1.1 Welcome to Plixstar, a business-to-business (B2B) and business-to-consumer (B2C) e-commerce platform provided and run by Inicorn Sdn. Bhd. [Registration No. 201401035155 (1160475-W)] (interchangeably referred to as “Plixstar” or “we” or “us” or “our”).

1.2 In compliance with the Personal Data Protection Act, 2010 and its regulations (including any supplementals and amendments from time to time) (hereinafter collectively referred to as the “Act”), this Privacy Notice is issued to all of our valued users (both buyers and sellers) (hereinafter interchangeably referred to as the “Users” or “User” or “you” or “your”) of our Plixstar website (https://plixstar.com/) and mobile application (hereinafter collectively referred to as the “Platform”) to inform you of your rights with regards to your personal data that has been and/or will be, collected, recorded, processed, stored, used, shared, disclosed and disposed of by us.

2.1 We will use your personal data for one or more of the following purposes (hereinafter referred to as the “Purposes”), including but not limited to: –

a. verify your identity and eligibility to register as a User of our Platform; 

b. process your registration, facilitate orders for product(s)/transaction(s), update delivery status of the product(s) and provide customer service to you;

c. respond to queries, feedback, disputes, and to communicate with you about our products and/or services;

d. verify and carry out payment transactions on the Platform;

e. with your consent, to use your personal data for marketing, conducting direct marketing campaigns, and promotional purposes;

f. further develop and enhance the performance, functionality and operation of our products and/or services;g. understand better the Users’ experience with the use of our Platform;

h. provide you customised and targeted information and/or advertisements based on your preferences, habits and interests;

i. conduct surveys, research and studies on the Users’ behaviours, demographics, habits and preferences for purposes of improving our Platform’s performance and technology; and

j. for internal record and legal compliance

3.1 When you visit the Platform, our servers automatically record information, including but not limited to your IP address, browser type, and pages visited for analysis. This data is used to improve our website and services.

3.2 We have collected and will collect your following personal data to be processed by us and/or on your behalf in the course of your present and future dealings with us, our subsidiary(ies) and/or our associate company(ies):-

a. your personal information such as your name and/or company name, identity card/passport no. and/or company registration number, gender, home address/correspondence address, contact number, email address, corporate/business details, images (still/recording) and other information provided by you upon registration for the use of our website and/or mobile application;

b. your transaction information/data on our platform, including purchase details, delivery addresses, account number(s) and payment information; and

c. during your visit and/or the course of using the Platform, we may collect your usage information, including your browsing history, IP address, and device information.

4.1 We may obtain your personal data from the following sources and/or circumstances including but not limited to:-

a. new account registration e-form available on the Platform;

b. any other form(s) submitted by you in relation to our services and products on the Platform;

c. when you browse and/or use and/or access the Platform;

d. cookies or other similar technologies;

e. when you use the live chat function on the Platform;

f. when you interact with us via telephone calls (which may be recorded), written communications and/or physical meetings;

g. when you list your product(s) for sale on the Platform;

h. when you make any transaction (whether as a buyer or seller) for the sale or purchase of product(s) on the Platform;

i. when you participate any campaign and/or event and/or promotional event on the Platform;

j. when you subscribe and/or apply for any of our newsletters and/or services available on the Platform;

k. when you activate any third-party payment service/function on the Platform; and

l. when you lodge any complaint with us or submit your feedback or inquiry to us

5.1 We may disclose your personal data for the Purposes or any other purpose directly relating to the Purposes to the following parties in compliance with the Act,applicable legislations and corresponding orders, regulations, directives and guidelines:-

a. any of our group of companies;

b. any appointed data processor;

c. any appointed data protection officer(s);

d. any third-party service providers including payment service providers (local and/or international);

e. any third-party financiers;

f. related companies or associated companies;

g. appointed courier or logistics company delivering your product(s);

h. professional advisors;

i. auditors, accountants and consultants;

j. any government authority; and

k. any regulatory bodies.

