Boutique Center

010-9191-300 | contact @qb.com.my

Login | Register | FAQ | Contact Us

Privacy Policy

This Policy is applicable to the qalbybeauty.com.my website (“Website”) and all related applications, platforms and digital version of the website including any e-invoicing or equivalent platform (“Platform”).

Foreword and Purpose
Confidentiality and security of your personal data are important to us. We are committed to offering you personalized services while respecting and protecting your privacy, rights and choices.

The purpose of this Privacy Policy (also referred to as “Policy”) is aimed at informing you in a transparent, simple and comprehensive manner about the processing of the personal data that you provide or that we collect through the different touchpoints you use to interact with us (e.g. in store, Customer Department, dior.com, social media, digital apps, events, e-invoicing platform, about their possible transfer to third parties, as well as your rights and options to control your personal data and protect your privacy. In this Policy, you will find information on: 

  • Who we are
  • What data we can collect about you
  • How we collect or receive your data
  • For what purposes we use it
  • How long we can keep it
  • Who can access your data
  • How we protect it and keep it confidential
  • How we address cross-border protection
  • How we address consumer preferences and individual rights;How we protect children’s privacy
  • The management of cookies on qalbybeauty.com website

Modification of this Privacy Policy
Specific provisions of and relating to any e-invoicing platform/s created, operated and/ or managed by us in connection with the qalbybeauty.com.my Website and Platform. All references to “Website” hereinafter shall include a reference to the Platform. All references to “Qalbybeauty.com.my” or “dior.com” shall include a reference to the Website. 

Who are we? 
When we say “Dior”, “PCD”, “Parfums Christian Dior”, “us”, “our”, “we” or words derived therefrom, we refer to: LVMH Perfumes And Cosmetics (Malaysia) Sdn. Bhd. (“Company”), a limited company governed by Malaysian law whose principal place of business is at No. 3A-3, Level 3A Menara Milenium, 8, Jalan Damanlela, Bukit Damansara – 50490 Kuala Lumpur / Malaysia, registered with the Companies Commission Malaysia with the company registration number 199401013101 (298780-T); each of the Company’s respective related corporations (as the term is defined in the Companies Act 2016), affiliates and associated companies (including The House of Christian Dior Couture and The House of Parfums Christian Dior) (“Affiliates”, “affiliates” or “group companies” hereinafter). This Policy is therefore issued by the Company on behalf of its affiliates to you; and accordingly, those terms are also references to the relevant Company and/ or its Affiliates responsible for processing your personal data. We are the data user under the Malaysian Personal Data Protection Act 2010 with regard to the processing of your personal data (hereinafter “PDPA”). 

What data may we collect about you?
“Personal data” means any information that could identify you either directly (e.g. your name) or indirectly (e.g. through a unique client ID number). The personal data we collect depends upon the touchpoint of our interaction, and is also limited to that which is relevant and appropriate for the interaction. Website visitors who browse the Website and view our products, information and offerings can choose to do so without identifying themselves, and the same applies to in-store and social media browsing. Unless you choose to interact with us via those touchpoints, such as by making a purchase on our site, signing up for one of our programs or services, or posting a comment or a like online, our data collection is limited to the use of ‘cookies’ for website visitors. For customers and other individuals who sign up for programs or services, we must collect certain relevant information from you. The information we collect is related to the particular transaction as well as our overall relationship with you. For example, if you make purchases from the Website or in our stores, we must collect information to process (and, if relevant, fulfil and ship) your order. For customers and other individuals who sign up for our programs or services, we generally collect your contact details, contact preferences, and information that will allow us to make recommendations to you about our products or services that may be of interest. We may centralize the information pertaining to our customers so that we have it organized in one place, as this helps us manage our relationship with you as well as your choices and preferences. Depending on the data you provide or share with us, the type of personal data that we may collect and process may include information related to: Your identity (e.g. name, age, gender, date of birth, citizenship, nationality, race, identification card passport details) and your contact details (e.g. email address, phone number)Your interests and personal preferences. Your purchases (in store or online, including your orders, tracking numbers and your purchase invoices, the amount and type of your purchase) Payment information such as information in relation to your credit card, debit card and/or other payment details. Your online journeys with us (e.g. when you are using dior.com, our official social media pages, our partner websites and databases), specifically information ascertained about you (e.g. your profile picture, photos, likes, location and friend list). Your requests or information which you have communicated through our customer department or our public relations department (whether in written or verbal form) or provided by you in connection with your interaction with us The Dior events you attend Specific health data (e.g. skin and physical condition) if you notify us of any undesirable side-effects concerning any of our products. Any such information as we deem necessary or appropriate from time to time in connection with your dealings and/or relationships with us. Publicly available or publicly accessible information about you. Regarding your purchases, your bank details are encrypted through Dior servers. Payments are made via a secure payment platform PCI-DSS certified, supplemented by control measures, to ensure the security of purchases made and to fight against fraud. The personal data essential to Dior is usually indicated by an asterisk on each personal data collection form and it is obligatory for you to provide us with the requested information. If you do not provide the data marked with an asterisk, this may affect our ability to provide you with the requested products and/or services and our ability to enter into the necessary agreement in relation to the provision of our products and/or services to you. Other information is optional and allows us to know you better and to improve our communications and services to you. Failure to agree for us to process your personal data for marketing purposes will result in us and/or our selected authorised third parties from becoming unable to send you information by e-mail, mail, telecommunication means (telephone calls, SMS, MMS) concerning related and unrelated products and services by us and our affiliated business partners which we consider will or may interest you. We invite you to keep us regularly informed in writing of any change in your contact details by contacting us using the details provided under the section titled “Contact Us” below. By further example of the data we may collect from you, and without limiting the provisions above, please refer to the table below: 

