MR. D.I.Y. GROUP (M) BERHAD – PERSONAL DATA PROTECTION NOTICE 

(MR.DIY Club Mobile Application)
(“Notice”)

Last Amended: Jun 8, 2026

  1. Introduction

    1. MR D.I.Y. Group (M) Berhad (“MR.DIY”) is committed to protecting the privacy and confidentiality of Personal Data (as hereinafter defined) by observing applicable data protection laws, including the Personal Data Protection Act (“PDPA”) 2010 in Malaysia and other international best practices. This Notice sets out our approach to data protection, ensuring that Personal Data is handled responsibly and in compliance with legal, regulatory, and ethical standards.

    2. The protection of Personal Data is essential to maintaining trust with our customers, employees, suppliers, and stakeholders. This Notice established how Personal Data is collected, processed, disclosed and retained by MR.DIY.

  2. Personal Data MR.DIY Collects from You

    1. Before your Personal Data is collected or processed, we will obtain for your consent, which will be recorded and maintained properly by MR.DIY, to such collection and processing. However, in certain scenarios, consent is not required such as when the processing of Personal Data is necessary for the performance of contract or is required under the law.

    2. For the processing of Sensitive Personal Data, MR.DIY will obtain explicit consent to such collection and processing. For avoidance of doubt, such consent, when collecting Sensitive Personal Data, cannot be obtained by inferring from your actions, such explicit consent must be expressly confirmed in words.

    3. At MR.DIY, we strive to collect only the Personal Data that we need that is deemed adequate, relevant and not excessive to the purpose for which Personal Data is processed by us within this Notice, when:

      1. you submit any form, including but not limited to application forms, sign up for an account under our e-commerce platform or MR.DIY Club, joining a contest;

      2. you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;

      3. you are browsing through our e-commerce platform or MR.DIY Club;

      4. you interact and/ or contacted with our staff such as via telephone calls, emails, letters, Short Message Service (SMS), social media platforms or meetings;

      5. you are being referred by any third party such as to join MR.DIY Club; or

      6. your images are captured by us via CCTVs while you are within our premises:

    4. The following Personal Data MR.DIY collects depends on how you interact with MR.DIY, including:

      1. Contact Details. Personal Data such as name, address, phone number, email may be collected from customers will only be used for purposes such as processing transactions, marketing communications (with consent), customer support, and service improvements;

      2. MR.DIY Club Membership No.. Data such as your Points reward, Bags rewards information and MR.DIY Club Rewards details;

      3. Payment Information. Data about your billing address and method of payment, such as bank details, credit, debit, or other payment card information;

      4. Transaction Information. Data about purchases at MR.DIY or transactions facilitated by MR.DIY, including purchases on MR.DIY e-commerce platforms;

      5. Government ID Data. In certain circumstances, we may ask for a government-issued ID in limited circumstances, including when setting up an account, for the purpose of account verification or as required by law;

      6. Other Information You Provide to Us. Details such as the content of your communications with MR.DIY, including interactions with customer support and contacts through social media channels;

(collectively referred to as “Personal Data”)

  1. You are not required to provide the Personal Data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide with our products or services or respond to your requests you may have.

  2. MR.DIY will not collect the Personal Data involves individuals of age of eighteen (18) years (the “Minor”).

  3. In the event of the collection of Personal Data of a Minor, such consent shall be obtained from the parent, guardian or person who has parental responsibility on the Minor.

  1. MR.DIY Use of Personal Data 

    1. MR.DIY uses your Personal Data only when we have a valid legal basis. Depending on the circumstances, MR.DIY may rely on your consent or the fact that the processing is necessary to:

      1. Fulfil a contract with you. MR.DIY collects Personal Data necessary to facilitate your order, which may include Contact Details and MR.DIY Club Rewards memberships collected to improve our offerings, carry out our contractual obligation, for internal purposes such as auditing, or for troubleshooting. For example, if you are our customer and would like to arrange for delivery, MR.DIY will collect your Contact Details to process your order.

      2. Communicate with you. To respond to communications, reach out to you about your transactions or account, market our products and services, notify you on prizes, provide other relevant information or request information or feedback.

      3. Security and Fraud Prevention. To protect individuals, employees and MR.DIY and for loss prevention and to prevent fraud, including to protect individuals, employees and MR.DIY for the benefit of all our users, and pre-screening or scanning uploaded content for potentially illegal content.

      4. Comply with the law. To comply with applicable law – for example, to satisfy tax, for the purpose of issuing e-invoice and reporting obligations, or to comply with a lawful governmental request.

