This privacy policy describes how FABBO. (collectively, “FABBO.”, “we”, “us” or “our”) collects, uses, and stores the information we obtain from you when you visit, use, or interact with our website, fabbo.my (our website) and where we otherwise obtain information about you. This privacy policy is effective from NOV 30, 2018.

> Our Privacy Policy Coverage
> Changes to our Privacy Policy
> Children’s Privacy
> Collection of Your Information
> Use & Disclosure of Your Information
> Automated Decision Making & Profiling
> Data Retention
> Security

Our Privacy Policy Coverage

This privacy policy summarizes the how we obtain, store and use information about you on fabbo.my (our website), Fabulous to go (Fabbo mobile app), in connection with our members’ loyalty program - Fabulous FAB-bies, in connection with marketing offers, and under our FABBO. Community program - Fabulous Clicks when you interact with us. When we use the term “personal information” or “your information”, we are referring to the information that is connected to your name. Anything that is not connected to your name is not considered as personal information.  

This privacy policy does not cover information that you’ve submitted on other website or via other websites, even if we communicate with you on those sites. For example, if you post something on any social media websites, that information is governed by the privacy policy on those websites, and not by our policy. Information that Sephora obtains from you via our “Fabbo mobile app” - Fabulous on the go, including when you apply for our Fabulous FAB-bies Membership or access your existing membership or our Fabulous Clicks Beauty Blog will be break down as below or you could find them in their own section.

This policy statement is issued to all our current or prospective customers and/or members pursuant to the requirements of the Personal Data Protection Act 2010 (“PDPA”) in Malaysia.

Changes to our Privacy Policy

Our privacy policy will be continuously assessed against new technologies, business practices and our customers’ needs. As we update and diversify our services, our Privacy Policy may change. FABBO reserves the right to update and change its Privacy Policy at any time and notify you by posting a notice about the updated version of the policy on site or notify you by email.

We will provide you with the information about the change in question and the purpose and any other relevant information before we use your information for that new purpose. Whenever required, we will obtain your prior consent (i.e. by asking you to agree to our new privacy policy) before using your information.


Children’s Privacy

We care about the safety and privacy of children online, henceforth we comply with Laws of Malaysia Act 709 - Personal Data Protection Act 2010. PDPA and its accompanying regulations protect not only personal data online, it also protects the privacy of children using the internet. We do not knowingly contact or collect information from persons under the age of 18. The website does not intend to solicit information of any kind from persons under the age of 18.

If you are under the age of 18, you should use the site only with parental or a guardian guidance and should not submit Personal Data to us. It is possible that we could receive information pertaining to persons under the age of 18 by the fraud of a third party.  If we are notified of this, as soon as we verify the information, we will, where required by law to do so, immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information from our servers. If you would like to notify us of our receipt of information about persons under the age of 18, please do so by sending an email to info@fabbo.my.

Collection of Your Information

The information we collect is as follow:

 

Activities  Types of Information
Register / Signing up on Fabbo Website & Mobile Name, email address, contact details, birthdate & month
Making a Purchase Online & via Mobile Name, Payment information (ex: credit & debit card number), billing & shipping address, phone number and email address.
Fabulous FAB-bies Membership Name, full birthday, phone number, mailing address, email address & your personal characteristics & products preferences
Fabulous Clicks Beauty Blog Any information about yourself that you choose to submit or post as part of our beauty blog community or relates to your purchase & browsing activities such as nickname, health & beauty products preferences, personal characteristics such as about yourself - skin colour, tone, type and concerns, hair colour, type and concern, eyes colour, age range, groups, conversations and product reviews.
Quizzes, Surveys, Sweepstakes & Contests Name, email address, your answers
Accessing & Browsing FABBO Web Page IP address, information from cookies, Geographical location from which you accessed our website (based on your IP address), information about your internet connection, information about your browser type, information about how you use our website (e.g. which pages you have viewed, the time duration when you view them, what you click on, the number of times you have viewed them.
Downloading / Accessing Fabbo Mobile IP Address & mobile device ID
Email Subscriptions & Newsletters Name & Email Address

 *** In addition to the above, we may use the following technologies to automatically collect information about your services on Fabbo Website & Mobile:

  • Cookies & Mobile Technology Policy [see our cookies & mobile technology policy here]
  • Flash Cookies
  • Analytical tags
  • Geo-location technologies

FABBO will collect/obtain your Personal Information & Data when we are administering, facilitating, processing and/or dealing in any matters relating to your use or access of our site.

  1. Web server log information
    We use a third party server to host our website called Shopify Inc., the privacy policy of which is available here https://www.shopify.com/legal/privacy . Our website server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL which referred you to our website), and your browser version and operating system.

    Our website servers are located in Malaysia ONLY.

    Our third party hosting provider collect(s) server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attached and other cyber attacks, by detecting unusual or suspicious activity.

    Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.


  2. Email and Contact Form

    When you send an email to the email address displayed on our website, we will collect your personal data like your email address and any other information you provide in that email - name, phone number, and information contained in any signature block in your email.

    We use a third party email provider / customer service management tool to store emails and messages you send us. Our third party email provider is G Suite Google Inc. Their privacy policy is available here https://policies.google.com/privacy?hl=en-GB

  3. Mail
    If you contact us via mail or postal service, we will collect any personal information you’ve provided us in any postal communication you sent us.

  4. Registration

    Upon signing up or register or creating an account on our website and mobile app, we will collect the following personal information: email address, IP address, and any other additional information you will be providing us when you complete the registration form.

    If you do not provide the mandatory information required by the registration form, you will not be able to register or create an account on our website and mobile app.

    Information you provided during registration on our website will be stored on our third party hosting provider - Shopify. Their privacy policy is available here https://www.shopify.com/legal/privacy .

  5. Order placement on our website and mobile app

    When placing an order on our website and mobile app, we collect your name, email address, billing & shipping address, company name (if applicable), billing name, and information about your browser.

    If you do not provide this information, you will not be able to purchase goods or services from us on our website or enter into a contract with us.

    We also collect optional information from you, such as an experience survey will be sent to you, if you agreed to finish the survey, we will obtain your personal information such as name, email address and phone number. We would also ask if you would like to receive any marketing communications from us. For more information, see “no. 7 - Marketing Communications” section below.

  6. Payment Information
    After placing an order on our website, you are required to make a payment upon check out. In order to process your payment, we use a third party payment processor and gateway - iPay88 to process your payment.

    iPay88 collects, uses and processes your personal information including payment information, in accordance with their privacy policy. You can access their policy via the link here https://payment.ipay88.com/privacy.asp .

  7. Marketing Communications

    a. Subscription Emails / E-Newsletter

    You have the option to either opt in or out from receiving our subscription emails / E-Newsletter - news, offers, updates on offers, sales, out of stock items and etc.

    If you’ve agreed to receive our subscription emails / e-newsletter on our website and mobile app or opt to receive news, offers, updates on out-of-stock items from us by entering your email address and clicking subscribe or ticking a box during checkout indicates that you would like to receive newsletter. This also indicates that you’ve given us your consent to collect your personal information like email address, information about your browser, information about the page you sign up on, and any other additional information you may provide.

    If you’ve decided not to receive any subscription emails / e-newsletter from us, you could opt out by ticking a box or clicking ‘unsubscribe’ in any email from us.  

    We use a third party service to send out our subscription emails / e-newsletter and administer our mailing lists, MailChimp. Their privacy policy is here https://mailchimp.com/legal/privacy/ .

    b. Web beacons, clear pixels or pixel tags in emails

    Web beacons - small graphic files in the emails we send to allow us to assess the level of engagement our emails receive by measuring insights such as the delivery rates, open rates, and engagement rates. We will only use web beacons in our emails if you have agreed to receive our subscription emails / e-newsletter.  

    For more information on how we use web beacons in our emails, see our cookies & mobile technology policy HERE.

     
  8. Information from Any Third Party

    Generally, we DO NOT receive information about you from Any Third Parties. The third party from which we receive information about you will generally include partner companies who we are doing a joint promotion with.

 

Use & Disclosure of Your Information to Any Third Party

The following short article as below is taken directly from Laws of Malaysia Act 709 - Personal Data Protection Act 2010.

“Third party” in relation to personal data, means any person other than -

  1. A data subject
  2. A relevant person in relation to a data subject  
  3. A data user
  4. A data processor
  5. A person authorized in writing by the data user to process the personal data under the direct control of the data user

We use a number of third parties to provide us with the services which are necessary to run our business or to assist us with running our e-commerce business and who process your personal information for us on our behalf. These include the following:

  1. Email provider(s), including G suite Google Inc. Their privacy policy is available here: https://policies.google.com/privacy?hl=en-GB
  2. Hosting provider(s), including Shopify Inc. Their privacy policy is available here: https://www.shopify.com/legal/privacy   
  3. Payment Gateway provider(s), including iPay88. Their privacy policy is available here: https://payment.ipay88.com/privacy.asp
  4. Mailing List Administer(s), including MailChimp. Their privacy policy is available here: https://mailchimp.com/legal/privacy/

Your information will be shared with these service providers where necessary to provide you with the service you have requested, whether that is accessing our website or making a purchase online from us.

We do not display all the identities all the identities of all our service providers publicly by name for security and competitive reasons. If you would like further information about the identities of our service providers, however, please contact us directly by email at info@fabbo.my, and we will provide you with such information where you have a legitimate reason for requesting it.

