Privacy Policy

Last Updated: July 19, 2025

1. INTRODUCTION

Lokali (“Lokali,” “we,” “us,” or “our”) is a web development startup based in Petaling Jaya, Selangor, Malaysia. We are committed to protecting the privacy and personal data of our users, including local service businesses (“Business Clients”) and local consumers (“End-Users”), who utilize our website, mobile applications, and related services (collectively, the “Platform”).

This Privacy Policy outlines how Lokali collects, processes, uses, stores, and discloses your personal data in accordance with the Personal Data Protection Act 2010 (ACT 709) (“PDPA”) and other applicable laws in Malaysia. It also explains your rights regarding your personal data.

By accessing or using our Platform and Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy and consent to the collection and processing of your personal data as described herein. If you do not agree with this policy, please do not use our Platform.

2. DEFINITIONS

  • Personal Data: Any information in respect of commercial transactions that relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about the data subject.
  • Processing: In relation to personal data, means collecting, recording, holding or storing the personal data or carrying out any operation or set of operations on the personal data, including the organisation, adaptation or alteration of the personal data, the retrieval, consultation or use of the personal data, the disclosure of the personal data by transmission, transfer, dissemination or otherwise making available, or the alignment, combination or then erasure or destruction of the personal data.
  • Data Subject: An individual who is the subject of the personal data.
  • Data User: A person who either alone or jointly or in common with other persons processes any personal data or has control over or authorizes the processing of any personal data, but does not include a data processor.
  • Data Processor: Any person who processes personal data on behalf of a data user and does not include an employee of the data user.
  • Platform: Refers to the Lokali website, mobile applications, and all associated digital interfaces and functionalities.
  • Services: Refers to all services provided by Lokali through the Platform.
  • Business Client(s): Refers to local service businesses that subscribe to Lokali’s GMB optimization and platform access services.
  • End-User(s): Refers to individual consumers who use the Lokali Platform to discover local service providers, browse deals, and engage with community events.

3. PERSONAL DATA WE COLLECT

Lokali collects various types of personal data depending on how you interact with our Platform and Services:

3.1. Information You Provide to Us Directly:

  • For Business Clients:
    • Contact Information: Name of contact person, email address, phone number, business address.
    • Business Information: Company name, business registration number (SSM details), nature of business, service categories, business hours.
    • Account Credentials: Information required for account creation and login (e.g., username, password - encrypted or hashed).
    • Payment Information: Billing address, payment method details (e.g., credit card information, bank account details for subscription payments). Please note that payment processing is typically handled by secure third-party payment gateways, and Lokali does not store your full payment card details.
    • Communication Content: Information you provide when you contact our customer support, send feedback, or participate in surveys.
  • For End-Users:
    • Contact Information: Name, email address, phone number (if you choose to register an account).
    • Location Information: General location data (e.g., city, postcode) if you provide it or enable location services for personalized content.
    • Preferences: Interests, categories of services you prefer, communication preferences.
    • Communication Content: Information you provide when you contact our support or submit reviews/feedback on the Lokali Platform.

3.2. Information We Collect Automatically (Technical & Usage Data):

When you access and use the Platform, we may automatically collect certain information about your device and usage patterns:

  • Device Information: IP address, operating system, browser type, device type, unique device identifiers.
  • Usage Data: Pages viewed, features accessed, time spent on the Platform, clickstream data, search queries, referring/exit pages, dates and times of access.
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 11).

3.3. Information from Third Parties (with your consent):

  • For Business Clients: We obtain information from Google Business Profile via Google’s APIs, but only after you have explicitly authorized Lokali to access and manage your GBP account. This may include your GBP listing details, reviews, messages, and performance insights.

