Privacy policy

Last Updated: 13 February 2025 
Drach-Oc ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit our website and purchase our products. This policy is divided into three sections based on applicable data protection laws in Europe, Malaysia, and Singapore. 

1. Privacy Policy for Europe (Germany, Netherlands, Austria) 

Data Controller

Drach-Oc is the data controller for your personal data. If you have any questions, you may contact us at: 

  • Email: hello@drach-oc.com
  • Phone: +6010-263 2274 (Malaysia-based line)
  • Address: Culture Choc Sdn Bhd, 41-G, Desa Sri Puteri, Jalan 1/125G, Desa Petaling, 57100 Kuala Lumpur, Malaysia

What Data We Collect

When you interact with our website or place an order, we may collect: 

  • Identity Data: Name, username, or similar identifiers.
  • Contact Data: Email address, phone number, billing/shipping address.
  • Payment Data: Processed securely via third-party providers (e.g., PayPal, Payex). We do not store credit/debit card details.
  • Technical Data: IP address, browser type, device type, and website usage data.
  • Marketing Preferences: Your preferences for receiving marketing communications.

Legal Basis for Processing 

We process your data based on: 

  • Your consent
  • Contractual obligations
  • Legitimate interests
  • Legal compliance 

Your Rights Under GDPR 

If you are in the EU/EEA, you have rights under GDPR, including: 

  • Right to Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restriction
  • Right to Data Portability
  • Right to Object
  • Right to Withdraw Consent 

To exercise your rights, contact us at hello@drach-oc.com

Data Transfers Outside the EU 

As we operate globally, your data may be transferred outside the EU/EEA. We ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs).

2. Privacy Policy for Malaysia

Legal Basis for Processing 

We process personal data in Malaysia in accordance with the Personal Data Protection Act 2010 (PDPA). 

What Data We Collect 

We collect: 

  • Identity & Contact Data (Name, phone number, email, shipping address)
  • Payment Data (via third-party payment providers)
  • Technical Data (IP address, browser type)
  • Marketing Preferences 

How We Use Your Data 

  • Processing and fulfilling orders
  • Customer service and inquiries
  • Marketing communications (if you’ve opted in)
  • Compliance with legal obligations 

Your Rights Under PDPA 

Under PDPA, you have rights to: 

  • Access and correct your personal data
  • Withdraw consent for marketing communications
  • Restrict data processing under certain conditions 

Data Retention 

We retain your data for as long as required for business, tax, and legal purposes. Marketing preferences are retained until you unsubscribe. 

3. Privacy Policy for Singapore 

Legal Basis for Processing 

We comply with the Personal Data Protection Act 2012 (PDPA) of Singapore when processing personal data. 

What Data We Collect 

Similar to Malaysia, we collect:

  • Identity & Contact Data
  • Payment Data (via third-party providers)
  • Technical Data (IP address, browser type)
  • Marketing Preferences 

How We Use Your Data 

  • Fulfilling orders and deliveries
  • Customer support
  • Marketing and promotional communications 

Your Rights Under PDPA (Singapore) 

  • Right to access your data
  • Right to correct inaccurate data
  • Right to withdraw consent for marketing
  • Right to request deletion (subject to legal requirements) 

Data Transfers 

If your data is transferred outside Singapore, we take necessary measures to ensure it is protected according to PDPA guidelines. 

General Data Protection & Security Measures 

Data Protection: We use SSL encryption, secure payment processing, and access controls to safeguard your data. 

Sharing Your Data: We do not sell your data. However, we may share it with service providers (e.g., payment processors, shipping partners) and legal authorities if required by law. 

Cookies & Tracking Technologies: We use cookies to enhance your browsing experience. Manage your cookie preferences in your browser settings. 

Marketing Communications: You can opt out anytime using the unsubscribe link in our emails. 

Updates to This Policy 

We may update this Privacy Policy from time to time. Please check this page regularly for updates. 

If you have any questions, contact us at hello@drach-oc.com