Privacy Policy

At Lumiizen, we believe that great service starts with understanding you better. When you share your information with us, it helps us tailor our products, improve your experience, and bring you more value with every interaction — from smarter recommendations to faster support and exclusive offers made just for you.

This Privacy Policy describes how we collect, use, disclose, and protect your personal data in accordance with the Personal Data Protection Act 2010 (Act 709) of Malaysia and its subsequent amendments ("PDPA"). We are committed to being transparent about how your data helps us serve you better.

By using our platform, submitting your information, or engaging with us through any communication channel (including but not limited to our website, WhatsApp, Facebook Messenger, Instagram, email, and SMS), you acknowledge that you have read and understood this Privacy Policy.

1. Personal Data We Collect

To provide you with the best possible experience, we may collect the following categories of personal data:

• Identity data: Full name, display name, profile picture — so we know who you are and can personalize your experience
• Contact data: Phone number(s), email address, mailing address, social media identifiers — so we can reach you on your preferred channel
• Transaction data: Order history, payment records, shipping details, receipts — so we can manage your orders and offer relevant products
• Communication data: Messages, inquiries, support conversations, and feedback — so we can improve how we help you and respond faster
• Usage data: How you interact with our platform, preferences, and settings — so we can make the experience smoother for you
• Device and technical data: Browser type, IP address, access logs (collected automatically) — to keep your account secure

We do not intentionally collect sensitive personal data (e.g., health, religious beliefs, political opinions). If such data is incidentally provided in communications, it will be treated with additional care.

2. How We Use Your Data

Everything we do with your data is designed to bring you better value. We collect and process your personal data for the following purposes and any purposes directly related thereto:

1. Delivering Your Orders Seamlessly: Processing and fulfilling your orders, managing deliveries and shipments, and keeping you updated every step of the way. For any concerns regarding your order, please contact us at info@lumiizen.com.
2. Remembering Your Preferences: Creating and managing your customer account so you don't have to repeat yourself — your order history, preferences, and past conversations are all saved to make every interaction smoother.
3. Faster, Smarter Support: Using automated tools and systems to respond to your inquiries more quickly and accurately — so you get the help you need without the wait.
4. Your Dedicated Sales Partner: Sharing your relevant account information with your assigned sales agent or authorized partner so they can give you personalized service, tailored recommendations, and priority attention.
5. Making Things Better for You: Analyzing how customers use our services and what they love most, so we can continuously improve our products, introduce features you actually want, and deliver a better experience with every update.
6. Exclusive Offers & Rewards: With your consent, sending you promotional offers, early access to new products, seasonal campaigns, loyalty rewards, and personalized recommendations through your preferred channels — so you never miss out on something made for you.
7. Keeping Everything Safe & Legal: Complying with applicable laws and regulations, protecting against fraud, and ensuring the security of your account and our systems.

3. Marketing Communications

We love keeping you in the loop. From time to time, we may send you updates about products we think you'll love, exclusive promotions, seasonal campaigns, loyalty rewards, and personalized recommendations via:

• Email
• SMS / Text message
• WhatsApp
• Facebook Messenger
• Instagram Direct Message
• Other messaging platforms we may adopt

Your consent for marketing communications is obtained separately from your consent for service-related communications. You may withdraw your marketing consent at any time without affecting our ability to send you important transactional messages (e.g., order confirmations, shipping updates, payment receipts).

Changed your mind? No hard feelings — to opt out of marketing communications, you may:

• Click the unsubscribe link in any marketing email
• Reply "STOP" to any marketing SMS or messaging channel
• Drop us an email at info@lumiizen.com

4. Disclosure to Third Parties

We may disclose your personal data to the following classes of third parties:

1. Service providers: Cloud hosting and database providers, email and messaging delivery services, messaging platform providers, payment processors, and shipping/logistics partners who assist us in operating our platform.
2. Agents & partners: Authorized sales agents and partners in our network, limited to the personal data of customers assigned to them and solely for the purpose of servicing your account and fulfilling your orders.
3. Professional advisors: Our accountants, auditors, and legal advisors where reasonably necessary.
4. Regulatory authorities: Government agencies, law enforcement, or regulatory bodies when required by law or in response to valid legal process.

