Privacy Policy

Effective Date: 25 October 2024
Website: bioherbsinstantcoffee.com (“Site”)
Operator / Controller: Bio Herbs Instant Coffee (“we”, “us”, “our”)
Business Address: Semenyih Integrated Industrial Park, 43500 Semenyih, Selangor, Malaysia
Support: support@bioherbsinstantcoffee.com • WhatsApp/Telegram: +601121944419

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit or shop on our Site, contact us, or interact with our services. It is designed to meet major global privacy frameworks, including the EU/EEA/UK GDPR, Switzerland FADP, California CCPA/CPRA, Canada PIPEDA, Australia Privacy Act/APPs, and similar laws. Some rights apply only in certain regions and are called out below.

For terms of sale and website use, please also see our Terms & Conditions, Shipping Policy, Refunds & Returns, and Cookie Policy.

1) What we collect

We collect the following categories of information (some are optional or collected only if you provide them):

  • Identifiers & contact information: name, email, phone/WhatsApp/Telegram handle, billing/shipping address.
  • Account information: username, password, preferences.
  • Commercial & order data: products viewed/added/purchased, order notes, transaction totals, currency, and fulfillment details.
  • Payment data: we use third-party processors (e.g., card gateways, PayPal) to process payments. We do not store full card numbers; processors handle them under PCI-DSS.
  • Device/usage data: IP address, device/browser type, pages visited, referral URLs, approximate location (country/city), cookies/SDK identifiers (see Cookie Policy).
  • Communications: messages you send via email, contact forms, WhatsApp/Telegram, or product reviews.
  • Logistics data: shipping method, tracking numbers, and delivery status from carriers (e.g., Quantium Solutions/SingPost, DHL, FedEx).
  • Marketing preferences: newsletter opt-ins, cookie consent choices.
  • Inferences: basic interest segments derived from browsing (e.g., “coffee buyer”), where allowed by cookie consent.

We do not intentionally collect sensitive medical data or information about children.

2) How we use information (purposes & legal bases)

  • Provide the service & fulfill orders: process payments, pack/ship goods, provide invoices and customer support.
    • Legal bases (GDPR): Contract performance; Legal obligation (tax/records).
  • Communications: respond to inquiries, send transactional emails (order confirmations, delivery updates).
    • Legal bases: Contract performance; Legitimate interests.
  • Fraud prevention & security: detect, investigate, and mitigate fraud, spam, or abuse.
    • Legal bases: Legitimate interests; Legal obligation.
  • Improve & personalize the Site: analytics, troubleshooting, A/B testing.
    • Legal bases: Legitimate interests; Consent (where required for cookies).
  • Marketing (optional): newsletters, offers, and retargeting ads subject to your consent/opt-out.
    • Legal bases: Consent; Legitimate interests (where allowed).
  • Compliance: keep statutory records (e.g., tax, accounting) and respond to lawful requests.
    • Legal bases: Legal obligation; Legitimate interests.

We do not engage in automated decision-making that produces legal or similarly significant effects.

3) How we share information

We share data only as needed to run our business:

  • Payment processors to complete transactions (they receive billing details and payment tokens).
  • Shipping & logistics partners (e.g., Quantium Solutions/SingPost, DHL, FedEx) to deliver orders and provide tracking.
  • Cloud/service providers for hosting, analytics, email, CRM, and security (under contracts with confidentiality and data-protection obligations).
  • Professional advisors (legal, accounting) and authorities when legally required.
  • Business transfers in the event of a merger, acquisition, or asset sale (with notice and continued protections).

We do not sell personal information for money. Some ad/analytics cookies may constitute “sharing” or “targeted advertising” under certain US state laws; you can opt out via our cookie banner and the mechanisms in Section 9.

4) Cookies & tracking

We use cookies and similar technologies for site functionality, analytics, and (with consent) remarketing. Control your preferences at any time via the cookie banner or see our detailed Cookie Policy.

Do Not Track: we currently do not respond to DNT signals due to lack of a consistent industry standard.

