Logo

Current as of 25 Nov 2024

Privacy Policy

At Roxa Sdn. Bhd. (Registration Number: 202101032345 (1432645-P)), we understand that privacy is fundamental to protecting your business and personal data. As a provider of integrated point-of-sale, inventory management, and spa booking solutions, we handle sensitive information requiring the highest protection and transparency standards. This Privacy Policy explains our commitment to safeguarding data while providing seamless business solutions.

Our Approach to Data Stewardship

At Roxa, we view ourselves as stewards of your information, entrusted with the vital data that powers your business operations. Our approach to data handling combines cutting-edge technology with rigorous privacy standards, ensuring that every piece of information flowing through our systems is protected, purposeful, and adequately managed. From the moment you begin using our point-of-sale system, schedule your first appointment, or process your initial inventory count, we implement comprehensive data handling protocols that prioritize security and accessibility.

The Journey of Your Data

Understanding how we handle your data begins with understanding its journey through our systems. When a customer purchases your establishment, our system doesn’t simply record a transaction – it orchestrates a careful ballet of data processing that maintains the perfect balance between operational efficiency and privacy protection. Each data point is collected, processed, and stored with specific purposes in mind, ensuring we gather only what’s necessary to provide comprehensive business solutions.

Business Operational Data Collection

The core of our data collection revolves around your daily business operations. Every customer interaction generates valuable information in your spa or retail environment that helps streamline your operations. When your staff processes a sale, our system securely captures not just the transaction details but also updates inventory levels, tracks staff performance, and maintains customer relationships – all while ensuring each piece of information remains protected and adequately categorized.

Appointment and Scheduling Information

For our users in the spa and salon industry, appointment management is crucial to their success. Our system carefully handles scheduling data, including customer preferences, service history, and staff availability. This information is processed in real-time, allowing you to provide exceptional service while maintaining strict privacy standards. We store appointment histories with attention to accessibility for legitimate business needs and protection against unauthorized access.

Inventory and Supply Chain Data

Your inventory management generates a continuous stream of data that requires careful handling. From stock levels and supplier information to product performance metrics, we process this information to provide actionable insights while maintaining data integrity. Our system tracks product movement, predicts reorder points, and manages supplier relationships, all while ensuring this sensitive business information remains secure and accessible only to authorized personnel.

Customer Relationship Information

We take special care with customer data, recognizing that this information forms the foundation of your business relationships. When your clients provide their contact details, preference information, or purchase history, we implement multiple layers of protection while ensuring this data remains readily available for legitimate business purposes. Our system allows you to build comprehensive customer profiles while strictly complying with privacy regulations.

Financial Transaction Processing

Financial data receives our highest level of protection and attention. Every transaction processed through our system undergoes multiple security checks and validations. We maintain detailed audit trails of all financial activities and ensure that sensitive payment information is handled according to the strictest industry standards. Our processing systems are designed to capture every necessary detail for business operations while minimizing exposure to sensitive financial data.

Technical and System Data

Behind the scenes, our system continuously collects and processes technical data that ensures smooth operations. This includes system performance metrics, usage patterns, and operational statistics. We carefully balance the need for technical monitoring with privacy considerations, ensuring that system data collection supports service improvement without compromising user privacy.

Analytics and Business Intelligence

The data we collect powers our business intelligence features, providing valuable insights while maintaining strict privacy controls. Our analytics processing examines patterns and trends in your business operations, helping you make informed decisions while protecting individual privacy. We aggregate data thoughtfully, ensuring business intelligence doesn't compromise personal privacy.

Data Collection and Processing

Your interaction with Roxas services generates various types of data, each serving a specific purpose in supporting your business operations. For example, when you process a transaction through our POS system, you may schedule an appointment or manage your inventory. We carefully collect and process this information to ensure your business runs smoothly.

Every piece of data we collect serves a purpose. When a customer purchases, we record the transaction details, inventory updates, customer preferences, and sales patterns. This comprehensive approach allows us to provide meaningful insights while maintaining strict privacy standards. Our system carefully balances the need for detailed business intelligence with the fundamental right to privacy.