  • Identity Data | includes first name, last name, address, username or similar identifier, marital status, title, date of birth and gender 
  • Contact Data | includes billing address, delivery address, location, email address and/or telephone numbers, social media accounts
  • Financial Data | includes bank account and payment card details, payment history
  • Transaction Data | includes details about payments to and from you and other details of products and services you have purchased from us
  • Technical Data | includes internet protocol (IP) address, your login data, browser type and version, make and model (mobile phones only), operating system, hardware version, platform, device settings and other technology identification on the devices used to access the Platform, file and software names and types, device identifiers, time zone setting and location, device locations such as through GPS, Bluetooth or WiFi signals, browser plug-in types and versions, operating system and platform, connection information such as the name of your mobile operator or ISP, browser type, language and time zone and IP address
  • Profile Data | includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses
  • Usage Data | includes information about how you use the Platform including redemption of our offers, how you use your devices to access the Platform, including the screens you visit and searches you make through the Platform 
  • Sensitive Personal Data | includes details about your religion
  • Other Data | includes
    • photos or bio-metric data of you;
    • (b) information materials or data uploaded onto the Platform by you or shared with other users of the Platform via the Platform;
    • (c) communications with us via social media platforms, email, electronic messages and other electronic and non-electronic communications;
    • (d) third party partner information related to how you use our third party partners’ products/services, such as your reviews of our merchant partners or other service providers;
    • (e) your networks and connections made available to us, depending on the permissions you have granted, from your mobile and desktop devices’ address book contacts, and other social media such as WeChat, Facebook, Instagram, Pinterest and Twitter; and
    • (f) other personal data which is submitted or made available by you to us from time to time and all other personal data we again collect from you on any subsequent occasion
  • Marketing and Communications Data | includes your preferences in receiving marketing messages from us and our third parties and your communication preferences

How do we collect or receive your personal data?
We may collect certain data via the following touchpoints:

  • when you are using Dior.com, specifically when you register an account with us, and/or purchase products through our website and/or interact with us through our Website or our affiliate’s websites
  • when you visit us through our physical stores or counters (including our corners, pop-up stores and boutiques in department stores)
  • when you attend Dior events
  • when you engage or contact with our Public Relations Department or Customer Department
  • when you fill in and/or complete our forms (in store or online)
  • when you use our digital apps
  • when you participate any relational program in relation to us which you benefit from
  • when you visit Dior social media pages (including your comment/like)
  • your social media pages on which you post Dior content or comments
  • when you click on Digital Media Advertising which is relevant to Dior
  • when you click on Search Engines Paid Advertising which is relevant to Dior
  • when you share information with third party data providers
  • you consent to receiving our communications (through email, telecommunication means (such as SMS, MMS), mail or social media platforms)
  • when you inquire about, register for or participate in any events, surveys, promotions, contests, tournaments, competitions, programmes (including loyalty programmes) and other activities organised or sponsored by us or on our behalf (“Programmes/Events”);
  • when you participate and/or answer our surveys or satisfaction questionnaire

through automated technologies or interactions. As you interact with the Platform, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect Technical Data by using cookies, server logs, web beacons, and other similar technologies. We may also receive Technical Data about you if you visit the Platform employing our cookies. 

Through third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below: (i) Technical Data from: analytics providers; advertising networks; search information providers; or third parties we contract with and/or their subsidiaries and affiliates to provide you a service. (ii) Contact Data, Financial Data and Transaction Data from providers of technical, payment and delivery services; (iii) Identity Data and Contact Data from data brokers or aggregators; and/ or (iv) Identity Data and Contact Data from publicly availably sources. 

To the extent that you disclose to us any personal data of another individual, we shall assume, without independent verification, that you have obtained such individual’s consent for the disclosure of such personal data as well as the processing of the same in accordance with the terms of this Policy. We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data under the PDPA as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Platform feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy. We may, where necessary for the purposes under this Policy, transfer your personal data to a place outside of Malaysia and you hereby give your consent to the transfer by using the Website or making any request for e-invoicing relating to your purchases of Dior products, whether through the Website or in person at our physical point-of-sale locations. 