    2. We may also process your Personal Data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights, expectations, security and fraud prevention. If you have questions about the legal basis, you can contact us through our contact details set out in the section at Paragraph 9 (Contact Us) below.

  2. Personal Data MR.DIY Receives From Other Sources

    1. MR.DIY may receive Personal Data about you from other individuals, from businesses or third parties acting at your direction, from our partners who work with us to provide our products and services and assist us in security and fraud prevention, and from other lawful sources.

      1. Individuals. MR.DIY may collect data about you from other individuals – for example, if that individual has sent you a product or gift card, invited you to participate in MR. D.I.Y. Club Rewards, MR.DIY service, contest or forum, or shared content with you.

      2. At Your Direction. You may direct other individuals or third parties to share data with MR.DIY to fulfil a contract with MR.DIY.

      3. MR.DIY Partners. We may also validate the information you provide – for example, when creating an account with MR.DIY, with a third party for security, and for fraud-prevention purposes.

    2. Generally, MR.DIY shall not disclose your Personal Data to any third party. In the event disclosure is necessary, it shall be limited to the purpose and related purposes for which the original consent was obtained. We may share Personal Data with our subsidiaries, affiliates and/or associated companies and with third parties which may involve a transfer of your Personal Data outside your country of residence. The types of third parties to whom we may disclose that personal data includes, our service providers who assist us in providing MR.DIY Club Rewards and our products and services in connection with your use of our services and delivering products to customers.

    3. MR.DIY Club Rewards data (including personal data) is stored on servers located in India and operated by us or our service providers. When we share or transfer your Personal Data, we put in place measures to require the recipients of the data to comply with applicable personal data laws.

  3. The Rights You Have Towards Your Personal Data. 

    1. In accordance with applicable laws, MR.DIY allows you the following rights, upon request via our contact details set out in the section at Paragraph 9 (Contact Us) below, to:

      1. ask us what Personal Data we have of you, including to be provided with a copy of your Personal Data;

      2. correct or update your Personal Data where the personal data is inaccurate, incomplete, misleading or not up-to-date;

      3. withdraw your consent to the processing of your Personal Data;

      4. prevent processing likely to cause damages or distress; and

      5. request that MR.DIY transmits your Personal Data directly to another data controller.

    2. If you request for a copy of your Personal Data and we are able to accede to your request, a fee may be charged for providing the copy. In such an event, we will inform you of the fee to be charged for the requested copy.

    3. There will be instances where MR.DIY is unable to comply with your request, such as when the burden or expense of providing access to Personal Data is disproportionate to the risk to others Personal Data or such access to Personal Data is regulated by another law, and in such circumstances MR.DIY shall refuse your request.

  4. How MR.DIY Retains Your Personal Data.

    1. MR.DIY retains Personal Data only for so long as necessary to fulfil the purposes for which it was collected, including as described in this Notice or in our service-specific privacy notices, or as required by law.

  5. Cookies 

    1. Cookies are small pieces of data that the site transfers to the user’s computer hard drive when the user visits the website. Our website uses only session cookies which are erased when the user closes the Web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the user’s computer. They will typically store information in the form of a session identification that does not personally identify the user.

  6. Data Breach Notification 

    1. MR.DIY takes practical steps and establishes security standards to protect the Personal Data from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction.

    2. In the event of a data breach involving Personal Data, MR.DIY will promptly access the nature and scope of the breach and take appropriate remedial actions. Where required by applicable laws and regulations, MR.DIY will notify the affected individuals and relevant authorities without undue delay, providing information on the breach, its potential impact, and any steps taken to mitigate the risks.

    3. Should you become aware of any actual or suspected breach, you are required to notify MR.DIY without delay. Reports can be made through Paragraph 9 below, and should include relevant details of the breach to facilitate investigation and remedial action.

  7. Contact Us 

    1. You may reach out to our Data Protection Officer at the following contact details:

Email: my.dpo@mrdiy.com 

Tel.: +60(3) 8961 1338

  1. Notice Review and Updates 

    1. This notice will be reviewed periodically and updated as necessary to ensure its continued effectiveness and compliance with evolving legal, regulatory, and industry standards. Any changes to the notice will be communicated to all employees, contractors, and relevant stakeholders. In the event of any inconsistency, the English version shall prevail.

