CUSTA Privacy Policy

CUSTA Privacy Policy

1. Introduction

  1. CUSTA SDN. BHD.  (the "Company") take its responsibilities under applicable privacy laws and regulations seriously and respects the privacy rights and concerns of all users of the services operated by the Company. We recognize the importance of the personal data you entrust to us and consider it our responsibility to properly manage, protect and process the personal data of our users. This Privacy Policy ("Privacy Policy" ) is designed to assist you in understanding how we collect, use, disclose and/or process the personal data you provide to us and/or the personal data we hold about you whether now or in the future, and to assist you in making an informed decision before providing us with your personal data.
  2. For the purposes herein, reference to:
    1. “Customers” shall include current and/or prospective customers who are seeking, enquiring, or are currently contacting us for our goods and services;
    2. “Collaborators” shall include individuals who are our production partners, agents or business associates and individuals who are seeking, enquiring, or are currently contacting us in order to collaborate with us in providing services to the Customers;
    3. “Stakeholders” shall refer to any/and all individuals who are directly or indirectly connected to us, including our Customers and Collaborators; and
    4. “Platform” shall refer to the online platform that is managed by the Company in order for it to provide its services to the general public.

      For the avoidance of doubt, in the event that there is no specific reference is made to customers or employees, all clauses under this Privacy Policy shall be applicable towards all Stakeholders.

  3. By using the services as a Customer and/or registering for an account with us or accessing our services, or if you are a Collaborator and you have communicated with us and/or agreed to assist in the provision of services to us (regardless if the end users are the Customers), you hereby consent and accept the practices, requirements and/or policies outlined in this Privacy Policy, and consent to our collection, use, disclosure and/or processing of your personal data as described herein. If you do not wish to consent to the processing of your personal data as described in this Privacy Policy, please do not use our services, access our Platform or reach out to us pertaining to any business opportunities.
  4. We may update this Privacy Policy from time to time. Any changes we make to this Privacy Policy in the future will be reflected on our Website and you will be notified of any material changes. We reserve the right to change this Privacy Policy at any time. To the maximum extent permitted by applicable law, your continued use of the services, (including orders, payments, etc.) as a Customer or continuous collaboration with us as a Collaborator, constitutes your acknowledgement and acceptance of any changes to this Privacy Policy.
  5. This Privacy Policy applies in conjunction with any other applicable notices, covenants and agreements relating to our collection, storage, use, disclosure and/or processing of your personal data and is not intended to override them unless we expressly provide otherwise.

2. Personal Data we collect from you

  1. We collect personal data from Stakeholders in accordance with applicable local laws and, where necessary, with your consent. The personal data we collect includes, but is not limited to, the following:
    1. Full name;
    2. Email address;
    3. Telephone number ;
    4. Date of birth;
    5. Gender;
    6. Occupation;
    7. Billing and/or delivery address
    8. Payment information, including bank account and credit card numbers
    9. Information transmitted by or associated with a device used to access our services or platforms;
    10. Photographs, recordings, sound recordings and other data (including personal data contained in print designs and design material data)
    11. Government-issued identification or other information required for our due diligence, identity verification and/or fraud prevention purposes; 
    12. Usage and transaction data, including details about your searches, orders, advertising and content you interact with on the Platform and other products and services relevant to you; and
    13. Business and corporate information, such as company name, address, date of incorporation, and other business-related information (such as company registration number, business licence, tax information, shareholder and director information, among others) ,in the event that you are a Collaborator. 
  2. As a Stakeholder, you agree not to submit any missing, inaccurate or misleading information to us and to notify us of any inaccuracies, missing personal data or changes to such information. We reserve the right, to request further documentation or verification in the event that the inaccuracy has made it difficult for us to adhere to our obligations to you.