For what purpose are your data used by Dior?
As part of our relationship, we will use your personal data that you have provided to us for various purposes, including but not limited to the following:

  • manage your orders
  • manage the personalized content and communications with Dior (digital or otherwise)
  • manage your account and profile
  • manage your relational program
  • manage your requests or any complaints with Dior that you may send us via our website, our customer services department or on our social media pages
  • manage Dior events which you register for / attend
  • manage alerts you send us as part of our cosmetovigilance obligations (if any)
  • manage our website and our digital apps
  • manage and improve our products and services, image and reputation.
  • manage payments (securisation of online transactions, fraud prevention, payment incidents and debt collection)
  • manage our tailored services (such as your beauty consultation services with us)
  • manage your browsing via cookies
  • manage your access to your customer account, processing and tracking your orders compliance with legal obligation or is required by law (e.g. retention of purchase invoices, cosmetovigilance for our products)
  • improve our products and services, prevent fraud, secure our tools or tailor our communications management of our marketing purposes, the use of your personal data for purposes of research
  • send you information concerning our offers, news and events fulfil any purpose directly related to the above purpose.
  • redirect you to any Platform
  • general any electronic invoices for and in connection with your purchases

form a view on what we think you may want or need, or what may be of interest to you, which is how we decide which products, services and offers may be relevant for you (we call this marketing). For completeness, you will receive marketing communications from us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you enrolled in any loyalty program, entered any competition or registered for any promotion and, in each case, you have not opted out of receiving that marketing.

For how long may we keep it?
We will not retain personal data longer than is necessary for it to comply with its legal obligations. We only keep your personal data for as long as we need it to reach the purpose pursued, to meet your needs, or to comply with our legal or business obligations. As a general principle, your personal data will be retained in our client database:

  • If you are a “client” (i.e. you have already purchased a Dior product): for no more than 10 years after your first purchase for customer relationship management, but no more than 5 years for business development; this period will be renewed each time you interact with Dior (e.g. a purchase)
  • If you are a “prospective client” (i.e. you have never purchased a Dior product but you are interested in Dior brand): for no more than 3 years; this period will be renewed each time you interact with Dior (e.g. when participating in an event)
  • If you are in contact with the Public Relations department: for no more than 10 years after initial contact; this period will be renewed each time you interact with Dior (e.g. when requesting information from us)

Where cookies are placed on your computer or digital devices, we generally keep them for no more than 13 months. When we no longer need to use your personal data, our objective is to have them removed from our systems and records or anonymised so that you can no longer be identified from it.

WHO may access your data?
Your personal data are for the provision of Dior goods and services to you, or for your access, use and browsing of the Website. We use our best endeavours to ensure that only duly authorised persons can access your personal data when necessary for the above-mentioned purposes. We do not give your data to third parties unless you have consented for us to do so or it is legally permissible by laws. We may also disclose data pertaining to you to third parties in order to comply with legal, regulatory, or conventional obligations, or in response to requests from competent authorities. We communicate your personal data only where necessary, however, for purposes in connection with your user experience and your use of the Website, your personal data may also be communicated to the following persons but, to the extent practicable, we endeavour to communicate them in a form that does not contain a direct identification of you:

  • any of our related and associated companies, affiliates and subsidiaries, including any other Dior entity and any entities within the LVMH Group. “LVMH Group” means (i) LVMH • Moet Hennessy • Louis Vuitton Group; and (ii) AGACHE SE.
  • Our trusted third-party suppliers, including other entities of the LVMH Group, acting as processors according to our instructions and solely on our behalf. For example, we entrust certain services to third parties in charge of managing cosmestic vigilance alerts, third parties who assist us in the organisation of our events, third parties providing IT services, digital communication and public relations agencies, third parties who assist us with customer service and logistics services.

Department stores in which you buy our products. Our trusted third-party partners, vendors, service providers, agents, contractors and sub-contractors. For example, logistics service providers (including those who assisting us in the management of your orders. For example, we entrust certain services to third parties in charge of delivering you a product), payment service providers, providers securing transactions against fraud, marketing solutions service providers, marketing and commercial prospection management service providers via social media, customer service providers, event organisation service providers and our auditors, consultants, accountants, lawyers or other financial or professional advisers. Please note that these partners may act as data controller; in such case, they have their own privacy policies. Third parties in the event of a change of control, for legal reasons, or with your prior consent. You may also choose to disclose your personal data to our partners, advertisers or affiliates by following a link to and from their websites. Please note that these websites have their own privacy policies and that we have no control over how they may use your personal data. We may also offer you the opportunity to use your social media login. Please be aware that in this case you are sharing your profile information with us. The personal data shared depends on your social media platform settings. Please note that these social networks have their own privacy policies. Where data is shared with third parties, we use our best endeavours to ensure those third parties are reputable and have a privacy policy in place to protect your personal data. Please note that these third-parties may act as data controllers; in such cases, they have their own privacy policies. These third parties include but are not limited to: 

  • Third parties in the event of a change of control, for legal reasons, or with your prior consent
  • Third parties wishing to know your main interests to constitute similar audiences and target prospects that match your profile. In the context of this specific data processing, Dior is not the Data Controller relating to prospecting and you will not be subject to prospecting, your data is only used to constitute profiles similar to yours
  • Third parties conducting statistics on our performance on social networks on our behalf
  • Third parties such as IAS (International Accreditation Service), which assists us, for example, in finding out the exposure rate of our created formats. For more information, their privacy policy is available here

Some examples of third parties that we may engage may include: WeChat, Facebook, Google, Instagram, Tiktok, Snapchat, Bing, Pinterest, Twitter (X)

How do we protect it and keep it confidential?
We have adopted precautions to protect your data from loss, misuse, alteration, destruction or access by unauthorised third parties. We may also be required by our partners and group companies to uphold a similar level of protection for your data. The measures are evaluated and updated to address new threats and challenges, as well as new legal requirements in the countries where we operate. In creating your account on the Website, entering a personal password complying with our security requirements is compulsory and part of our privacy policy.

