Privacy Statement
Effective Date: 20 July, 2023
1. Introduction
1.1 Urb Wave Sdn Bhd (“Urb Wave”, “we”, “us”, our”) understands how important your privacy is to you and fully respects it. Please read and familiarises this Privacy Statement before you submit your personal data to us.
1.2 This Privacy Statement explains clarifies how we process your data from the point we collect, use, share, dispose of and the security measure that we established to ensure your personal data is protected. This Privacy Statement applies to https://app.urbanwave.ai/, any successor website (“Website”), and the services available on that website or any successor website, and services that contain or refer to this Privacy Statement ("Services"). You may be asked to consent to the practices and the policies in this Privacy Statement when you access or interact with us. Otherwise, by using the Website and the Services, you are accepting the practices and policies in this Privacy Statement. If you do not accept and agree with the practices and policies in this Privacy Statement, please do not use the Website and Services to submit your personal data to us.
1.3 By interacting with us, using our Website, submitting information to us, or signing up for our Services (regardless how you access or use the Services, including access via mobile devices, applications and whether you are a Business Partner or a customer), you agree and consent to us, as well as our third party service providers, Business Partners, representatives and/or agent, collecting, using and disclosing your personal data in the manner set forth in this Privacy Statement.
1.4 The provision of your personal data is voluntary. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to provide information and Services to you or to respond to your enquiries.
1.5 We shall have the right to modify, update or amend the provisions of this Privacy Statement at any time by placing the updated privacy statement on the Website. By continuing to interact with us or by continuing to use our Services following the modification, update or amendments to the Privacy Statement, this shall constitute your acceptance of such modification, update or amendments.
2. Data We Collect
2.1 Personal Data include any information which are related to an identified or identifiable natural person. The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier. In practice, these include all data which are or can be assigned to a person in any kind of way, such as telephone number, credit card or personnel number of a person or address are all personal data. In the course of your interaction with us, if it is necessary, we may require you to provide additional personal data and or sensitive personal data.
2.2 The information we collect depends on how you interact with us, the Services you use and the choices you make. The information we may collect includes information:
2.2.1 You have directly provided to us
You need to register an account with us to enjoy our Services. When you register an account with us or log in with your user ID to use our Services, we will ask you to provide relevant personal data, such as name, mobile number, email address, address, age, gender, account registration information such as password, and payment and billing information.
2.2.2 We collect from your usage of our Services
When you use our Services, we will collect account information, device information, cookies (described below) transaction information on the Services, order information, payment and billing information (such as shipping address, payment mode, credit card numbers, financial account information and other payment details), and information how you use the Services, such as your network information, IP address, device information, session information, log information (such as time of access, access count, errors, and crashes), location information. Location information can be obtained based on GPS, Wi-Fi, and service provider network ID.
We may provide you with cloud storage services where you can upload some of your files, information and data. We collect the files, information, data you upload to our Services, your device information, sessions information, the date and time of each submission or upload, information contained in or relating to your submissions or upload.
Some of our Services allow you to communicate and share information with others. When you use our Services to share information with our Business Partners of your choice, we may collect information related to those Business Partners. We will take appropriate and necessary measures to ensure the security of the information that you provide.
2.2.3 We collect from third parties
We may receive personal data about you from other parties acting at your direction, from our Business Partners, third party service provider and from other lawful resources.
When permitted by law, we will collect information about you from public and commercial sources. Such third parties including credit rating agencies, public sources, data service providers, and publicly available information.
2.2.3 Non-identifiable data
Non-identifiable data refers to data that cannot be used to identify an individual. Examples of non-identifiable data including statistics on Website visits. We will collect statistics information to understand how user use our Website.
2.3 If you provide us with any personal data relating to a third party, by submitting such information to us, you represent and warrant to us that you have notified such third party of the provision of this Privacy Statement, and that such third party has consented to you disclosing his or her personal data to us for the collection, use and disclosure or their personal data by us as described in this Privacy Statement. Where the disclosure is in respect of a child’s personal data, you should do as only as the parent or legal guardian of that child and enter into relevant contracts on behalf of that child.
Cookies and Other Technologies
2.4 Our Website and Services may use Cookies to distinguish you from other user of our Website and Services to provide better, faster and personalised user experience and to show you personalised advertising. A cookie is a data file that are placed on your computer or mobile device that are used for electronic authentication, monitoring sessions and storage of information regarding your website visit. We use the following types of cookies:
2.4.1 Strictly necessary Cookie: These are Cookies that are required for the operation of our Services. They are for login authentication and verification.