5.2 We may disclose your personal data for purposes other than those mentioned in paragraph 5.1 above in the following circumstances:-

a. subject to your prior consent being obtained for such disclosure;

b. such disclosure is necessary for preventing or detecting a crime, or for the purpose of investigations or was required or authorised by or under any law or by the order of a Court;

c. we acted in the reasonable belief that we would have had your consent if you had known of the disclosing of your personal data and the circumstances of such disclosure;

d. such disclosure was justified as being in the public interest in circumstances as determined by the Minister.

5.3 You have the right to limit and/or withdraw consent for us to process and retain your information/personal data by informing us in writing. Please see paragraphs 11.3, 11.4 and 11.5 below to further understand your said rights and the consequences when exercising your rights to limit disclosure and/or withdrawal of your consent for disclosure.

6.1 The following practical and reasonable security measures are taken by us to protect your personal data:-

a. ensuring your personal data is used or kept as required by the Act;

b. registering all of our employees who are involved in the handling or processing of the personal data of the Users to assure their accountability with the personal data they have access to;

c. terminating an employee’s access rights to personal data of the Users after his/her resignation, termination of contract or agreement or adjustment in accordance with changes in the organisation;

d. controlling and limiting an employee’s access to personal data system for the purpose of collecting, processing and storing of personal data;

e. providing user ID and password for authorised employees to access personal data;

f. terminating user ID and password immediately when an employee who is authorised access to personal data is no longer handling the data;

g. establishing the following physical security procedures:-

i. control the movement in and out of the data storage site;ii. store personal data in an appropriate location which is unexposed and safe from physical and natural threats;

iii. provide a closed-circuit camera at the data storage site (if necessary); and

iv. provide a twenty-four (24) hour security monitoring (if necessary).

h. updating the back-up/recovery system and anti-virus programme to prevent personal data intrusion and such;

i. safeguard the computer system from malware threats to prevent attacks on personal data;

j. prohibiting the transfer of personal data through removable media devices and cloud computing service unless with the written consent by an officer authorised by the top management of our organisation;

k. recording any transfer of data through removable media device and cloud computing service;

l. ensuring the personal data transfer through cloud computing service complies with the personal data protection principles in Malaysia, as well as with the personal data protection laws of other applicable countries;

m. maintaining a proper record of access to personal data periodically and making such record available for submission when directed by the Personal Data Protection Commissioner;

n. ensuring that all employees involved in processing personal data always protect the confidentiality of the Users’ personal data;

o. binding an appointed third party such as data processor with a contract for operating and carrying out personal data processing activities on behalf of us with clauses such as, inter alia confidentiality, non-disclosure and technical and/or organisational security measures to ensure the safety of personal data from loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction.

6.2 Nevertheless, you are required to protect your own account information, ensure the security of your password and not disclose it to another party to reduce the risk of data breaches.

What are cookies?

7.1 Cookies are small pieces of text files that collect information of the users such as login information, your language preference, storing information during the users’session such as the content of a shopping cart and your choices/preferences/interests and the users visit to the website and/or use of the applications.

How we use of cookies?

7.2 The cookies used by the Platform are solely associated to anonymous users and their computers/devices and do not provide personal data on the Users. Some cookies are used by third parties/authorised service providers to provide us with data on the effectiveness of its engagements and promotions. The cookies used by the Platform do not in any way collect personal data that could be used to identify a specific user.

However, we may link your personal data to the cookies information for one or more purposes as stated in paragraph 7.3 below.

7.3 We use cookies or similar technologies for the following purposes, including but not limited to:-

a. enhancing your experience of using the Platform by improving the Platform’s performance, operation and functionality;

b. recognising your information as a user during your session such as, including but not limited to: the items in your shopping cart, your preferred language, your log-in information, your country, the currency and your choices/preferences/interests that allow us to tailor and provide you customised features and services for instances by displaying personalised content and product recommendation in accordance with your preferences and interests;

c. collecting information on how the Users interact with the Platform that helps us to analyse and review the performance of our services to improve the Platform’s content and build better features that provide the Users better experience;

d. for security purposes such as authenticating Users to ensure only the actual Users can access/log in to their account, to detect and prevent fraud, spam, and any abuse of use of the account on the Platform and/or the use of the Platform;

e. improving security; and

f. tracking your online browsing activity to help our authorised third parties/service providers/partners to create a profile of your interests and habits such as information about your browsing interest/patterns, behaviours and preferences in order to customise the advertisements you see when you access other websites.