How do we address cross-border protections?
Because Dior operates in many countries across the world, some of your data may be transferred to, processed, collected, accessible and/or stored outside of Malaysia. You should know that the data protection and security requirements differ from place to place, and may not offer the same level of protection as those in your home country. Nevertheless, Dior and our group companies have taken steps to ensure an adequate level of protection of your data irrespective of where it is located, such as by using data transfer methods approved by the European Commission (where the data protection laws are considered to be the strongest worldwide). We also require our third-party partners to fulfil applicable data transfer obligations in relation to the personal data that they receive on our behalf. We also refer to other relevant provisions throughout this Policy which refer to and are relevant to the cross-border transfer of your personal data. 

How are consumer preferences and individual rights addressed?
In accordance with the PDPA, other applicable laws and requirements, Dior and its affiliates have put in place measures to fulfil the rights of individuals in relation to the personal data that we (or our third parties) hold about them as required under the PDPA. This includes the following: The right to be informed: you have the right to obtain clear, transparent and easily understandable information about how we use your personal data, and your rights. You will find all this information in this Policy. The right of access: you have the right to know about the data we hold about you or to obtain a copy. The right to request for correction / rectification: you have the right to have your personal data rectified if it is incorrect or outdated and / or completed if it is incomplete. The right to withdraw or limit the processing of your data: you can limit or withdraw your consent to our processing of your data when such processing is based on consent. The right to object to direct marketing: you can unsubscribe or opt out of our direct marketing communication at any time. You are able to do so by clicking on the “unsubscribe” link in any email or communication we send you. You are also able to request to receive non-personalised communications about our products and services.

We encourage individuals who have entrusted their data to us to keep it current (such as if you change your email address, address or phone number), so that we have your correct information on file. We also encourage consumers to update their preferences with us, such as in relation to products and the frequency of contacts, so that we can personalize our service to your expectations and needs. Finally, we offer individuals the right to withdraw consent from our programs and offerings at any time. To do so, or to exercise any of these other rights, please contact us using the details provided under the section titled “Contact Us” below. For individuals seeking access to their data, we also require authentication to ensure that we are not providing personal data to an unauthorized person. In withdrawing or limiting your consent to the processing of your personal data, the consequences described in section titled “HOW do we collect or receive your data?” will apply. We will inform you of the consequences in further detail depending on the nature of your request. To this end, we may require proof of your identity and full details of your request before we process it.

HOW does Dior protect children’s privacy?
Dior has adopted practices that are designed to ensure that we do not to collect or maintain any information from children under the age of 18. If we learn that we mistakenly collected any information from anyone under the age of 18, we will purge it immediately, unless consent of his/her parent or legal guardian have been obtained. Without limiting any other provisions in this Policy, save as otherwise permitted by law: (a) in respect of the processing of personal data relating to a minor (i.e. individuals under 18 years of age, “Minor”), please note that we require the consent from the Minor’s parent or guardian or person who has parental responsibility over the Minor; and (b) in respect of the processing of personal data relating an individual who is deemed incapable of managing his/her own affairs (“Special Person”), please note that we require consent from the person appointed by a court to manage the Special Person’s affairs or the person who has been legally or validly authorised to act on the Special Person’s behalf.

INFORMATION ABOUT COOKIE MANAGEMENT
The below aims to explain where the browsing information processed when you visit our website comes from, how it is used, and your rights. WHAT IS A COOKIE? When you visit our website, we might, depending on the choices you make, store a text file on your device (computer, smartphone, tablet, etc.) through your web browser. This text file is a cookie. For as long as it is valid and stored on your device, it will enable Dior to identify your device when you visit the website in the future. Only the issuer of a cookie can read or modify information stored in it. Below you will find information on the cookies that might be stored on your device when you visit pages on the dior.com website, either by Dior or by third parties, and how you can delete cookies or refuse to allow them to be stored on your device.

WHAT IS THE PURPOSE OF THE COOKIES ISSUED ON DIOR.COM?
There are several categories of cookie. Some of them are issued directly by Dior and its providers, and some are issued by third-party companies. The cookies issued by Dior and its providers. Various types of cookie might be stored on your device when you browse our website:

  • The “essential” cookies are essential for browsing our website, including to ensure that the ordering process runs smoothly. If you delete them it can cause difficulties when browsing our website and make it impossible to place an order. They might be stored on your device by Dior or by its providers.
  • “Analytical and Personalization” cookies not essential for browsing our website but making it easier for you to conduct searches, optimizing your buying experience.
  • “Advertising” cookies, not essential for browsing but allowing you a more relevant advertising offer.

If your device is used by several people and if one device uses several web browsers, we cannot be certain that the services and adverts delivered to your device are determined based on your use of the device and not on that of another user. It is your decision and responsibility whether you share use of your device and configuration of your web browser’s cookie settings with other people.

