Home / Privacy Policy
Privacy Policy
Last revised on 14 March 2026. This notice tells you what personal information we collect on this site and in the studio, why we keep it, and how to ask us to change or delete it.
This policy is published by Omnitura Grooming Sdn. Bhd. (SSM Registration 202401024681 (1534628-X)), the data controller responsible for omnitura.pro. We comply with the Personal Data Protection Act 2010 (PDPA) of Malaysia.
1. What we collect
We collect the smallest set of information that lets us run the studio and reply to you. Specifically:
- Form submissions. Your name, email, optional phone number, the service you mentioned, and the message body you wrote on this site.
- Walk-in notes. If you book a group sitting or ask us to flag a quiet hour for a child with sensory needs, we record your first name and a short note so the next barber on shift can prepare.
- Payment data. Card and DuitNow details pass directly to our acquirer (Maybank) and PayNet; we never see or store full card numbers. The studio system stores only the masked last four digits on the printed receipt.
- Technical data. Standard server logs — your IP address, browser user-agent, and the time of the request — kept for 30 days for security review.
2. Why we hold it
Strictly for one of these reasons:
- To reply to a message you sent us;
- To honour a group booking or a quiet-hour arrangement you arranged with us;
- To meet a legal requirement — for example, retaining receipts for the Inland Revenue Board for seven years under section 82 of the Income Tax Act 1967;
- To protect the site from automated abuse.
3. How long we keep it
Form submissions are reviewed within five working days and then deleted from the email inbox within 90 days unless they're part of an ongoing conversation. Walk-in notes are wiped at the end of each calendar month. Receipts are kept for seven years per Malaysian tax law, then destroyed.
4. Who we share it with
Nobody, with three narrow exceptions:
- Our payment processor (Maybank Berhad) and the PayNet network, who process the transaction itself;
- Our hosting provider in Singapore, who runs the server this site sits on;
- The Royal Malaysia Police or the Inland Revenue Board, only when compelled by a valid court order or written notice.
We do not sell, rent, license, swap or otherwise pass your information to advertisers, data brokers or marketing networks. We don't run paid retargeting.
5. Cookies
We use one technical cookie for the booking form's anti-forgery token, and one preference cookie in your browser's local storage to remember whether you accepted or rejected analytics. See the Cookie Policy for the full list.
6. Your rights under the PDPA
You can ask us, at any time and free of charge, to:
- Confirm whether we hold any data about you;
- Send you a copy in a readable format;
- Correct anything inaccurate;
- Delete what we hold, except where law forces us to keep it (e.g. tax receipts).
To exercise any of these, email [email protected] with the subject line "PDPA request". We will respond within 21 days as required by the Act.
7. Security
The site runs over TLS 1.3. Form submissions are stored encrypted on the mailbox server. Studio devices are PIN-locked and wiped on staff offboarding. Card data never touches our hardware.
8. Children
We don't market to under-18s. The site is intended for adults arranging visits, including parents arranging kids cuts. We don't ask children for personal information on the site.
9. Changes to this notice
If we change the way we handle data, we'll update this page and revise the "last revised" date at the top. Material changes will also be flagged in the cookie banner for 30 days after the change.
10. How to reach the data controller
Omnitura Grooming Sdn. Bhd.
Lot 12A, Wisma Setiabudi, Jalan Bukit Bintang
55100 Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3-2789 4516