Business Operations Data

The heart of our data collection revolves around your daily business operations. Our system securely records transaction details when your staff processes a sale, including purchase amounts, items sold, and payment methods. We also maintain appointment histories, customer preferences, and service provider schedules for spa and salon services while protecting this sensitive information.

We understand that inventory management is crucial to your business. Our system tracks stock levels, supplier information, and product performance, creating a comprehensive view of your business operations. This data helps you make informed decisions while we ensure its security and confidentiality.

Customer Information

We take special care with customer data, recognizing its sensitivity and importance. When clients make appointments or purchases, we collect only the information necessary to provide excellent service. This might include contact details, service preferences, and purchase history. We maintain this information securely, allowing you to build strong customer relationships while protecting their privacy.

Technical Data Collection

Our systems collect technical data behind the scenes to help us ensure smooth operations. This includes information about our applications' performance, system health metrics, and usage patterns. We use this data to improve our services, prevent technical issues, and enhance your experience with our platform.

Financial Processing

Financial data receives our highest level of protection. When processing payments, our system employs advanced encryption and security protocols. We record transaction details, maintain audit trails, and ensure compliance with financial regulations, all while protecting sensitive payment information.

Future Data Considerations

As your business evolves, our data handling practices adapt to meet new challenges and opportunities. We continuously update our data processing systems to accommodate new business needs, emerging technologies, and evolving privacy requirements. Our forward-looking approach ensures that your data handling needs will be met now and in the future, always with privacy and security at the forefront.

Comprehensive Control

We believe in giving you complete control over your data. As a user of Roxas services, you have extensive rights regarding how your information is collected, used, and managed. These rights aren't just promises. They're fundamental principles embedded in our system architecture and business processes.

Accessing Your Information

You have the right to access any information we hold about your business. Whether you need to review transaction histories, customer records, or system usage data, we've made this process straightforward and secure. Contact our Data Protection Officer or use our secure online portal to request access to your information.

Our commitment to transparency means you can request details about:

  • All personal and business data we hold
  • How we use this information
  • Who has access to your data
  • How long do we retain different types of information
  • The security measures protecting your data

Data Correction and Updates

Accurate data is crucial for your business operations. If you find any inaccuracies in your records, you have the right to have them corrected promptly. Our system maintains version histories of any changes, ensuring accuracy and accountability in data management.

Data Deletion and Retention

You have the right to request deletion of your data, subject to legal retention requirements. When you make such a request, we carefully review all associated information to ensure complete removal while maintaining regulatory compliance. Some information may need to be retained for legal or regulatory purposes, and we'll clearly explain any such requirements.

Managing Your Preferences

We provide comprehensive controls over how your information is used. Through your Roxa dashboard, you can:

  • Adjust marketing preferences
  • Control automated processing settings
  • Modify data-sharing permissions
  • Set communication preferences
  • Configure analytics participation

Each setting is accompanied by clear explanations of its implications, ensuring you make informed decisions about your data.

Understanding Camera Usage in Roxa

Our Roxa application requires camera access to enhance your business operations through various essential features. We understand that camera access represents a significant privacy consideration, and we want you to be fully informed about how and when we use your device's camera capabilities.

Primary Camera Functions

The camera functionality in our application serves several specific business purposes. When you scan inventory barcodes, capture product images, or process QR code payments, our system activates your device's camera only for these designated tasks. Each camera activation is purposeful and limited to the specific function being performed, ensuring that camera access is never continuous or unnecessary.

Camera Data Processing

When you use the camera function within our app, we process the visual data with extreme care. For barcode scanning, the image data is processed in real-time and immediately discarded after the barcode information is extracted. When capturing product images, only the final, user-confirmed images are stored in our secure system. We never store temporary or discarded images, and we never access your device's camera without explicit user action and clear on-screen indicators.

