Privacy Policy (Affiliate Program)

Updated and Effective as of [31 /7/ 2024]

Overview

Wellness Cosmetology Alliance Lab Sdn Bhd (666649-X) (hereinafter referred to as the “Company” or “we”) located at 31-5, Block D1, Dataran Prima, Jalan PJU 1/41, 47301 Petaling Jaya, Selangor, Malaysia, prioritises protecting the personal information of users who access service provided by the Company (hereinafter referred to as “Affiliate” or “you”). As our Company recognises the importance of protecting personal information, we will do our best to thoroughly and carefully protect and handle the personal information of the B&B Labs Affiliate Marketing (hereinafter referred to as "program"). 

If you would like to contact us about this Privacy Policy or our privacy practices, please contact us at service@bb-labs.com.

 

1.      What we collect and how we use personal information

We will collect and use your personal information provided by you voluntarily, generated when you use the www.bb-labs.com (hereinafter referred to as the website), and obtained by us from third parties, in accordance with the PDPA principles for the purposes set out for the program.

The features of the website may change over time. If we change our privacy practices, we may update this Privacy Policy. To the extent any changes are material, we will give you reasonable notice.

Information we collect

  • Information you provide to us about you or your employees or authorised persons, such as your name, business name, email address, phone number, social media, and any others required for the program.
  • Payment or billing information you provide us, such as your bank account number and your billing records.

How we use such information

  • To provide you access to the program dashboard for monitoring your referral sales and updating your personal information or other services (i.e. open an account, contact you).
  • To pay you commissions, and to assist you to check sales records.

Legal Basis

  • Legitimate Interests (to run our business, to manage our relationship with you, and to provide support);
  • Performance monitoring;
  • Compliance with a legal obligation. 

 

2.      What is our legal basis for processing your personal information

We will only use your personal information when the law allows us to, in respect of each of the purposes for which we use your personal information. Most commonly, we will use your personal information in the following circumstances.

  • Where we need to perform a contract we are about to enter into or have entered into with you (“Performance of our contract with you”);
  • Where it is necessary for our interests (or those of a third party), and your interests and fundamental rights do not override those interests ("Legitimate Interests").
  • Where we need to comply with a legal or regulatory obligation (“Compliance with a legal obligation”); and
  • Where we have your specific consent to carry out the processing for the purpose in question (“Consent”). 

 

3.      When we share, transfer and disclose personal information

We may share your personal information with the following parties for the purposes of this program.

Certain features of the website may be provided by our third-party partners, and we may entrust partners (including technical service providers) with the processing of certain personal information. For example, for payments companies to process credit card information and recording your referral sales.

These service providers process your personal information as our data processors, on the basis of our instructions pursuant to a written agreement and we do not allow them to use your personal information for their own purposes. 

(a) Affiliates – we share information to help provide services to you or analyse / improve the website.

(b) Third-party partners – we share information with business partners, i.e. when our website is integrated with third-party services such as logistics services.

(c) Social Networking Sites – we may share personal information, at your direction, with website plugins and social media platforms, e.g. to log into your account. 

(d) Payment processing companies – we share information with payment processors to administer payment.

(e) In connection with a business reorganisation or an asset or share sale or purchase – we will share personal information with the prospective buyer or seller as the case may be. 

(f) To comply with legal requirements – we share personal information if determined reasonably necessary to comply with the law, or as permitted by applicable law in order to comply with a legitimate disclosure request.

 

4.      How you exercise rights over your personal information

You have the right to, at any time:

  • Request access to your personal information (commonly known as a data subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your information where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
  • If you want us to establish the data’s accuracy;
  • Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

If you wish to exercise any of the rights set out above, please contact us at services@bb-labs.com.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

5.      How we retain and protect personal information

(1) Retention period

We will only retain your personal information for such period as necessary to achieve the purposes described in this Privacy Policy, unless otherwise required by law or regulation.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers (including contact and financial data) even after they cease being customers for tax purposes. 