MR. D.I.Y. GROUP (M) BERHAD - NOTIS PERLINDUNGAN DATA PERIBADI

(Aplikasi Mudah Alih) 

(“Notis”)

Pindaan Terakhir: 08 Jun 2026

  1. PENGENALAN

    1. MR D.I.Y. Group (M) Berhad (“MR.DIY”) komited untuk melindungi privasi dan kerahsiaan Data Peribadi dengan mematuhi undang-undang perlindungan data yang terpakai, termasuk Akta Perlindungan Data Peribadi (“APDP”) 2010 di Malaysia serta amalan terbaik antarabangsa yang berkaitan. Notis ini menetapkan pendekatan kami terhadap perlindungan data bagi memastikan Data Peribadi dikendalikan secara bertanggungjawab dan mematuhi piawaian undang-undang, kawal selia, serta etika.

    2. Perlindungan Data Peribadi adalah asas dalam mengekalkan kepercayaan pelanggan, pekerja, pembekal, dan pihak berkepentingan kami yang lain. Notis ini menetapkan cara Data Peribadi dikumpulkan, diproses, didedahkan dan disimpan oleh MR.DIY.

  2. DATA PERIBADI YANG DIKUMPUL OLEH MR.DIY DARIPADA ANDA

    1. Sebelum Data Peribadi anda dikumpul atau diproses, kami akan mendapatkan persetujuan anda, yang mana akan direkodkan dan diselenggarakan dengan sewajarnya oleh MR.DIY. Walau bagaimanapun, dalam keadaan tertentu, persetujuan tidak diperlukan sekiranya pemprosesan adalah perlu bagi pelaksanaan kontrak atau diwajibkan di bawah peruntukan undang-undang.

    2. Bagi pemprosesan Data Peribadi Sensitif, MR.DIY akan memperoleh persetujuan eksplisit secara bertulis daripada anda. Untuk mengelakkan keraguan, persetujuan sedemikian, apabila mengumpul Data Peribadi Sensitif, tidak boleh diperoleh dengan membuat kesimpulan daripada tindakan anda, persetujuan eksplisit tersebut mesti disahkan dengan jelas dalam kata-kata.

    3. Di MR.DIY, kami berusaha untuk mengumpul hanya Data Peribadi yang kami perlukan yang dianggap mencukupi, relevan dan tidak berlebihan kepada tujuan Data Peribadi diproses oleh kami dalam Notis ini, apabila anda:

      1. Menghantar sebarang borang (termasuk pendaftaran akaun e-dagang atau program MR.DIY Club, atau penyertaan peraduan);

      2. Memasuki sebarang perjanjian atau memberikan maklumat semasa menggunakan perkhidmatan kami;

      3. Melayari platform e-dagang atau MR.DIY Club kami;

      4. Berinteraksi dengan kakitangan kami melalui panggilan telefon, e-mel, SMS, media sosial, atau mesyuarat;

      5. Dirujuk oleh pihak ketiga untuk menyertai program MR.DIY Club;

      6. Imej anda dirakam melalui sistem CCTV di premis kami;

    4. Jenis Data Peribadi yang Dikumpul Merangkumi:

      1. Butiran Hubungan: Data Peribadi seperti nama, alamat, nombor telefon, e-mel yang boleh dikumpulkan daripada pelanggan hanya akan digunakan untuk tujuan seperti memproses transaksi, komunikasi pemasaran (dengan persetujuan), sokongan pelanggan dan penambahbaikan perkhidmatan;

      2. Identiti MR.DIY Club: Mata ganjaran, maklumat ganjaran beg, dan butiran ganjaran MR.DIY Club Rewards;

      3. Maklumat Pembayaran: Alamat pengebilan, butiran akaun bank, dan maklumat kad kredit/debit;

      4. Maklumat Transaksi: Data mengenai pembelian anda di platform e-dagang MR.DIY;.

      5. Data Pengenalan Kerajaan: Kami mungkin meminta ID keluaran kerajaan dalam keadaan terhad, termasuk semasa menyediakan akaun, untuk tujuan pengesahan akaun atau seperti yang dikehendaki oleh undang-undang;

      6. Maklumat Lain: Butiran seperti kandungan komunikasi anda dengan MR.DIY, termasuk interaksi dengan sokongan pelanggan dan kenalan melalui saluran media sosial.

(secara kolektif “Data Peribadi”)

  1. Anda tidak perlu memberikan Data Peribadi yang kami minta. Walau bagaimanapun, jika anda memilih untuk tidak berbuat demikian, dalam banyak kes kami tidak akan dapat menyediakan produk atau perkhidmatan kami atau membalas permintaan anda yang mungkin anda miliki.

