether within or outside your jurisdiction, as necessary on a need-to-know
basis to fulfil any of the Purposes. For transfer of personal data outside your
jurisdiction, we will adopt contractual or other appropriate measures to
safeguard your personal data, to provide a standard of protection at least
comparable to that standard under the data protection laws in your
jurisdiction, and to use them only to fulfil the above Purposes on our behalf
or otherwise in accordance with any other cross-border data transfer mechanisms
under the data protection laws of your jurisdiction.
We may also disclose or transfer your personal data to any
other party when we believe such disclosure or transfer is required for legal
or regulatory reasons or where it is necessary to protect our interests (as
permitted by law), for example, to our insurers in cases of potential claims.
We also reserve the right to transfer your personal
information with us in the event we are involved in any merger, acquisition or
corporate reorganization (as permitted by law).
11. Your Rights as a Data Subject
You have the right to request a copy of the information that
we hold about you and to correct the personal data that we hold about you that
is inaccurate or incomplete. We will seek to deal with your request without
undue delay, and in any event within the applicable time period under the data
protection laws in your jurisdiction (subject to any extensions to which we are
lawfully entitled). In the event that we refuse your requests to have access to
or correction of your personal information, we will provide you with a reason
as to why.
For customers in Singapore, you have the right to withdraw
your consent for the collection, use or disclosure of your personal data at any
time by writing to us using one of the channels set out in the “Contact Us”
section below. Upon the receipt of such withdrawal of consent, we will cease to
collect, use and disclose your personal data unless otherwise permitted by law.
However, such withdrawal of consent is likely to affect our ability to continue
to provide products and services to you. You also have certain personal data
rights, including to access what personal information we have about you, make
corrections, update or require that we cease to use and disclose, or under
certain circumstances and subject to restrictions and exemptions, delete the
personal information that we have collected about you.
For customers in Malaysia, you may exercise your statutory
rights including to: (i) opt-out of direct marketing; or (ii) withdraw your
consent to our processing of your personal data, by contacting us via the
contact details listed in the “Contact Us” Section below.
If you are residents in the EU, at any point while we are in
possession of or processing your personal data, you also have the following
rights under the General Data Protection Regulation (GDPR):
(i) Right to object
• You have the right to object to us processing your
personal data for one of the following reasons: (i) where it is within our legitimate
interest; (ii) to enable us to perform a task in the public interest or
exercise official authority; (iii) to send you direct marketing materials;
and/or (iv) for scientific, historical, research, or statistical purposes.
• The "legitimate interests" category above is the
one most likely to apply in relation to our relationship, and if your objection
relates to us processing your personal data because we deem it necessary for
our legitimate interests, we will act on your objection by ceasing the activity
in question unless we:
o have compelling legitimate grounds for processing which
overrides your interests; or
o are processing your data for the establishment, exercise
or defence of a legal claim.
(ii) Right to withdraw consent
• Where we have obtained your consent to process your
personal data for certain activities (for example, for automatic profiling),
you may withdraw this consent at any time and we will cease to carry out the
particular activity that you previously consented to, unless we consider that
there is an alternative legal basis to justify our continued processing of your
data for this purpose, in which case we will inform you of the same.
(iii) Right to submit a data subject access request (DSAR)
• You may ask us to confirm what information we hold about
you at any time, and request us to modify, update or delete such information.
We may ask you for more information about your request. We may refuse your
request where we are legally permitted to do so, and we will inform you of the
reasons for our refusal. If we provide you with access to the information we
hold about you, we will charge you if your request is "manifestly
unfounded or excessive". If you request further copies of this information
from us, we may charge you a reasonable administrative cost where legally
permissible.
(iv) Right to erasure
• You have the right to request that we "erase"
your personal data in certain circumstances. Normally, the information must
meet one of the following criteria:
o the data is no longer necessary for the purpose for which
we originally collected and/or processed them;
o where previously given, you have withdrawn your consent to
us processing your data, and there is no other valid reason for us to continue
processing;
o the data has been processed unlawfully (i.e. in a manner
which does not comply with the GDPR);
o it is necessary for the data to be erased in order for us
to comply with our obligations as a data controller under EU or Member State
law; or
o if we process the data because we believe it necessary to
do so for our legitimate interests, you object to the processing and we are
unable to demonstrate overriding legitimate grounds for our continued
processing.
• We would only be entitled to refuse to comply with your
request for erasure for one of the following reasons:
o to exercise the right of freedom of expression and
information;
o to comply with legal obligations or for the performance of
a public interest task or exercise of official authority;
o for public health reasons in the public interest;
o for archival, research or statistical purposes; or
o to exercise or defend a legal claim.
• When complying with a valid request for the erasure of
data, we will take all reasonably practicable steps to delete the relevant
data.
(v) Right to restrict processing
• You have the right to request that we restrict our
processing of your personal data in certain circumstances. The circumstances in
which you are entitled to request that we restrict the processing of your
personal data are: (a) where you dispute the accuracy of the personal data that
we are processing about you. In this case, our processing of your personal data
will be restricted for the period during which the accuracy of the data is
verified; (b) where you object to our processing of your personal data for our
legitimate interests. Here, you can request that the data be restricted while
we verify our grounds for processing your personal data; (c) where our
processing of your data is unlawful, but you would prefer us to restrict our
processing of it rather than erasing it; and (d) where we have no further need
to process your personal data but you require the data to establish, exercise,
or defend legal claims.