We disclose your information with other Third Parties  in specific circumstances as set out below:

  • Contractual Obligations to any third parties

 

Meeting our contractual obligations to Google under our Google Analytics Terms of Service (https://www.google.com/analytics/terms/us.html) and Google Ads Terms & Conditions (https://support.google.com/adspolicy/answer/54818?hl=en) , Google collects information through these services, including IP address and information from cookies for a number of reasons such as improving its Google Analytics service & Google Ads service. The information we shared is on an aggregated and anonymised basis. To understand more about what information Google collects, how it uses the information and how to control the information sent to Google, please visit the following page: http://www.google.com/policies/privacy/partners .

  • Business’ group of companies

 

We also need to share your information such as name, email address, shipping address and contact number with our business’ group of companies including Value Online Sdn. Bhd. - our parent company for internal administrative purposes and shipping purposes. This is to enable us to meet our contractual obligations to you when you have sign up as a member on our website and mobile app or when you have make a purchase online with us.

  • Legal Reasons

If we suspect that criminal or potential criminal conduct has been occured, we will in certain circumstances need to contact an appropriate authority. This could be the case for instance if we suspect fraud or cyber crime has been committed of ir we receive threats or malicious communications towards or any third parties. We generally only need to process your information for this purposes if you were involved or affected by such an incident in any way.

 

Automated Decision Making & Profiling

We use automated decision making and profiling on our website. We do not consider that this has any legal right on you or similarly significantly affects you.

You have the right to object to our use of automated decision making & profiling described in this section. You can do that by opting-out of cookies and mobiles technologies in accordance with the method described in the relevant section below. If you do not want us to process your actual IP address when you visit our website, you can use a Virtual Private Network (VPN).

You can find out more about our use of cookies & mobile technologies (including the legal basis on which we use them) and how to opt out from them in our cookies policy, which is available HERE

  • Automated Decision Making
  • Automated decision making is decision making by technological means (i.e. by a machine) without human involvement.

    We automate the display advertisements containing our brands and products on other website you visit like facebook, you based on the fact that you have visited our website using cookies. For further information please visit our cookies & mobile technology policy page HERE 

  • Profiling
  • Profiling is any form of automated processing of your information to evaluate personal aspects about you, in particular or predict things like your personal preferences, interests, reliability, behaviour, location or movements.

    Our web analytics services, Google Analytics and Google Ads use collected information such as your location (based on your IP address) and your behaviour (based on your cookies) when you access our website such as the pages you visit, which products you click on, which page you spent the longest time on, and how much you are spending on our site and mobile app. We will only process information from cookies if you have consented to us setting cookies on your computer in accordance with our cookies policy. Information we obtained about you, once collected is anonymised and stored on an aggregate basis. IP addresses are anonymized at the point of collection on our site.

    Referring back to the section ‘Collection of Your Information: No. 7 (b)’ - Marketing Communications, Web Beacons. We also use web beacons in our subscription emails / e-newsletter to analyse who opens our email and what kind of engagement did they have with the email (e.g. what they click on). We will only process information collected from the web beacons if you have consented to their use in accordance with our cookies policy  HERE


    Data Retention

    This section sets out how long we retain your information. We have set out specific retention periods where possible. Where that has not been possible, we set out the criteria we use to determine the retention period.

    1. Order Information

    When you make a purchase online with us, we retain your personal information such as name, email address, phone number, billing address, shipping address, payment information, cookies & mobile technology (IP address, web beacons and etc.) indefinitely or until you request us to delete unless this conflicts with our compliance of a legal responsibility.

    1. Correspondence and enquiries

    When you make an enquiry or correspond with us for any reason, whether by email or via our contact form, we will retain your information for as long as it takes to respond to and resolve your enquiry and indefinitely afterward unless it is requested to be deleted AND it does not interfere with our compliance with laws and our legitimate business interest.  

    1. Subscription Emails / E-Newsletter

    When you agreed to sign up for our subscription emails / e-newsletter for as long as you remain subscribed, meaning if you do not unsubscribe, we will retain that information for administrative purposes.

     

    Criteria for determining retention periods

    In any other circumstances, we will retain your information for no longer than necessary, taking into account the following:

    • The purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or to contact you in the future);
    • Whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation);
    • Whether we have any legal basis to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation);
    • How valuable your information is (present and future);
    • Any relevant agreed industry practices on how long information should be retained;
    • The levels of risk, cost and liability involved with us continuing to hold the information;
    • How hard it is to ensure that the information can be kept up to date and accurate; and
    • Any relevant surrounding circumstances (such as the nature and status of our relationship with you).

    Security

    We take appropriate technical and organisational measure to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:

    • Only sharing and providing minimum extent necessary  access to your personal information, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
    • Using secure servers to store your information;
    • Verifying the identity of any individual who requests access to your information prior to granting them access;
    • Using Secure Sockets Layers (SSL) software to encrypt any information to us via any forms on our website and any payment transactions you make on or via our website;
    • Only transferring your information via closed system or encrypted data transfers