Security Measures for Camera Functions

We implement multiple security layers around camera functionality:

  • Camera access is triggered only by specific user actions
  • Visual indicators always show when the camera is in use
  • Processing occurs locally on your device whenever possible
  • Image data is encrypted during any necessary transmission
  • Camera access automatically terminates after each use

User Control Over Camera Access

You maintain complete control over camera permissions. While camera access is necessary for certain app functions, you can:

  • Enable or disable camera access through your device settings
  • Receive clear notifications when camera access is required
  • Choose alternative methods for data entry when available
  • Review camera access logs through our security dashboard

Your privacy is our priority. Roxa's app only activates the camera when you choose to use features like barcode scanning, product photography, or QR code processing. We never access your camera without your knowledge, store images without consent, or use it for unintended purposes. All image processing is encrypted, and you control permissions via device settings. Access logs are available through our security dashboard, and alternative data entry methods are offered where possible. We ensure your camera enhances business operations without compromising privacy.

Location Data Collection

The Roxa application utilizes location services to enhance your business operations and provide location-specific features. We recognize the sensitivity of location data and maintain strict protocols for its collection, processing, and storage.

Purpose of Location Tracking

Our system collects location data for specific business purposes, including:

  • Verifying transaction locations for security purposes
  • Optimizing multi-location business operations
  • Providing location-based tax calculations
  • Supporting delivery service features
  • Enabling location-specific promotions and services

Precision and Limitation

We deliberately limit location data collection to only what's necessary for business operations. When high-precision location data isn't required for a specific function, we automatically default to lower-precision location information. This approach balances functionality with privacy, ensuring we collect only the location data needed for each specific feature.

Protecting Your Location Information

Your location data receives comprehensive protection through our multi-layered security approach. From the moment your device transmits location information, we immediately encrypt this sensitive data using advanced protocols. Our system implements strict access controls, ensuring that only authorized personnel can view location data relevant to their specific business functions. We've developed sophisticated automated systems that manage data aging and deletion, ensuring that location information isn't retained longer than necessary. All location data transmissions occur through secure, encrypted channels, protected by industry-leading security measures. To maintain the highest standards of protection, we conduct regular audits of location data usage, reviewing access patterns and security protocols to identify and address potential vulnerabilities.

Managing Multiple Business Locations

For businesses operating across multiple locations, we've developed a sophisticated system that maintains clear boundaries between different operational areas. Our platform creates distinct geographic zones for each business location, ensuring that data remains properly segregated and secure. Access permissions are carefully controlled based on location-specific parameters, allowing managers to maintain separate privacy settings for each business site. This granular approach enables precise control over location data sharing and access, ensuring that sensitive information remains protected while maintaining operational efficiency.

Your Control Over Location Services

We believe in empowering our users with comprehensive control over their location data. Our system provides detailed permission settings that allow you to manage exactly how location services are used. When location services are active, clear on-screen indicators ensure you're always aware of data collection. We offer flexible options to adjust location precision based on your business needs, and you can disable location services while still maintaining access to core business functions. To keep you informed, our system sends regular notifications about location data collection, ensuring complete transparency in how your location information is used.

Location Data Retention and Management

Our approach to location data retention prioritizes both security and practicality. We maintain active location data only for the period necessary to support your business operations. Historical location information undergoes automatic anonymization to protect privacy while preserving valuable business insights. Our configurable purge schedules ensure that location histories are removed according to your specific requirements. For emergency situations, we maintain special protocols that provide additional protection for sensitive location data. All backup location information is secured through robust encryption, ensuring protection even in archived states.

Supporting Multi-Location Operations

Operating multiple business locations requires additional privacy considerations, which we address through comprehensive security measures. Each location maintains its own secure data stream, ensuring proper segregation of information. Staff access to location data is controlled through role-based permissions specific to each site. We establish clear geographical boundaries for data access, implement controlled sharing between locations, and maintain location-specific security protocols to protect sensitive information.

