Privacy Policy

Your privacy and data protection are our priority

1. Introduction

Harrington Bookshop is committed to protecting your personal data and privacy. This Privacy Policy outlines how we collect, use, store, and disclose your personal information in accordance with applicable laws, including the Malaysia Personal Data Protection Act 2010 (PDPA) and relevant international data protection standards. This policy applies to all customers and users of our services (including our website and third-party sales channels).

By using Harrington Bookshop's website or services, or by providing personal information to us, you consent to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please refrain from using our services or providing personal data.

2. Data We Collect

We may collect and process various types of personal data about you when you interact with us. The types of information we collect include:

2.1 Identification and Contact Details

Name, postal address, email address, phone number, and other contact information.

2.2 Account Information

If you register an account, we may collect a username, password, and other registration details.

2.3 Transaction Information

Details of the products you purchase or inquire about, order dates, payment method, billing and shipping addresses, and invoice records.

2.4 Payment Information

Payment card details or bank account information provided for completing purchases. For security, we typically use third-party payment processors and do not store full payment card numbers on our servers.

2.5 Device and Website Usage Data

When you visit our website, we may collect technical data such as your IP address, browser type, operating system, referring website, pages viewed, and the dates/times of access. We may use cookies or similar tracking technologies to enhance your browsing experience (see Section 9: Cookies & Tracking).

2.6 Communications

Records of your communications with us, such as customer support inquiries, emails, chat messages, or social media interactions (including any information you choose to provide, such as feedback or testimonials).

2.7 Marketing Preferences

Your preferences in receiving marketing from us (e.g., whether you have subscribed or unsubscribed to our newsletter) and communication preferences.

Child Protection: We do not knowingly collect personal data from children under the age of 13 (or equivalent minimum age in the relevant jurisdiction) without verifiable parental consent. Our website and services are intended for general audiences and not directed to children.

3. How We Use Your Personal Data

Harrington Bookshop will use your personal data only for legitimate business purposes and as necessary to provide our services to you. The purposes for which we process your data include:

3.1 Fulfillment of Orders and Services

Processing payments, handling shipping, delivering orders, and providing customer support or warranty service.

3.2 Account Administration

Maintaining your account, verifying your identity when you log in, and enabling account features (such as order history, wishlists, and saved addresses).

3.3 Communication

Responding to your inquiries, requests, or complaints; sending service-related communications such as order confirmations, shipping notifications, and important updates about your purchase or our terms.

3.4 Improvement of Services

Analyzing purchase histories, website usage data, and feedback to understand customer needs, improve product offerings, optimize user experience, and enhance customer service quality.

3.5 Marketing (with consent)

Where you have given consent or as otherwise permitted by law, sending promotional materials, newsletters, or special offers. You can opt out at any time (see Your Rights & Choices).

3.6 Security and Fraud Prevention

Verifying user identity, detecting and preventing fraud or misuse of our website or services, and ensuring transaction security.

3.7 Legal Compliance

Complying with obligations such as maintaining proper business records, handling returns and refunds, satisfying tax and accounting requirements, or responding to lawful requests by public authorities.

Data Retention: We will retain your personal data only for as long as necessary to fulfill the purposes above or as required by law.

4. Disclosure of Personal Data

We respect the confidentiality of your personal data. We do not sell or rent your personal information to third-party marketers. We share data only in the following circumstances:

4.1 Service Providers and Partners

We may share relevant portions of your data with trusted third-party service providers who perform functions on our behalf to complete or facilitate your transactions. This includes:

Shipping and Logistics Companies: we provide your name, address, and phone/email to courier or postal services to deliver your orders.

Payment Processors: to process your payment securely.

IT and Hosting Providers: companies that host our website or databases, or provide technical support.

Marketing or Analytics Providers: to send newsletters or analyze site traffic (typically using anonymized or aggregated data unless you have consented otherwise).

These third parties receive only the information necessary to perform their services, and are contractually obligated to protect your data and use it only for the specified purposes.

4.2 Third-Party Marketplaces

If you purchase through a marketplace (e.g., Shopee, Lazada, Amazon), that platform independently receives and processes your data under its own privacy policy. We may receive order data to fulfill your order and may share information back with the marketplace to resolve disputes or claims.

4.3 Legal Requirements and Protection

We may disclose information as required by law or legal process (e.g., court order, subpoena, law enforcement request), or where necessary to enforce our Terms & Conditions, or protect the rights, property, or safety of Harrington Bookshop, our customers, or others (including fraud prevention or credit risk reduction).

4.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, personal data may be transferred. Any new owner will be bound to respect your personal data in accordance with this policy and applicable law.

Aside from the situations above, any other sharing of your personal data with third parties will be carried out with your consent (for example, before publishing a testimonial with your name).

5. International Data Transfers

Personal data we collect may be stored or processed in Malaysia or other countries (e.g., cloud storage or email providers). If you are located outside Malaysia, your data will be transferred to us in Malaysia to fulfill your orders. Where data is transferred to a country without comparable data protection laws, we will implement appropriate safeguards (such as contractual clauses) or obtain your consent as required. We will ensure recipients provide a level of protection comparable to Malaysian law.

6. Data Security

We implement appropriate technical and organizational measures to safeguard personal data against loss, theft, and unauthorized access, disclosure, or modification. These measures include:

SSL encryption for data transmitted on our website

Encryption or tokenization of sensitive financial information by our payment processors

Restricted internal access to personal data on a need-to-know basis, with confidentiality training

Regular maintenance, firewalls, and anti-malware protections

Secure disposal or anonymization of data no longer required

Despite these precautions, no method of transmission over the internet or electronic storage is completely secure. Please keep your account credentials secure and contact us immediately if you suspect compromise.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Examples include:

Order and purchase data retained for tax/financial compliance and to manage warranty or return issues

Account profile data retained until you request deletion or the account becomes inactive, consistent with our retention policy

Marketing contact data retained until you opt out or withdraw consent

Web server logs and analytics data retained for a limited period unless needed for security analysis

When we no longer have a legitimate need or legal obligation to retain personal data, we will securely delete or anonymize it. If immediate deletion is not feasible (e.g., data in backups), we will isolate it from further processing until deletion is possible.

8. Your Rights & Choices

Under PDPA and other applicable laws, you may have the following rights regarding your personal data:

8.1 Right to Access

Request access to the personal data we hold about you and a copy of it in a usable format.

8.2 Right to Correction/Rectification

Request correction or updating of inaccurate, outdated, or incomplete personal data.

8.3 Right to Withdraw Consent

Withdraw your consent to processing where processing is based on consent (e.g., marketing). Withdrawal does not affect processing performed before withdrawal.

8.4 Right to Prevent Direct Marketing

Instruct us at any time not to process your personal data for direct marketing purposes (use the unsubscribe link or contact us).

8.5 Right to Object or Restrict

Object to or request restriction of processing in certain circumstances (e.g., contesting accuracy or lawfulness).

8.6 Right to Erasure

Request deletion of personal data in specified situations, subject to legal exceptions (e.g., legal obligations or establishment/exercise of legal rights).

To exercise your rights, contact us using the details in Section 13. We will verify your identity before acting on your request. We endeavor to respond within the timeframe required by law (typically within 21 days for PDPA requests). Some requests may attract a minimal fee as allowed by law to cover administrative costs. If you have an account, you may also access and update information by logging in.

9. Cookies & Tracking

Our website uses cookies and similar technologies to ensure basic functionality, enhance user experience, and analyze performance. You can manage cookie preferences via your browser settings or (where available) our consent banner. Disabling certain cookies may affect functionality (e.g., cart, checkout, login). For full details, please see our standalone Cookies Policy.

10. Third-Party Links & Services

Our website or communications may contain links to third-party websites or services (e.g., payment gateways, logistics providers, social media). This Privacy Policy does not cover third-party sites. Their handling of personal data is governed by their own policies.

11. Protection of Minors

Our services are not directed to children under 13. We do not knowingly collect personal data from minors without proper consent. If you believe a child has provided personal information to us without consent, please contact us so we can take appropriate action.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. Material changes will be communicated via a prominent notice on our website or other appropriate means. The "Last Updated" date indicates the latest revision. Continued use of our services after updates signifies acceptance to the extent permitted by law.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

HARRINGTON BOOKSHOP SDN. BHD.

Company Registration No.: 202501013611 (1615025-A)
Incorporated on: 28 March 2025 under the Companies Act 2016 (Malaysia)
Registered Office: A-3-3, Plaza Bukit Jalil (Aurora Place), No. 1, Persiaran Bukit Jalil 1, Bandar Bukit Jalil, 57000 Kuala Lumpur, W.P. Kuala Lumpur, Malaysia

Email: harringtonbookshop@gmail.com

Phone: +60 17-307 0637

Attn: Data Protection Officer / Privacy Compliance

Last Updated: September 23, 2025