Cookies issued by third-party companies, Cookies are issued and used by third parties on our website in accordance with these third parties’ privacy protection policies. These cookies are not essential for browsing our website. We might include cookies on our website applications produced by third parties, which enable you to share our site content with other people or to tell other people what content you have been browsing or your opinions of it. This is true of the “Share” and “Like” buttons for social networks like Facebook, Twitter, Instagram and Pinterest. 

Social networks that provide buttons like these might be able to use them to identify you, even if you did not use the button when browsing our website. We have no control over the process the social networks use to collect information relating to your browsing of our website and linked to the personal data they hold. Please consult the privacy policy of these social networks.

MANAGING THE COOKIES STORED ON YOUR DEVICE
You can decide whether cookies are stored on your device through the cookie setting tool available by clicking here, in the cookie banner or in the footer on dior.com. You can also configure your web browser as you wish, so that cookies are accepted and stored on your device, or conversely blocked. The configuration process is different for each web browser. It is usually described in the browser’s help menu. We urge you to find out how to configure your browser. This will allow you to find out how to change your cookie preferences.

  • For Internet Explorer™: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies     
  • For Safari: https://support.apple.com/kb/PH19214?locale=fr_FR&viewlocale=en_US
  • For Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en   
  • For Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences 
  • For Opera™: http://help.opera.com/Windows/10.20/en/cookies.html 

Please note: any changes you make to your web browser’s cookie acceptance or blocking settings may change your web browsing experience and the process of accessing services that require the use of these cookies.  For example, if you block essential cookies you might no longer be able to place orders on our website.

WHAT IS THE BENEFIT OF SEEING SPECIAL OFFERS AND ADVERTISING TAILORED TO YOUR BROWSING PREFERENCES?
The aim is to show you the most relevant offers and advertising. As such, cookie technology enables us to display content, in real-time, that is best suited to your fields of interest, as deduced from your browsing history on our website. The interest you show in content displayed on your terminal when you consult a website often determines the advertising resources of this site, enabling it to provide its services, which are often supplied free of charge to users. You doubtless prefer to see offers and advertising that are relevant to you, rather than content that is of no interest to you at all. Similarly, both Dior and advertisers want their offers and advertising to be shown to Internet users that are likely to be interested in them.  

MODIFICATION of this Privacy Policy
In case of modification of this Policy, we will ensure that you are informed of these changes either by a special notice on our site, or by a personalised warning notably in the context of our newsletters. Special Provision: Customer Identity and Access Management, or equivalent Management System, Platform, Tools and Database Operated, Managed or Accessible by the Company or the LVMH Group (“CIAM”) Without limiting any other provisions of this Policy, your personal data may be Processed and/ or transferred outside of Malaysia for purposes relating to CIAM, which is primarily aimed at the Company’s overall enhancement of customer service and Dior product offerings – in connection of CIAM, your personal data may be used and processed for the following purposes (non-exhaustive):  

  • Security and prevention of misuse of services; 
  • Detecting or preventing illegal activities (e.g. fraud, money laundering) or threats to physical safety and security, IT and network security; 
  • Preventing of misuse of services; 
  • Carrying out other necessary corporate due diligence; 
  • Improving, enhancing or developing new goods or services;
  • Improving, enhancing or developing new methods or processes for business operations in relation to the organisations’ goods and services;
  • Learning or understanding behaviour and preferences of individuals (including groups of individuals segmented by profile); 
  • Identifying goods or services that may be suitable for individuals (including groups of individuals segmented by profile) or personalising or customising any such goods or services for individuals; and/ or
  • Improving, enhancing or developing new goods or services. 

We will endeavour to take steps to analyze and satisfy ourselves that our use of personal data for the business improvement purpose is one that a reasonable person would consider appropriate in the circumstances. Specific Provisions on Consent and Exceptions, We will use our best commercial endeavours to obtain your consent (express or implied) whenever we have to collect, process, use or store your personal data. However, if due to business impracticalities or other reasons, we are unable to obtain your consent, we will rely on exceptions under the laws of Malaysia, including the below exceptions under the PDPA as the legal bases permitting our collection, use, transfer, Processing and/or disclosure of your personal data without your consent or explicit consent (as applicable): 

Legitimate Interests Exception, We will rely upon this exception, to the extent permitted under the PDPA in Malaysia for the below purposes (non-exhaustive): Legitimate Interests Exception We will rely upon this exception, to the extent permitted under the PDPA in Malaysia for the below purposes (non-exhaustive): Security and prevention of misuse of services; 

  • Detecting or preventing illegal activities (e.g. fraud, money laundering) or threats to physical safety and security, IT and network security; 
  • Preventing of misuse of services; and/ or 
  • Carrying out other necessary corporate due diligence.  
  • Business Improvement Exception

We will rely upon this exception, to the extent permitted under the laws in Malaysia, where the use of the personal data falls within the scope of any of the following business improvement purposes: 

  • Improving, enhancing or developing new goods or services;
  • Improving, enhancing or developing new methods or processes for business operations in relation to the organisations’ goods and services;
  • Learning or understanding behaviour and preferences of individuals (including groups of individuals segmented by profile); 
  • Identifying goods or services that may be suitable for individuals (including groups of individuals segmented by profile) or personalising or customising any such goods or services for individuals; 
  • Improving, enhancing or developing new goods or services; and/ or
  • Relating to CIAM provided by a subsidiary of the LVMH Group

