Privacy Policy

Last Updated: 20 April 2026

Maison Velvetia (“we,” “us,” or “our”) is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) and the Personal Data Protection (Amendment) Act 2024 of Malaysia. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website (maisonvelvetia.com) or make a purchase from us.

By using our website or placing an order, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

1. Personal Data We Collect

We may collect the following categories of personal data:

Information you provide directly:

  • Full name
  • Email address
  • Phone number
  • Shipping and billing address
  • Payment information (processed securely through third-party payment gateways — we do not store credit card details)
  • Account login credentials
  • Communications you send to us (enquiries, feedback, support requests)

Information collected automatically:

  • IP address and browser type
  • Device information and operating system
  • Pages visited, time spent, and navigation patterns on our website
  • Anonymised session recordings and heatmaps captured through Microsoft Clarity (sensitive input fields such as passwords and payment details are automatically masked)
  • Cookies and similar tracking technologies (see our Cookie section below)

Information from third parties:

  • Payment verification data from payment processors
  • Delivery status updates from shipping partners

2. How We Use Your Personal Data

We process your personal data for the following purposes:

  • To process and fulfil your orders, including shipping and delivery
  • To communicate with you regarding your orders, enquiries, and customer support
  • To create and manage your account on our website
  • To process payments securely through our payment partners
  • To send you marketing communications, promotions, and product updates (only with your explicit consent — you can opt out at any time)
  • To improve our website, products, and services based on usage patterns
  • To comply with legal obligations, including tax and regulatory requirements
  • To prevent fraud, protect security, and enforce our terms

3. Your Consent

By providing your personal data to us, you consent to the collection, use, and disclosure of your data as described in this Privacy Policy. For marketing communications, we will seek your explicit opt-in consent separately.

You may withdraw your consent at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Contacting us at [email protected]
  • Updating your account preferences on our website

Please note that withdrawing consent may affect our ability to provide certain services to you.

4. Disclosure of Your Personal Data

We do not sell, rent, or trade your personal data to third parties. We may share your data only with the following categories of service providers, each bound by data processing agreements:

  • Payment processors (e.g., Stripe, Revenue Monster) to process your transactions securely.
  • Shipping and logistics partners (e.g., courier services) to deliver your orders — only your name, phone number, and shipping address are shared, with no product details disclosed on the package.
  • Email marketing platformKlaviyo Inc. (United States), which manages our subscriber list, sends transactional and promotional emails on our behalf, and measures email engagement. Klaviyo is certified under the EU-US Data Privacy Framework and applies equivalent safeguards to Malaysian subscribers. You can unsubscribe from marketing emails at any time via the link in any email.
  • Website analytics providersGoogle LLC (Google Analytics 4 / GA4) and Microsoft Corporation (Microsoft Clarity), which help us understand aggregate website usage, traffic sources, and user-experience issues. Both process anonymised or pseudonymised identifiers only; Microsoft Clarity automatically masks sensitive input fields.
  • Cloud service providers that host our website and store data on our behalf, subject to strict data protection agreements.
  • Government authorities or law enforcement if required by law, court order, or regulatory obligation.

All third-party service providers are contractually required to protect your personal data in accordance with the PDPA.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted through our website
  • Secure, encrypted payment processing through PCI-compliant payment gateways
  • Restricted access to personal data on a need-to-know basis
  • Regular security reviews and updates of our systems

While we take reasonable precautions, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Order and transaction data: Retained for 7 years as required by Malaysian tax regulations
  • Account data: Retained for as long as your account remains active, plus 12 months after account deletion
  • Marketing preferences: Retained until you withdraw consent
  • Website analytics data: Retained in anonymised form

You may request deletion of your personal data by contacting us. We will process your request in accordance with the PDPA, subject to any legal retention obligations.

7. Your Rights Under the PDPA

Under the Personal Data Protection Act 2010 (as amended), you have the following rights:

  • Right of Access: You may request access to the personal data we hold about you
  • Right to Correction: You may request correction of any inaccurate, incomplete, or outdated personal data
  • Right to Prevent Processing: You may request that we stop processing your personal data if it is likely to cause damage or distress
  • Right to Prevent Direct Marketing: You may opt out of receiving marketing communications at any time
  • Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 21 days.

8. Cookies

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device. We use:

  • Essential cookies: Required for website functionality (e.g., shopping cart, login sessions)
  • Analytics cookies: Help us understand how visitors interact with our website — specifically Google Analytics 4 (GA4) for traffic analysis and Microsoft Clarity for anonymised session recordings and heatmaps. Clarity automatically masks sensitive input fields (passwords, credit cards).
  • Marketing / email cookies: Used by Klaviyo to attribute email campaigns to website activity, and to deliver relevant advertisements (only with your consent)

You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect website functionality.

9. Cross-Border Data Transfer

Some of our service providers may process your data outside of Malaysia (e.g., cloud hosting, payment processing, email marketing via Klaviyo in the United States, analytics via Google in the United States, and session recording via Microsoft). In such cases, we ensure that adequate safeguards are in place in accordance with the PDPA’s requirements for cross-border data transfers, including ensuring the receiving jurisdiction provides an equivalent level of data protection.

10. Children’s Privacy

Our products and website are intended for individuals aged 18 and above. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised “Last Updated” date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Maison Velvetia
Email: [email protected]
Website: www.maisonvelvetia.com

For complaints regarding the processing of your personal data, you may also contact the Personal Data Protection Department (Jabatan Perlindungan Data Peribadi) at www.pdp.gov.my.

Our bestsellers:
SHOPPING BAG 0
RECENTLY VIEWED 0