• Upon acceptance of your request, we can only continue to
store your data and will not be able to carry out any further processing
activities with it until either: (i) one of the circumstances is resolved; (ii)
you consent; or (iii) further processing is necessary for either the establishment,
exercise or defence of legal claims, the protection of the rights of another
individual, or reasons of important EU or Member State public interest.
• The circumstances in which you are entitled to request
that we restrict the processing of your personal data are:
o where you dispute the accuracy of the personal data that
we are processing about you. In this case, our processing of your personal data
will be restricted for the period during which the accuracy of the data is
verified;
o where you object to our processing of your personal data
for our legitimate interests. Here, you can request that the data be restricted
while we verify our grounds for processing your personal data;
o where our processing of your data is unlawful, but you
would prefer us to restrict our processing of it rather than erasing it; and
o where we have no further need to process your personal
data but you require the data to establish, exercise, or defend legal claims.
• If we have shared your personal data with third parties,
we will notify them about the restricted processing unless this is impossible
or involves disproportionate effort. We will notify you before lifting any
restriction on processing your personal data.
(vi) Right to rectification
• You also have the right to request that we rectify any
inaccurate or incomplete personal data that we hold about you, including by
means of providing a supplementary statement. If we have shared this personal
data with third parties, we will notify them about the rectification unless this
is impossible or involves disproportionate effort. You may also request details
of the third parties that we have disclosed the inaccurate or incomplete
personal data to. Where we think that it is reasonable for us not to comply
with your request, we will explain our reasons for this decision.
(vii) Right of data portability
• The right of data portability applies to: (i) personal
data that we process automatically (i.e. without any human intervention); (ii)
personal data provided by you; and (iii) personal data that we process based on
your consent or in order to fulfil a contract.
• You have the right to transfer your personal data between
data controllers which means that you are able to transfer the details we hold
on you to another employer or a third party. We will provide you with your data
in a commonly used machine-readable format to allow you to effect such
transfer. Alternatively, we may directly transfer the data for you.
(viii) Right to lodge a complaint with a supervisory
authority
• You also have the right to lodge a complaint with your
local supervisory authority.
If you would like to exercise any of these rights, or
withdraw your consent to the processing of your personal data (where consent is
our legal basis for processing your personal data), details of how to contact
us can be found in the “Contact Us” section of this Privacy Policy. Please note
that we may keep a record of your communications to help us resolve any issues
which you raise.
If you consider that our processing of your personal
information infringes data protection laws, you have a legal right to lodge a
complaint with a supervisory authority responsible for data protection in your
habitual residence or to our representative whose contact details may be found
at the “Contact Us” section below.
12. Retention of Personal Data
We will periodically review the personal data we hold. We
will retain your personal data for as long as it is necessary to fulfil the
Purposes for which the personal data is to be used, and delete any of your
personal data that we have stored as soon as reasonably practicable, subject
to, or where otherwise required or permitted by law.
While we will endeavor to permanently erase your personal
data once it reaches the end of its retention period, some of your personal
data may still exist within our systems, for example if it is waiting to be
overwritten. For our purposes, this data has been put beyond use, meaning that,
while it still exists in the electronic ether, our employees will not have any
access to it or use it again.
13. Protection of Information
In order to protect your personal data against accidental,
unlawful or unauthorized access, we will implement appropriate measures to
protect the confidentiality and security of the personal data that we collect
and process.
14. Websites of Third Parties
This Privacy Policy only applies to us, but not to any other
third parties (including any websites maintained by them). When you click on
links and/or ad banners that take you to either third parties’ websites or
websites of companies associated with us, you will be subject to the privacy
policies of those parties. Whilst we support the protections of privacy on the
internet, we do not accept responsibility for any actions taken by third
parties outside our web domain.
15. Children’s Privacy
We do not intend to transact through our website or mobile
application directly with anyone we know to be under the age of 16. If you are
under the age of 16, you should use our website or mobile application only with
the involvement of a parent or guardian and should not submit any personal data
to us.
16. Changes to Privacy Policy
We may change this Privacy Policy from time to time by
posting the updated version of the Privacy Policy on our website and other
mobile platforms. We encourage you to visit frequently to stay informed of our
most updated version.
17. Contact Us
If you have any questions regarding this Privacy Policy or
would like to exercise your rights to request access to or the correction of
the data,
For online shopping, please contact our Customer Service
Representative
• by telephone: +603 9282 6877;
• by e-mail: ml.info@sasa.com; or
• by mail: HONG KONG SA SA (M) SDN BHD, 8 Jalan Shamelin Niaga
1, Shamelin Heights Business Park, Taman Shamelin Perkasa, 56100 Kuala Lumpur.
In case of discrepancies between the English and
Chinese/Malay versions, the English version shall apply and prevail.
Hong Kong Sa Sa (M) Sdn.Bhd.