Further, the Business Improvement Exception also applies to the sharing of personal data (i.e. collection and disclosure) between us and other entities belonging the LVMH Group, for the following business improvement purposes: 

  • Improving, enhancing or developing new goods or services;
  • Improving, enhancing or developing new methods or processes for business operations in relation to the organisations’ goods and services;
  • Learning or understanding behaviour and preferences of existing or prospective customers (including groups of individuals segmented by profile);
  • Identifying goods or services that may be suitable for existing or prospective customers (including groups of individuals segmented by profile) or personalising or customising any such goods or services for individuals; and/ or 
  • Relating to CIAM provided by a subsidiary of the LVMH Group

In relying on the Business Improvement Exception, we will take steps to analyze and satisfy ourselves that a) the business improvement purpose cannot reasonably be achieved without using the personal data in an individually identifiable form; and b) Our use of personal data for the business improvement purpose is one that a reasonable person would consider appropriate in the circumstances.    

Privacy Statement

Statement relating to the protection of your personal data collected in the context of recruitment

This Privacy Statement for Candidates (hereinafter the “Privacy Statement”) is intended to provide visitors and users (“You”) of the www.dior.com website, as well as of all the Dior’s websites with .com, .it, .ru, .co, .jp, .cn domain names suffixes (hereinafter collectively the “Website”) with information relating to how the Maison Parfums Christian Dior (hereinafter “Parfums Christian Dior” or “We/Us”) processes your personal data (hereinafter the “Personal Data” or “Data”) and about your rights in this respect.

Parfums Christian Dior places the highest priority and takes the utmost care to protect your Personal Data.

 

Who are we? Who is the Data Controller of your Personal data?

During your recruitment experience, and in order to inform you in advance, the Data Controller will be Parfums Christian Dior within the meaning of the regulations applicable to personal data and in particular with regard to article 24 of the Regulations (EU) 2016/679 (hereinafter “GDPR”).

As an example, referring to some of the Maison iconic products:

J’adore

Miss Dior

Capture Total

Parfums Christian Dior S.A. (head office), a public limited company under French law with its head office located at 33 avenue Hoche, Paris 8, France, registered with the Paris Trade and Companies Register under number 552 065 187 and represented by Laurent Kleitman in his capacity as President Director General Parfums Christian Dior,

And all Parfums Christian Dior affiliates

The Dior soul is expressed in each of the Maison’s products and in the attention paid to each stage of their manufacture. From Grasse in Paris to the Jardins Dior, Parfums Christian Dior sublimates the finest materials so that each of its creations contributes to its aura around the world.

  1. What is a “personal data”?

Personal Data refers to any information or pieces of information that could identify You either directly (e.g. your name, surname, email, home address, etc.) or indirectly (e.g. through pseudonymized data, such as a unique ID number, etc.). It may also include unique identifiers like your computer’s IP address.

  1. Why and how do We use the Personal Data that We collect?

3.1 How do We collect your Personal Data?

 We collect your Personal Data as follows:

directly from You when You use our Website and our services (completion of various forms on the Website, direct communication with Us through our institutional departments, etc.);

automatically when You access or use the Website (technical details, IP address, browsing information, etc.).

3.2 What Data do We collect?

We collect several types of Personal Data about You:

 Personal Data that We collect directly from You

We collect Personal Data that You provide directly when You use our Website.

This is specifically the case when You:

interact with Us through the contact forms,

register to receive our newsletters or institutional documentation,

apply to job offers.

The categories of Personal Data that We collect include:

Identification and contact information: e.g., last name, first name, mailing address, contact details needed to identify You when You interact with Us,

Application information: e.g., last name, first name, email address, telephone number, professional experience and all the information You provide by sending your application and/or your curriculum vitae: photo, skills, education level, spoken languages, salary expectations, home address, hobbies, family status, etc.  We only collect and store this Data in connection with the management of our own job offers and do not use them for any other purposes, including for commercial purposes.

Personal Data that We collect automatically

We automatically collect certain Data about You when You access or use the Website, specifically:

Technical information: We collect information about the device that You use to login, as well as your use of the Website (g., operating system, type of browser used, whether a proxy is used, location of the device inferred from your IP address that identifies your computer, access time, accessed pages and the link that enabled You to access our Website),

Browsing information: We use tracking technologies to collect Data about You when You use our Website.

3.3 On what legal grounds and for which purposes do We use the Data that We collect?

 In accordance with current personal data protection regulations, We only collect Personal Data when We have a legal basis to do so.

Personal Data is collected either:

  1.         based on pre-contractual measures
  1.         based on your consent,

      iii.          in our legitimate interest, or

  1.         to meet our legal obligations.

(i) We collect your Personal Data on the basis of pre-contractual measures, in particular in the context of the processing of applications (CV and motivation letter) and management of interviews.

(ii) We collect Personal Data based on your consent, for the following purposes: 

Share opportunities that can match your profile and keep you up to date on the life of Maison Dior,

 (iii) We collect Personal Data based on our legitimate interest, for the following purposes:

  •       to manage your requests and queries: We use your Data to send You the information You request,

to defend our interests in the event of a dispute or court action,

to manage cybersecurity of the Website,

to prevent fraudulent acts in order to ensure the security of our assets and contents.

