Legal

Privacy Policy

How BaoBoss Global Sdn. Bhd. collects, uses, stores, and protects your personal data, in line with the Malaysian Personal Data Protection Act 2010.

Last updated: 6 May 2026

Draft pending legal review

This document is a draft prepared while BaoBoss Global Sdn. Bhd. is in pre-launch. It will be revised by qualified counsel before public-facing transactions begin. If you are relying on this policy for a specific data-handling decision, contact us first.

1. Who is responsible for your data

BaoBoss Global Sdn. Bhd. is the data controller for personal data collected through baobossglobal.com and any related services. Our registered office is in Kuala Lumpur, Malaysia. For privacy matters, contact us at enquire@baobossglobal.com with the subject line "Privacy enquiry".

2. What data we collect

We only collect data we actually need. Depending on how you interact with us, that may include:

  • Contact form data — name, email, phone, the topic you select, investment range (if you choose to share it), and any message text you type.
  • Rewards program data — phone number, name, member ID, prepaid wallet balance, transaction history, and referral relationships, when you sign up for the program.
  • Investor enquiry data — identification documents, source-of-funds information, and bank details, but only after you have agreed to be onboarded as an investor under a separate agreement.
  • Technical data — IP address, browser type, device, language preference, pages viewed, and approximate location, collected automatically when you visit the Site.
  • Cookies & local storage — small files stored in your browser to remember your language preference and to support analytics, if enabled.

We do not knowingly collect data from children under 13. We do not collect sensitive personal data (race, religion, health, political views) unless you volunteer it for a specific purpose.

3. Why we use your data

Your data is used only for these purposes:

  • To respond to your enquiry, including investor and franchise applications.
  • To operate the rewards program — track your wallet balance, apply rewards, and run referral logic.
  • To verify identity and source of funds before any commercial relationship, where required by law.
  • To send you transactional messages (receipts, OTP codes, account changes). We do not send marketing without your consent.
  • To monitor and improve the Site, prevent fraud, and protect the security of our systems.
  • To comply with legal obligations under Malaysian law, including tax, anti-money-laundering, and financial-services rules where they apply.

4. Legal basis (PDPA 2010)

We rely on your consent (when you submit a form or sign up), the performance of a contract (when you join the rewards program or invest), and our legitimate interests (running and securing the Site) as the legal bases for processing your data, in line with the Personal Data Protection Act 2010 of Malaysia. Where we rely on consent, you can withdraw it at any time using the contact details below.

5. Who we share data with

We do not sell your personal data. We share it only with:

  • Service providers we use to run the Site and the rewards program — for example, hosting, email delivery, payment processors, KYC/identity-verification vendors, and analytics. These providers are contractually bound to handle your data confidentially and only on our instructions.
  • Banks and payment partners when you make or receive a payment from us.
  • Regulators, auditors, and law-enforcement agencies when we are legally required to disclose, or when we need to protect ourselves in a dispute.
  • Successor entities in the event of a merger, restructuring, or sale of the business — your data travels with the relationship that created it, under the same protections.

6. International transfers

Some of our service providers (for example, email or analytics) may process your data outside Malaysia. When we transfer personal data outside Malaysia, we take reasonable steps to ensure it is protected to a standard at least equivalent to that required by the PDPA 2010, through contractual safeguards or by selecting providers with adequate certifications.

7. How long we keep your data

Contact-form messages are retained for up to 24 months unless they relate to an active commercial discussion. Rewards-program data is retained for as long as your account is active and for 7 years after closure, to satisfy accounting and tax record-keeping rules. Investor onboarding data is retained for the period required by anti-money-laundering rules (typically 7 years from the end of the relationship). Technical logs are retained for up to 12 months. We delete or anonymise data after these periods unless legally required to keep it longer.

8. Your rights

Under the PDPA 2010 you have the right to:

  • Access the personal data we hold about you.
  • Correct data that is inaccurate or out of date.
  • Withdraw consent for processing where consent is the legal basis.
  • Limit how we use your data for direct marketing.
  • Ask us to delete your data, where we are not legally required to retain it.

To exercise any of these rights, email enquire@baobossglobal.com with the subject line "Data request". We will respond within 21 days.

9. Security

We use HTTPS to protect data in transit, restrict access to personal data on a need-to-know basis, and apply standard precautions including patched servers, strong authentication, and encrypted backups. No system is perfectly secure; we will notify you and the relevant regulator without undue delay if we become aware of a personal-data breach that materially affects you.

10. Cookies and analytics

The Site uses a small number of cookies and local-storage entries to remember your language preference and, if enabled, to measure aggregate traffic patterns. You can disable cookies in your browser; the Site will continue to function, but some preferences may not be remembered between visits.

11. Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects the most recent update. Material changes will be flagged on the Site for at least seven (7) days before they take effect.

12. Contact & complaints

If you have questions or a complaint about how we handle your data, write to enquire@baobossglobal.com first — we will work with you in good faith. If you are not satisfied with our response, you may also complain to the Personal Data Protection Commissioner of Malaysia (Pesuruhjaya Perlindungan Data Peribadi).