Legal
Privacy Policy
Last updated: 20 January 2026
springhau ("we", "us", "our") is committed to handling your personal information with care and transparency. This policy explains what data we collect, how we use it, and what rights you have under the Malaysian Personal Data Protection Act 2010 (PDPA).
1. Who we are
springhau operates a watch repair and restoration workshop at 5 Jalan Telawi 3, Bangsar, 59100 Kuala Lumpur, Malaysia. We are the data controller for personal information collected through our website and service intake.
Data enquiries: [email protected]
2. What personal data we collect
- Contact information: name, email address, phone number
- Service information: watch details, service history, correspondence
- Technical data: IP address, browser type, pages visited (analytics, where consented)
We do not collect sensitive personal data under Malaysian PDPA without specific consent.
3. How we collect data
- The contact form on our website
- Email, phone, and in-person communication
- Service intake when you bring a watch to the workshop
- Cookies and analytics tools (where consented)
4. Legal basis and purposes
Retention: Service records held up to 7 years. Enquiries not leading to service deleted after 12 months. Analytics data retained up to 26 months.
5. How we use your data
- To respond to your enquiry or service request
- To manage and document your watch service
- To send service status updates
- To maintain service history for future reference
- To improve our website (analytics, with consent)
- To comply with legal and tax obligations
We do not sell your personal data to third parties. We do not use your data for unsolicited marketing without your consent.
6. Data sharing
We may share your data with:
- Analytics providers (Google Analytics) — subject to your cookie consent
- Email service providers used to handle correspondence
- Legal or regulatory authorities if required by Malaysian law
We do not share data with advertising networks or third-party marketers.
7. Data protection measures
- Encrypted communication for data in transit (HTTPS)
- Access to personal data limited to staff with a direct need
- Service records stored securely
- In the event of a data breach, affected individuals notified promptly
8. Cookies
We use essential cookies for site functionality and optional analytics cookies to understand how visitors use our site. Please see our Cookie Policy for full details and preference management.
9. Your rights under Malaysian PDPA
Under the Malaysian Personal Data Protection Act 2010, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Withdraw consent for data processing based on consent
- Request deletion of data we no longer have a legitimate reason to hold
- Object to certain types of processing
- Lodge a complaint with the Department of Personal Data Protection (PDPD) Malaysia
To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.
10. Third-party links
Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites and recommend reviewing their policies independently.
11. Children's privacy
Our services are intended for individuals aged 18 and above. We do not knowingly collect data from minors. If you believe we have received data from a minor, please contact us to have it removed.
12. Changes to this policy
We may update this policy from time to time. When we do, the "last updated" date at the top will change. If changes are material, we will make reasonable efforts to inform regular clients. Continued use of our services after changes constitutes acceptance.
13. Contact us
For questions, concerns, or to exercise your rights: