Privacy Policy
1. Introduction
At Eng Kah Group, accessible via eng-kah.com, we are firmly committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data. We value transparency and accountability in our data processing activities, and this policy reflects our dedication to ensuring your data is handled in accordance with the highest legal and ethical standards, including those established under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users, customers, and visitors who interact with our website, products, and services, whether through eng-kah.com or other means of communication. For GDPR purposes, Eng Kah Group is the Data Controller responsible for determining the purposes and means of processing your personal data.
By accessing or using our website and services, you acknowledge and agree to the terms of this policy.
3. Categories of Data We Process
We may collect and process various categories of personal data, either directly from you or through automated means:
a) Usage Data
Includes information such as your IP address, browser type, operating system, referral source, pages visited, time zone settings, and interaction data (clickstream).
b) Account Data
Includes personal identifiers used to create or manage an account or place an order, such as your full name, email address, physical address, and phone number.
c) Profile Data
Includes data related to your preferences, past purchases, browsing behavior, feedback, and responses to surveys or promotional campaigns.
d) Communication Data
Includes correspondence through email or any other communication method with our support or contact teams, including contact forms and chat histories.
e) Technical Data
Includes technical information about the devices you use to access our website, such as device identifiers, hardware model, system configuration, and software versions.
f) Transaction Data
Includes payment information (processed through secure third parties), billing addresses, delivery addresses, and details regarding purchases and order fulfillment.
g) Preference Data
Includes your consent to receive marketing communications, language preferences, product categories of interest, and opt-in or opt-out statuses.
4. Legal Bases for Processing
Our processing of your personal data is grounded in one or more of the following lawful bases:
– Contractual Necessity: When processing is required to perform contractual obligations (e.g., order fulfillment, customer support).
– Legitimate Interest: Where necessary, we process data to operate our business effectively and improve our services, provided that such interests are not overridden by your rights.
– Consent: We rely on your explicit consent for processing sensitive data, direct marketing communications, or cookies (as applicable).
– Legal Obligation: In cases where we must comply with applicable laws, regulations, legal proceedings, or governmental requests.
5. Your Rights
Subject to applicable law, you may exercise the following rights regarding your personal data:
– Right of Access: You have the right to obtain confirmation of whether we process your data and access to that data.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: In certain cases, you may request the deletion of your data (also known as ‘the right to be forgotten’).
– Right to Restrict Processing: You may request the restriction of processing where permitted by law.
– Right to Data Portability: You are entitled to receive your personal data in a structured, commonly used format and transmit it to another data controller.
– Right to Object: You may object to data processing where we rely on legitimate interest or direct marketing.
Requests to exercise these rights can be made by contacting us at [email protected].
6. Security Measures
We have implemented a combination of technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, including:
– Standard encryption protocols (TLS/SSL) across our website
– Strict access control policies and user authentication
– Regular backups and disaster recovery protocols
– Staff training and internal compliance procedures
– Monitoring and audit logging of systems handling sensitive data
7. International Transfers
Where your personal data is transferred outside of your country of residence (e.g., outside the European Economic Area), such transfers are conducted in compliance with applicable data protection laws. We use appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, and ensure adequate levels of protection in recipient jurisdictions.
8. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected or to comply with legal, contractual, or regulatory requirements.
– Usage Data: Retained for up to 2 years for analytics and troubleshooting.
– Account Data: Retained for 7 years after account closure or last activity.
– Transaction Data: Retained for 7 years in compliance with financial regulations.
– Communication Data: Retained for 3 years to manage ongoing relationships and maintain support history.
– Preference and Marketing Data: Retained until consent is withdrawn or a request for deletion is received.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance user experience, analyze trends, and deliver personalized content. We categorize cookies as follows:
a) Essential Cookies
Mandatory for the website’s functionality and security (e.g., session management, navigation).
b) Functional Cookies
Enable enhanced performance and remember preferences (e.g., language, browsing settings).
c) Analytics Cookies
Help us understand visitor behavior, measure traffic, and improve site content (e.g., Google Analytics).
d) Performance Cookies
Used for optimizing site speed, load balancing, and user interface responsiveness.
10. Cookie Management & Compliance
Upon first access to our website, you are presented with a cookie consent tool that complies with GDPR and CCPA. You may customize cookie settings or withdraw your consent at any time by using the cookie banner or browser settings. California residents may use the “Do Not Sell My Info” link to opt out of data sharing under the CCPA.
11. Children’s Privacy
Our website and services are not directed to or intended for children under the age of 13. We do not knowingly collect or process personal data from individuals under 13. If we discover that a user is under 13, we will immediately delete any related personal data and restrict access.
12. Policy Updates and Notifications
We may revise this Privacy Policy as needed to reflect changes to our practices, legal obligations, or operational requirements. Users will be notified of material changes through our website or, where appropriate, via email notification. Continued use of our services after any such changes signifies acceptance of the updated policy.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at:
Eng Kah Group
Email: [email protected]
Website: https://eng-kah.com
We are committed to full compliance with applicable data protection laws and welcome any inquiries regarding our privacy practices.