No MOQ · Ships in 3–5 days · Free shipping above RM300 (West Malaysia) · Self-collect in Denai Alam
Draft — pre-launch demo

This policy pack is an operational draft pending Malaysian legal review. It is published on the demo site so the business can review layout, flow, and completeness, but it is not the final customer-facing contract. Text, numbers, and claim windows may change after lawyer review and Bahasa Melayu translation.

Version 2026-04-22-DRAFT · Effective date on launch, not on publication of this draft.

Privacy Notice

Effective 22 April 2026

1. Introduction

BISHH MALAYSIA SDN. BHD. (trading as BISHH) respects your privacy and processes personal data in connection with commercial transactions in accordance with the Personal Data Protection Act 2010 ("PDPA") and related rules, guidelines, and lawful business needs.

This Notice explains what personal data we collect, how we use it, who we may disclose it to, the choices available to you, and how you may contact us regarding your personal data.

2. Categories of personal data

The personal data we process may include:

  • Your name and (if applicable) company name
  • Billing and shipping address
  • Phone number (including WhatsApp number, used for OTP and order updates)
  • Email address
  • Order history and transaction records
  • Uploaded artwork, design files, and previews
  • Chat, WhatsApp, and customer service communication records
  • Payment status information (the payment card/FPX details themselves are processed and stored by the payment gateway, not by BISHH)
  • Device and browser information, IP address, and website usage information
  • Any other information reasonably required for the purposes below

3. Sources of personal data

Personal data may be collected directly from you through website forms, checkout, account registration, WhatsApp OTP verification, email, social media, live chat, order submissions, and customer support communications. It may also be obtained from payment gateways, couriers, e-commerce platform operators (such as Shopee when you link a Shopee order to your BISHH account), or other service providers involved in your transaction where relevant and lawful.

4. Purposes of processing

BISHH may process your personal data to:

  • Create and manage your account
  • Process and fulfil orders, including custom artwork production
  • Verify payments and prevent fraud
  • Arrange shipping and delivery
  • Communicate order updates via email, WhatsApp, or SMS
  • Respond to enquiries or complaints
  • Handle defects, reprints, refunds, and disputes
  • Improve website functionality and service quality
  • Carry out internal reporting and record-keeping
  • Comply with legal, tax, accounting, regulatory, and enforcement obligations
  • Where permitted and opted-in, send marketing or promotional communications

5. Whether supply is obligatory or voluntary

Some personal data is obligatory for us to accept, process, fulfil, deliver, or support your order — including name, shipping address, phone number, and email. If you do not provide required data, we may be unable to process your order, ship the goods, issue an invoice, respond effectively to a claim, or otherwise provide the requested service.

Other information is voluntary and used to improve your experience or tailor communications — for example, design preferences, marketing opt-ins, and optional profile fields.

6. Disclosure to third parties

Your personal data may be disclosed to the following classes of third parties, identified where known:

  • Payment gateways and banks — iPay88 Malaysia Sdn Bhd (licensed Malaysian payment service provider), and acquiring banks for FPX / card / e-wallet settlement.
  • Couriers and logistics partners — EasyParcel Sdn Bhd (and its sub-couriers: Poslaju, DHL eCommerce, Skynet, City-Link, etc.), and Shopee Express / Shopee logistics for orders placed via Shopee.
  • Cloud infrastructure and storage providers — Vercel (hosting), Railway (API hosting), Neon (managed Postgres), Cloudflare R2 (object storage for uploaded designs and production assets).
  • Communications providers — Resend (transactional email), WhatsApp Business (OTP and order updates), SMS gateways where used.
  • E-commerce platform operators — Shopee Mobile Malaysia where you place an order via the Shopee marketplace.
  • Analytics and marketing vendors— where used, identified in our Cookie & Tracking Notice.
  • Professional advisers, auditors, and insurers for the proper conduct of our business.
  • Authorities or regulators where required by law or reasonably necessary to protect legal rights.

7. Marketing and choice

Where marketing communications are sent, BISHH provides a clear method for you to opt out or limit such processing, including an unsubscribe link in every marketing email, reply-based opt-out for WhatsApp, or a contact request to sales@bishhmalaysia.com. Operational and transactional messages relating to your order may still be sent where necessary.

8. Cross-border processing

Some service providers used by BISHH may store or process personal data outside Malaysia — including providers based in the United States (Vercel, Neon, Resend), the United Kingdom or EU (where applicable), and a global edge network (Cloudflare R2). Where this occurs, we take reasonable steps to ensure personal data is handled with appropriate safeguards and in accordance with applicable law and guidance, including contractual data-processing commitments with each provider.

9. Security

BISHH takes practical steps to protect personal data from loss, misuse, unauthorised access, modification, disclosure, or destruction, having regard to the nature of the data and the harm that could result from a security incident. These steps include:

  • HTTPS/TLS for all data in transit
  • Encrypted database storage and access controls
  • Role-based staff access and least-privilege principles
  • Secure payment integrations (payment card details never stored on our systems)
  • Regular software updates and security reviews
  • WhatsApp OTP for account verification

10. Data breach notification

In the event of a personal data breach likely to result in significant harm, BISHH will notify the Personal Data Protection Commissioner and affected individuals without undue delay and in any event within the timeframe required under the PDPA and its 2024/2025 amendments.

11. Retention

Personal data is retained only for as long as reasonably necessary for the purposes described in this Notice, including order fulfilment, customer service, dispute handling, reprint history, accounting, tax, legal compliance, and internal business records. Typical retention periods:

  • Order and transaction records: 7 years (aligns with Malaysian tax/accounting record-keeping)
  • Account profile: for the life of the account plus a reasonable dormant period
  • Uploaded artwork: retained while the associated order history is retained, unless removal is requested
  • Marketing consent: until withdrawn

When no longer required, data is deleted, anonymised, or otherwise disposed of securely.

12. Your rights under PDPA

You have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to correction — request correction of inaccurate or incomplete personal data.
  • Right to withdraw consent — withdraw your consent at any time where processing is based on consent.
  • Right to prevent processing for direct marketing — request us to stop using your data for direct marketing.
  • Right to limit processing — request limitation of specific processing activities.

To exercise any of these rights, contact us at sales@bishhmalaysia.com. We may need to verify your identity before responding and will respond within a reasonable period (targeting 14 days for routine requests).

13. Cookies, analytics and tracking

The website uses cookies and similar technologies for functionality, traffic measurement, and (where you opt in) advertising. See the Cookie & Tracking Notice for full details and the choices available to you.

14. Language

This Notice is published in English. A Bahasa Melayu version will be published on the website prior to public launch, as required by the PDPA (section 7) and the Consumer Protection (Electronic Trade Transaction) Regulations 2024.

15. Updates to this notice

BISHH may update this Notice from time to time. The latest version is published on the website with the effective date shown.

16. Contact

For questions, complaints, or to exercise any of your rights under the PDPA, contact:

BISHH MALAYSIA SDN. BHD.
9-1 Jalan Elektron U16/E, Seksyen U16, Denai Alam, 40160 Shah Alam, Selangor, Malaysia
Email: sales@bishhmalaysia.com
Phone: +60 16-357 0637