  2. MR.DIY tidak mengumpul Data Peribadi daripada individu di bawah umur 18 tahun (“Kanak-kanak”) tanpa persetujuan bertulis daripada ibu bapa atau penjaga sah.

  1. PENGGUNAAN DATA PERIBADI OLEH MR.DIY

    1. MR.DIY menggunakan Data Peribadi anda hanya apabila kami mempunyai asas undang-undang yang sah. Bergantung pada keadaan, MR.DIY mungkin bergantung pada persetujuan anda atau hakikat bahawa pemprosesan adalah perlu untuk:

      1. Pelaksanaan Kontrak: MR.DIY mengumpul Data Peribadi yang diperlukan untuk memudahkan pesanan anda, yang mungkin termasuk Butiran Hubungan dan keahlian MR. D.I.Y Club Rewards yang dikumpulkan untuk menambah baik tawaran kami, melaksanakan kewajipan kontrak kami, untuk tujuan dalaman seperti pengauditan, atau untuk menyelesaikan masalah. Sebagai contoh, jika anda pelanggan kami dan ingin mengatur penghantaran, MR.DIY akan mengumpul Butiran Perhubungan anda untuk memproses pesanan anda.

      2. Komunikasi: Menjawab pertanyaan, memaklumkan kemenangan peraduan, dan memohon maklum balas pelanggan.

      3. Keselamatan dan Pencegahan Penipuan: Melindungi keselamatan individu dan pekerja, serta mengesan aktiviti atau kandungan yang menyalahi undang-undang.

      4. Pematuhan Undang-undang: Memenuhi obligasi percukaian, pengeluaran e-invois, dan keperluan pelaporan kepada pihak berkuasa kerajaan.

    2. Kami juga boleh memproses Data Peribadi anda di mana kami percaya ia adalah demi kepentingan sah kami atau orang lain, dengan mengambil kira kepentingan, hak, jangkaan, keselamatan dan pencegahan penipuan anda. Jika anda mempunyai soalan tentang asas undang-undang, anda boleh menghubungi kami melalui butiran hubungan kami yang dinyatakan dalam bahagian di Perenggan 9  (Hubungi Kami) di bawah.

  2. DATA PERIBADI YANG MR.DIY TERIMA DARIPADA SUMBER LAIN

    1. MR.DIY mungkin menerima Data Peribadi tentang anda daripada individu lain, daripada perniagaan atau pihak ketiga yang bertindak atas arahan anda, daripada rakan kongsi kami yang bekerjasama dengan kami untuk menyediakan produk dan perkhidmatan kami dan membantu kami dalam keselamatan dan pencegahan penipuan, dan daripada sumber lain yang sah.

      1. Individu. MR.DIY boleh mengumpul data tentang anda daripada individu lain – contohnya, jika individu itu telah menghantar produk atau kad hadiah kepada anda, menjemput anda untuk mengambil bahagian dalam MR. D.I.Y. Club Rewards, perkhidmatan MR.DIY, peraduan atau forum, atau berkongsi kandungan dengan anda.

      2. Atas arahan anda. Anda boleh mengarahkan individu lain atau pihak ketiga untuk berkongsi data dengan MR.DIY untuk memenuhi hubungan dengan MR.DIY.

      3. Rakan Kongsi MR.DIY. Kami juga boleh mengesahkan maklumat yang anda berikan – contohnya, semasa membuat akaun dengan MR.DIY, dengan pihak ketiga untuk keselamatan, dan untuk tujuan pencegahan penipuan.

    2. Secara amnya, MR.DIY tidak akan mendedahkan Data Peribadi anda kepada mana-mana pihak ketiga. Sekiranya pendedahan diperlukan, ia hendaklah terhad kepada tujuan dan tujuan berkaitan yang mana persetujuan asal diperolehi. Kami mungkin berkongsi Data Peribadi dengan anak syarikat, sekutu dan/atau syarikat bersekutu kami dan dengan pihak ketiga yang mungkin melibatkan pemindahan Data Peribadi anda di luar negara tempat tinggal anda. Jenis pihak ketiga yang kami boleh dedahkan bahawa data peribadi termasuk, pembekal perkhidmatan kami yang membantu kami dalam menyediakan MR. D.I.Y. Club Rewards dan produk dan perkhidmatan kami berkaitan dengan penggunaan perkhidmatan kami dan penghantaran produk kepada pelanggan.

