IDR30K OFF FIRST PURCHASE
SIGN UP now and be rewarded
NH Prima International Sdn Bhd Privacy Policy
Effective Date: 7th October 2025
Last Updated: 7th October 2025
NH Prima International Sdn Bhd (Company No: 977855-W) and its related brands, including but not limited to naelofar.com ( “the Company” , “we” , “us” , or “our” ) are committed to protecting the privacy and personal data of our customers (the “Data Subject” or “you” ) in compliance with the Malaysia Personal Data Protection Act 2010 ( PDPA ). This policy is our written notice to you, explaining how your personal data is collected, used, disclosed, and processed by the Company.
1. The Personal Data We Collect and Source (General & Notice and Choice Principles)
We collect and process various types of personal data from you in the course of our commercial transactions. This includes, but is not limited to:
| Category of Data | Examples of Data Collected | Source of Data |
|---|---|---|
| Identity Data | Name, date of birth, age, gender, MyKad/Passport number (for contests/verification), and language preference. | Directly from you via forms, website sign-ups, event registrations. |
| Contact Data | Billing address, delivery address, email address, and telephone number. | Directly from you via website checkout and account registration. |
| Transaction Data | Details about products purchased, order history, payment method details, and loyalty program activity. | Automatically generated upon transactions. |
| Event Data | Photographs, video recordings, and sound recordings captured during physical ground events, contests, or marketing campaigns organized or sponsored by the Company. | Taken at events, contests, and campaigns. |
| Technical Data | Internet Protocol (IP) address, browser type, operating system, and data collected via cookies (see Section 5). | Automatically collected upon browsing our website. |
| Marketing Data | Your preferences in receiving marketing, your response to promotional campaigns, and social media interactions with our brands. | Directly from you via opt-in, or through our CRM/EDM platforms. |
Consequence of Not Providing Data: The provision of your Name, Contact Data, and Payment Information is mandatory for us to process and deliver your order, manage your account, or process contest entries. Failure to provide this data will result in us being unable to perform our contract with you or provide the requested service.
2. Purposes of Collecting and Processing Your Personal Data
We process your personal data for the following specific purposes, and we shall not process your personal data for any purpose other than those stated herein:
To Perform Contractual Obligations: To process your transactions, manage your account, deliver products, and provide necessary customer support.
For Marketing and Direct Communication (EDM): To send you Electronic Direct Mail ( EDM ), newsletters, product updates, and personalized offers.
For Loyalty Program Management: To track your purchases, calculate rewards, and manage your participation in any loyalty or rewards program across the Company’s brands.
For Business Operations and Improvement: To conduct data analysis and research using our CRM (Customer Relationship Management) and Loyalty Platforms to improve our products, customer service, and website experience.
For Public Relations and Promotional Use (Event Data): To use your photographs, video recordings, and other Event Data for advertising, promotional, public relations, and publicity purposes across all media platforms without compensation.
To Comply with Legal Obligations: To detect and prevent fraud or criminal activities, and to comply with any legal, regulatory, or governmental requirements (e.g., tax, audit, statutory reporting).
3. Disclosure of Your Personal Data (Disclosure Principle)
We may disclose your personal data to the following classes of third parties, which includes our holding company, subsidiaries, associated companies, or affiliates, both within and outside Malaysia, strictly for the purposes described in Section 2:
Service Providers & Platforms: Third-party service providers that facilitate our operations, including those providing our Loyalty Platform, CRM Platform, and EDM Platform, web hosting, and cloud storage services.
Business Partners: Courier/logistics providers for product delivery, and payment processors/financial institutions for transaction processing.
Co-Sponsors and Promotion Partners: Third parties who partner with us to co-sponsor events or promotions.
Professional Advisors: External auditors, legal counsel, and consultants.
Regulatory Bodies: Government agencies, regulatory bodies, and law enforcement agencies, if required by law or a valid legal process.
Cross-Border Transfer: Your personal data may be transferred to, stored, and processed outside of Malaysia by our international service providers (e.g., cloud hosting, e-commerce platform). We take all necessary steps to ensure that the recipient country or service provider offers an equivalent level of protection, or that we have obtained your consent for such transfer.
4. Security, Retention, and Data Integrity (Security, Retention, and Data Integrity Principles)
Security: We take practical steps to protect your personal data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration, or destruction.
Our security measures include:
Administrative Safeguards: Implementing strict access controls and internal policies.
Technical Safeguards: Using industry-standard security practices like encryption, firewalls, and secure server environments.
Physical Safeguards: Storing physical data records in secure, restricted-access locations.
Retention: We will not keep your personal data longer than is necessary for the fulfilment of the purpose for which it was collected. We are responsible for taking all reasonable steps to permanently destroy or delete your personal data once it is no longer needed.
Data Integrity: We take reasonable steps to ensure the personal data collected is accurate, complete, not misleading, and kept up-to-date in relation to the purposes for which it is processed.
5. Cookies and Automated Collection
We use cookies, web beacons, and similar technologies to enhance your experience. These technologies are used for:
Essential Functionality: To maintain your shopping cart, ensure website security, and manage your login session.
Analytics and Personalization: To analyze customer traffic, understand browsing behavior, and personalize the content and advertisements you see.
You have the choice to manage or disable cookies through your browser settings. However, disabling essential cookies may impact the full functionality of the website.
6. Your Rights as a Data Subject (Access Principle)
You have the following rights under the PDPA in relation to your personal data:
Right of Access: The right to request access to your personal data held by us.
Right of Correction: The right to request the correction or updating of any inaccurate, incomplete, or misleading personal data.
Right to Withdraw Consent: The right to withdraw your consent to the processing of your personal data for any specific purpose, including direct marketing, at any time.
We will endeavor to process all such requests within the time frame prescribed by the PDPA.
7. Notification of Changes, Complaints, and Contact Information
We may revise this Privacy Policy from time to time. Any changes will be posted on our website, and your continued use of our services after such changes will constitute your acknowledgment and acceptance of the revised policy. For all formal requests to access, correct, or withdraw consent, or for any complaint regarding data privacy, please contact our Customer Service at [email protected].