PONEY PRIVACY POLICY 

Last Updated 8 October 2020

1. General Statement
This Privacy Statement is prepared by Poney Garments Sdn Bhd (259239-U) pursuant to the Personal Data Protection Act 2010 which describes how your personal data is collected, compiled, processed and maintained.

It explains our policies and practices regarding how we collect, use, and disclose the personal data that we collect through our Digital Platforms, our stores or during our events.

We recommend that you read this Privacy Policy carefully as it provides important information about your personal data.

2. What personal data do we collect and how is it collected?
Personal data is information, whether true or not, about an individual who is or can be identified from that data, or from that data and other information to which the organisation has or is likely to have access to. For example, it may include an individual’s name, address and gender.

We may collect personal data either directly from you (for example when you purchase a product in a store) or indirectly (for example from your electronic devices that interact with our websites, electronic forms or mobile applications (“Digital Platforms”)).

Information you provide directly to us

You may provide us with information:
- When you create an account online or in our stores;
- When you subscribe to our newsletter;
- When you use our Digital Platforms;
- When you purchase products or services on our Digital Platforms or in our stores;
- When you visit our stores;
- When you participate in one of our events;
- When you contact our customer-services.

Depending on what you provide us with, such information may include:
- Your identity (including your first name, last name, gender, image);
- Your contact details (including your postal address(es), email address(es), phone number(s));
- Your personal status (including your title);
- Your purchases and repairs (including purchase history, order details);
- Your preferences (including your size);
- Certain payment information (including billing information, payment type or method, charge or credit card number);
- Other information you may provide by filling forms or by contacting us (including your feedback, or other communications with us).

We will inform you when your information is required in order to process your request, to respond to your queries or to provide you with our products and services. If you do not provide this information, then it may delay or prevent us from processing your request, responding to your query or providing products or services to you.
We hope to ensure that the personal data we possess is accurate at all times and therefore we encourage you to update your information in case any changes have occurred. We also may ask you to update your information from time to time.
We recommend that you only provide the data requested or necessary for your query, with the exception of any sensitive information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health, sex life or sexual orientation.
We remind you that we do not provide our services or products directly to, nor collect personal data of, persons who have the legal capacity to purchase. Therefore, we ask you not to provide us with personal data of persons who do not have the legal capacity.

Information indirectly collected

We may collect information when you use our Digital Platforms, such as your IP address or other browsing information (including browser, operating system, device model), through cookies or similar technologies placed on your device. Some cookies are required for the proper functioning of our Digital Platforms and other are used for analytics purposes which help us to provide you with more personalized and customized services and a better digital experience. For more information about cookies and to know how you can edit your preferences, please read our Cookie Policy.

We may also collect information about you from third parties, such as a spouse who contacts us on your behalf or from your friends who provide us with your information in order to invite you to events you may be interested in.

If you provide personal data to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by data protection laws, we may collect, use and disclose such information for the purposes described in our Privacy Policy. For example, you should ensure the individual concerned is aware of the various matters detailed in our Privacy Policy, including that (i) his or her personal data has been or will be disclosed to us and that (ii) his or her personal data will be collected, used, disclosed or otherwise processed by us in the manner and for the purposes as set out in this Privacy Policy. The individual must also provide the consents set out in this Privacy Policy in respect of how we will deal with their personal information.

3. Why do we collect your personal data and how do we use it?
We collect and use your personal data based on one or many of the following legal basis:
- we have obtained your prior consent (for example, when you subscribe to our newsletter). Please note that for this specific legal basis, you have the right to withdraw your consent at any time (see below “What rights do you have on your personal data?”);
- the processing is necessary in connection with any contract between PONEY and you (for example, when you make a purchase);
- we have to process your personal data to comply with applicable laws and regulations.

Depending on the context, we may use your personal data in order to:

- provide you with the products or services you requested;
- conduct checks to identify you and verify your identity;
- send you Promotional Communications - with your prior consent (see section “Promotional Communications”);
- provide you after-sale services;
- respond to your queries, requests and suggestions;
- manage the events you registered and/or participated in;
- detect any fraudulent or illegal activity, including to secure your transactions by detecting and preventing fraud against you and PONEY;
- protect you, employees and other individuals in our stores as well as our property;
- manage the stock of certain types of rare products to allow a fair allocation of the products we sell;
- monitor and improve our Digital Platforms;
- conduct statistical analysis;
- improve our products and services;
- fulfil our legal obligations corresponding to preventing and combating fraud and money-laundering;
- provide information to regulatory bodies when legally required.

