Privacy Policy

1.1 Scope and Application

This Privacy Policy details the practices of HARRINGTON BOOKSHOP SDN. BHD., its affiliates, and related corporate bodies ("Harrington Bookshop," "we," "us," or "our") concerning the collection, usage, disclosure, retention, and protection of Personal Data. This document applies universally to all individuals ("you" or "Customer") who engage with our services, whether through our official Website www.harringtonbookshop.com, authorized third-party marketplaces (including Shopee, Lazada, and TikTok Shop), or via direct correspondence.

1.3 Informed Consent

By accessing or transacting with Harrington Bookshop, you acknowledge and confirm that you have been notified of, and you provide your informed, explicit, and unambiguous consent to, the Processing of your Personal Data as set forth herein.

2.1 Definition of Personal Data

Personal Data is defined as any information that relates directly or indirectly to an individual, from which the identity of the individual is apparent or can be reasonably and directly ascertained. This includes, but is not limited to, data capable of being processed electronically and retained in our records.

2.2 Data Classification Categories

We classify Personal Data into specific categories to ensure proper handling:

2.4 Technical and Behavioural Data

We may also collect limited technical and behavioural data (such as device type, IP address, and browsing interactions) through cookies or analytics tools, solely to improve our Website's functionality and user experience.

3.1 Data Provided Directly by You

We collect data when you actively and voluntarily engage with our platforms. This includes, but is not limited to, when you:

• (a) Register an account on our Website;
• (b) Place an order for new or refurbished electronic devices;
• (c) Subscribe to our newsletter or promotional mailing lists;
• (d) Complete online forms for customer support, warranty claims, or product reviews; or
• (e) Communicate with us via email, telephone, or social media messaging.

3.2 Data Collected Automatically

As you interact with our Website, we automatically collect Technical and Usage Data about your equipment, browsing actions, and patterns. This data is collected using server logs, Cookies, and other tracking mechanisms, which helps us secure and improve the platform.

3.3 Data from Third-Party Sources

We receive limited Personal Data from third-party marketplace platforms such as Shopee, Lazada, and TikTok Shop, as well as payment processors (e.g., Razorpay) and analytics or logistics partners. Only the data strictly necessary to fulfil your transaction—typically your name, contact details, delivery address, and transaction reference—is imported to our systems. These marketplaces remain independent data controllers for information they collect directly from you; their privacy practices are governed by their own published policies.

4.1 Legal Bases for Processing

Our Processing of Personal Data is underpinned by legitimate legal bases as required by the PDPA:

4.2 Specific Purposes for Processing

• Order and Logistics Management: Essential for processing your purchase, validating payment, packaging, generating shipping labels, and tracking product delivery.

• Post-Sale Services: Managing the lifecycle of your product, including honoring the 3-month limited warranty for refurbished items and processing returns or refunds under our stated Policies.

• System Integrity and Security: Monitoring Website traffic, identifying security vulnerabilities, and protecting against cyber threats or fraudulent activities.

• Financial Reporting: Maintaining comprehensive business, accounting, and tax records as required by the Companies Act 2016 and tax regulations.

5.1 Data Accuracy Standards

We implement all reasonable practical steps to ensure that the Personal Data we hold is accurate, complete, not misleading, and up-to-date, particularly before it is used for decision-making purposes or disclosed to a third party.

5.2 Data Minimisation Principle

In accordance with the principle of data minimisation, we limit the collection of Personal Data to only that which is strictly necessary and relevant for the defined purposes stated in Section 4. We do not engage in the collection of excessive or irrelevant data.

5.3 Customer Data Responsibility

You bear the primary responsibility for ensuring that any data you directly provide to us (e.g., during account registration or checkout) is accurate and complete, and you must promptly inform us of any changes to your Contact Data or Identity Data.

6.1 Retention Duration Principle

We will only retain your Personal Data for the duration necessary to fulfill the stated purposes of collection, or as mandated by statutory, legal, or regulatory requirements in Malaysia.

6.2 Retention Criteria

The length of the retention period is determined by several factors, including:

• (a) The duration of our contractual relationship with you;
• (b) The existence of ongoing legal or warranty claims;
• (c) Mandatory record-keeping periods prescribed by tax or consumer protection laws; and
• (d) The necessity of the data for effective fraud detection.

6.3 Secure Deletion Process

Once the retention period expires, we are committed to promptly and securely deleting, destroying, or anonymizing the Personal Data to prevent any further identification or unauthorized use.

7.1 Disclosure Guarantee

We guarantee that your Personal Data will only be disclosed to third parties under explicit conditions that strictly adhere to the PDPA, and primarily for the efficient performance of the contract of sale.

7.2 Categories of Third-Party Disclosure

• Logistics and Shipping Agents: To courier and postal services for the execution of delivery.

• External Data Processors: Cloud storage providers, IT maintenance contractors, and customer relationship management (CRM) software providers who process data strictly on our instructions.

• Financial and Payment Institutions: Banks, credit card companies, and payment gateways (e.g., Razorpay) for transaction authorization, processing, and anti-money laundering compliance.

• Auditors and Legal Consultants: To professional services firms for the purposes of statutory audit, due diligence, or obtaining legal advice.

7.3 Third-Party Service Provider Obligations

We require all third-party service providers to respect the security of your Personal Data and to treat it in accordance with the law, forbidding them from using your Personal Data for their own independent purposes.

8.1 Primary Storage Location

As a Malaysian company, we prioritize the storage and Processing of Personal Data within Malaysia.