5) Data retention

  • Orders & invoices: generally kept 7 years (tax/audit rules).
  • Support messages: typically 2 years from last interaction.
  • Marketing records: until you unsubscribe or request deletion.
  • Web logs/analytics: typically 12–24 months, then aggregated or deleted.

We keep data longer where required by law or to establish/defend legal claims.

6) Security

We use technical and organizational measures such as HTTPS/TLS encryption, access controls, least-privilege policies, and processor due diligence. No method of transmission or storage is 100% secure; please use unique, strong passwords and avoid sending payment details via email/WhatsApp.

7) International transfers

We operate from Malaysia and may transfer data to processors in other countries. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), vendor certifications, and contractual commitments, and we assess partners’ security measures. By using the Site, you understand your data may be processed outside your home country.

8) Your privacy rights

A) EEA/UK/Switzerland (GDPR/FADP)

You can access, correct, delete, restrict, or object to processing; port your data; and withdraw consent at any time. You may also lodge a complaint with your local data authority (e.g., an EU DPA, the UK ICO, or the Swiss FDPIC).

B) United States (CCPA/CPRA & similar state laws)

California and certain other state residents have the right to:

  • Know/access categories and specific pieces of personal information we’ve collected, used, disclosed, and whether we “sold” or “shared” it.
  • Request deletion or correction of inaccurate information.
  • Opt out of “selling or sharing” for cross-context behavioral advertising and of certain profiling/targeted ads.
  • Limit the use/disclosure of “sensitive” personal information (we do not use SPI for inferring characteristics).
  • Non-discrimination for exercising these rights.

Sale/Share: We do not sell personal information for money. We may “share” identifiers and internet/network activity with ad/analytics providers via cookies only if you consent. Use the cookie banner to opt out (and see “Your Privacy Choices” below).

C) Canada (PIPEDA)

You may request access, correction, and to challenge our compliance with PIPEDA. You may also withdraw consent, subject to legal or contractual restrictions.

D) Australia (APPs)

You may request access/correction and complain to us or to the OAIC if unresolved.

9) How to exercise your rights (“Your Privacy Choices”)

  • Email: support@bioherbsinstantcoffee.com
  • Messaging: WhatsApp/Telegram +601121944419 (identify your request)
  • Cookies/ads opt-out: use the consent banner to reject analytics/advertising cookies.
  • Marketing emails: use the unsubscribe link in any message.

We will verify your identity and respond within the timeframes required by law. Authorized agents may submit requests where permitted (we may require proof of authorization).

10) Children

Our Site is not directed to children, and we do not knowingly collect data from anyone under 13 (or the minimum age required by local law). If you believe a child provided data, contact us and we will delete it.

11) Third-party links & social messaging

The Site may link to third-party sites or let you contact us via WhatsApp/Telegram. Your use of those services is governed by their own terms and privacy notices. Please avoid sending payment card details or sensitive information via chat.

12) Changes to this Policy

We may update this Privacy Policy from time to time. We will post the new version with an updated “Effective Date” and, where required, provide additional notice. Your continued use of the Site after changes means you accept the revised Policy.

13) Contact

Questions or requests about privacy:
Bio Herbs Instant Coffee
Semenyih Integrated Industrial Park, 43500 Semenyih, Selangor, Malaysia
Email: support@bioherbsinstantcoffee.com
WhatsApp/Telegram: +601121944419

14) Region-specific disclosures (California summary)

Categories collected in the last 12 months: identifiers and contact info; commercial data; internet/network activity; geolocation (coarse); inferences (limited); communications; logistics.
Sources: you, your device, payment processors, carriers, and service providers.
Purposes: as listed in Section 2.
Disclosures for business purposes: to processors, carriers, security/fraud partners, and advisors.
Sale/Share: no monetary “sale”; cookie-based “sharing” for ads only with your consent (opt-out via cookie banner).
Retention: as in Section 5.
Sensitive personal information: not used to infer characteristics.

Shopping Cart