Privacy Policy

Effective date: 7 October 2025
Last updated: 7 October 2025

DELON  is committed to protecting your personal data and being transparent about how we collect, use, share and protect it. This Privacy Policy describes how we handle personal data when you visit our website, use our services, interact with our marketing, or purchase products from DELON in Malaysia. It is written to meet Malaysia’s Personal Data Protection Act 2010 (PDPA) and related guidance and updates. 

1. Who we are
Data user / Controller: DELON (DL International Sdn. Bhd.)
Registered address: 28, Jalan 4/91, Taman Shamelin Perkasa, 56100, Cheras, Kuala Lumpur, Malaysia
Contact: hello@delonofficial.com

2. The personal data we collect
We only collect personal data that is necessary for the purposes set out below. Examples include:
- Identity & contact: name, email, shipping & billing address, phone number.
- Account data: username, password (securely hashed), order history.
- Transaction & payment: order details, payment token/last 4 digits (we do not store full card data if processed via a payment gateway).
- Marketing & preferences: newsletter subscription status, communication preferences.
- Device & usage data: IP address, browser and device type, pages visited, cookies and analytics data.
- Customer service: correspondence, returns, warranty information.

We do not request or store more sensitive information than needed for the specified purpose. 


3. How we collect personal data
- Directly from you (orders, account creation, forms, customer service).
- Automatically when you use our website (cookies, analytics).

From third parties where permitted (payment gateways, shipping partners, marketing platforms) — see “Who we share with” below. 

4. Purposes for which we process personal data
We will only use your personal data for lawful purposes, including:

- To process and fulfil orders, deliver products and handle returns.
- To manage your account and provide customer support.
- To run promotions, newsletters and marketing communications (with your consent where required).
- To detect and prevent fraud and other unlawful activity.
- To improve and personalise the website and services (analytics).
- To comply with legal or regulatory obligations (including PDPA requirements). 

5. Legal basis and consent
Under the PDPA you must be informed (and in many cases we must obtain your consent) before collecting personal data. By using our website and providing your information you agree to our collection, use and disclosure as described in this policy. You can withdraw consent where PDPA gives you the right to do so (see “Your rights” below). 

6. Cookies and similar technologies
We use cookies and similar technologies to operate the site, provide features, and understand usage. Some cookies are essential; others are for analytics or marketing. If cookies collect personal data, PDPA applies — we will obtain consent for non-essential cookies where required, and you can manage cookie preferences through our cookie banner/settings. 


7. Who we share your data with
We only disclose personal data to third parties where necessary and lawful, such as:
- Payment processors and banks (to process payments).
- Logistics & delivery partners (to deliver orders).
- Cloud / hosting and analytics providers (to run the website).
- Marketing platforms (for newsletters, with your consent).
- Professional advisers or law enforcement if required by law.

We will include any required disclosures in our internal “Disclosure List” as required under PDPA and will not disclose to third parties beyond those categories without appropriate safeguards or your consent. 

8. Cross-border transfers
If we transfer personal data outside Malaysia (for example to a cloud provider or shipping partner), we will put in place contractual or other measures required by PDPA and best practice to ensure adequate protection of your data.

9. Retention
We retain personal data only for as long as necessary for the relevant purpose, legal claims, or regulatory requirements (for example for order record-keeping, warranty support, or tax purposes). Retention periods depend on the type of data and purpose; contact us if you want specific retention details.

10. Your rights
Subject to PDPA exceptions, you have rights including:
- Access — request a copy of your personal data we hold.
- Correction — request corrections to inaccurate data.
- Withdrawal of consent — where processing is based on consent.
- Erasure / restriction — in some circumstances.
- Complain — to DELON (contact details above) or to Malaysia’s Personal Data Protection Commissioner if you remain unsatisfied.

11. Security measures
We implement administrative, technical and physical safeguards to protect personal data (access controls, encryption where appropriate, secure hosting, staff training). While we use commercially reasonable measures, no system is 100% secure; if a security incident occurs we will act promptly in accordance with PDPA breach rules (see next section). 

12. Data breach notification
Under the amended PDPA, there are mandatory data-breach notification obligations. If we become aware of a personal data breach that poses a risk to individuals, we will notify the Personal Data Protection Commissioner and affected individuals as required (including within the statutory timeframe) and take steps to mitigate harm. 
IAPP

13. Children
Our services are for users aged 18 and above (or 21+ if specified for certain promotions). We do not knowingly collect personal data from children. If we become aware that we have collected a child’s data without appropriate consent we will delete it. (Adjust ages to match your business policy.)

14. Changes to this policy
We may update this Privacy Policy to reflect legal or business changes. When changes are material, we will post a notice on our site and update the “Last updated” date above.