8.2 Regional Transfer Conditions

Because we operate in both Malaysia and Singapore and may expand regionally, your Personal Data may be transferred across borders within Southeast Asia for order fulfilment, hosting, or customer-service purposes.

Transfers will occur only where (a) the receiving country has data-protection laws substantially similar to Malaysia's or Singapore's PDPA; or (b) appropriate contractual safeguards are in place; or (c) you have expressly consented to the transfer.

8.4 PDPA Compliance Standards

All cross-border data transfers are conducted in compliance with Section 129(1) of the PDPA 2010 and equivalent safeguards under Singapore's PDPA to ensure comparable levels of protection.

10.1 Principle of Choice

You have the fundamental right to choose whether or not to allow the Processing of your Personal Data, particularly for non-essential functions such as marketing.

10.2 Withdrawal Mechanism

You may, at any time, withdraw your consent to the Processing of your Personal Data for any specified purpose(s) by:

• (a) Clicking the 'unsubscribe' link present in any marketing email; or
• (b) Submitting a formal, written notice to our Data Protection Officer (Section 20).

10.3 Effect of Consent Withdrawal

The withdrawal of consent will take effect upon receipt and verification of your notice. Please note that this withdrawal does not affect the legality of processing carried out prior to the withdrawal, nor does it affect our continued Processing of data required for legal obligations (e.g., fulfillment of an outstanding order).

11.1 Security Commitment

We have implemented rigorous administrative, physical, and technical measures to safeguard your Personal Data against unauthorized access, theft, loss, damage, alteration, or misuse.

11.3 Security Limitations and User Responsibility

While we exert maximum effort to maintain security, you acknowledge that no data transmission or storage system can be guaranteed to be 100% secure. You must also maintain the confidentiality of your account password and notify us immediately of any known or suspected unauthorized use.

11.4 Data Breach Notification Protocol

In the event of a data breach posing a real risk of harm, we will promptly contain the incident and, where required, notify the Malaysian Personal Data Protection Commissioner, the Personal Data Protection Commission of Singapore, and affected individuals without undue delay.

12.1 Purpose of Technical Data Collection

We collect Technical and Usage Data to improve the functionality and performance of our services. This data assists us in:

• (a) diagnosing server problems;
• (b) administering the Website;
• (c) analyzing customer preferences to optimize refurbished product listings; and
• (d) ensuring the compatibility of our site across various browsers and devices.

12.2 Anonymized Data Usage

To the extent that Technical and Usage Data is aggregated or anonymized and cannot reasonably be used to identify you, it will be treated as non-personal data and may be used freely by us for research and business intelligence.

13.1 Marketing Consent Requirement

We will only process Personal Data for the purpose of direct marketing (e.g., promotions for e-readers) if you have provided your explicit consent through a separate, opt-in mechanism.

13.2 Third-Party Marketing Prohibition

We will not disclose, or threaten to disclose, Personal Data to a third party for the purpose of direct marketing without obtaining your consent.

13.3 Free Opt-Out Mechanism

In every direct marketing communication, we will provide you with a clear, free-of-charge, and easy mechanism to cease or withdraw consent for future communications.

14.1 Cookie Usage Overview

Our Website utilizes Cookies (small text files placed on your device) to differentiate you from other users and enhance your personalized shopping experience.

15.1 Third-Party Website Links

Our service may contain hyperlinks or advertising that leads to websites, products, or services operated by third parties (e.g., the original manufacturer's website, or independent review platforms).

15.2 No Control or Responsibility

Harrington Bookshop exercises no control over, and assumes no responsibility for, the content, security, or privacy practices of any third-party website. The inclusion of a link does not constitute an endorsement.

15.3 User Caution Advisory

We strongly advise all users to exercise caution and review the privacy policies of any external website before submitting any Personal Data to them.

16.1 Age Eligibility Requirement

Our Website and services are strictly intended for users who are eighteen (18) years of age or older, possessing the legal capacity to enter into binding contracts in Malaysia.

16.3 Inadvertent Collection Protocol

If we become aware that we have inadvertently collected Personal Data from a child under 18 without verifiable parental consent, we will take immediate and reasonable steps to delete or destroy that information.

17.1 Independent Platform Acknowledgment

Customers purchasing our products via authorized marketplaces (Shopee, Lazada, TikTok Shop) acknowledge that those platforms are independent entities with their own privacy policies.

17.2 Limited Company Responsibility

While we ensure our data handling processes comply with the PDPA during fulfillment, we are not responsible for the data protection practices, data security failures, or policy enforcement actions taken by the marketplace platform itself.

18.1 Right to Modify Policy

We reserve the unqualified right to review, update, or modify this Privacy Policy at our sole discretion, particularly to remain current with legislative changes under the PDPA.

18.2 Notification of Material Changes

Any material changes will be communicated by posting an updated version of the Policy with a revised Effective Date on our Website. Continued use of our services following such modifications constitutes your acknowledgement and acceptance of the revised terms.

19.1 Applicable Governing Law

This Privacy Policy shall be governed by and construed exclusively in accordance with the laws of Malaysia, without regard to its conflict of law principles.

19.2 Severability Clause

Should any provision of this Policy be deemed invalid, unlawful, or unenforceable by a court of competent jurisdiction, that provision shall be severed to the minimum extent necessary, and the remaining provisions shall continue in full force and effect.

19.3 Mediation Before Litigation

Any disputes relating to this Privacy Policy shall first be submitted for mediation at the Asian International Arbitration Centre (AIAC) in Kuala Lumpur before court proceedings.