(iv) We may also store your Personal Data when the law requires Us to do so or to defend our legal rights.

3.4 Who has access to your Data? 

3.4.1 Accessibility within Parfums Christian Dior

Your Data is processed by the Maison Parfums Christian Dior for the purposes described above and are only accessible to Parfums Christian Dior personnel who need to know it to perform their duties.

In this respect, your Personal Data is processed by the following departments of the Maison Parfums Christian Dior and/or other Maisons of the LVMH Group:

Parfums Christian Dior Institutional Communication Department and Financial Communication Department for the management of your requests and queries, as well as to send You newsletters;

Parfums Christian Dior Human Resources department to manage your applications to job offers;

Parfums Christian Dior Security Department to manage cybersecurity of the Website;

Parfums Christian Dior Fraud and Legal Departments to manage fraudulent acts or legal claims if any.

3.4.2 Accessibility by third parties

Certain third parties may have access to your Data, specifically:

(i) our subcontractors and service providers acting for technical and logistical reasons (carriers, Website hosting, security and maintenance providers, fraud management service providers, technical service providers responsible for sending e-mails and newsletters, anti-spam and anti-bot services, recruitment agencies which may provide Us with advice on the management of our candidates’ databases and help with the selection of profiles within such databases, etc.);

(ii) other LVMH Group affiliates for recruitment purposes: when you apply to an LVMH Group affiliate’s job offer, this affiliate collects and processes your Data as independent data controller. In such case, your Data will be processed according to this affiliate’s personal data protection policy, which You may obtain by contacting it directly. Likewise, the rights You enjoy pursuant to personal data protection laws must be directly enforced against it;

(iii) any authority, court or other third party when disclosure is required by law, regulations or a judicial decision, or if such disclosure is necessary to protect and defend our rights.

3.5 Is any Personal Data transferred outside of the European Economic Area?

Your Data is processed in France by the Maison Parfums Christian Dior. However, We may rely on certain service providers, which are located abroad or which themselves rely on processors located abroad, including outside of the European Economic Area (EEA) in countries where personal data protection laws differ from those that apply in the EEA.

With reference to the data relating to applications, the LVMH Group has adopted binding corporate rules (“BCR”) which the French Supervisory Authority (the CNIL) has declared to be compliant with current legislation and suitable for offering an adequate level. of protection in case of data transfer within the Group, also outside the European Economic Area.

3.6 How long do We store your Data?

Data is stored as long as required for the purpose for which it was collected and, in any case, will be destroyed at the end of such period.

Please see the list below for additional details about these periods.

Any transfer of your Data outside of the EEA will take place with appropriate safeguards in place that comply with applicable personal data protection regulations. Upon request, We will provide You with a copy of applicable safeguards.

Purpose: Management of your requests and queries

Data categories: Identification Data (last name, first name, mailing address, contact details needed to identify You when You interact with Us).

Period of storage before erasure: Duration required to manage your requests and queries. Your Data will then be either deleted or anonymized, unless we need to keep it to meet our legal obligations for the applicable statutory retention period.         

 

Purpose: Sending You our newsletters

Data categories: Your email address

Period of storage before erasure: Duration of your subscription. Then, the Data will be destroyed or anonymized.

 

Purpose: Management of your applications to job offers

Data categories: Application information

Period of storage before erasure: Duration of two (2) years from when the Data has been provided or from the last contact with You. At the end of this 2-year period, Parfums Christian Dior may contact You to know whether You want Parfums Christian Dior to keep retaining your Personal Data, for the purpose of informing You of an opportunity that may arise and match your career aspirations and skills. In any event, your Data will be erased at your request, within a maximum period of 1 month from your request.

 

Purpose: Security of the Website

Data categories: Technical information of your device (IP address, device type, browser ID, etc.)

Period of storage before erasure: 6 months, then the Data is either deleted or anonymized.

 

Purpose: Disputes/complaints

Data categories: Data concerning the dispute/complaint

Period of storage before erasure: Duration of the complaint + 5 years from the complaint.

In the event of a court action: duration of proceedings through full enforcement of the legal decision or settlement agreement

  1. What are your rights in relation to your Data?

 4.1 Access, rectification and portability

 In accordance with current regulations, You have the right to access your Data. You may also request correction of Your Personal Data should they be inaccurate. Depending on the purpose of processing, You also have the right to have incomplete Personal Data completed.

To respond to your request, We may ask You to provide Us with a proof of your identity. We may also need to ask You for additional information or supporting documents. We will make every effort to respond to your request as soon as possible.

You may, to the extent provided for by law, exercise your right to Data portability which allows You to retrieve, in an interoperable format, the Personal Data that You provided to Us.

4.2 Right to erasure of your Data and to limitation of the processing of your Data

 You may request erasure of your Personal Data if:

You believe that our processing of your Personal Data is no longer needed for the purposes described in this Privacy Policy,

You believe that the processing is unlawful or You contest the accuracy of the Data We process about You,

You withdrew your consent to the processing of your Data.

Alternatively, to the extent provided for by law, You may request limitation of the processing of your Data.