Third-Party Integration Security

When your business requires sharing location data with authorized third-party services, we implement strict controls to maintain privacy and security. We adhere to the principle of minimal data sharing, transmitting only the specific information required for each integration. Before any location data is shared, we obtain explicit consent from authorized users. Our secure transmission protocols ensure data protection during transfer, and we regularly verify our partners' compliance with privacy standards. Through systematic audits of shared location data, we maintain oversight of how your information is used by integrated services.

Advanced Technology for Better Business

Our commitment to innovation includes thoughtfully applying artificial intelligence and machine learning technologies. These advanced systems continuously improve your business operations while maintaining the highest data protection and privacy standards.

Appointment Optimization

Our AI-powered scheduling system learns from your business patterns to optimize appointment booking. It analyzes service duration, staff availability, and customer preferences to suggest optimal scheduling arrangements. This system adapts to your business needs while respecting staff and customer privacy.

The appointment optimization system considers the following:

  • Historical booking patterns
  • Staff expertise and availability
  • Service duration
  • Customer preferences and history
  • Peak business hours
  • Seasonal variations
  • Resource availability

Inventory Intelligence

Our intelligent inventory management system uses advanced algorithms to predict stock needs and prevent shortages. This system analyzes sales patterns, seasonal trends, and market conditions to provide accurate inventory recommendations while maintaining data privacy and security.

The system helps you:

  • Predict future inventory needs
  • Optimize stock levels
  • Reduce waste
  • Manage multiple locations
  • Track product performance
  • Automate reordering

Customer Experience Enhancement

We employ AI to enhance customer experiences while protecting privacy. Our systems analyze anonymized data to identify trends and preferences, helping you provide better service without compromising personal information.

Understanding Our Integration Ecosystem

At Roxa, we recognize that modern businesses require seamless connectivity across multiple platforms and services. Our integration ecosystem is designed to enhance your business capabilities while maintaining the highest data protection and privacy standards. When you choose to connect third-party services with your Roxa account, we ensure that these integrations operate within a framework that prioritizes the security and confidentiality of your data.

How Integrations Work

When you enable integration with your Roxa account, we establish secure data exchange channels specifically designed for each integration partner. These connections operate through our enterprise-grade API infrastructure, which maintains detailed records of all data transfers while ensuring that information flows securely between systems. Each integration undergoes rigorous security testing and regular audits to maintain the integrity of your data.

Our Integration Partners

We carefully select and evaluate our integration partners to ensure they meet our stringent privacy and security standards. Before establishing any partnership, we comprehensively assess their data handling practices, security protocols, and compliance frameworks. This evaluation includes reviewing their privacy policies, security certifications, and data protection measures to ensure they align with our commitment to protecting your information.

Data Sharing with Integration Partners

When you activate an integration, we share only the specific data necessary to function effectively. For example, if you connect an email marketing platform, we share only the customer contact information and purchase history needed for targeted communications. Similarly, when connecting accounting software, we transfer only the financial data required for accurate bookkeeping. This selective data sharing ensures that your information remains protected while allowing for efficient business operations.

Security Measures for Integrated Services

Each integration operates within a secure framework that includes End-to-end encryption for all data transfers between systems, real-time monitoring for unusual activity, regular security audits of data flows, and immediate incident response protocols. We maintain detailed logs of all data exchanges and regularly review these records to ensure compliance with our security standards and your privacy preferences.

Partner Compliance Requirements

We establish binding data processing agreements with all integration partners that clearly define their obligations regarding your data. These agreements mandate specific security measures, restrict data usage to authorized purposes only, and require prompt notification of any security incidents. Partners must maintain compliance with relevant data protection regulations, including Malaysia's Personal Data Protection Act 2010 and other applicable international standards.

Your Control Over Integrations

We believe in giving you complete control over your integrated services. Your Roxa dashboard lets you view all active inlets, manage data sharing permissions, and monitor data flows between systems. You can turn integrations on or off at any time, and we provide detailed information about what data is shared with each integration partner

Data Synchronization and Privacy

Our integration architecture ensures that data synchronization occurs securely and efficiently. When information is updated in one system, changes propagate through secure channels to maintain consistency across platforms while preserving data integrity. We implement strict access controls and authentication measures to prevent unauthorized data access during these synchronization processes.

