Privacy Policy - Roar Plunge

Last updated: 12 January 2025

This Privacy Policy explains how Roar Plunge (“Roar Plunge”, “we”, “us”, “our”) collects, uses, discloses and safeguards your personal information when you visit or make a purchase from roarplunge.my or otherwise interact with any of our services (the “Services”). It is drafted in line with the Personal Data Protection Act 2010 and the Personal Data Protection (Amendment) Act 2024 of Malaysia.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Services.

1 Updates to this Privacy Policy

We may revise this Privacy Policy from time to time. The latest version will always appear here with a new “Last updated” date. Where required by law, we will notify you and, when necessary, obtain your consent to material changes.

2 How PDPA Applies to Roar Plunge

We are a data user under the PDPA and follow its seven Personal Data Protection Principles:

Principle	How we comply
Notice & Choice	You are reading our privacy notice and can choose which data to provide.
Purpose	We use data only for the purposes listed in Section 4.
Disclosure	Data is disclosed only as set out in Section 5.
Security	Safeguards are detailed in Section 7.
Retention	We keep data only for the periods in Section 8.
Data Integrity	We take steps to keep data accurate and current.
Access & Correction	Your rights are explained in Section 9.

Amendment 2024 highlight: You also have a new right to data portability, subject to technical feasibility.

3 Personal Information We Collect

Category	Examples	Mandatory?	Consequence if not provided
Contact details	name, address, phone, email	Yes	We cannot deliver or contact you
Order & payment	items, bank-in slip, delivery status	Yes	Order cannot be processed
Account credentials	username, password	Voluntary	Guest checkout only
Customer support	emails, support photos	Voluntary	May delay support
Health & usage info	goals, conditions (if shared)	Voluntary	Limited guidance
Usage data	IP, browser type, cookies	Auto-collected	Certain site features may break

4 Why We Use Your Information

Purpose	Legal basis
Provide & fulfil services	Contract (PDPA s.6)
Account administration	Contract; legitimate interests
Customer support	Legitimate interests
Marketing (e-mail, SMS, ads)	Consent (opt-out any time)
Fraud & security monitoring	Legal obligation; legitimate interests
Analytics & site improvement	Legitimate interests
Health & safety notices	Legal obligation
Legal compliance	Legal obligation

We do not engage in automated decision-making that produces legal or similarly significant effects.

5 How We Disclose Personal Information

We share personal data only when necessary with:

Service providers (e.g. Shopify hosting, Stripe payment, courier companies)
Roar Plunge affiliates for internal business operations
Advisers, regulators or authorities where required by law or to assert our legal rights
Prospective buyers under strict confidentiality, should we sell or restructure our business

We never sell or rent your personal data.

6 Cookies & Similar Technologies

We use cookies and similar tools to:

Remember your cart and preferences
Enable secure checkout
Measure usage (Shopify analytics, Google Analytics 4)
Provide chat support (WhatsApp widget)
Serve ads (Meta Pixel, Google Ads)

Essential cookies are required for the Site to function; analytics and marketing cookies are optional and can be disabled in your browser, though some features may not work.

7 Data Security

We protect your information with:

TLS 1.2/1.3 encryption in transit
AES-256 encryption at rest on Shopify’s servers
Role-based access controls and 2-factor authentication
Continuous monitoring and regular penetration testing

No method is 100 % foolproof, but we review and upgrade our safeguards continually.

8 Data Retention

Data type	Retention period
Order & tax records	7 years
Active account	Until closed
Inactive account	Deleted after 12 months
Abandoned cart	30 days
Marketing consent	Until withdrawn
Customer service threads	24 months
Warranty claims	3 years
Security logs	12 months

9 Your PDPA Rights

You may:

Access your personal data
Correct inaccuracies
Withdraw consent at any time
Object to or restrict direct marketing
Request data portability in a structured, commonly used format (where technically feasible)

Email orders@roarplunge.my to exercise these rights. A statutory RM10 fee may apply for access requests. We respond within 21 days for access and 7 days for corrections.

If we cannot resolve your concern, you may complain to the Personal Data Protection Commissioner of Malaysia.

10 Cross-Border Transfers

Our store is hosted on Shopify, whose primary servers are in the US, Canada and Ireland. We also share limited data with Google and Meta for analytics and advertising. These transfers are permitted under the Personal Data Protection (Transfer of Personal Data to Places Outside Malaysia) Order 2013 and are protected by contractual safeguards and industry-standard security measures.

11 Children’s Data

The Services are intended for users aged 18 +. We do not knowingly collect data from minors. Parents or guardians may contact us to request deletion of any such data. Cold-therapy use by minors must be medically supervised.

12 Health Information Handling

If you voluntarily share health information, we will use it only to:

Provide relevant safety guidance
Improve our educational materials
Support warranty or safety requests

We do not use health data for marketing. We disclose it only where legally required or where urgent safety concerns exist.

13 Marketing Communications

We may send:

Product updates and special offers
Wellness and educational content
Product recalls or safety alerts

You can opt out at any time via the “unsubscribe” link or by contacting us. Transactional messages (e.g. order confirmations) are compulsory.

14 Contact Us

Roar Plunge
WhatsApp: +60 18 668 3812
Email: orders@roarplunge.my

For urgent safety issues, please call our support line immediately.