We require all third parties to respect the security of your personal data and to process it in accordance with applicable law. We do not sell your personal data to any third party.

5. Meta Platform Data

Our platform integrates with Meta products (including Facebook and Instagram) to provide customer communication and support services. When you interact with us through Facebook Messenger or Instagram, we may receive the following data from Meta's platform ("Platform Data"):

• Profile information: Your name, profile picture, and locale as provided by Meta
• Conversation data: Messages, attachments, and interactions you send to our business page
• User identifiers: Meta-assigned user IDs (page-scoped and app-scoped)
• Page analytics and insights data: Impressions, reach, page views, and follower counts for our business pages
• Post and video engagement metrics: Likes, comments, shares, reactions, and video views on our page content

We use Meta Platform Data solely for the purposes described in Section 2 of this policy — primarily to respond to your inquiries, manage your customer account, and improve our support services. We process this data in compliance with Meta's Platform Terms and Developer Policies.

We do not:

• Sell, license, or transfer Meta Platform Data to any third party
• Use Platform Data for advertising, profiling, or eligibility determinations
• Combine Platform Data with data from other sources for purposes beyond servicing your account

Deletion of Meta Platform Data: You may request deletion of all data we have received about you from Meta by emailing info@lumiizen.com with the subject line "Meta Data Deletion Request". Meta may also send us automated deletion requests on your behalf, which we process promptly. Upon deletion, we will provide a confirmation code and status page for your reference.

6. Cross-Border Data Transfer

Your personal data may be transferred to, stored, and processed in countries outside Malaysia, including Singapore and the United States, where our service providers maintain their infrastructure.

We take reasonable steps to ensure that your personal data receives an adequate level of protection in accordance with the PDPA, including through contractual arrangements with our service providers that impose data protection obligations substantially similar to those under Malaysian law.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Active account data: Retained for the duration of your relationship with us and for 24 months thereafter
• Transaction & financial records: Retained for 7 years as required by Malaysian tax and company law
• Communication records: Retained for 24 months from the date of the last interaction
• Marketing preferences: Retained until you withdraw consent

Upon expiry of the retention period, your personal data will be securely deleted or anonymized.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Role-based access controls and row-level security
• Regular security assessments and monitoring
• Secure authentication and session management

9. Your Rights Under the PDPA

As a data subject under the PDPA, you have the following rights:

• Right of Access: You may request a copy of the personal data we hold about you. We will respond within 21 days.
• Right of Correction: You may request correction of any inaccurate, incomplete, or misleading personal data. We will process corrections within 21 days.
• Right to Withdraw Consent: You may withdraw your consent to the processing of your personal data at any time by contacting us. Please note that:
  • Withdrawal does not affect the lawfulness of processing carried out before the withdrawal
  • If you withdraw consent for processing necessary to provide our services, we may no longer be able to serve you
  • We may continue to retain certain data where required by law (e.g., financial records)
• Right to Deletion: You may request the deletion of your personal data held by us. To submit a deletion request, please email us at info@lumiizen.com with the subject line "Data Deletion Request" and include your full name and the email or phone number associated with your account. We will process your request within 21 days and confirm deletion via email. Please note that:
  • Certain data may be retained where required by law (e.g., financial and tax records for up to 7 years)
  • Deletion of data necessary to provide our services may result in account closure
  • Data that has been anonymized or aggregated and can no longer identify you is not subject to deletion
• Right to Data Portability: You may request your personal data in a structured, commonly used, machine-readable format.
• Right to Prevent Marketing: You may opt out of direct marketing at any time, free of charge.

10. Data Breach Notification

In the event of a personal data breach that is likely to cause significant harm, we will notify the Personal Data Protection Commissioner within 72 hours and inform affected data subjects as soon as practicable, in compliance with the PDPA and its amendments.

11. Contact Us

For any inquiries, access requests, correction requests, or complaints regarding your personal data, please contact our Data Protection Officer:

We will respond to all data subject requests within 21 days of receipt. If you are not satisfied with our response, you may lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes to how we process your personal data, we will notify you via email or in-app notification and, where required by law, obtain fresh consent. The latest version will always be available on this page.