2.4.2 Preference Cookie: These are Cookies that store your preferences and settings.
2.4.3 Analytical/performance Cookies: These are Cookies that help us to analyse the use and performance of our Website and Services.
2.4.4 Advertising Cookies: These are Cookies that collect information about your online activities and interests and to provide you with advertisement that will correlate most highly with you.
2.5 Where possible, we take appropriate security measures to prevent unauthorized access to our cookies and similar technologies. A unique ID ensures that only we and or selected third parties have access to cookie data.
2.6 You are free to disable the use of cookies and similar technologies if this is supported by your device. You can manage your cookie settings in your browser or device settings. If you decide not to have your personal data processed by us for advertising purposes via cookies (and similar technologies), this does not mean that we will not show you advertisements. It simply means that these advertisements will not be personalized for you using first-party or third-party cookies, or similar technologies. By continuing to use our Website and Services, you accept to the use of cookies as outlined above.
3. Purpose for Data Collection
3.1 Personal data is collected for the following purposes:
- to communicate with you;
- to facilitate your access to Website and to provide Services;
- to manage your account;
- to process your instructions, applications, orders, enquiries, transactions and registrations, payment instructions;
- to perform automated decision-making or profiling;
- to promote services and send you marketing or promotional materials regarding us, our Business Partners or third party service providers, unless you choose to opt-out from receiving those materials;
- to confer an interest, benefit or privilege on you as our customer or potential customer where such interest, benefit or privilege may be provided by us or third party;
- to carry out audit to maintain the quality or safety of services;
- to improve our product and services and for analytics;
- for internal administrative purpose, including to administer your account with us, to verify transactions, to carry out audit, to improve and enhance the content of services and to ensure compliance activities;
- to process any complaints, feedbacks, enforcement actions;
- to comply with legal obligations or regulatory requirement that we are subject to;
- to carry out detections and investigation of incident, security incident, protecting against malicious, deceptive, fraudulent or illegal activity and prosecuting those responsible for that activity;
- to maintain and update internal record keeping for internal business and administrative purposes;
- for storing, hosting, backing-up information whether within or outside Malaysia;
- other purposes you consent to, are notified of, or are disclosed when you provide personal data.
3.2 We may use your personal data to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about computer or device from which you access our services to conduct joint data analytics projects with selective third party service providers using such anonymised information or collaborate with selective third party service providers to protect user interest and develop targeting advertising for selected users. Aggregated data is considered non-personal data for the purposes of this Privacy Statement.
3.3 We may retain your information for as long as necessary to fulfil the purposes for which it is collected or as otherwise required to ensure compliance with applicable laws.
4. Disclosure of Data
4.1 We may share personal data with our affiliated companies, service providers, Business Partners, or others at your directions or as necessary to complete the transactions or to provide the Services you have requested or authorised. We do not share personal data unless one of the following circumstances applies:
4.1.1 Sharing with consent: After obtaining your consent, we will share the information that you have authorised with specified third parties or Business Partners.
4.1.2 Sharing pursuant to applicable laws: We may share your information as required by laws and regulations, for resolving legal disputes, or as required by the authorities, law enforcement agency or similar body pursuant to applicable laws.
4.1.3 Sharing with our affiliates: We may share your information with our affiliates only for explicit, and legitimate purposes and the sharing is limited only to information required by services.
4.1.4 Sharing with Business Partners: Some of our Business Partners provides products and/or services directly to you. We may share your information with them, they may use your information to provide you with the products and/or services you request.
4.1.5 Sharing with service providers: We may disclose your information to companies that provide services for or on behalf of us, including service providers who provide information technology service, administration, data processing, payment, printing, advisory and consultancy services (which include professional advisors or consultants such as auditors, insurers, accountants, bankers and lawyers) and services in connection with the operation of our practice, business and our provision of Services to you.
4.1.6 Sharing when there is reasonable requirement to do so, for example to meet request of applicable laws, regulations, legal process, authorities, law enforcement agency or similar body.
4.2 We require any person or entity to whom we disclose personal data to respect the confidentiality of your personal data and to treat it in accordance with applicable laws. We permit them to process your personal data for specified purposes and in accordance with our instruction and we do not allow them to use your personal data for their own marketing purposes. We do not control, and do not accept any responsibility or liability for, the privacy policy and the processing of personal data by any party other than us.
