Privacy Policy

1. Introduction

This Privacy Policy outlines how OctaTrip.com, operated by Sky Home Tours & Travels Sdn.Bhd. (hereinafter referred to as "OCTATRIP", "our", "us", or "we"), processes and manages your personal data in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and other applicable data protection regulations. We are committed to safeguarding your privacy and ensuring that your personal data is protected with the highest standards of security.

By using our website and services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal data as described herein.

2. Personal Data We Collect

We may collect various types of personal data when you use our services, including but not limited to:

• Identification Information: Name, national registration identity card number, passport details, date of birth
• Contact Details: Phone number, address, email address, billing address
• Financial Information: Credit/debit card information, bank account details, payment transaction records
• Travel Information: Booking preferences, travel history, passenger details, special requests
• Business Information: Company name, registration number, business type (for B2B partners)
• Technical Information: IP address, browser type, device information, cookies, and usage data
• Other Information: Any additional information provided through agreements, applications, forms, or our website

3. Sources of Personal Data

We collect your personal data from various sources, including:

• Direct interactions when you register, book services, or contact us
• Agreements and contracts signed with us
• Forms submitted for applications, registrations, contests, promotions, or marketing events
• Your interactions with our official website and mobile applications
• Email, phone, or chat communications
• Documents submitted for service requests or product inquiries
• Third-party sources such as credit reporting agencies, airlines, hotels, and payment processors
• Publicly available sources and business partners

4. Purpose of Data Processing

We process your personal data for various legitimate purposes, including:

• Verifying your identity and payment details
• Processing bookings for flights, hotels, holiday packages, and attraction tickets
• Communicating with you and responding to inquiries
• Handling requests for changes, cancellations, or refunds
• Processing payments and managing financial transactions
• Managing day-to-day operations, billing, file management, audits, and reporting
• Administering website memberships and B2B/API partnerships
• Providing customer support and technical assistance
• Conducting security checks and fraud prevention
• Complying with legal obligations and assisting in investigations
• Sending marketing communications about our products and services (with your consent)
• Conducting market surveys and research for business development
• Improving our website, services, and user experience

5. Data Security

We implement industry-standard security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

• SSL/TLS encryption for data transmission
• Secure servers and firewalls
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Employee training on data protection and confidentiality
• PCI DSS compliance for payment card data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

6. Disclosure of Personal Data

We may share your personal data with trusted third parties for legitimate business purposes, including:

• Service Providers: Airlines, hotels, tour operators, and other travel service vendors
• Payment Processors: Financial institutions, payment gateways, and credit card companies
• Technology Partners: IT service providers, cloud hosting services, and software vendors
• Professional Advisors: Lawyers, accountants, auditors, and consultants
• Government Authorities: Regulatory bodies, law enforcement, and tax authorities when legally required
• Business Partners: Our subsidiaries, affiliates, and authorized agents
• API Partners: Authorized developers and businesses using our API services

We ensure that all third parties are bound by confidentiality agreements and comply with applicable data protection laws.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device that help us:

• Remember your preferences and settings
• Understand how you use our website
• Improve website performance and functionality
• Provide personalized content and recommendations
• Analyze website traffic and user behavior

You can control cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of our website.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Meeting legal, accounting, or reporting requirements
• Resolving disputes and enforcing agreements
• Maintaining business records and transaction history
• Complying with regulatory obligations

Once your personal data is no longer required, we will securely delete or anonymize it in accordance with our data retention policy and applicable laws.

9. Your Rights

Under the PDPA and other applicable laws, you have the following rights regarding your personal data:

• Right to Access: Request access to your personal data we hold
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Withdraw Consent: Withdraw your consent for data processing where applicable
• Right to Data Portability: Request a copy of your data in a structured format
• Right to Object: Object to certain types of data processing
• Right to Restrict Processing: Request limitation on how we use your data

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section. A reasonable fee may be charged for processing certain requests.

10. Third Party Data

If you provide us with personal data of third parties (such as passengers, emergency contacts, or business associates), you represent and warrant that:

• You have obtained their consent to provide their information to us
• They have been informed of this Privacy Policy
• You have the authority to share their data

You agree to indemnify OCTATRIP for any claims, damages, or liabilities resulting from a breach of these warranties.

11. Third Party Links and Services

Our website may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Our integration with airlines, hotels, and other service providers is subject to their respective privacy policies and terms of service.

12. International Data Transfers

As a B2B travel platform, we may transfer your personal data to countries outside Malaysia for the purposes of:

• Processing international flight and hotel bookings
• Utilizing cloud services and data storage facilities
• Engaging with international service providers and partners

We ensure that such transfers comply with applicable data protection laws and that adequate safeguards are in place to protect your personal data.

13. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected information from a child, we will take steps to delete such information promptly.

Parents or guardians must provide consent and supervise any bookings made on behalf of minors.

14. Marketing Communications

With your consent, we may send you promotional emails, newsletters, and marketing materials about our services, special offers, and updates. You can:

• Opt-out of marketing emails by clicking the "unsubscribe" link in any promotional email
• Update your communication preferences in your account settings
• Contact us directly to request removal from our marketing list

Please note that even if you opt-out of marketing communications, we may still send you transactional emails related to your bookings and account.

15. Accuracy of Data

It is your responsibility to ensure that the personal data you provide is accurate, complete, and up-to-date. Inaccurate information may result in:

• Delays or failures in booking confirmations
• Issues with travel documentation and boarding
• Problems with refunds or customer support

Please notify us immediately of any changes to your personal data so we can update our records accordingly.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. Any changes will be:

• Posted on this page with an updated "Last Updated" date
• Notified to registered users via email when significant changes are made
• Effective immediately upon posting unless otherwise stated

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

17. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

18. Language and Compliance

This Privacy Policy is provided in English. In case of any inconsistencies or conflicts between different language versions of this Privacy Policy, the English version shall prevail.

This Privacy Policy is designed to comply with:

• Personal Data Protection Act 2010 (PDPA) of Malaysia
• General Data Protection Regulation (GDPR) where applicable
• Other relevant data protection and privacy laws