Your Data & Body Story
Back to main page

This Privacy Policy applies to personal information about individuals, be it site visitors, customers, event participants, service providers and/or business partners, held by Body Story Global (hereinafter referred to as "Body Story" or "we" or "us"), a company incorporated in Malaysia under the Registration No. 202403315460 (003673612-H).

We comply with the Personal Data Protection Act 2010 ("PDPA 2010"), which regulates how we collect, use, disclose, store, correct and protect your personal information.

By providing your personal information to us, interacting with us, submitting information to us, signing up for Body Story membership, accessing any of the Services (hereinafter defined) and/or visiting or using any of Body Story's Platforms (including but not limited to www.bodystory.my, https://shop.bodystory.my/, and Body Story's mobile application), on which this Privacy Policy or a link to this Privacy Policy appears, you are deemed to have read the following policy and expressly consent to our collection, storage, use, disclosure and/or processing of your personal data in accordance with the terms of this Privacy Policy. You further agree to be bound by the prevailing terms of this Privacy Policy as updated from time to time on our Platform. Please check our Platform regularly for updated information on the collection, storage, use, disclosure and/or processing of your Personal Data.

Personal data shall have the same meaning accorded under the Personal Data Protection Act 2010 of Malaysia and its subsidiary legislation. Personal data is any personal information from which an individual would be identifiable, and it includes information such as name, date of birth, email address, telephone number, NRIC or passport number, address, CCTV image or audio recordings (hereinafter referred to as "Personal Data").

3.1 In accordance with the principles of the PDPA 2010, we will notify you of the purposes and obtain your consent for the collection of your Personal Data, unless an exception under the law permits us to collect and process your Personal Data without your consent.

3.2 We collect Personal Data when:

  • a) you make purchases in store or online;
  • b) you set up an account on our Platform or sign up for our membership;
  • c) you contact our customer relations center, either online, in store, through the phone or through any other means;
  • d) you participate in an event, customer contest, competition, survey, interview or product testing;
  • e) you register to participate in activities organized in store or through the Platform;
  • f) you upload content on the Platform;
  • g) you conduct certain types of transactions, such as an application for a refund or exchange;
  • h) you use certain services, such as racket services or after sales services;
  • i) you apply for a job online, in store or otherwise;
  • j) you provide feedback or complaints in relation to our products or our services either online, in store or through the phone;
  • k) your images are captured by us via CCTV cameras while you are within our property and/or premises, or via photographs or videos taken by us or our representatives when you attend events and/or activities that we have organised;
  • l) you submit your Personal Data to us for any other reason.

collectively, the "Services".

3.3 Where it is indicated that it is mandatory for you to provide your Personal Data to us, failure to provide such information may mean that we are not able to provide you with access to certain services or features.

3.4 You acknowledge that you provide your Personal Data to us voluntarily. If you provide Personal Data of a third party (e.g. information on your spouse, dependant(s), children, parents) to us, you warrant that you are legally authorised to do so and you have obtained the consent of the third party to provide us with their Personal Data.

4.1 Personal Data collected may be used for various purposes (collectively, the "Purposes"), including but not limited to:

  • a) responding to your queries and communicating with you so as to better address your needs;
  • b) communicating with you and sending you information which we think may be of interest to you;
  • c) enabling you to use the Platform and/or make purchases in store;
  • d) managing your orders and payment online, the subsequent home delivery or self-collection of products as well as exchanges or returns of products, if applicable;
  • e) identifying you as a Body Story member so as to allow you to benefit from the membership program;
  • f) enabling you to register yourself or your dependent(s) for activities or events organized by us;
  • g) management of marketing communication in relation to our products, services, promotion, stores or Platform;
  • h) management of customer reviews on products;
  • i) facilitating your participation in our organization of sports event, customer contests, competitions, surveys, interviews or product tests;
  • j) conduct market research or surveys, marketing analysis, customer profiling activities, analysis of customer choices, statistical and trend analysis in relation to our products and/or services;
  • k) management of after sales services, such as enabling us to contact you in the event of any defective components, or to offer workshop services or to contact you in the event of product recalls;
  • l) contacting you about functionality changes to our Platform;
  • m) enable us to comply with obligations under laws or regulations or to assist in investigations by the authorities;
  • n) prevent fraudulent or illegal activities, and enforce our Terms and Conditions of Use;
  • o) develop, maintain and improve our services;
  • p) to verify your identity, and/or to enter into, perform and/or conclude any collaboration, transaction or agreement with you, including without limitation to on-board you as a vendor, partner or a coach, and to process any payment to you relating to such transaction, agreement or relationship;
  • q) if you submit an application to us as a candidate for employment and/or internship, to process your application, conduct any pre-employment checks, to obtain employee references or other references where relevant for background screening and/or vetting;
  • r) if you are an employee of Body Story, to facilitate your employment relationship with us;
  • s) for any other purposes which are reasonably related to the aforesaid.

4.2 By providing your Personal Data to us, you consent to us processing your Personal Data in accordance with this Privacy Policy, and you confirm that all Personal Data provided by you is accurate and complete, and that none of it is misleading or out of date. You will promptly update us in the event of any change to your Personal Data.

