Privacy Policy

1. Introduction

Gilt Seconds ("we", "us", "our") is a watch repair and restoration workshop registered and operating at 19 Persiaran Gurney, 10250 George Town, Penang, Malaysia. We take the protection of your personal information seriously.

This Privacy Policy explains how we collect, use, store, and protect information about you when you visit our website or contact us for services. It is written in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

For privacy-related questions, you may contact us at [email protected].

2. Personal Data We Collect

We collect personal data that you provide to us directly, including:

• Your name and contact details (phone number, email address)
• Your mailing or delivery address, if a watch is to be shipped
• Details about the watch or timepiece you submit for service
• Correspondence and service notes exchanged between us
• Payment information (processed via third-party payment services; we do not store card data)

We also collect certain technical data automatically when you visit our website, such as your IP address, browser type, pages visited, and time of access. This data is used for website analytics purposes only.

3. How We Collect Data

• Via the contact form on our website when you submit an enquiry
• Via email, telephone, or in-person communication when you engage us for services
• Automatically via cookies and analytics tools when you browse our website (see our Cookie Policy)

4. Legal Basis for Processing

Under the PDPA 2010, we process your personal data on the following grounds:

• Consent — where you have given explicit consent for us to contact you or process your data
• Contractual necessity — where processing is required to carry out a service you have requested
• Legitimate interest — for internal analytics, fraud prevention, and improving our services
• Legal obligation — where we are required to retain records under Malaysian law

5. How We Use Your Information

• To respond to your enquiries and process service requests
• To communicate with you about the progress of your watch service
• To maintain workshop records and photographic documentation of work performed
• To process payments and issue receipts
• To improve our website and service offerings based on usage patterns
• To comply with applicable legal and regulatory requirements

We do not use your data for unsolicited marketing without your prior consent.

6. Data Retention

We retain personal data for as long as is necessary to fulfil the purpose for which it was collected, or as required by law:

• Service records (including intake details and photos): retained for 5 years from service completion
• Financial records: retained for 7 years in accordance with Malaysian tax regulations
• Website enquiry data: retained for 12 months if no service relationship develops
• Cookie and analytics data: retained for up to 13 months

7. Data Sharing

We do not sell or trade your personal information. We may share data with:

• Payment processors for the purpose of completing transactions
• Courier or logistics partners if a watch is shipped to or from our workshop
• Analytics service providers (such as Google Analytics) under data processing agreements
• Regulatory authorities when legally required to do so

All third parties with whom we share data are required to handle that data in a manner consistent with applicable law.

8. Data Protection Measures

• All data transmitted via our website is encrypted using HTTPS/TLS
• Access to client records is restricted to authorised workshop staff
• Physical watch intake documents are stored in secure premises
• We conduct periodic reviews of our data handling procedures
• In the event of a data breach, we will notify affected individuals and the relevant authority in accordance with PDPA requirements

9. Cookies

Our website uses cookies to improve functionality and analyse usage. For detailed information on the types of cookies we use and how to manage them, please refer to our Cookie Policy.

10. Your Rights Under the PDPA 2010

Under the Personal Data Protection Act 2010, you have the following rights regarding your personal data:

• Right of access — to request a copy of the personal data we hold about you
• Right of correction — to request correction of inaccurate or incomplete data
• Right to withdraw consent — to withdraw consent for processing at any time, where consent is the basis
• Right to limit processing — to request that we restrict processing of your data in certain circumstances
• Right to inquire — to ask questions about how your data is used

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days as required under the PDPA.

11. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external site you visit.

12. Children's Privacy

Our services are directed at individuals aged 18 and above. We do not knowingly collect personal data from persons under 18. If you believe a minor has submitted data to us, please contact us so we can take appropriate steps.

13. Supervisory Authority

If you have concerns about how we handle your personal data, you may lodge a complaint with the Personal Data Protection Commissioner of Malaysia:

• Department of Personal Data Protection (JPDP)
• Website: apdp.com.my
• We would, however, appreciate the opportunity to address any concerns directly before you contact the authority.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. Continued use of our website or services after changes are posted constitutes acceptance of the revised policy.

15. Contact Us

For any questions about this policy or how we handle your data:

• Email: [email protected]
• Phone: +60 4-2289 6317
• Address: 19 Persiaran Gurney, 10250 George Town, Penang, Malaysia