Policies

Privacy Policy

How we handle your personal data, in line with Malaysia's Personal Data Protection Act 2010.

Last updated: 5 May 2026

Who We Are

This website (limb.evin2u.com) is operated by AA Alive Sdn Bhd (Company No. 1204108-D), trading as Evin Limb Specialist. Our registered address is Lot 1, Jalan Perusahaan 4, Kawasan Industri Batu Caves, 68100 Batu Caves, Selangor, Malaysia. We are the data controller responsible for the personal data described in this policy.

Personal Data We Collect

We collect only the data we need to operate the store and serve you:

  • Account information — name, email address, phone number, and a hashed password when you register an account.
  • Delivery information — recipient name, phone, and shipping address for each order.
  • Order history — products purchased, dates, totals, and order status.
  • Reviews — any rating, comment, or optional reviewer details (such as profession or institution) you choose to submit.
  • Communications — messages you send us via WhatsApp, email, or our contact form.
  • Technical data — IP address, browser type, device type, and pages visited, collected automatically through cookies and standard server logs.

We do not store your full credit card or bank details. Payments are processed directly by our payment partner, Billplz, on their secure infrastructure.

How We Use Your Data

  • To process your orders, take payments, and arrange delivery.
  • To provide customer service, respond to enquiries, and handle returns or refunds.
  • To maintain your account and let you view your order history and saved addresses.
  • To prevent fraud and protect the security of our website and customers.
  • To meet our legal, accounting, and tax obligations.
  • To improve our products and website experience using aggregated, non-identifying analytics.

We process your data on the legal bases of contract performance (to fulfil your order), legitimate interests (to run and secure our business), legal obligation (to comply with Malaysian law), and consent where required.

Who We Share It With

We never sell your personal data. We share it only with trusted service providers who help us run the store:

  • Payment processing — Billplz Sdn Bhd, to take and confirm online payments.
  • Courier and logistics partners — to deliver your orders to your address.
  • Cloud hosting and database providers — Vercel and Supabase, who host our website and store data on our behalf.
  • Analytics providers — to understand aggregate website usage.
  • Government, regulatory, or law enforcement bodies — only when legally required.

Some of these providers may store data on servers outside Malaysia (for example, Singapore). Where this happens, we ensure they apply protections at least equivalent to those required under the PDPA.

Cookies

We use cookies and similar technologies to keep you signed in, remember items in your cart and wishlist, and measure how visitors use the site. You can disable cookies in your browser settings, but parts of the site (such as checkout) may not work correctly without them.

How Long We Keep Your Data

  • Account data — for as long as your account is active. You can request deletion at any time.
  • Order and transaction records — at least 7 years, to meet Malaysian tax and accounting requirements.
  • Server logs and analytics — typically 12 months.

Your Rights Under the PDPA

Under the Personal Data Protection Act 2010, you have the right to:

  • Access the personal data we hold about you.
  • Correct any inaccurate or incomplete information.
  • Withdraw consent for any processing that relies on consent, at any time.
  • Limit our use of your data for direct marketing purposes.
  • Request deletion of your data, subject to our legal retention obligations.

To exercise any of these rights, contact us using the details below. We will respond within 21 days as required by the PDPA.

Data Security

We protect your data with industry-standard measures, including HTTPS encryption for all traffic, hashed (never plain-text) passwords, restricted database access, and regular security updates. No system is perfectly secure, but we work hard to reduce risk and will notify affected users promptly if a breach occurs.

Children

Our website is not directed at children under 13, and we do not knowingly collect personal data from them. If you believe a child has submitted data to us, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top of the page will reflect any changes. Significant changes will be communicated via email or a notice on the website.

Contact Us

If you have any questions about this policy or how we handle your data, please contact us or reach us via WhatsApp at +60 14-373 2070, or by email at contact@evin2u.com.