In some circumstances, you can ask us to delete your data. Please see your legal rights above for further information.

 

(2) Protection of personal information

We take personal information security very seriously.  We have adopted technical security measures, appropriate organisational structure and management system and other protections in line with industry standards to prevent leak, damage, misuse, unauthorised use, disclosure, or alteration of your personal information, including:

     (a) Technical measures for data security

In order to ensure the security of your personal information, we strive to take all reasonable technical measures to protect personal information, so that you and your customers’ personal information will not be leaked, damaged, destroyed, or lost.  We use encrypted transmission technologies such as SSL to protect the security of data transmission and use appropriate protection mechanisms to prevent malicious data attacks.  We adopt an encrypted storage and data permission control mechanism for personal information to prevent your and your customers’ personal information from being accessed, disclosed, used or altered without authorisation, or intentionally or accidentally damaged or lost.

     (b) Organisational and management measures for data security

We have established internal policies for the safe use of data and implement strict management rules for employees or contractors who may have access to your and your customers’ information, including but not limited to implementing different access controls for different roles, signing confidentiality agreements with them, and monitoring their operations.

We provide employees with training on security and privacy protection and require them to complete assessments, in order to enhance their awareness of the importance of personal information protection.

Please note that the Internet is not an absolutely secure environment.  We strongly suggest that you safeguard security of your account by using a secure and complex password.  If you find that your personal information, especially your account number or password, has been leaked, please contact us immediately using the methods provided in this Privacy Policy, so that we can take appropriate measures to protect your information.

 

6.      How we update this Privacy Policy

We may update the terms of this Privacy Policy from time to time, and such updates shall form part of this Privacy Policy. We encourage you to periodically review this Privacy Policy to stay informed about how we are using and protecting information that we collect. This Privacy Policy was last updated [31/7/2024]

In the event of significant or material changes, we will notify you in a prominent manner as appropriate.

 

 

 

 

 

Updated and Effective as of [31 /7/ 2024]

Overview

Wellness Cosmetology Alliance Lab Sdn Bhd (666649-X) (hereinafter referred to as the “Company” or “we”) located at 31-5, Block D1, Dataran Prima, Jalan PJU 1/41, 47301 Petaling Jaya, Selangor, Malaysia, prioritises protecting the personal information of users who access service provided by the Company (hereinafter referred to as “Affiliate” or “you”). As our Company recognises the importance of protecting personal information, we will do our best to thoroughly and carefully protect and handle the personal information of the B&B Labs Affiliate Marketing (hereinafter referred to as "program"). 

If you would like to contact us about this Privacy Policy or our privacy practices, please contact us at service@bb-labs.com.

 

1.      What we collect and how we use personal information

We will collect and use your personal information provided by you voluntarily, generated when you use the www.bb-labs.com (hereinafter referred to as the website), and obtained by us from third parties, in accordance with the PDPA principles for the purposes set out for the program.

The features of the website may change over time. If we change our privacy practices, we may update this Privacy Policy. To the extent any changes are material, we will give you reasonable notice.

Information we collect

  • Information you provide to us about you or your employees or authorised persons, such as your name, business name, email address, phone number, social media, and any others required for the program.
  • Payment or billing information you provide us, such as your bank account number and your billing records.

How we use such information

  • To provide you access to the program dashboard for monitoring your referral sales and updating your personal information or other services (i.e. open an account, contact you).
  • To pay you commissions, and to assist you to check sales records.

Legal Basis

  • Legitimate Interests (to run our business, to manage our relationship with you, and to provide support);
  • Performance monitoring;
  • Compliance with a legal obligation. 

 

2.      What is our legal basis for processing your personal information

We will only use your personal information when the law allows us to, in respect of each of the purposes for which we use your personal information. Most commonly, we will use your personal information in the following circumstances.