Integration Support and Monitoring

Our dedicated integration support team monitors all connected services to ensure they continue to meet our privacy and security standards. We regularly review integration performance, security metrics, and data handling practices. If we detect any issues or concerns, we immediately protect your data and temporarily suspend integrations if necessary.

Future Integration Partners

As we expand our integration ecosystem, we maintain our commitment to privacy and security. New integration partners undergo the same rigorous evaluation process, and we regularly reassess existing partnerships to ensure ongoing compliance with our standards. We keep you informed about new integration opportunities while ensuring that each addition to our ecosystem maintains the highest levels of data protection.

Integration Privacy Updates

We regularly update our integration privacy frameworks to address emerging security challenges and evolving business needs. When we make significant changes to how integrations handle data, we provide clear notifications and updated documentation to help you understand the implications for your business. This commitment to transparency ensures you can make informed decisions about your integrated services.

Custom Integration Solutions

We provide additional layers of security and privacy protection for businesses requiring custom integration solutions. Our development team works closely with your technical staff to create secure, compliant integration pathways that meet your specific business needs while maintaining our strict data protection standards. These custom solutions include detailed documentation, regular security assessments, and ongoing monitoring to ensure continued compliance with privacy requirements.

Understanding Your POS Data Ecosystem

At Roxa, we recognize that your point-of-sale system is the central nervous system of your business operations. Every transaction processed through our POS system generates a complex web of interconnected data points, each requiring careful handling and protection. From the moment a customer approaches your counter to the final reconciliation of your daily sales, our system ensures that each piece of information is processed with precision, security, and respect for privacy.

Transaction Data Processing

When a sale occurs through your POS system, we initiate a sophisticated data- handling process that captures and protects multiple layers of information. Each transaction generates detailed records, including product information, pricing data, payment methods, staff identifiers, and timestamp information. This data is encrypted in real-time using advanced protocols that protect sensitive information while maintaining accessibility for legitimate business purposes.

Payment Processing Security

We implement stringent security measures for payment processing that exceed industry standards. Credit card information is handled through secure payment gateways that utilize tokenization and end-to-end encryption. When customers pay by card, our system ensures that sensitive payment details are never stored directly in your POS system; instead, we utilize secure tokens for reference and reconciliation purposes.

Customer Purchase History and Profiles

Our POS system maintains detailed customer purchase histories while respecting privacy boundaries. When customers opt into your loyalty program or agree to profile creation, we carefully balance the need for comprehensive customer data with privacy protection. Purchase patterns, preferred products, and service histories are stored with multiple layers of security, accessible only to authorized personnel through authenticated access points.

Staff Activity and Authentication

Every action within the POS system is tracked with detailed audit trails that maintain accountability while protecting employee privacy. Secure logging systems monitor staff logins, transaction processing, void operations, and system access. We implement role-based access control, ensuring employees can access only the data necessary for their job functions.

Inventory Integration

Your POS system continuously communicates with our inventory management module, generating real-time updates as products are sold or services are rendered. This integration creates detailed records of stock movements, helping prevent loss while maintaining accurate inventory levels. Our system tracks product performance, monitors stock levels, and generates reorder notifications while protecting sensitive pricing and supplier information.

Daily Operations and Reporting

At the close of each business day, our POS system generates comprehensive reports that provide crucial business insights while maintaining data privacy. Sales summaries, staff performance metrics, and transaction analyses are compiled with attention to detail and discretion. These reports are stored securely and accessible only to authorized personnel through authenticated channels.

Cash Management Protection

Our system maintains detailed records of cash drawer operations for cash transactions, including opens, closes, and adjustments. Each cash-handling operation is logged with employee identification and timestamp information, creating a secure audit trail while protecting business assets and employee privacy. Cash reconciliation reports are generated with multiple layers of verification to ensure accuracy and security.

