Privacy Policy – AAI Motorsport

AAI Motorsport Privacy Policy

Last Updated: December 2025

AAI Motorsport (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) and the PDPA Amendment Act 2024, both effective in Malaysia.

This Privacy Policy applies to our e-commerce platform, vending machine services, and related business operations, including the collection, management, and distribution of products and equipment.

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Introduction

We encourage you to read this Privacy Policy carefully. It describes how your personal data is handled and your rights under applicable data protection laws.

2. Types of Personal Data We Collect

2.1 Information You Provide Directly

Name and Contact Details: Full name, email address, phone number, mailing address
Account Information: Username, password, and account preferences
Transaction Data: Payment information, purchase history, billing and shipping addresses
Communication: Correspondence, inquiries, feedback, and customer service interactions
Marketing Information: Preferences for receiving promotional materials and newsletters
Identity Verification: National ID or passport details (where required)

2.2 Information Collected Automatically

Device Information: IP address, browser type, operating system, device identifiers
Usage Data: Pages visited, time spent on website, links clicked, search queries
Cookies and Tracking Technologies: Data collected via cookies, web beacons, and tracking tools
Location Data: General geographic location (IP-based)
Transaction Records: Vending machine usage patterns, payment method data
Biometric Data (if applicable): For security or loyalty programs
Camera Footage: Captured by vending machines for security and monitoring

3. Purposes of Data Collection and Use

3.1 Core Business Operations

Processing and fulfilling online orders and vending transactions
Managing accounts and customer support
Processing payments and preventing fraud
Maintaining accurate records and operational efficiency

3.2 Marketing and Communication

Sending promotional materials and newsletters (with consent)
Conducting customer research and surveys
Personalizing your experience and website interactions

3.3 Legal and Compliance

Fulfilling legal obligations and responding to law enforcement
Maintaining compliance with PDPA and consumer protection laws

3.4 Operational and Security

Ensuring system security and workplace safety
Monitoring equipment performance and optimizing service delivery

4. Legal Basis for Processing

We process your personal data under the following legal grounds:

Consent: Where you have provided express consent
Contractual Necessity: To perform a contract with you
Legal Obligation: Where processing is required by law
Legitimate Interest: For fraud prevention, security, and operations
Public Task: For compliance with regulatory requirements

5. Data Sharing and Disclosure

We may share your personal data with trusted partners and service providers.

5.1 Service Providers

Payment processors, financial institutions
Shipping and logistics partners
Cloud hosting and analytics providers
Customer service platforms

5.2 Legal and Regulatory Authorities

Government agencies, law enforcement, and regulatory bodies
Court orders or official investigations

5.3 Business Partners

Vending machine suppliers, import/export partners
Affiliate companies and marketing partners (with consent)

5.4 Other Disclosures

We do not sell or rent your personal data to third parties.
Aggregated and anonymized data may be used for analytics and research.

6. Data Retention

We retain your personal data only as long as necessary or required by law.

Transaction Records: Minimum of 5 years
Account Information: Duration of your relationship plus reasonable period after
Marketing Data: Until you unsubscribe or withdraw consent
Data Breach Logs: Minimum of 2 years
CCTV Footage: Typically 30 days unless under investigation

After retention periods expire, data is securely destroyed or anonymized.

7. Data Security

7.1 Technical Measures

SSL/TLS encryption for transmitted data
Firewalls and intrusion detection systems
Secure servers with restricted access

7.2 Organizational Measures

Regular audits and penetration tests
Staff training on data protection policies
Strict access controls and privacy procedures

7.3 Data Breach Response

In case of a breach posing risk of harm:

Notify PDPC within 72 hours
Notify affected individuals within 7 days
Maintain a breach register and corrective record

8. Data Subject Rights

You have rights concerning your personal data:

Right to Access: Request details of the data we hold.
Right to Correction: Request corrections to inaccurate or outdated data.
Right to Deletion: Request deletion where data is no longer needed or upon withdrawal of consent.
Right to Data Portability: Request a copy of your data in machine-readable format.
Right to Withdraw Consent: You may withdraw consent at any time without affecting prior processing.
Right to Restrict Processing: Limit processing in specific situations.
Right to Object: Object to processing for direct marketing or legitimate interest.
How to Exercise Your Rights: Submit a written request to our Data Protection Officer (Section 11). We will respond within 30 days, subject to identity verification.

9. Cookies and Tracking Technologies

9.1 Types of Cookies

Essential: Required for functionality
Performance: For usage analytics
Marketing: For personalized advertising
Preference: To retain site settings

9.2 Third-Party Cookies

Third-party providers may use cookies under their own privacy policies (e.g., Google Analytics).

9.3 Managing Cookies

You can control cookies in your browser settings. Disabling cookies may limit website functionality.

9.4 Do Not Track

Our website does not currently respond to “Do Not Track” browser signals.

10. Cross-Border Data Transfers

If personal data is transferred outside of Malaysia, safeguards include:

Standard Contractual Clauses
Adequacy decisions by Malaysian authorities
Your explicit consent (where required)

11. Data Protection Officer

Data Protection Officer Contact Information
Email: contact@aaimotorsport.com
Phone: 0106050000
Mailing Address: 11-16 , Tower 2 , Wangsa 118 , No 8 , Jalan Wangsa Delima , Wangsa Maju , 53300 Kuala Lumpur

12. Children’s Privacy

Our services are not intended for individuals under 18 years old.
We do not knowingly collect data from minors. Parents may contact us to request deletion if data was collected in error.

13. Third-Party Websites and Links

Our website may link to other websites.
We are not responsible for third-party privacy practices.
Please review external policies before providing any data.

14. Policy Updates and Amendments

We may update this Privacy Policy periodically.
Changes will be reflected on our website with an updated “Last Updated” date.
Continued use of our services implies acceptance of these updates.

15. Contact Us

If you have questions, requests, or complaints, contact:

AAI Motorsport
Email: contact@aaimotorsport.com
Phone: 0106050000
Mailing Address: 11-16 , Tower 2 , Wangsa 118 , No 8 , Jalan Wangsa Delima , Wangsa Maju , 53300 Kuala Lumpur
Website: www.aaimotorsport.com

For regulatory complaints, contact the Personal Data Protection Commissioner (PDPC):
Website: https://www.pdp.gov.my

16. Acknowledgment and Consent

By using our website and services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal data in accordance with its terms.