3. How we receive and collect personal data

  1. In the course of your use of the services as a Customer or while conducting business activities with you as a Collaborator, we may receive personal data from you in the following circumstances:
    1. When you register and/or use our services or open an account with us
    2. When you place an order with our services, if applicable;
    3. When you submit an application or other form, whether in online or physical form, relating to our products and services, email newsletters or marketing materials;
    4. When you participate in contests, promotions, surveys or campaigns;
    5. Where you enter into a contract or provide us with other documents or information relating to your interaction with us or use of our products or services, if applicable;
    6. Where you interact with us by telephone (which may be recorded), chat, letter, fax, face-to-face or online meeting, social media or email (including when interacting with customer service representatives);
    7. When you interact with us or use our electronic services. This includes, but is not limited to, cookies we deploy when you interact with our service applications or websites.
    8. Where you have given us permission to share information with our services on your device.
    9. Where you link any account you have created to us on a social media platform or other external accounts, or use other social media features, in accordance with the platform provider’s policy.
    10. Where you provide us with feedback or complaints; or
    11. When you submit personal data to us for any other reason.

      The above is not exhaustive and provides only the general circumstances of where your personal data may be collected.

  2. We may occasionally collect personal data  about you from our affiliates or appointed third parties by us, to whom you have already provided consent to such affiliates or such third parties for disclosure.
  3. In the event that you provide us with personal data about other individuals (e.g. contact details of your family, friends or persons on your contact list), you represent and warrant that you have obtained the consent of such other individuals for their personal data to be processed in accordance with this Privacy Policy.
  4. If you use your social media account to register as a user of our services/Platform or link your account to the Company’s social media account, or by using any other social media tools to communicate with the Company, we will not be liable for any personal data that you voluntarily provide to the social media provider in accordance with the social media provider's policies. For the avoidance of doubt, we will manage your personal data derived from any and/or all social media platforms in accordance with this Privacy Policy only.

4. Usage of cookies and web beacons

  1. We may use cookies, web beacons and other similar technologies in connection with your use of the services or access to the Platform. When you seek for your services or access the Platform through a computer, mobile device or other device capable of connecting to the internet, our servers automatically record data that your browser sends each time you visit our website.
  2. Such data is collected for analysis and evaluation to help us improve our website and the services and products we offer, and to more quickly personalise content to match your preference. Data is also collected to make the services and the Platform more convenient and useful for you and to provide you with more relevant advertising relating to products, services and features on the market.
  3. Cookies are small text files (usually consisting of letters and numbers) that are placed in your browser or device memory when you visit a website or view a message. This allows us to recognise specific devices or browsers. Web beacons are small graphic images that may be included on our services and platforms. Web beacons allow us to count users who have viewed the relevant pages and to better understand your preferences and interests.
  4. You may be able to manage and delete cookies through your browser or device settings. However, please note that changing and deleting cookies may affect the functionality available on our services, the Platform and our ability to perform our obligations to you in general.

5. Purposes for which personal data is collected (“Purposes”)

  1. We may collect, use, disclose and/or process your personal data for one or more of the following purposes:
    1. For Customers
      1. To provide services to Customers (including, but not limited to, processing and settling orders, delivering products and handling product returns);
      2. To facilitate your use of and access to our services (including identification and notifications regarding the services);
      3. To manage account information created by the Customer for the Company; and
      4. To respond to visits, enquiries, feedback and complaints from Customers;
    2. For Collaborators
      1. To communicate and interact with Collaborators for services provided to the Company;
      2. To maintain records and directory Collaborators;
      3. To assess, appraise, and monitor the quality of service of Collaborators; and
      4. To manage the legal relationship that the Company has towards Collaborators (such as payments, contractual covenants, record taking, among others)
    3. For Stakeholders in general
      1. To process and facilitate payments;
      2. To carry out analysis and research relating to the following:
        2. To perform aggregation, analysis and reporting on the use of the services
        3. To better understand, improve and customise the customer experience of the Services
        4. To understand and identify the users of the services, their attributes, trends and preferences
      3. To further develop and improve the service and to plan, develop and provide new services/new businesses;
      5. To conduct sales, marketing, training, seminars, surveys, etc. relating to the services (including distribution of e-mail newsletters and personalised advertising for each customer);
      6. To measure the effectiveness of marketing and advertising of the Company's services;
      7. To compile statistics and reports for internal and statutory reporting and record-keeping requirements;
      8. To perform internal audits and business assessments of the Company;
      9. To prevent or investigate any breach or suspected contractual breaches, Privacy Policy, fraud, illegal activity or misconduct;
      10. To handle complaints, feedback or enforcement action arising from the services of the Company;
      11. To comply with legal and regulatory requirements (including, where applicable, displaying your name, contact details and company information), such as requests from law enforcement authorities, requests from government agencies or regulators with jurisdiction over us, requests in connection with legal proceedings or as otherwise deemed necessary by us; and
      12. For any other purpose incidental or relating to our obligations towards Stakeholders that we deem necessary or appropriate.
  2. We may change the Purposes described above in the event of reasonable and relevant requirements. In such a situation, we will notify the affected Stakeholders in advance and obtain the permission of each individual Stakeholder regarding the change in the terms concerning the usage of personal data on the website or other methods such as via e-mail or paper correspondences.

