Privacy Policy

Last updated: June 17, 2025


L.R.M. Co., Ltd. (hereinafter "Company") collects personal data from users (hereinafter "Customers") of its services (hereinafter "the Service").
This policy explains how the Company collects, uses, discloses, and protects your personal data. By using the Service, you are deemed to have agreed to this Privacy Policy.

1. Data User (Controller)

The Data User of personal data is as follows:

  • Company Name: L.R.M. Co., Ltd.
  • Company Registration Number: LL21094
  • Address: Unit Level 9F(2), Main Office Tower, Financial Park Labuan, Jalan Merdeka 87000 Labuan Federal Territory, Malaysia
  • Contact Email Address: info@repitte.org

2. Types of Data Collected

The types of personal data that the Company may collect, either directly or through third parties, include:

  • Usage Data: IP address, access times, features used, pages viewed, etc.
  • Contact Information: Email address, phone number, name (first and last)
  • Account Information: Password (stored in a secure format), user ID
  • Data Communicated During Service Use: Information you input and transmit through the Service (e.g., chat message content, uploaded files)
  • Other: Personal information entered at the time of booking

Details regarding the collection of each type of personal data are provided in the relevant sections of this Privacy Policy or in separate explanations given before data collection.

Personal data may be provided voluntarily by the Customer or collected automatically when using the Service, like Usage Data.

Unless otherwise specified, all data requested by the Company is necessary for the provision of the Service. If such data is not provided, the Company may not be able to provide the Service. Where the Company states that certain data is optional, Customers are free not to submit such data without affecting the availability or functionality of the Service.

If you are unsure which personal data is mandatory, please feel free to contact the Company.

You are responsible for any third-party personal data obtained, published, or shared through the Service and confirm that you have obtained the third party's consent to provide such data to the Company.

3. Method and Place of Processing Data

Processing Methods

The Company takes appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of data. Data processing is carried out using computers and/or IT tools, following organizational procedures and methods strictly related to the purposes indicated. In addition to the Company, the data may be accessible to certain personnel involved in the operation of the Service (administration, sales, marketing, legal, system administration) or external parties (third-party technical service providers, hosting providers, IT companies, communication agencies, etc.) designated by the Company as Data Processors, if necessary. An updated list of these parties can be requested from the Company at any time.

Legal Basis of Processing

The Company may process personal data relating to you if one of the following applies:

  • You have given your consent for one or more specific purposes.
  • Provision of data is necessary for the performance of a contract with you and/or for any pre-contractual obligations thereof.
  • Processing is necessary for compliance with a legal obligation to which the Company is subject.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Location

The data is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located.

International Data Transfer

Depending on your location, your data may be transferred to a country other than your own. For details on the place of processing of such transferred data, please check the section containing details about the processing of personal data.

When transferring your personal data outside of Malaysia, the Company complies with the requirements of the PDPA. This includes:

  • When the destination country has been designated by the Minister as having an adequate level of protection.
  • When you have given explicit consent for such transfer.
  • When the transfer is necessary for the performance of a contract with you.
  • When necessary in relation to legal proceedings.
  • When necessary for the public interest.

If such a transfer takes place, you can find out more by checking the relevant sections or inquiring with the Company using the contact information.

Data Retention Period

Personal data shall be processed and stored for as long as required by the purpose for which they have been collected.

Therefore:

  • Personal data collected for purposes related to the performance of a contract between the Company and the Customer shall be retained until such contract has been fully performed.
  • Personal data collected for the purposes of the Company’s legitimate interests shall be retained as long as needed to fulfill such purposes.

The Company may be allowed to retain personal data for a longer period whenever the Customer has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Company may be obliged to retain personal data for a longer period when required to do so for the performance of a legal obligation or by order of an authority.

Once the retention period expires, personal data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability (if applicable) cannot be exercised after the expiration of the retention period.

4. Managing Data Deletion Requests

Deletion requests from Customers will be processed securely within a reasonable period based on the PDPA. Generally, data will be deleted or anonymized within 21 days after account deletion, unless retention is required due to legal obligations or other reasons. For specific procedures, please contact the Company.

5. Purposes of Data Processing

Data concerning Customers is collected to allow the Company to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of Customers or third parties), detect any malicious or fraudulent activity, and for the following purposes:

  • Displaying content from external platforms
  • Tag management
  • Contacting the user (e.g., email newsletters, inquiry handling)
  • Analytics (service improvement, understanding usage)
  • Managing contacts and sending messages
  • Handling payments
  • Infrastructure monitoring
  • Hosting and backend infrastructure
  • User database management
  • Data connection (linked services)
  • Content performance and feature testing (A/B testing)
  • (If applicable) International data transfer
  • Direct registration and authentication by the Company
  • Integration with live chat platforms
  • Registration and authentication
  • Remarketing and behavioral targeting
  • Spam protection
  • Platform services and hosting
  • Advertising
  • Traffic optimization and distribution

For specific information about the personal data used for each purpose, refer to the "Detailed Information on the Processing of Personal Data" section.

