EP PLUS GROUP - PERSONAL DATA AND PRIVACY POLICY
Last updated: 25th of March 2025
1. Introduction
EP Plus Group Sdn. Bhd. (Company Registration No.: 199701014075 (429571-D)) views and treats your Personal Data (as defined below) seriously. This Personal Data and Privacy Policy (“Privacy Policy”) describes how EP Plus Group Sdn. Bhd. and each of our respective related corporations (as the term is defined in the Companies Act 2016), affiliates, and associated companies (hereinafter referred to as the "EPP", "Company" "we" "our" or "us") (whether or not controlled by us) have or will collect, maintain, record, hold, store, use, disclose and/or process (collectively referred to as "Process") personal information about you on the Platform. Whenever we Process your personal information, we will do this in accordance with the Malaysian Personal Data Protection Act 2010 ("PDPA").
By using the Platform (as defined below), you confirm that you have read, understood and agreed to this Privacy Policy, our Terms (as defined below) and the Cookie Policy (as defined below) together referred to herein as the "Agreement"). The Agreement governs the use of the Platform.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
2. General Terms
For the purposes of this Privacy Policy:
• We call a user of the Platform "User", "Users" "you" "your" or "Client", as appropriate.
• "Cookie Policy" refers to the cookies on the Platforms and how we use them, which can be found here.
• "Terms of Use" refers to our terms of use (“Terms”), which can be found here. This Privacy Policy, is incorporated into, and considered a part of, the Terms of Use.
• "Platform" refers to the websites currently operated by the Company which are as follows:
(a) https://epplusgroup.com/
(b) https://solamedica.epplusgroup.com/
(c) https://fluimucil.com.my/
(d) https://epplushealth.com/
(e) https://colondetective.com/
(f) https://multi-gyn.com/my/
(g) www.enerflexnutrition.com
3. Collection of Personal Information
Sources of Personal Data
The personal data processed by us are obtained from various legitimate and transparent sources (including without limitation to):
(a) Direct Interactions: We may collect Personal Data when you:
(i) use the Platform;
(ii) fill up survey forms and questionnaires during events conducted by us;
(iii) subscribe to our publications;
(iv) request marketing materials to be sent to you;
(v) through our social media channels including when you participate in loyalty programs, contests, or promotions; and
(vi) via messaging applications, such as WhatsApp, when you engage with our services or customer support.
(b) Third Parties: Certain third parties, whether affiliated or unaffiliated ("Third Parties") may collect Personal Data from you and circulate the same to us subject to their compliance with their privacy policies and the PDPA.
Personal Data We Collect
We may collect the following personal information relating to you that you have provided to us or otherwise through your use and access of the Platform:
(a) Identity Data: including your full name, age, gender, date of birth, citizenship, marital status, nationality, race, ethnic origin, NRIC/passport details;
(b) Financial Data: your financial situation, status and history;
(c) Contact Data: this may be your postal address, telephone number, email address and emergency contact information;
(d) Transaction Data: Purchase history, product interactions, returns, and warranty claims.
(e) Technical Data: including internet protocol address, your login data, browser type and version, location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Platform;
(f) Profile Data: includes your username and password, feedback and survey responses;
(g) Marketing Data: includes your subscription statuses (e.g., newsletters, email alerts and promotions), marketing preferences (including whether you wish to receive newsletters, promotional offers or other updates from us);
(h) Billing Data: this may include your payment instrument number (such as credit or debit card number), expiration date and security code as necessary to process your payments;
(i) Research Data: this includes any clinical trial participation data, research study data, survey and study participation details and customer satisfaction surveys; and
(j) Health Data: Includes medical conditions, allergies, prescription details, or other health-related information you provide when purchasing healthcare products on our platforms.
(k) any such information as we deem necessary or appropriate from time to time in connection with your appointment and/or prospective appointment with us.
Further, we also automatically collect certain information when you use the Platform. The categories of information that we automatically collect and have collected are as follows:
(a) Service Use Data: including data about features you use, pages you visit, emails and advertisements you view, portions of the Platform that you view and interact with, the time of day you browse, and your referring and exiting pages;
(b) Device Use Data: including data about the type of device or browser you use, your device’s operating system, your internet service provider, your device’s regional and language settings, and device identifiers such as IP address. When you visit and interact with the Platform, the Company may collect certain information automatically through cookies or other technologies, including, but not limited to, the type of computer or mobile device you use, your mobile device’s unique device ID, the IP address of your computer or mobile device, the type(s) of internet browser(s) you use, and information about the way you use the Platform ("Device Information"). We may use the Device Information to monitor the geographic regions from which users navigate the Platform and for security and fraud prevention purposes.
