Privacy Policy
Privacy Notice and Cookies Policy
1. Introduction
1.1 Amber Lounge SDN. BHD (“Amber Lounge”) is a company registered in Malaysia, and our registered office is at 12th Floor, Menara Symphony, No. 5 Jalan Prof. Khoo Kay Kim, Seksyen 13, 46200 Petaling Jaya Selangor, Malaysia.
1.2 This privacy notice (the “Privacy Notice”) applies to all Personal Data processing activities carried out by Amber Lounge, or on behalf of Amber Lounge.
1.3 This Privacy Notice forms part of the Terms and Conditions to which you agree when you place your order via the website.
1.4 Amber Lounge is the controller and responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy policy).
1.5 We respect individuals’ rights to privacy and to the protection of Personal Data. We are committed to safeguarding the privacy of our website visitors and customers; in this Privacy Notice we explain how we collect and use Personal Data in respect of the activities of Amber Lounge. “Personal Data” means information about a living individual who is identifiable from that data (either on its own or in conjunction with other information).
1.6 We may update our Privacy Notice from time to time. If you place subsequent orders we would encourage to visit this Privacy Notice again as part of your acceptance of the Terms and Conditions.
1.7 By using our website and accepting the Terms and Conditions (to which this Privacy Notice is incorporated), you consent to our use of cookies in accordance with the terms of this policy.
2. The information we process
2.1 Amber Lounge collects and processes various categories of Personal Data. We limit the collection of Personal Data to information necessary to achieve one or more lawful bases of processing as identified in this notice. Personal data may include:
(a) basic personal information, including name and address, date of birth and contact details;
(b) information about your lifestyle and social circumstances;
(c) visual images and personal appearance;
(d) online profile and social media information and activity; and
(e) personal bank account details.
3. How we collect personal data
3.1 We use different methods to collect personal data from and about you including through:
(a) direct interactions: for example, where you give us your name and contact details to create an account with us, request marketing to be sent to you, contact us or create an account on our website; and
(b) automated technologies or interactions: this is to collect your usage data, which we do by using cookies and other similar technologies.
4. How we use your personal data
4.1 In this Section 4 we have set out:
(a) the general categories of personal data that we may process;
(b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
4.2 We may process data about your use of our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
4.3 We may process your account data (“account data“). The account data may include your name and email address which falls under the definition of Personal Data. The source of the account data is you or your employer. The account data may be processed for the purposes of providing our services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our business, and the performance of a contract with you, so that we can provide you with the services that you have requested from us.
4.4 We may process information that you post for publication on our website or through our services (“publication data“). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
4.5 We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data“). The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is consent.
4.6 We may process information relating to transactions, including purchases of goods and services that you enter into with us and/or through our website (“transaction data“). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
4.7 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
4.8 We may process information contained in or relating to any communication that you send to us (“correspondence data“). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
4.9 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
4.10 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
4.11 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. If you fail to provide your Personal Data
5.1 Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
6. Marketing
6.1 We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
6.2 You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
6.3 We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
6.4 You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences OR by following the opt-out links on any marketing message sent to you OR by contacting us at any time.
7. Change of purpose
7.1 From time to time we may change the way we use your information. Where we believe you may not reasonably expect such a change we will notify you and will allow a period of at least 30 days for you to raise any objections before the change is made.
8. Providing your Personal Data to others
8.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
8.2 We will not share your information with any third party outside Amber Lounge except:
(a) where we have your permission;
(b) where required for your product or service;
(c) where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world;
(d) with third parties providing services to us, such as market analysis;
(e) with debt collection agencies;
(f) with credit reference and fraud prevention agencies;
(g) where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
(h) in anonymised form as part of statistics or other aggregated data shared with third parties; or
(i) where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.
8.3 Amber Lounge will not share your information with third parties for their own marketing purposes without your permission.
8.4 Financial transactions relating to our website and services are handled by our payment services provider SagePay.We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at https://www.sagepay.co.uk/policies.
8.5 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
9. International transfers of your personal data
9.1 The website is owned by Amber Lounge which is a Jersey registered company and is subject to the Data Protection (Jersey) Law 2018. Although Jersey is not an EU member it has been deemed “adequate” by the European Commission with regard to its data protection legislation which has equivalent measures to the General Data Protection Regulations.
9.2 We may transfer your information to organisations in other countries on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.
9.3 In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
(a) the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
(b) the transfer has been authorised by the relevant data protection authority; and/or
(c) we have entered into a contract with the organisation with which we are sharing your information (on terms approved by the European Commission or our own Data Protection Authority) to ensure you information is adequately protected.