6. Detailed Information on the Processing of Personal Data

Personal data is collected for the following purposes and using the following services:

  • Handling Payments
  • Services that enable payment processing.
    • Stripe
      Personal Data Processed: Payment information (credit card number, expiration date, CVC, etc.), contact information (name, email address, billing address), IP address, device information, transaction history, and other data specified in Stripe's Privacy Policy.
      Place of Processing: Primarily data centers located in countries where Stripe provides its services, including the United States of America and Singapore (for data from the EU region, international transfers may occur based on appropriate safeguards).
      Privacy Policy:https://stripe.com/jp/privacy
  • Hosting and Backend Infrastructure
      • Hosting services necessary for the provision of the Service.
    Amazon Web Services (AWS)
      Provider Name: Amazon Web Services, Inc. Personal Data Processed: Various personal data obtained and processed through the service (e.g., user registration information, communication logs, usage history, IP address, access device information, and other data stored and processed within the application). This data is processed in accordance with AWS's privacy terms.
      Place of Processing: Processed primarily at AWS data centers, centering on the Kuala Lumpur, Malaysia region (ap-southeast-3). Transfers to other regions may occur if necessary, in which case appropriate safeguards will be taken.
      Privacy Policy:https://aws.amazon.com/jp/privacy/
  • Contacting the User
      • Services used for email distribution, etc..
    SendGrid
      Provider Name: Twilio Inc. Personal Data Processed: Email address, name, content of email body, IP address, open information, click history, and other information necessary for email delivery. This data is handled based on SendGrid's Privacy Policy.
      Place of Processing: Primarily processed at data centers located in the United States of America. May pass through servers in other regions if necessary.
      Privacy Policy:https://www.twilio.com/legal/privacy

7. Data Subject's (Customer's) Rights

Under the PDPA, Customers have the following rights regarding their personal data:

  • Right of Access: The right to confirm whether their personal data is being processed by the Company, obtain information about the processing (purpose, type, recipients, etc.), and obtain a copy of that data.
  • Right to Rectification: The right to request the correction or update of their personal data if it is inaccurate or incomplete.
  • Right to Withdraw Consent: The right to withdraw consent for the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Stop Processing (Harm/Distress): The right to request the cessation of processing of their personal data if such processing may cause or is causing undue harm or distress to them.
  • Right to Stop Processing (Direct Marketing): The right to stop the processing of personal data for direct marketing purposes.

8. How to Exercise Rights

If you wish to exercise the above rights, please contact the Company using the contact details provided at the beginning of this document. Requests to exercise rights are generally free of charge, but in accordance with the PDPA, a fee may be charged for exercising the right of access, to the extent that it is not unduly excessive. The Company will respond to your requests as quickly as possible within the period specified by the PDPA (e.g., within 21 days for rejection notices regarding access requests). Additional information may be requested for identity verification purposes.

9. Additional Information

Legal Action

Your personal data may be used by the Company for legal purposes, in court or in the stages leading to possible legal action arising from improper use of this Service or related services. You acknowledge that the Company may be required to reveal personal data upon request of public authorities.

System Logs and Maintenance

For operation and maintenance purposes, this Service and any third-party services may collect files that record interaction with this Service (System logs) or use other personal data (such as the IP Address) for this purpose.

Information Not Contained in This Policy

More details concerning the collection or processing of personal data may be requested from the Company at any time. Please see the contact information at the beginning of this document.

"Do Not Track" Requests

This Service does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Changes to This Privacy Policy

The Company reserves the right to make changes to this Privacy Policy at any time. When changes are made, the Company will notify you on this page and possibly within the Service, and as far as technically and legally feasible, send a notice to you via any contact information available to the Company. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed on the basis of the Customer’s consent, the Company will collect new consent from the Customer, where required.

10. Definitions

  • Personal Data (or Data): Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
  • Usage Data: Information collected automatically through this Service (or third-party services employed in this Service), which can include: the IP addresses or domain names of the computers utilized by the Customers who use this Service, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the Customer, the various time details per visit (e.g., the time spent on each page within the Service) and the details about the path followed within the application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the Customer's IT environment.
  • Customer (User): The individual using this Service who, unless otherwise specified, coincides with the Data Subject.
  • Data Subject: The natural person to whom the Personal Data refers.
  • Data Processor: The natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data User, as described in this privacy policy.
  • Data User (or Company): The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Service. The Data User, unless otherwise specified, is the owner of this Service.
  • Service: The service provided by the Company as described in the relative terms (if any) and on this site/application.
  • Tracker: Any technology – e.g., cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting – that allows the tracking of Customers, for example, by accessing or storing information on the Customer’s device.

11. Legal Information

This Privacy Policy has been prepared based on provisions of multiple legislations, including the Malaysian Personal Data Protection Act 2010 (PDPA).

Unless otherwise specified, this Privacy Policy relates solely to this Service.