  • Where we need to perform a contract we are about to enter into or have entered into with you (“Performance of our contract with you”);
  • Where it is necessary for our interests (or those of a third party), and your interests and fundamental rights do not override those interests ("Legitimate Interests").
  • Where we need to comply with a legal or regulatory obligation (“Compliance with a legal obligation”); and
  • Where we have your specific consent to carry out the processing for the purpose in question (“Consent”). 

 

3.      When we share, transfer and disclose personal information

We may share your personal information with the following parties for the purposes of this program.

Certain features of the website may be provided by our third-party partners, and we may entrust partners (including technical service providers) with the processing of certain personal information. For example, for payments companies to process credit card information and recording your referral sales.

These service providers process your personal information as our data processors, on the basis of our instructions pursuant to a written agreement and we do not allow them to use your personal information for their own purposes. 

(a) Affiliates – we share information to help provide services to you or analyse / improve the website.

(b) Third-party partners – we share information with business partners, i.e. when our website is integrated with third-party services such as logistics services.

(c) Social Networking Sites – we may share personal information, at your direction, with website plugins and social media platforms, e.g. to log into your account. 

(d) Payment processing companies – we share information with payment processors to administer payment.

(e) In connection with a business reorganisation or an asset or share sale or purchase – we will share personal information with the prospective buyer or seller as the case may be. 

(f) To comply with legal requirements – we share personal information if determined reasonably necessary to comply with the law, or as permitted by applicable law in order to comply with a legitimate disclosure request.

 

4.      How you exercise rights over your personal information

You have the right to, at any time:

  • Request access to your personal information (commonly known as a data subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your information where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
  • If you want us to establish the data’s accuracy;
  • Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

If you wish to exercise any of the rights set out above, please contact us at services@bb-labs.com.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

5.      How we retain and protect personal information

(1) Retention period

We will only retain your personal information for such period as necessary to achieve the purposes described in this Privacy Policy, unless otherwise required by law or regulation.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers (including contact and financial data) even after they cease being customers for tax purposes. 

In some circumstances, you can ask us to delete your data. Please see your legal rights above for further information.

 

(2) Protection of personal information

We take personal information security very seriously.  We have adopted technical security measures, appropriate organisational structure and management system and other protections in line with industry standards to prevent leak, damage, misuse, unauthorised use, disclosure, or alteration of your personal information, including:

     (a) Technical measures for data security

In order to ensure the security of your personal information, we strive to take all reasonable technical measures to protect personal information, so that you and your customers’ personal information will not be leaked, damaged, destroyed, or lost.  We use encrypted transmission technologies such as SSL to protect the security of data transmission and use appropriate protection mechanisms to prevent malicious data attacks.  We adopt an encrypted storage and data permission control mechanism for personal information to prevent your and your customers’ personal information from being accessed, disclosed, used or altered without authorisation, or intentionally or accidentally damaged or lost.

     (b) Organisational and management measures for data security

We have established internal policies for the safe use of data and implement strict management rules for employees or contractors who may have access to your and your customers’ information, including but not limited to implementing different access controls for different roles, signing confidentiality agreements with them, and monitoring their operations.

We provide employees with training on security and privacy protection and require them to complete assessments, in order to enhance their awareness of the importance of personal information protection.

Please note that the Internet is not an absolutely secure environment.  We strongly suggest that you safeguard security of your account by using a secure and complex password.  If you find that your personal information, especially your account number or password, has been leaked, please contact us immediately using the methods provided in this Privacy Policy, so that we can take appropriate measures to protect your information.

 

6.      How we update this Privacy Policy

We may update the terms of this Privacy Policy from time to time, and such updates shall form part of this Privacy Policy. We encourage you to periodically review this Privacy Policy to stay informed about how we are using and protecting information that we collect. This Privacy Policy was last updated [31/7/2024]

In the event of significant or material changes, we will notify you in a prominent manner as appropriate.