Digital copies of receipts are stored securely within our system, maintaining both customer privacy and business record-keeping requirements. When receipts are emailed to customers, we ensure that transmission occurs through encrypted channels. Historical receipt data is kept in compliance with Malaysian tax regulations while ensuring that customer information remains protected.

Discount and Promotion Processing

When discounts or promotional offers are applied through the POS system, we maintain detailed records of these adjustments while protecting customer and business information. Authorization levels for discount applications are strictly controlled, with each adjustment tracked for security and accountability purposes.

Tax Calculation and Reporting

Our POS system automatically calculates and tracks tax obligations that comply with Malaysian regulations. Detailed tax records are maintained securely, ensuring accurate reporting while protecting sensitive business information. Tax summaries and reports are generated with attention to accuracy and data security.

Integration with External Services

When your POS system connects with external services such as accounting software or marketing platforms, we implement strict data handling protocols to maintain security during information transfer. Each integration is monitored and controlled through secure APIs, ensuring data sharing serves specific business purposes while preserving privacy standards.

Offline Operation Protection

Our POS system continues operating with total security measures during internet connectivity interruptions. Offline transactions are encrypted and stored locally until connectivity is restored; at this point, they are securely synchronized with our cloud servers through encrypted channels.

Data Backup and Recovery

We maintain secure backups of your POS data through redundant storage systems that ensure business continuity while protecting data privacy. Backup processes are automated and encrypted, and recovery procedures are designed to restore operations quickly while maintaining security protocols.

System Updates and Security Patches

Our POS system regularly receives security enhancements and privacy protection improvements. These updates are delivered through secure channels, and each installation is verified to maintain system integrity and data protection standards.

Learning from Transaction Patterns

Our system employs advanced analytics to learn from transaction patterns, helping improve business operations while maintaining strict privacy controls. These insights help optimize inventory management, staff scheduling, and customer service while protecting individual privacy through data anonymization and aggregation.

Our Commitment to Malaysian Legal Standards

At Roxa, compliance with Malaysian privacy and data protection laws forms the cornerstone of our operations. We recognize our responsibility as a Malaysian company governed by the Personal Data Protection Act 2010 (PDPA) and related regulations. Our commitment extends beyond mere compliance – we strive to embody the spirit of Malaysian privacy law in every aspect of our service delivery.

Understanding the Personal Data Protection Act 2010

The Malaysian Personal Data Protection Act 2010 represents our nation's comprehensive framework for protecting personal data in commercial transactions. As a data processor and controller, we have structured our entire data protection strategy around the seven fundamental principles outlined in the PDPA. These principles don't just guide our policies; they are deeply embedded in our daily operations and technical infrastructure.

The General Principle in Practice

Our data collection and processing approach begins with the General Principle of the PDPA. We ensure that every information we collect serves a clear, legitimate purpose in providing our services. Before collecting personal data, we obtain explicit consent from our users and clearly explain how their information will be used. This commitment to transparency extends throughout the entire data lifecycle, from initial collection to final deletion.

Notice and Choice Implementation

We believe in empowering our users with clear information and meaningful choices about their data. Our notification system goes beyond standard privacy notices, providing detailed, accessible explanations of our data processing activities. When you use our POS system, schedule appointments, or manage inventory, we ensure you understand precisely what information we collect and why. These notifications are written in clear, straightforward language, avoiding technical jargon while maintaining legal precision.

Our Disclosure Framework

In the dynamic environment of modern business, we understand the importance of responsible data sharing. Our disclosure protocols ensure that your information is shared only with authorized parties and only when necessary to provide our services. We maintain detailed records of all data disclosures, including the purpose, recipient, and security measures in place. This careful documentation ensures we can demonstrate compliance while protecting your privacy rights.

Security Measures Under Malaysian Law

Our security infrastructure is designed to meet and exceed the requirements of Malaysian data protection laws. We implement comprehensive technical and organizational measures to prevent unauthorized access, maintain data integrity, and ensure continuous service availability. Our security protocols are regularly updated to address emerging threats while complying with evolving legal requirements.