4. PURPOSE OF PERSONAL DATA PROCESSING (PDPA - General Principle & Notice and Choice Principle)

We collect and process your personal data for the following purposes:

  • To Provide and Manage Services:
    • To operate, maintain, and provide the Lokali Platform and its features.
    • To create, manage, and maintain your Business Client or End-User account.
    • To process your subscriptions, payments, and deliver invoices.
    • For Business Clients: To perform GMB optimization, manage your GBP listing, publish posts, respond to reviews, and provide analytics on your GBP performance.
    • For End-Users: To help you discover local businesses, deals, and events.
  • To Communicate with You:
    • To send you service-related notifications, updates, security alerts, and administrative messages.
    • To respond to your inquiries, support requests, and feedback.
  • To Improve and Personalize Services:
    • To understand how you use our Platform and Services to improve their functionality, content, and user experience.
    • To conduct research, analysis, and develop new features.
    • To personalize content and recommendations (e.g., suggesting relevant deals or businesses).
  • For Marketing and Promotion (with your explicit consent where required by PDPA):
    • To send you promotional materials, newsletters, and offers about Lokali’s services or those of our Business Clients that may be of interest to you.
    • You have the right to opt-out of receiving marketing communications at any time.
  • For Security and Fraud Prevention (PDPA - Security Principle):
    • To detect, prevent, and address technical issues, fraud, security incidents, or other illegal activities.
    • To verify your identity and protect against unauthorized access to your account.
  • For Legal and Regulatory Compliance:
    • To comply with our legal obligations, including tax, accounting, and reporting requirements under Malaysian law (e.g., Service Tax Act 2018 (ACT 807)).
    • To enforce our Terms of Service and other policies.
    • To respond to lawful requests from government or regulatory authorities (e.g., under Communications and Multimedia Act 1998 (ACT 588) or Computer Crimes Act 1997 (ACT 563)).

5. CONSENT (PDPA - Notice and Choice Principle)

We collect and process your personal data based on your consent, which may be express or implied, or where otherwise permitted or required by law.

  • Express Consent: For certain types of processing (e.g., direct marketing, sensitive personal data), we will obtain your explicit consent.
  • Implied Consent: Your continued use of the Platform and Services, after being informed of this Privacy Policy, constitutes your implied consent to the processing of your personal data for the purposes described herein.
  • Withdrawal of Consent: You have the right to withdraw your consent at any time by contacting us (see Section 15). Please note that withdrawing consent may affect our ability to provide you with certain services.

6. DISCLOSURE OF PERSONAL DATA (PDPA - Disclosure Principle)

We may disclose your personal data to the following categories of recipients:

  • To Other Users of the Platform:
    • For Business Clients: Your business name, contact information (as listed on your GBP or provided to Lokali for public display), business address, categories, services offered, deals, photos, and reviews may be publicly visible to End-Users on the Lokali Platform.
    • For End-Users: If you submit reviews on the Lokali Platform, your username or chosen display name may be visible to Business Clients and other End-Users.
  • To Service Providers & Data Processors: We engage third-party companies and individuals to facilitate our Services, perform Platform-related services (e.g., hosting, database management, web analytics, payment processing), or assist us in analyzing how our Services are used. These third parties are contractually bound to process your data only for the purposes specified by Lokali and to maintain its confidentiality and security.
  • To Google: For Business Clients, we share necessary personal and business data with Google via their APIs to manage and optimize your Google Business Profile, strictly based on your explicit authorization.
  • For Legal Reasons: We may disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to:
    • Comply with a legal obligation (e.g., under PDPA (ACT 709)Companies Act 2016 (ACT 777), or tax laws).
    • Protect and defend the rights or property of Lokali.
    • Prevent or investigate possible wrongdoing in connection with the Service.
    • Protect the personal safety of users of the Service or the public.
    • Protect against legal liability.
  • In Connection with Business Transfers: If Lokali is involved in a merger, acquisition, or asset sale, your personal data may be transferred as a business asset. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.