4. How long do we retain your personal information?
Your personal data are processed for the period necessary for the purposes for which they have been collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.

5. Who do we share your personal information with?
We do not sell or otherwise disclose your personal information except as described in this section.

Within PONEY Group Companies

We may disclose your personal data to our holding company, related companies and/or affiliates (collectively, “Group”) and licensees, distributors, franchisees and/or business partners (collectively, “Third Parties”), within or outside of Malaysia, employees in charge of customer relationship, retail, e-commerce, communication, internal audit and IT management for the purposes set out in our Privacy Policy and to provide you with a consistent level of service across all PONEY group companies. This may include providing you with the products and services that you have requested, improving the services provided and – with your consent – sending you Promotional Communications concerning offers, services, products or events (for such purpose, you may withdraw your consent at any time – see section “What rights do you have on your personal data?” below).


With our Service Providers

We may also share personal information with our Service Providers processing your data on our behalf for the purposes described in this Privacy Notice.

Examples of service providers we may share your data with

• Service provider operating the contact centre to provide Customer Assistance to users of our Websites

• Transportation companies delivering products purchased on our Websites to our customers.

• Companies providing technical support and infrastructure for our Websites.

Where our service providers need to have access to your personal information, we will (1) select providers who respect your privacy and comply with data protection laws at any time ; (2) only give them access to the information they need to perform their services; (3) ensure that they will only use the information for the purposes agreed in our contract with them; (4) ask them to delete or return any personal information when we stop using their services.


Other reasons for sharing personal information:

We may also disclose personal information about you (1) if we are required to do so by law or legal process (such as court order), (2) in response to a request by law enforcement authorities, or (3) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or suspected or actual illegal activity.

6. How do we protect your personal data?
All your personal data is strictly confidential and will only be accessible, on a need-to-know basis, to duly authorized personnel of PONEY and other entities of the PONEY Group and third providers acting on our behalf with appropriate technical and organizational security safeguards.

The PONEY group has implemented security measures to protect your personal data against unauthorized access and use. We follow appropriate security procedures in the storage and disclosure of your personal data so as to prevent unauthorized access by third parties and to prevent your data being accidentally lost. We limit those who access your personal data to those who have a genuine business need to access it. Those who do access your data are subject to a duty of confidentiality towards PONEY.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

We also require those parties to whom we transfer your personal data to comply with the same. However, unfortunately, the transmission of information via the internet is not completely secure. So, we cannot ensure the security of your personal data transmitted by you to us via the internet. Any such transmission is at your own risk and you acknowledge and agree that we shall not be responsible for any unauthorized use, distribution, damage or destruction of Your Information, except to the extent we are required to accept such responsibility under the law. Once we have received your personal data, we will use the security measures abovementioned.

7. What rights do you have on your personal data?
In accordance with the applicable data protection laws, you can, at any time, request access, rectification, erasure and portability of your personal data or restrict and object to the processing of your personal data. A summary of these rights is provided below:

Your right of access: the right to be provided with a copy of your personal data.

Your right to rectification: the right to require us to correct any mistakes in your data or to complete your information.

Your right to be forgotten: the right to require us to delete your personal data — in certain situations.

Your right to restriction of processing: the right to require us to restrict processing of your personal data — in certain circumstances, for example if you contest the accuracy of the data.

Your right to data portability: the right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party — in certain situations.

Your right to object to processing: the right to object:
— at any time to your personal data being processed for direct marketing;
— in certain other situations to our continued processing of your personal information,

You may at any time decide to withdraw your consent to the processing of your personal data. If your consent is withdrawn, it does not prevent us from processing your personal data based on other legal bases if any, such as fulfilling your orders and storing your order data as required by applicable law.
If you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic promotional message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request within twenty-one (21) days from the date of request, but we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.

8. How to contact us?
In issues relating to your account, to withdraw your consent, to ask general questions or to lodge a complaint, please contact our Customer Service:
- By email: e-customerservices@poneygroup.com
- By phone: +60127580382

In issues specifically related to Promotional Communications, we remind you that you can, at any time, directly unsubscribe through the “unsubscribe” link in any electronic promotional messages we send to you.

9. Changes to our Privacy Policy
Our Privacy Policy reflects our current practices, and is subject to change and update from time to time. When we post changes to our Privacy Policy we will modify the "Effective Date" at the top of this document to indicate when such changes have come into effect.