(c) Google Analytics: We use "Google Analytics", a web analytics service provided by Google, Inc ("Google"). Google Analytics collects information such as how often users visit the Platform, what pages they visit when they do so, and what other sites they used prior to coming to the Platform. We use the information from Google Analytics to improve the Platform, understand user behaviour and optimise user experience.
Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other information which may identify you. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Further information concerning the terms and conditions of use and data privacy can be found at Google Analytics Terms of Service or at the Google Analytics Privacy Overview; and
(d) Matomo Analytics: We use "Matomo Analytics", an open-source web analytics service provided by Matomo. Matomo Analytics collects information such as how often users visit the Platform, what pages they visit when they do so, the user’s geographical location, the device used to access the site and what they are viewing on the pages. We use information from Matomo Analytics to improve the Platform, understand user behaviour and optimise user experience.
(e) Cookies: Kindly click here for a copy of our Cookie Policy.
(collectively together with (a)-(h) above, "Personal Data").
As the accuracy of your Personal Data depends largely on the information you provide to us, kindly inform us as soon as practicable if there are any errors in your Personal Data or if there have been changes to your Personal Data.
4. Data Processing
We will Process the Personal Data that you have provided to us for various purposes, including but not limited:
(a) to conduct legitimate business activities such as (including without limitation to) promotion, sales to customers, customer support, receiving payments, entering into contractual agreements, contracting with third party service providers, identifying investigators for clinical trials, preventing fraud, and procuring goods or services;
(b) to provide information and advertising, such as digital advertising or direct marketing, about goods, services, and products that we think may be useful, relevant, or of interest to you and measure the effectiveness of these communications;
(c) to send you marketing information about our products / goods or services including notifying you of our marketing events, contest, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions (if any);
(d) to evaluate a user’s candidacy, such as when processing an application for an opening within the Company;
(e) to conduct research and development, including to improve existing products and services and to develop new ones;
(f) to provide, maintain, develop, and improve our digital properties, including the Websites;
(g) to maintain, improve, and investigate the security of our systems and digital properties;
(h) to operate and make available the Platform;
(i) to verifying your identity;
(j) for internal administrative / record purposes;
(k) to comply with any applicable laws, regulations, codes of practice, guidelines, or rules, statutory and government requirements or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authorities;
(l) to perform obligations in the course of or in connection with our provision of the products / goods and/or services requested by you;
(m) to administer surveys, lucky draws, promotions or contests;
(n) to contact you and deliver (via email, SMS, push notifications or otherwise) administrative notices, marketing notifications, offers and communications relevant to your use of the Platform;
(o) for internal market research and to analyse the Platform’s usage as necessary so as to improve the Platform to grow our business;
(p) to manage risk, fraud, and other illegal activities; maintain our records and other administrative purposes;
(q) to enforce our Terms and our legitimate interests in ensuring our Agreement is complied with; and
(r) such other purposes as we deem necessary or appropriate from time to time.
5. Disclosure and Processing
Please note that it may be necessary for us to disclose your Personal Data:
(a) to our affiliates, sister companies, related corporations, subsidiaries and business;
(b) where required by any regulatory authority of a competent jurisdiction, such as Bank Negara Malaysia or Personal Data Privacy Commission and other statutory bodies;
(c) to Third Parties who may receive the Personal Data to Process such data under appropriate instructions as necessary for the processing purposes described above, including without limitation to [•]:
Third Party Purpose Data Shared
Payment Gateways Process transactions, prevent fraud. Billing Data, Contact Data
Shipping/Logistics Deliver orders (e.g., DHL, Ninja Van). Name, Address, Phone
Marketing Platforms Run ads (Meta, Google Ads), send emails (Brevo). Email, Device Data, Transaction History
Contest Fulfillment Agencies Ship prizes, verify winners (e.g., Lazada, Shopee voucher distributors). Name, Address, Contact Details
WhatsApp Automation Tools Send loyalty program reminders (e.g., Twilio, WhatsApp Business API). Phone Number, Purchase History
Cloud/IT Providers Host data securely (AWS, Google Cloud). All data (encrypted)
(d) These Third Parties are and will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard your Personal Data, and to process the Personal Data only as instructed.