5.1 We take all the necessary precautions to ensure the confidentiality of your Personal Data. We have the necessary technical and organizational measures in place to safeguard the Personal Data that you provide and to prevent its disclosure to unauthorized third parties. Such measures include the use of encryption where Personal Data is entered on our Platform as well as limited access to your Personal Data.

5.2 Transfer of Data outside of Malaysia

As we may outsource some of our data processing, your Personal Data may be transferred to, accessed in and stored at a destination outside Malaysia. Where such a transfer occurs, we ask that the third parties provide sufficient guarantees to implement appropriate and adequate technical and organizational measures to such a degree that will ensure the security and protection of your Personal Data.

By continuing to access the Services, you hereby expressly consent to the transfer of your Personal Data outside of Malaysia.

5.3 In the unlikely event that we believe that the security of your Personal Data has been compromised, we may seek to notify you of that development. If we have your email address, we may notify you by email. By accessing the Services, you consent to our use of email as a means of such notification.

6.1 As a general rule, Body Story processes your Personal Data and ensures the security and confidentiality of your Personal Data. We will take the necessary and appropriate measures to obtain your consent prior to the use or disclosure of your Personal Data.

6.2 The exceptions are where Body Story engages service providers to perform specific services on our behalf and for purposes mentioned in clause 4.1 above. In such situations, the service providers are authorized to use your Personal Data only to perform the specific services entrusted by Body Story. As part of our agreement with them, they are required to take all reasonable measures to ensure and maintain a high level of security of your Personal Data.

6.3 Your Personal Data may also be shared or disclosed to third parties such as our professional advisers, regulatory and government authorities, on a need-to-know basis, where we are under a duty to do so.

When it comes to marketing, respect for your peace and tranquility and the relevance of our messages are two rules on which we never compromise. If you have provided your email address to us, you may receive marketing emails from us, which may include emails relating to e-newsletters, promotional marketing materials, promotional codes, gifts and/or vouchers. You may unsubscribe from such marketing emails by clicking on the "unsubscribe" link in any marketing emails which we might send you.

8.1 The Platform integrates the use of cookies. Cookies are files that are saved on your computer or smartphone. Cookies enable us to collect and store information concerning your browsing activity on our Platform. The following types of cookies are used on the Platform:

  • a) First party cookies - these cookies are used to record your preferences when accessing our platforms. It enables you to visit the Platform in a personalized way based on your previous visits and purchases;
  • b) Third party and advertisement cookies - these cookies are issued by third parties who we work with, in order to remember your visit options and to offer you personalized advertising when you access other websites;
  • c) Performance cookies - these cookies monitor the performance of the Platforms, the information is then used to improve the performance of the Platform.

8.2 Management of cookies

Most browsers, smartphones and other web-enabled devices are typically set up to accept cookies. There are different options available to manage the cookies. You can change your browser settings to prevent cookies from being accepted or, depending on which browser you are using, you might be able to receive an alert when a website is trying to place one on your browser. With most browsers you can allow first party cookies to be set but refuse third party cookies.

You can delete cookies stored in your browser by using a function in your browser. Whilst this does not mean you won't collect cookies in the future, it gives you freedom to delete your cookies after you have been online. This function is known as "clearing cookies". Clearing your cookies on one browser of one device does not automatically clear them on another. You need to clear all browsers on all channels independently.

Please note that by blocking or deleting cookies used on the Platform, you may not be able to take full advantage of the Platform.

8.3 By using the Platform, you consent to the use of cookies and the collection of information by us through these cookies.

9.1 We are committed to safeguarding your Personal Data and ensuring that it is stored securely. You have rights over your data, which you may exercise subject to our right to rely on any statutory exemptions and/or exceptions to collect, use and disclose your Personal Data.

9.2 Your rights include:

  • a) Right of access
    The right of access allows you to be informed as to whether we are processing your Personal Data.
  • b) Right of correction
    The right of correction allows you to update your Personal Data.
  • c) Right to object
    The right to object allows you to limit or to stop the processing of your Personal Data. It also allows you to opt-out of marketing communication.
  • d) Right to withdraw consent to the processing of Personal Data
    The right to withdraw consent allows you to require us to stop processing your Personal Data. In this event, Body Story will cease processing your Personal Data and delete your Personal Data from our servers.

9.3 You may exercise your rights by contacting our Data Protection Officer through by sending an email to: support@bodystory.my

To ensure your request is processed as efficiently as possible, please indicate the right(s) that you wish to exercise and what it is in relation to. Our security procedures mean that we may request proof of identity before we take the action requested for.

We reserve the right to amend this Privacy Policy at any time. If material changes are made to this Privacy Policy, they will be posted on this page and date stamped. We encourage you to review this page periodically in order for you to stay notified of any changes.

Your continuous use of this Platform and acceptance of our services after any changes to this Privacy Policy constitutes your consent to any such changes.

In accordance with Section 7(3) of the PDPA, this Privacy Policy is issued in both English and Bahasa Malaysia. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail.

The Privacy Policy issued in Bahasa Malaysia can be accessed at: privacy-policy.html

If you have any questions, feedback or concerns in relation to your Personal Data or this Privacy Policy, please do not hesitate to contact our Data Protection Officer at support@bodystory.my, who will be delighted to answer any questions that you may have.

Back to main page