Data Retention and Malaysian Legal Requirements

Malaysian law requires careful attention to data retention periods, and we have developed sophisticated systems to manage this requirement. Our retention schedules are designed to balance business needs with legal obligations, ensuring that data is kept only as long as necessary for its intended purpose. When retention periods expire, we employ secure deletion protocols that comply with Malaysian legal standards.

Cross-Border Data Transfers

As a Malaysian company operating in an interconnected world, we pay special attention to cross-border data transfers. Our protocols for international data movement comply with Malaysian regulations while ensuring efficient service delivery. We maintain detailed records of all international transfers and implement appropriate safeguards as Malaysian law requires.

Industry-Specific Compliance

Beyond the PDPA, we adhere to industry-specific regulations affecting our retail and service users. This includes compliance with Bank Negara Malaysia guidelines for payment processing, relevant provisions of the Consumer Protection Act 1999, and specific requirements for businesses in the beauty and wellness industry.

Regulatory Updates and Adaptation

Our legal compliance team actively monitors changes in Malaysian privacy law and regulatory guidance. We quickly adapt our systems and processes when new requirements emerge to ensure continued compliance. This proactive approach helps us maintain our commitment to legal compliance while providing uninterrupted service to our users.

Documentation and Reporting

We maintain comprehensive documentation of our compliance efforts, including regular audits, assessment reports, and compliance certificates. This documentation shows our commitment to legal compliance and as a resource for continuously improving privacy protection measures.

Training and Awareness

Our commitment to legal compliance extends to our entire organization. We conduct regular training sessions for our staff, ensuring they understand the technical requirements of Malaysian privacy law and the practical implications for our day-to- day operations. This cultural emphasis on privacy protection helps ensure consistent compliance across all aspects of our service.

Compliance Support for Our Users

We understand that our users rely on our compliance expertise to help them meet their legal obligations. Our system includes features designed to help businesses comply with Malaysian privacy laws, including tools for managing customer consent, generating compliance reports, and maintaining required documentation.

Audit and Verification

Regular internal and external audits verify our compliance with Malaysian privacy laws. These audits examine every aspect of our operations, from technical security measures to staff training programs. The results help us identify areas for improvement and demonstrate our ongoing commitment to legal compliance.

Conclusion: Our Commitment to Your Privacy

At Roxa, we understand that trust is earned through consistent actions and an unwavering commitment to protecting your privacy. Our dedication to safeguarding your data remains paramount as we continue to innovate and enhance our point-of- sale, inventory management, and spa booking solutions. We recognize that every information you entrust to us represents a vital aspect of your business operations, customer relationships, and future growth potential.

Our privacy policy reflects our legal obligations under Malaysian law and our fundamental belief that proper data protection is essential to business success in the digital age. Through our comprehensive security measures, transparent data handling practices, and respect for your privacy rights, we strive to maintain the confidence you've placed in us as your technology partner.

We encourage you to stay engaged with your data protection rights and to communicate with us about your privacy needs. Our team, led by our Data Protection Officer remains available to address your questions, concerns, or requests regarding your personal information. Whether you're a small boutique spa, a growing retail chain, or an established business enterprise, we are committed to providing the tools and support needed to manage your data safely and effectively.

As technology evolves and new privacy challenges emerge, we will continue to adapt and enhance our privacy protection measures. We will also inform you of significant changes to our privacy practices, ensuring you have the information you need to make informed decisions about your data. Thank you for trusting Roxa with your business operations and data protection needs.

We can build a secure, efficient, and privacy-respecting foundation for your business success.

For any privacy-related inquiries or assistance, please get in touch with us at:

  • Data Protection Officer
  • Roxa Sdn. Bhd.
  • Jalan Kerinchi Kiri 3
  • Bangsar South, 59200
  • Kuala Lumpur, Malaysia
  • Email: info@roxa.app
  • Support Portal: help.roxa.app
  • Phone: +60 11 2530 0513
  • Last Updated: 25/11/2024