6. Scope of use for personal data

  1. Personal data that has been collected will only be used within the required scope to achieve the Purposes initially explained above. 
  2. In the event of rare and unpredicted events, we shall obtain the stakeholder’s permission first, unless it is for one of the following situations:
    1. prevention or detection of crime or any threat to life or health;
    2. arrest or prosecution of legal offenders;
    3. valuation or assessment of taxes or any other similar payments;
    4. other guidelines or instructions issued by the Ministry or any relevant authority or government body;
    5. to comply with any legal requirements applicable to or imposed on us;
    6. to protect your vital interests;
    7. for the administration of justice; or
    8. for the exercise of any functions conferred on any person by or under any law.

7. Sensitive Data

  1. Please note that by providing your consent under this Policy, you also provide your unconditional and voluntary consent for us to process your sensitive personal data based on the same. In the event that such consent was not provided or subsequently withdrawn, please note that we reserve the right to process such sensitive personal data for the following circumstances without having to obtain such consent:
    1. for the execution or claim of rights or obligation under the law against an individual in the regards of employment;
    2. to protect the interests of an individual or other person, where the truth cannot be granted by the individual or his representative or is impossible for us to obtain permission in a normal and reasonable manner;
    3. to protect the interests of an individual or other person, where the permission by the individual or his representative is deliberately not granted;
    4. for medical purposes - under the custody of a professional in the field of healthcare or a person who has the same confidentiality responsibility with professionals in the field of healthcare;
    5. for any relevant legal action and to seek legal advice;
    6. to create, carry or defend the rights under the law and to administer the system of legal justice;
    7. to carry out any function given to a person by or under the law;
    8. other purposes perceived by the Ministry; or
    9. the information contained in personal data has been publicly known as a result of an individual's actions and in such instance, we will not be required to obtain the individual’s permission in respect of such personal data.

8. Management and Security of Your Personal Data

  1. In order to protect your personal data from unauthorised access, collection, use, disclosure, processing, copying, modification, disposal, loss, misuse, alteration or similar risks, we have implemented appropriate administrative, physical and technical measures, including:
    1. Setting appropriate access rights to personal data and restricting access to those individuals who need it;
    2. Maintaining technology products to prevent unauthorised access to computers; and
    3. Implementing security measures as required by applicable law.
  2. Please note that no method of transmission over the internet or method of electronic storage is completely secure. While we cannot guarantee security, we are committed to protecting the security of your personal data and are constantly reviewing and enhancing our information security measures.

9. Retention of Personal Data 

  1. We will retain your personal data for as long as required or permitted by law or relevant to the Purpose for which it was collected.
  2. We will remove your personal data as soon as we reasonably believe that it is no longer relevant to the Purposes that it was collected and is no longer legally or commercially necessary, without prior notice to you, either by securely disposing of the personal data or by removing the means by which such data can be associated with you by means of anonymisation, or cease to retain your personal data.

10. Disclosure of Personal Data

  1. We may share or transfer your personal data to our affiliates, third party service providers, agents and other third parties for one or more of the Purposes described above. These affiliates and third parties may include, but are not limited to, those inside or outside Malaysia such as:
    1. Our affiliated companies; and
    2. Third parties that we use/need to provide our services which include third parties who provide us with administrative or other services, such as production partners, contractors, agents and service providers (e.g. payment and financial services, logistics and delivery, advertising and marketing, telecommunications companies, market or consumer research, customer service, social media, information technology, data centres, among others), including but not limited to third parties providing administrative or other services to us. 
  2. In the event that we disclose your personal data to third parties or our affiliates, we will endeavour to ensure that said third parties and/or our affiliates protect your personal data from unauthorised access, collection, use, disclosure, processing or similar risks and retain your personal data  only for the period necessary to achieve the Purposes set out above.