(e) to discharge any legal obligation imposed on us by law or pursuant to an order of a court of competent jurisdiction;
(f) to ensure the smooth functioning of the Platform;
(g) in the event of a merger, acquisition or sale of our Company and business (or part thereof), your Personal Data may be disclosed to potential or actual buyers or sellers;
(h) if we deem that such disclosure is necessary to prevent or mitigate a serious and imminent threat to your life or health or the life or health of another person.
6. Cross-Border Transfers of Personal Data
We may need to transfer your Personal Data to our affiliates, sister companies and/or the Third Parties located in Singapore, Indonesia and Philippines. Where we do make such transfers, where the personal data protection standard may be inferior to those under the PDPA, for and in respect of the purposes set out in Clause (4) above. If we do so, we will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
7. Retention of Personal Data
We will retain your Personal Data for the period necessary to fulfill the purposes set out in Clause (4) above in this Privacy Policy unless a longer retention period is required or allowed by law. Once the processing purposes of your Personal Data as set out in Clause (4) have been completed or no longer necessary or we no longer have a legal or business purpose for retaining your Personal Data, we shall take steps to erase, destroy, anonymise or prevent access or use of such Personal Data for any purpose other than compliance with this Privacy Policy, or for purposes of safety, security, fraud prevention and detection, in accordance with the requirements of applicable laws. To the extent possible, we will restrict the processing of your Personal Data for such limited purposes.
8. Security Measures
We take your Personal Data very seriously and are committed to protecting your Personal Data. As such, to safeguard your Personal Data from any unauthorised access, collection, theft, use, disclosure or similar risks, we have introduced appropriate administrative, physical and technical measures such as authentication and access controls (such as good password practices, need-to basis for data disclosure for data disclosure, et cetera), encryption of data, data anonymisation, up-to-date antivirus protection, employing firewalls and intrusion detection systems, and conducting periodic assessments of our security measures to identify and address vulnerabilities.
Despite our best efforts, it is important to acknowledge that no security measures are completely secure. Whilst we take reasonable precautions to protect your Personal Data, we cannot guarantee the security of any Personal Data that you transmit to us or that we store. We are not responsible for the unauthorised use of your information nor for any lost, stolen, or compromised passwords, or for any activity on your account via unauthorized password activity. We recommend you take steps to protect your own Personal Data, such as using strong and unique passwords, not sharing your login credentials, not recycling your passwords from other websites and being cautious when sharing personal information online (e.g., if you share a computer, you should sign out of the Platform and close the browser window before someone else logs on to protect your information entered on public terminals from disclosure to third parties, if applicable.
9. Your Rights - Access to Personal Data, Limiting Processing and Variation
As a User whose Personal Data is Processed by us, you have the right to request access and/or to correct your Personal Data and/or limit the Processing and/or withdraw your consent thereof at any time hereafter in line with the PDPA and/or any applicable data protection law. If this is the case, we will inform you of the consequences in further detail depending on the specific Personal Data. You are also requested to correct and/or amend your Personal Data to the extent you realise it is incorrect. With respect to all of the above, you may:
(a) check whether we hold or use your Personal Data and request access to such data;
(b) request that we correct any of your Personal Data that is inaccurate, incomplete or out-of-date;
(c) request restrictions on the Processing of your Personal Data;
(d) request that your Personal Data is retained by us only as long as necessary for the fulfilment of the purposes for which it was collected; and
(e) withdraw, in full or in part, your consent given previously, in each case subject to any applicable legal restrictions, contractual conditions and a reasonable time period as well as the consequences as mentioned above.
Please address all requests and/or questions and/or concerns which you may have regarding the subject matter and contents of this Privacy Policy to:
[email protected]
10. Changes to this Privacy Policy
The Company reserves the right to update and amend this Privacy Policy from time to time and the Company will notify you of any material changes by way of a general notice via e-mail. We encourage you to review this Privacy Policy periodically. By continuing to use the Platform or continuing to allow us to retain or Process your Personal Data following any such changes to our Privacy Policy, you shall be deemed to have accepted such changes unless you expressly notify us otherwise in writing (except to the extent we are required to make such changes in accordance with applicable laws). If you do not accept the updates to this Privacy Policy, you should stop using the Platform.
