Privacy Policy

Privacy Notice (PDPA 2010)

Last updated: April 2026

This Privacy Notice explains how Creative Distributions Sdn Bhd (operating GOGO Mobile and gogomobile.com.my, hereafter “we”, “us”) collects, uses, discloses and protects your personal data. We comply with the Malaysian Personal Data Protection Act 2010 (“PDPA”).

1. What we collect

When you create an account, place an order, redeem vouchers, contact us, or visit our site, we may collect:

  • Identity data — name, gender, date of birth (optional).
  • Contact data — email address, mobile number, billing & delivery address.
  • Account data — login credentials (passwords are hashed and never stored in plain text), membership tier, points balance, voucher history.
  • Transaction data — order history, payment method (card / FPX / e-wallet last digits or reference only — full card numbers are handled by our payment gateway, not by us), purchase amounts, instalment selections.
  • Device & technical data — IP address, browser type, device model, OS, cookies, session identifiers, pages visited.
  • Communications — chat or support messages you send us, in-app notifications you have agreed to receive.

2. Why we collect it (Purpose)

  • Process and fulfil your orders, including delivery and pickup.
  • Verify your identity, prevent fraud, and protect your account.
  • Operate the loyalty programme — calculate points, issue vouchers, upgrade membership tiers.
  • Provide after-sales support, warranty claims, and respond to your enquiries.
  • Send transactional notifications (order confirmation, shipping updates).
  • With your consent, send marketing communications and product recommendations. You can opt out at any time.
  • Improve our website, mobile app, and in-store experience through analytics.
  • Comply with legal, tax, accounting, and regulatory obligations.

3. Who we share it with

We do not sell your personal data. We share it only with parties needed to deliver our services:

  • Hosting & database — Vercel Inc. (USA / global edge), Supabase (Singapore region).
  • Payment gateway— Billplz Sdn Bhd, processing FPX, Touch ‘n Go eWallet, and card payments.
  • Delivery couriers— J&T Express, Pos Malaysia (Poslaju), and our internal pickup staff (for self-pickup orders).
  • Communications — SMS / OTP providers, email service, and (where you opt-in) push notification services.
  • Affiliated companies — Macintosh Sdn Bhd (sister company) where required for warranty claims involving telco-bundled devices.
  • Legal authorities — when required by law, court order, or to protect our rights.

4. Where we store it

Your data is stored on servers operated by our hosting providers, primarily in the Asia-Pacific region (Singapore). Some data may be transferred outside Malaysia. We ensure such transfers are subject to adequate protection consistent with the PDPA.

5. How long we keep it

  • Account & profile — for as long as your account remains active, plus up to 6 years thereafter to comply with tax and audit requirements.
  • Order & payment records — 7 years (Malaysian Income Tax Act requirement).
  • Marketing consent records — until you withdraw consent, plus 1 year to evidence compliance.
  • Server logs — typically 90 days for security and debugging.

6. Your rights under PDPA

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or outdated personal data.
  • Withdraw consent for marketing communications at any time.
  • Request deletion of your account and associated personal data (subject to legal retention requirements above).
  • Limit processing of your data for direct marketing purposes.

To exercise any of these rights, email privacy@gogomobile.com.my. We respond within 21 days as required by the PDPA.

7. Security

We use industry-standard safeguards including HTTPS encryption, hashed passwords, role-based access control, and database row-level security. No method is 100% secure; we recommend you keep your account password confidential and notify us immediately of any suspected unauthorised use.

8. Cookies

We use cookies and similar technologies to keep you logged in, remember your cart, measure site performance, and personalise content. You can disable cookies in your browser, but parts of the site (cart, checkout, login) may not function properly.

9. Children

Our services are not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can delete it.

10. Changes to this notice

We may update this notice from time to time. The “Last updated” date at the top reflects the latest version. We encourage you to review it periodically.

11. Contact

Creative Distributions Sdn Bhd
(operating GOGO Mobile / gogomobile.com.my)
Email: privacy@gogomobile.com.my

© 2026 GOGO Mobile · Creative Distributions Sdn Bhd