privacy policy

Rozzario SDN. BHD. (“Rozzario”, “we”, “us”, “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and protect personal data in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • EU General Data Protection Regulation (EU GDPR)
  • Malaysia Personal Data Protection Act 2010 (PDPA)
  • Other applicable data protection laws

This Policy applies to visitors, clients, partners, vendors, and users of our websites, services, and platforms.
Our Data Processing Agreement is available upon request and/or incorporated into our service agreements

1. Data Controller

1. Data Controller

  • For the purposes of applicable data protection laws, the Data Controller is:
    • Rozzario SDN. BHD.
    • Malaysia Incorporated Company
    • (Full company details are available in the Terms of Service)
  • For privacy-related enquiries, please contact us via: https://rozzario.com/contact-us
2. Scope of This Policy

2. Scope of This Policy

  • This Privacy Policy applies to:
    • Visitors to our websites
    • Clients and prospective clients
    • Business contacts and partners
    • Users interacting with our marketing, platforms, or communications
  • It does not apply to third-party websites, platforms, or services linked from our sites.
3. Personal Data We Collect

3. Personal Data We Collect

  • 3.1 Identity & Contact Data
    • Full name
    • Company name
    • Job title
    • Phone number
    • Email address (submitted voluntarily via forms)
  • 3.2 Business & Contractual Data
    • Billing details
    • Tax-related information (where required)
    • Service usage data
    • Communications and correspondence
  • 3.3 Technical & Usage Data
    • IP address
    • Browser type and version
    • Device identifiers
    • Website interaction data
    • Log files and analytics data
  • 3.4 Marketing & Communication Data
    • Preferences for receiving communications
    • Interaction with emails, ads, or content
4. How We Collect Personal Data

4. How We Collect Personal Data

  • We collect data through:
    • Contact forms and enquiry submissions
    • Contractual engagements and onboarding
    • Website usage (cookies, analytics tools)
    • Email, phone, messaging platforms
    • Third-party platforms used for service delivery (with appropriate safeguards)
5. Legal Bases for Processing (UK & EU GDPR)

5. Legal Bases for Processing (UK & EU GDPR)

  • We process personal data under one or more of the following lawful bases:
    • Contractual necessity – to perform a contract or pre-contractual steps
    • Legal obligation – tax, accounting, regulatory compliance
    • Legitimate interests – business operations, security, service improvement
    • Consent – marketing communications or cookies (where required)
6. How We Use Personal Data

6. How We Use Personal Data

  • Personal data is used to:
    • Respond to enquiries and provide services
    • Manage contracts, billing, and compliance
    • Communicate with clients and partners
    • Improve our websites and services
    • Conduct marketing and business development
    • Meet legal and regulatory obligations
7. Cookies & Tracking Technologies

7. Cookies & Tracking Technologies

  • 7.1 Our websites may use cookies and similar technologies to:
    • Ensure website functionality
    • Analyse traffic and usage patterns
    • Improve user experience
    • Support marketing and advertising activities
  • 7.2 Cookies may include:
    • Strictly necessary cookies (essential for site operation)
    • Analytics cookies (e.g., Google Analytics or similar tools)
    • Marketing cookies (where applicable and consented)
  • 7.3 Where required by law, cookies will only be placed after obtaining user consent. Users may manage cookie preferences through browser settings or consent banners.
8. Marketing Communications

8. Marketing Communications

  • 8.1 We may send marketing communications where:
    • You have provided consent; or
    • We have a legitimate business interest and lawful basis to do so
  • 8.2 You may opt out of marketing communications at any time by:
9. Data Sharing & Disclosure

9. Data Sharing & Disclosure

  • 9.1 We may share personal data with:
    • Internal teams and authorised personnel
    • Professional advisers (legal, accounting, compliance)
    • Technology providers, hosting providers, and SaaS platforms
    • Advertising and analytics platforms where required for service delivery
  • 9.2 We do not sell personal data.
  • 9.3 All third parties are required to implement appropriate security and data protection measures.
10. International Data Transfers

10. International Data Transfers

  • 10.1 Due to our multi-regional operations, personal data may be transferred outside the UK, EU, or Malaysia.
  • 10.2 Where required, such transfers are safeguarded using:
    • UK International Data Transfer Agreements (IDTA)
    • EU Standard Contractual Clauses (SCCs)
    • Other legally recognised transfer mechanisms
11. Data Retention

11. Data Retention

  • 11.1 Personal data is retained only for as long as necessary to:
    • Fulfil contractual obligations
    • Meet legal, accounting, or regulatory requirements
    • Resolve disputes or enforce agreements
  • 11.2 Retention periods vary depending on data type and purpose.
12. Data Security

12. Data Security

  • 12.1 We implement appropriate technical and organisational measures to protect personal data, including:
    • Access controls
    • Secure systems and hosting environments
    • Confidentiality obligations on staff and contractors
  • 12.2 While we take reasonable steps to protect data, no system is completely secure. We cannot guarantee absolute security.
13. Your Rights Under UK & EU GDPR

13. Your Rights Under UK & EU GDPR

  • Where applicable, individuals have the right to:
    • Access personal data
    • Request correction of inaccurate data
    • Request erasure (“right to be forgotten”)
    • Restrict or object to processing
    • Data portability
    • Withdraw consent at any time
    • Lodge a complaint with a supervisory authority
  • Requests may be submitted via: https://rozzario.com/contact-us
14. Automated Decision-Making

14. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or significant effects without human involvement.

15. Third-Party Links

15. Third-Party Links

Our websites may contain links to third-party sites. We are not responsible for the privacy practices of such sites.

16. Updates to This Privacy Policy

16. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website.

17. Contact & Complaints

17. Contact & Complaints

For privacy-related questions, data subject requests, or complaints, please contact us via: https://rozzario.com/contact-us