Privacy Policy
PDPA Compliant - Personal Data Protection Act 2010 (Malaysia)
Last Updated: November 2024
1. Introduction
This Privacy Policy outlines how JomBoat ("we", "our", or "us") collects, uses, stores, and protects your personal data in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. By using our platform, you consent to the data practices described in this policy.
2. Data Controller
JomBoat is the data controller responsible for your personal data. For privacy-related inquiries, contact us at privacy@jomboat.com.
3. Personal Data We Collect
3.1 Account Information
Name, email address, phone number, date of birth, national identification number (for operator verification), and profile information.
3.2 Booking Information
Trip bookings, payment history, travel preferences, dietary requirements, emergency contact details.
3.3 Operator Information
Business registration (SSM), DOF fishing licenses, vessel documentation, bank account details for payouts, insurance certificates.
3.4 Technical Information
IP address, device information, browser type, cookies, usage data, location data (with consent).
3.5 Communication Data
Messages between anglers and operators, customer support interactions, reviews and ratings.
4. How We Use Your Personal Data
4.1 Service Delivery
Process bookings, facilitate payments, connect anglers with operators, send trip confirmations and updates.
4.2 Safety & Compliance
Verify operator licenses (DOF, MMEA), ensure maritime safety standards, comply with fishing regulations.
4.3 Platform Improvement
Analyze usage patterns, improve user experience, develop new features, provide customer support.
4.4 Marketing Communications
Send promotional offers, trip recommendations, platform updates (with your consent, which you can withdraw anytime).
5. Legal Basis for Processing (PDPA Compliance)
We process your personal data based on: (1) Consent - You have given clear consent for specific purposes; (2) Contractual Necessity - Processing is necessary to fulfill our service agreement; (3) Legal Obligation - Compliance with Malaysian laws (PDPA, DOF regulations, MMEA requirements); (4) Legitimate Interest - Fraud prevention, platform security, business analytics.
6. Data Sharing and Disclosure
6.1 With Fleet Operators
We share necessary booking information (name, contact details, trip preferences) with operators to facilitate trips.
6.2 With Payment Processors
Stripe processes payments securely. We do not store complete credit card information.
6.3 With Regulatory Authorities
We may disclose data to DOF (Department of Fisheries), MMEA (Malaysian Maritime Enforcement Agency), or other authorities when legally required.
6.4 With Service Providers
Cloud hosting (Supabase), email services, analytics tools - all bound by confidentiality agreements.
6.5 Business Transfers
In case of merger, acquisition, or sale, your data may be transferred to the successor entity.
7. International Data Transfers
Your data is primarily stored on servers in Singapore (Supabase Southeast Asia region). We ensure adequate protection through: (1) Standard Contractual Clauses with service providers; (2) PDPA-compliant transfer mechanisms; (3) Encryption in transit and at rest.
8. Data Retention
We retain personal data for: (1) Active accounts - Duration of account plus 7 years (for tax and legal purposes); (2) Booking records - 7 years from trip date (LHDN compliance); (3) Marketing data - Until consent is withdrawn; (4) Technical logs - 90 days unless required for security investigations.
9. Your Rights Under PDPA
9.1 Access
Request a copy of your personal data we hold.
9.2 Correction
Update or correct inaccurate personal data.
9.3 Withdrawal of Consent
Withdraw consent for marketing communications or optional data processing (may limit service features).
9.4 Data Portability
Receive your data in a structured, machine-readable format.
9.5 Erasure
Request deletion of your data (subject to legal retention requirements and legitimate business needs).
9.6 Restriction
Limit how we process your data in certain circumstances.
10. Data Security
We implement industry-standard security measures: (1) Encryption (TLS 1.3 in transit, AES-256 at rest); (2) Access controls and authentication; (3) Regular security audits and penetration testing; (4) Employee training on data protection; (5) Incident response procedures. However, no system is 100% secure. We recommend using strong passwords and enabling two-factor authentication.
11. Cookies and Tracking
11.1 Essential Cookies
Required for login, session management, and basic functionality.
11.2 Analytics Cookies
Help us understand usage patterns and improve the platform.
11.3 Marketing Cookies
Used for targeted advertising (requires your consent).
You can manage cookie preferences through your browser settings or our cookie consent banner.
12. Children's Privacy
Our platform is not intended for users under 18 years old. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, contact us immediately at privacy@jomboat.com for deletion.
13. Third-Party Links
Our platform may contain links to third-party websites (payment gateways, social media). We are not responsible for their privacy practices. Please review their privacy policies before providing personal data.
14. Changes to This Policy
We may update this Privacy Policy to reflect legal changes or platform improvements. Significant changes will be notified via email or platform notification. Continued use after changes constitutes acceptance.
15. Contact Us
For privacy questions, data access requests, or complaints: Email: privacy@jomboat.com Data Protection Officer: dpo@jomboat.com You also have the right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia if you believe we have violated PDPA requirements.
16. Governing Law
This Privacy Policy is governed by the Personal Data Protection Act 2010 (Act 709) of Malaysia and Malaysian law.
Questions About Your Privacy?
We're committed to protecting your personal data. If you have any questions or concerns about this Privacy Policy, please contact our Data Protection Officer.
Email: privacy@jomboat.com