Please note that despite the exercise of your right to erasure or processing limitation, We will store some of Your Personal Data when the law requires Us to do so, or to exercise or defend our rights.

4.3 Right to establish instructions for the management of your Personal Data after your death

For France and when mandatory local provisions so provide, You may determine how You want Us to handle your Personal Data upon your death.

4.4 Procedure to exercise your Data protection rights

Vous pouvez exercer vos droits en matière de protection des Données selon les modalités suivantes ou si vous avez des questions ou réclamations concernant le traitement de vos données personnelles.

by using the following email address: gdpr_hr@diormail.com

by using the following contact form: https://www.dior.com/en_gb/contact-parfum

by mail at the following address: Data Protection Officer, Parfums Christian Dior, 190 avenue Charles de Gaulle, 92200 Neuilly sur Seine, France.

You also have the right to contact Dior’s lead Supervisory Authority, the CNIL, at any time in order to file a complaint against Dior’s data protection and privacy practices. The CNIL can be contacted by using

the following information:

Commission Nationale de l’Informatique et des Libertés – CNIL

3 Place de Fontenoy

TSA 80715 – 75334 Paris, Cedex 07

Phone. +33 1 53 73 22 22

Fax +33 1 53 73 22 00

Website: http://www.cnil.fr/

 

We also wish to inform you about the contacts of other authorities in Europe that you can find and contact on the website of the European Data Protection Board: https://edpb.europa.eu/about-edpb/board/members_en

When the processing of your Data is based on your consent (e.g., subscription to the newsletter), You may withdraw your consent at any time without justification. This right can be exercised by changing your options regarding subscriptions to our newsletters by clicking on the hyperlink provided for this purpose in each email We send You.

  1. How is your Personal Data secured?

Parfums Christian Dior uses technical and organizational measures that comply with French and EU legal and regulatory requirements, to keep your Data secure and confidential. Under written agreements, Parfums Christian Dior requires its service providers and processors to provide safeguards and implement sufficient security measures to protect the Personal Data they have agreed to process, in accordance with applicable requirements under personal data protection laws. However, Parfums Christian Dior does not control all risks related to the operation of the Internet and draws your attention to the inherent risks of using any website.

  1. Third party websites

There may be links to third-party websites (such as LVMH Group affiliates’ websites) that We do not control, and which are governed by their own confidentiality and personal data protection policies. This Privacy Statement does not apply to third-party websites. Please review the confidentiality and personal data protection policies of the third-party websites that You visit to understand how they process your Data. Parfums Christian Dior shall not be liable for any use of your Data by any third parties.

Qalby Beauty (“ Qalby Beauty ”, “ we ”, “ our ” or “ us ”) is committed to protecting your personal data and respecting your privacy. This Privacy Statement explains how we collect, use, disclose, store, and protect your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia .

By accessing our website, using our services, or providing your personal data to us, you consent to the processing of your personal data as described in this Privacy Statement.

1. Collection of Personal Data

We may collect personal data including, but not limited to:

  • Full name

  • Identification details (where required by law)

  • Email address

  • Contact number

  • Billing and delivery address

  • Payment and transaction details

  • Account login credentials

  • Purchase history

  • Any other information you voluntarily provide to us

Personal data may be collected through online forms, account registration, purchases, customer service interactions, promotions, or other engagements with Qalby Beauty.

2. Purpose of Processing Personal Data

Your personal data may be processed for the following purposes:

  • To process and fulfil orders and deliveries

  • To manage customer accounts and transactions

  • To process payments and refunds

  • To provide customer support and respond to inquiries

  • To send order updates, service notices, and important communications

  • To conduct marketing, promotions, and loyalty programs (where consent is given)

  • To improve our products, services, and website functionality

  • To comply with legal and regulatory obligations

3. Disclosure of Personal Data

We may disclose your personal data to third parties where necessary, including:

  • Payment gateways and financial institutions

  • Logistics and delivery service providers

  • IT service providers and system administrators

  • Professional advisors (legal, accounting, compliance)

  • Regulatory authorities where required by law

All third parties are required to process personal data in a secure manner and only for authorised purposes.

4. Data Security

We implement reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction.
However, while we strive to protect your data, no transmission over the internet can be guaranteed to be completely secure.

5. Retention of Personal Data

Your personal data will be retained only for as long as necessary to fulfil the purposes outlined in this Privacy Statement, or as required by applicable laws and regulations.

6. Access and Correction Rights

You have the right to:

  • Request access to your personal data

  • Request correction or update of inaccurate or incomplete data

  • Withdraw consent for certain processing activities (subject to legal and contractual restrictions)

Requests may be made in writing using the contact details provided below.

7. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to enhance user experience, analyse website traffic, and support marketing activities.
You may disable cookies through your browser settings, although this may affect certain website functionalities.

8. Changes to This Privacy Statement

We reserve the right to update or amend this Privacy Statement at any time. Any changes will be posted on our website and will take effect immediately upon publication.

9. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Statement or your personal data, please contact:

Qalby Beauty
Email: [Insert Official Email Address]
Website: https://www.qalbybeauty.com.my

This Privacy Statement is governed by and construed in accordance with the laws of Malaysia.

Title

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.