11. Transfer of Personal Data Abroad

  1. We may transfer your personal data to locations outside the jurisdiction of Malaysia for the execution of Purposes set out in this Privacy Policy. 
  2. Additionally, our information technology facilities, storage servers, other affiliates, and third parties service providers may be based in other regions outside Malaysia, including but not limited to where our parent company is based. We may also share your personal data with our third party service providers (such as payment service providers) or affiliates  to provide services to you in connection with the Purposes and to adhere to our obligations to you.  
  3. Please be informed that such foreign entities may be established in countries that may not offer the level of data protection which is equivalent to the law in Malaysia. You hereby clearly give us permission to transfer and store your personal data to any place outside Malaysia. However, we will not transfer or permit the transfer of your personal data outside such jurisdictions unless such transfer complies with applicable law.

12. Accessing, Updating, and Correcting Your Personal Data

  1. You may request information about your personal data we have collected, or enquire about how your personal data may have been used, disclosed, stored or processed by us. You may also request, in the same way, that we correct any errors or omissions or to include any updates to your personal data that we have collected. To facilitate the processing of your request, we may need to request additional information relevant to your request. Where permitted by law, we may refuse such a request for if granting access to you may be a risk to your privacy, such access is deemed illegal, or the circumstances in which the rights of others may also be interrupted or jeopardized.
  2. We would need to receive sufficient information from you to verify your identity and the nature of your request so that we can respond to you on the matter. In the event that we do not have sufficient information and/or that your identity cannot be certain, we reserve the right to refuse your request. 
  3. We may charge you a reasonable fee for processing your request. In such cases, we will provide you with a written estimate of the fees we will charge. Unless you agree to pay the fee, we are not required to comply with your access request.
  4. In any event, we shall take reasonable steps to ensure that the information we hold is accurate, complete and up to date. As such, you are responsible for ensuring that the personal data you provide us is accurate, complete and not misleading and that such personal data is kept up to date. Failure to provide the same may result in difficulty in observing our obligations to you.
  1. You may communicate to us the withdrawal or limitation of your consent to the processing of your personal data by contacting us using the contact details below, subject to any conditions and/or limitations imposed by applicable law or regulation.
  2. In the event that you do proceed with the withdrawal or limitation of your consent, we may not be able to continue in adhering to any obligations that we have towards you. In such a case, our legal rights and remedies are expressly reserved.

14. Minors

  1. We do not sell products to minors (as determined by applicable law) and have no intention of offering services to minors. We do not knowingly collect personal data about minors. If you are a minor, you may only use the Platform with the involvement of your parent or legal guardian.
  2. Parents, legal guardians, and wards must not allow minors under their care to submit any personal data to us. Notwithstanding the aforementioned, personal data of minors may be disclosed to us for processing, in the event the parent, legal guardian, and or relevant ward has provided their own consent for the same. 
  3. In any event, we are not responsible for any unauthorised use of our services or the Platform by you, others users who are allegedly acting on your behalf, or any unauthorised users.

15. Language

In accordance with Section 7(3) of the Act, the Policy is issued in both Bahasa Malaysia and English languages. In the event of any inconsistency, the English language version of the Policy shall prevail.
Our website may contain links to external websites operated by others, including our business affiliates and payment gateways. We are not responsible for the protection of your personal data on websites operated by these third parties. We recommend that you review the applicable privacy policies of these websites to determine how they handle the information they collect from you.

17. Contact 

If you would like to request access for your personal data, or if you have any questions or concerns about our Privacy Policy, please contact us via to:

Email: customer-service@custa.com
Address: Level 15-19, BO1-C Menara 2, No. 3 Jalan Bangsar, KL Eco City, 59200 Kuala Lumpur
Phone Number: +60 17 474 7830
Person In Charge: Director, Corporate Development
Last Updated on: 7th November, 2023.

    • Related Articles

    • CUSTA Refund Program Policy

      Thank you for choosing CUSTA for your printing & customisation needs! If You are not completely satisfied with a purchase because of the quality of product, We invite You to review our policy on refunds. The following terms are applicable for any ...

    • CUSTA Terms & Conditions

      These Terms and Conditions of Use (hereinafter referred to as the "Terms and Conditions") set out the terms and conditions of use of the design production, printing, merchandising and other services (hereinafter collectively referred to as the ...