5. Processing of Personal Data
5.1 Your personal data will be stored by us and our service providers in accordance with applicable law and to the extent necessary for the processing purposes set out in this Privacy Statement.
5.2 Our services are delivered through resources, servers and information technology storage facilities located outside Malaysia, we may need to transfer your personal data to jurisdictions outside Malaysia. When we transfer your personal data to other countries, we will protect the personal data as described in this Privacy Statement.
6. Security Measure
6.1 We are committed to protect your personal data and will safeguard information shared with us with strict standard of security and confidentiality.
6.2 We have detailed security policies and standards which allow us to secure the information shared with us to prevent information leakage, improper use, unauthorised access or disclosure.
6.3 We have detailed access control mechanism and security measures to ensure that only authorised personnel can access your personal data and to prevent unauthorised or accidental access, processing, erasure, loss or use, including limiting physical access to data within our system and encryption of personal data when transferring such data.
6.4 We use security measures to ensure the security of information within reasonable security standard. For example, we will use encryption technology (for example, SSL), data anonymization and other means to protect your personal data.
6.5 Reasonable steps will be taken to delete or destroy the information when it is no longer necessary for any of the above stated purposes.
6.6 We work closely with our service providers and Business Partners to ensure that they provide same level of protection to data they hold on their own or process on our behalf.
7. Retention Period of Personal Data
7.1 We retain personal data for as long as necessary to provide the Services and fulfil the transactions you have requested, comply with our legal obligations, resolve disputes, to support a claim or defence in court, enforce our agreements, and other legitimate and lawful business purposes.
8. Your Data Protections Rights
8.1 Under the applicable law and regulation, every user is entitled to the following:
Right to Access
You have the right to request us for copies of your personal data. We may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons for doing so.
Right to Withdraw Consent
You have the right withdraw your consent at any time for where we have obtained your consent to process your personal data for certain activities, such as for marketing. As a result, we may no longer process your personal data based on this consent in the future. The withdrawal of consent has no effect on the validity and lawfulness of processing based on consent before its withdrawal.
Right to Rectification
You have the right to request us to correct any information you believe is inaccurate. You also have the right to request us to complete information you believe is incomplete. If we have shared this personal data with third party, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision. Further, you may update or make amendments to your personal data as below:
- for registered user, you may login to your online account and update your personal data; or
- for every other user, you may email your request to support@urbanwave.ai
Right to Erasure
You have the right to request to erase your personal data under certain conditions. Generally, this right exists where the data is no longer necessary, you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue, the data has been processed unlawfully, it is necessary for the data to be erased in order for us to comply with our obligation under law; or you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continue processing.
There may be situations where we cannot grant your request. In the circumstances that we are entitled to refuse to comply with your request for erasure, we will tell you our reason for doing so. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purses. Other reasons your privacy request may be denied are if it jeopardizes the privacy of others, is frivolous or vexatious, or would be extremely impractical.
When complying with a valid request for erasure of data, we will take all reasonably practicable steps to delete the relevant data.
Right to Data Portability
You have the right to request us to transfer the data that we have collected to another organization, or directly to you under certain conditions. To allow you to do so, we will provide you with your data in a commonly used machine-readable format at your costs so that you can transfer the data.
8.2 To get in touch with us about these rights, please contact us through email address:
support@urbanwave.ai
8.3 We will seek to deal with your request without undue delay. Please note that we may keep a record of your communication to help us resolve any issue which you raise.
9. LINKS TO THIRD PARTY WEBSITES
9.1 We may link this website to websites of other companies or organisations (collectively as “Third Party Sites”). This Privacy Statement does not apply to such Third Party Sites as those sites are outside our control.
9.2 If you access Third Party Sites using the links provided, the operators of these sites may collect your personal data. Please ensure that you are satisfied with the privacy statements of these Third Party Sites before you submit any personal data.
9.3 We try, as far as we can, to ensure that all third party linked sites have equivalent measures for protection of your personal data, but we cannot be held responsible legally or otherwise for the activities, privacy policies or levels of privacy compliance of these Third Party Sites.
10. ADDITIONAL INFORMATION
10.1 In the event there is any conflict or inconsistency between the English and Bahasa Malaysia versions of this privacy notice, for the purposes of interpretation and construction, the English language version shall prevail and be given effect to.
Business Partners means selected third party financial service provider.
10.2 Should you have any questions on any part of this Privacy Statement or would like additional information regarding our data privacy practices please do not hesitate to contact us by the contact details above.