9.4 You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
10. Retaining and deleting personal data
10.1 This Section 8 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
10.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
10.3 We will retain your personal data as follows:
(a) personal data will be retained for a minimum period of 1 month followingthe receipt of data, and for a maximum period of 15 years.
10.4 Notwithstanding the other provisions of this Section 10, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
11. Data security
11.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
11.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
12. Amendments
12.1 We may update this policy from time to time by publishing a new version on our website.
12.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
12.3 We may notify you of changes to this policy by email or through the private messaging system on our website.
13. Your rights
13.1 In this Section 11, we have summarised the rights that you have under data protection law.
13.2 Your principal rights under data protection law are summarised in the table below:
| Rights | Description |
| Access – You have a right to get access to the personal information we hold about you (also referred to as a “Subject Access Request”) | If you would like a copy of the personal information we hold about you, please use the contact details in Section 21. |
| Rectification– You have a right to rectification of inaccurate personal information and to update incomplete personal information. | If you believe that any of the information that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and to rectify the inaccurate personal information. |
|
Erasure – You have a right to request that we delete your personal information.
|
You may request that we delete your personal information if you believe that: · we no longer need to process your information for the purposes for which it was provided; · we have requested your permission to process your personal information and you wish to withdraw your consent; or · we are not using your information in a lawful manner. |
| Restriction– You have a right to request us to restrict the processing of your personal information. |
You may request us to restrict processing your personal information if you believe that: · any of the information that we hold about you is inaccurate; · we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or · we are not using your information in a lawful manner. |
| Portability – You have a right to data portability. |
Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information you provided to us in a portable format.
You may also request us to provide it directly to a third party, if technically feasible. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
If you would like to request the personal information you provided to us in a portable format, please write to or contact us using the contact details in Section 21. |
| Objection – You have a right to object to the processing of your personal information. | You have a right to object to us processing your personal information (and to request us to restrict processing) unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests or where we need to process your information to investigate and protect us or others from legal claims. |
| Marketing – You have a right to object to direct marketing | You have a right to object at any time to processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing. For more information see Section 6 on Marketing. |
| Withdraw consent – You have a right to withdraw your consent. | Where we rely on your permission to process your personal information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities. |
| Lodge complaints– You have a right to lodge a complaint with the regulator | If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Privacy Manager who will investigate the matter. We hope that we can address any concerns you may have, but you can always contact the data protection authority. For more information please visit www.dataci.je(full address details listed below) |
14. Third party websites
14.1 Our website includes hyperlinks to, and details of, third party websites.
14.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
14.3 The services contained in this section enable the Amber Lounge to monitor and analyze web traffic and can be used to keep track of User behavior.
(a) YouTube
https://www.youtube.com/t/terms
https://policies.google.com/privacy
(b) Google Analytics
https://policies.google.com/privacy
https://www.google.com/analytics/terms/us.html
(c) Yandex Metrica
https://metrica.yandex.com/about/info/privacy-policy
https://yandex.com/legal/metrica_termsofuse/
https://metrica.yandex.com/about/info/data-policy/
15. Personal data of children
15.1 Our website and services are targeted at persons over the age of 18.
15.2 If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.
16. Updating information
16.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
17. About cookies
17.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
17.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
17.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
18. Cookies that we use
18.1 We use cookies for the following purposes:
(a) authentication – we use cookies to identify you when you visit our website and as you navigate our website
(b) status – we use cookies to help us to determine if you are logged into our website
(c) shopping cart – we use cookies to maintain the state of your shopping cart as you navigate our website
(d) personalization – we use cookies [to store information about your preferences and to personalise our website for you
(e) security – we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services
(f) advertising – we use cookies to help us to display advertisements that will be relevant to you
(g) analysis – we use cookies to help us to analyse the use and performance of our website and services
(h) cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally
19. Cookies used by our service providers
19.1 Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
19.2 We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/
19.3 We use Yandex Metrica to analyse the use of our website. Yandex Metrica gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Yandex’s privacy policy is available at: https://metrica.yandex.com/about/info/privacy-policy
20. Managing cookies
20.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
20.2 Blocking all cookies will have a negative impact upon the usability of many websites.
20.3 If you block cookies, you will not be able to use all the features on our website.
21. Contact details
21.1 This website is owned and operated by Amber Lounge SDN. BHD.
21.2 You can contact us:
(a) by post, to the postal address given above;
(b) by telephone, on the contact number published on our website from time to time; or
(c) by email, using the email address published on our website from time to time.
21.4 If your matters are not resolved by Amber Lounge in a satisfactory manner you are entitled to contact the local data protection authority, the details for whom are set out below:
Office of the Information Commissioner
Address: 2ndFloor Castle Street, St Helier, Jersey, JE2 3RT.
Tel: +44 (0)1534 716530
Email: enquiries@oicjersey.org