    3. Data MR. D.I.Y. Club Rewards (termasuk data peribadi) disimpan pada pelayan yang terletak di India dan dikendalikan oleh kami atau pembekal perkhidmatan kami. Apabila kami berkongsi atau memindahkan Data Peribadi anda, kami meletakkan langkah-langkah untuk menghendaki penerima data mematuhi undang-undang data peribadi yang berkenaan.

  3. HAK ANDA TERHADAP DATA PERIBADI ANDA

    1. Selaras dengan undang-undang yang terpakai, MR.DIY membenarkan anda hak berikut, atas permintaan melalui butiran hubungan kami yang dinyatakan dalam bahagian di Perenggan 9  (Hubungi Kami) di bawah, untuk:

      1. Meminta maklumat dan salinan Data Peribadi anda yang disimpan oleh kami.

      2. Meminta pembetulan atau pengemaskinian data yang tidak tepat, mengelirukan, atau tidak lengkap.

      3. Menarik balik persetujuan anda bagi pemprosesan data peribadi.

      4. Menghalang pemprosesan data yang berkemungkinan menyebabkan kerosakan atau kesulitan yang tidak wajar.

      5. Meminta pemindahan data (data portability) kepada pengawal data yang lain.

    2. Jika anda meminta salinan Data Peribadi anda dan kami dapat menyetujui permintaan anda, bayaran mungkin dikenakan untuk menyediakan salinan tersebut. Dalam keadaan sedemikian, kami akan memaklumkan kepada anda tentang yuran yang akan dikenakan untuk salinan yang diminta.

    3. Akan ada keadaan di mana MR.DIY tidak dapat mematuhi permintaan anda, seperti apabila beban atau perbelanjaan menyediakan akses kepada Data Peribadi tidak seimbang dengan risiko kepada Data Peribadi orang lain atau akses sedemikian kepada Data Peribadi dikawal oleh undang-undang lain, dan dalam keadaan sedemikian MR.DIY akan menolak permintaan anda

  4. BAGAIMANA MR.DIY MENYIMPAN DATA PERIBADI ANDA

    1. Data Peribadi akan disimpan hanya untuk tempoh yang munasabah dan perlu bagi memenuhi tujuan pengumpulan data tersebut, atau sebagaimana yang dikehendaki oleh obligasi undang-undang yang berkaitan.

  5. KUKI (COOKIES)

    1. Laman web kami menggunakan "kuki sesi" (session cookies) yang akan dipadamkan secara automatik apabila pelayar ditutup. Kuki ini tidak mengumpul sebarang maklumat peribadi daripada perkakasan komputer anda.

  6. PEMBERITAHUAN PELANGGARAN DATA

    1. MR.DIY mengambil langkah praktikal dan standard keselamatan yang ditetapkan untuk melindungi Data Peribadi daripada sebarang kehilangan, penyalahgunaan, pengubahsuaian, akses atau pendedahan yang tidak dibenarkan atau tidak disengajakan, penggantian atau kemusnahan.

    2. Sekiranya berlaku pelanggaran data yang melibatkan Data Peribadi, MR.DIY akan segera mengakses sifat dan skop pelanggaran dan mengambil tindakan pemulihan yang sewajarnya. Jika dikehendaki oleh undang-undang dan peraturan yang berkenaan, MR.DIY akan memberitahu individu yang terjejas dan pihak berkuasa yang berkaitan tanpa kelewatan yang tidak wajar, memberikan maklumat tentang pelanggaran, potensi kesannya, dan sebarang langkah yang diambil untuk mengurangkan risiko.

    3. Sekiranya anda menyedari sebarang pelanggaran sebenar atau disyaki, anda dikehendaki memaklumkan MR.DIY tanpa berlengah-lengah. Laporan boleh dibuat melalui Perenggan 9  di bawah, dan hendaklah mengandungi butiran pelanggaran yang berkaitan untuk memudahkan penyiasatan dan tindakan pemulihan.

  7. HUBUNGI KAMI

    1. Untuk sebarang pertanyaan atau urusan berkaitan Data Peribadi anda, sila hubungi Pegawai Perlindungan Data kami di:

E-mel: my.dpo@mrdiy.com

No. Tel: +60(3) 8961 1338

  1. SEMAKAN DAN KEMAS KINI NOTIS

    1. Notis ini akan disemak secara berkala bagi memastikan pematuhan berterusan terhadap keperluan undang-undang dan piawaian industri. Sebarang pindaan material akan dimaklumkan kepada pihak berkepentingan melalui saluran rasmi. Sekiranya terdapat percanggahan, versi Bahasa Inggeris akan diguna pakai.