7. DATA SECURITY (PDPA - Security Principle)

Lokali implements robust technical and organizational security measures to protect your personal data from unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:

  • Encryption: Using SSL/TLS encryption for data in transit (e.g., when you access our Platform or submit information).
  • Access Controls: Restricting access to personal data to authorized Lokali employees, contractors, and agents who need to know that information to process it for us, and who are subject to strict contractual confidentiality obligations.
  • Data Minimization: Collecting only the personal data that is necessary for the stated purposes.
  • Firewalls and Network Security: Employing industry-standard firewalls and network security protocols.
  • Regular Security Audits: Conducting periodic reviews of our security practices.

While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

Your Role in Security: You are responsible for maintaining the confidentiality of your account password and for all activities that occur under your account. Please use a strong, unique password and do not share it with anyone.

8. DATA RETENTION (PDPA - Retention Principle)

We will retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements. This means:

  • We will retain your data for the duration of your active account with Lokali.
  • After account termination, we may retain certain data for a limited period to comply with legal obligations (e.g., tax records for Service Tax Act 2018 (ACT 807) requirements), resolve disputes, enforce our agreements, or for legitimate business interests.
  • Once data is no longer required, we will securely delete or anonymize it.

9. YOUR RIGHTS AS A DATA SUBJECT (PDPA - Access Principle & Correction Principle)

Under the PDPA, you have the following rights concerning your personal data:

  • Right to Access: You have the right to request access to your personal data held by Lokali. We may charge a prescribed fee for fulfilling such requests.
  • Right to Correction: You have the right to request the correction or updating of any inaccurate, incomplete, or outdated personal data.
  • Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your personal data at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Prevent Processing for Direct Marketing: You have the right to request that we cease or not begin processing your personal data for the purposes of direct marketing.

To exercise any of these rights, please contact us using the details provided in Section 15. We will respond to your request within the timeframe required by PDPA.

10. INTERNATIONAL DATA TRANSFERS

Your personal data may be stored and processed in a country other than Malaysia if our service providers (e.g., cloud hosting providers) operate in different jurisdictions. In such cases, we will take reasonable steps to ensure that your personal data receives a level of protection equivalent to that provided by the PDPA, including ensuring that any third-party data processors are subject to appropriate contractual safeguards or are operating in jurisdictions recognized by the PDPA Commissioner as providing adequate protection. By using our Platform, you consent to such transfers.

11. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies (like web beacons and pixels) to track the activity on our Platform and hold certain information.

  • Cookies: Small data files stored on your device that help us remember your preferences, understand how you use the Platform, and deliver personalized content.
  • Types of Cookies Used:
    • Strictly Necessary Cookies: Essential for the Platform to function correctly (e.g., for login, security).
    • Analytical/Performance Cookies: Help us understand how users interact with the Platform, identify errors, and improve performance.
    • Functionality Cookies: Enable personalized features based on your past choices.
    • Targeting/Advertising Cookies: Used to deliver relevant advertisements to you based on your interests.
  • Your Choices: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. Most web browsers allow you to manage your cookie preferences through their settings.

12. LINKS TO THIRD-PARTY WEBSITES

Our Platform may contain links to websites or services operated by third parties (e.g., Business Client websites, Google Maps, social media platforms). This Privacy Policy applies only to our Platform. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit.

13. CHILDREN’S PRIVACY

Our Platform is not intended for individuals under the age of eighteen (18) (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we will take steps to remove that information from our servers.

14. CHANGES TO THIS PRIVACY POLICY

Lokali may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new technologies. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date at the top. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Platform after any modifications signifies your acceptance of the updated Privacy Policy.

15. CONTACT INFORMATION

If you have any questions or concerns about this Privacy Policy, our data protection practices, or wish to exercise your data subject rights under the PDPA, please contact our Data Protection Officer at:

Lokali Email: support@lokali.io

Lokali Lokali

Empowering local service businesses in Klang Valley to grow their online presence and connect with more customers through seamless Google My Business management and exclusive deal platform.

© 2025 Lokali. All rights reserved.

Support

Built with ❤️ for local businesses in Malaysia