Privacy Policy
Last Updated: April 06, 2026
1. Introduction
This Privacy Policy (“Policy”) describes how NEXTORA (NEXTORA, “we”, “us”, “our”) collects, uses, discloses, stores, and protects Personal Data when you access or use nextora.my (“Website”) or purchase our products and/or services.
We are committed to complying with the Personal Data Protection Act 2010 (Malaysia) (“PDPA”) and all applicable regulations, guidelines, and directions issued by relevant authorities.
By using the Website and/or providing your Personal Data, you acknowledge that you have read, understood, and agreed to this Policy.
2. Definitions
- Personal Data means any information that relates directly or indirectly to an identifiable individual.
- Processing includes collecting, recording, holding, storing, using, disclosing, transferring, correcting, erasing, or otherwise handling Personal Data.
- Services refer to any products, digital goods, memberships, subscriptions, top-ups, reloads, bill payments, or other services offered through the Website.
3. What Personal Data We Collect
A. Personal Data You Provide Directly
- Identity & Contact Details: Full name, email address, phone number, nationality (where required).
- Account Information: Username, encrypted/hashed password, account preferences.
- Transaction Details: Orders, invoices, receipts, payment status, transaction references.
- Delivery Information: Billing address, delivery address, recipient details (where applicable).
- Communications: Messages, enquiries, complaints, support records.
- Verification Information: Identity documents, selfies, or business documents submitted for compliance or fraud prevention.
We apply data minimisation principles and collect only data necessary for the stated purposes.
B. Personal Data Collected Automatically
- Device & Technical Data: IP address, browser type, device type, operating system.
- Usage Data: Pages visited, time spent, clickstream data, referring URLs.
- Cookies & Similar Technologies: Session identifiers, preferences, and performance analytics.
4. Purposes of Processing
- Account creation, authentication, and management
- Order processing and delivery of products or digital services
- Payment processing, reconciliation, refunds, and financial administration
- Customer support, communications, and dispute handling
- Security monitoring, fraud prevention, and abuse detection
- Operational analytics and service improvement
- Legal, regulatory, accounting, and tax compliance
- Marketing and service updates (where permitted by law or consented)
- Enforcement of our rights, agreements, and platform integrity
5. Legal Basis & Consent
Where required under the PDPA, we will obtain your consent before collecting or Processing your Personal Data.
By using the Website, submitting information, or purchasing Services, you consent to the Processing described in this Policy.
You may withdraw consent at any time. Withdrawal may affect our ability to provide Services or maintain your account where Processing is necessary for contractual or legal purposes.
6. Payments
We do not store full credit/debit card numbers or CVV details on our servers. Payments are processed securely by authorized third-party payment gateway providers.
We may retain limited transaction data such as payment status, transaction reference, amount, and order number for reconciliation and record-keeping purposes.
8. Disclosure / Sharing of Personal Data
We do not sell or rent Personal Data. We may disclose Personal Data where necessary to:
- Payment processors, banks, and financial institutions
- Logistics or delivery partners (where applicable)
- IT, hosting, security, analytics, and customer support providers
- Professional advisers such as auditors, accountants, and legal advisers
- Regulators or authorities where required by law or lawful request
9. Cross-Border Transfers
Personal Data may be stored or processed on servers located within or outside Malaysia, including cloud infrastructure providers.
Where cross-border Processing occurs, reasonable safeguards are applied in accordance with the PDPA.
10. Data Security
We implement reasonable technical and organizational measures including access controls, encryption in transit, monitoring, and staff confidentiality obligations.
No system is completely secure. You are responsible for safeguarding your login credentials.
11. Data Retention
Personal Data is retained only for as long as necessary to fulfill the purposes described in this Policy or to comply with legal obligations.
12. Your Rights
- Request access to your Personal Data
- Request correction of inaccurate or outdated data
- Withdraw consent where applicable
13. Third-Party Links & Minors
The Website may contain links to third-party websites. We are not responsible for their privacy practices or content.
Our Services are not intended for individuals unable to form legally binding contracts. If a minor has provided Personal Data without consent, please contact us.
14. Changes to This Policy
We may update this Policy from time to time. Changes will be posted with an updated “Last Updated” date. Continued use of the Website constitutes acceptance.
If you have any questions about this Privacy Policy, please contact us at nextoraone@gmail.com .