Duration of cookies

7.4 Session cookies: These cookies are of temporary nature and are deleted when you close your browser or once your session ends, used solely to improve the efficiency of the last transmission.

Persistent cookies: These cookies remain on your device even after you close your browser. It is stored in your device until you delete them or until your browser does so after the cookies’ expiration date.

7.5 You may configure your browser to notify you of the reception of cookies and to prevent the installation on your computer/devices/mobile device. Nevertheless, your refusal or deletion of all cookies or certain types of cookies such as strictly necessary cookies may result in some features or services not working or functioning optimally which may aƯect your usage of the Platform

We may transfer your personal data to jurisdictions/places outside of Malaysia to be stored and processed for one or more of the Purposes in accordance with the Act. By continuing to use the Platform, you have consented to the transfer of your personal data to jurisdictions/places outside of Malaysia to such as but not limited to thevendors, distributors, logistics and delivery service provider, regulatory and governmental authorities (if any), payment gateway providers and financial institutions and professional advisors for verifying transaction, processing online payment or refunds, managing and fulfilling orders, delivery of products/orders and providing after-sales support to the Users and complying with court orders, regulatory requirements, or enforcement actions under applicable laws and the said transfer does not adversely affect your rights, interest and benefits.

Upon subscribing to our services, you will be receiving marketing and/or promotional emails or calls from us, which include monthly promotions and information on future events and/or campaigns. If you do not wish to receive any promotional news or calls please click the “unsubscribe” link at the bottom of the email and you will be excluded from our newsletters and contacts.

It is necessary for us to collect and retain Users’ personal data. Therefore, it is also obligatory for Users to supply personal data to us in the most accurate manner. If you do not provide us with personal data, we will not be able to process personal data on your behalf for the Purposes stated in paragraph 2 above, or effectively render our services to you, and all relationships created or to be created between us shall then be terminated and ceased to be in effect immediately.

11.1 To request access to the personal data

a. You have the right to request for access to your personal data processed by us and to have a copy of the personal data in an intelligible form vide a written notice to us together with payment as stipulated in the table below (subject to changes from time to time in accordance with the law):-

Item	Description	Fee (RM)
1.	Data access request for the personal data with a copy	10
2.	Data access request for the personal data without a copy	2
3.	Data access request for the sensitive personal data with a copy	30
4.	Data access request for the sensitive personal data without a copy	5

 

b. Where there is separate entry in respect of personal data held for different purposes, separate data access request shall be made for each separate entry;

c. Except where it falls under any of the circumstances allowed by the Act for us to refuse to comply with your data access request as stated in paragraph 11.2 below, we would comply with your data access request:-

i. within twenty-one (21) days from the date of receipt of your data access request; or

ii. provided before the expiration of the period of twenty-one (21) days as stated in paragraph 11.1(c)(i) above we have furnished you a notice in writing informing you that we are unable to comply with your data access request within the said period and the reasons why we are unable to do so and we are to comply with your said request to the extent we cando so, then we are given fourteen (14) days after the expiration of the 21-day period to comply in whole with your data access request.

11.2 Upon exercising our discretion to refuse to comply with your data access request, we would within twenty-one (21) days from the date of receipt of your data access request by notice in writing inform you:

i. of our refusal and the reasons for the refusal; and

ii. where any other data controller controls the processing of the personal data to which the data access request relates in such a way as to prohibit the firstmentioned user from complying, whether in whole or in part, with the data access request, inform you of the name and address of the other data controller concerned.

11.3 To request for correction of your personal data 

a. You have the right to request for correction and/or update of your personal data that is incorrect, incomplete, misleading or not up-to-date. Correction requests can be made online by filling up and submitting the Data Correction Request Form available on the Platform or you can walk in to our stores.

b. Except where it falls under any of the circumstances allowed by the Act for us to refuse to comply with your data correction request (ie: insufficient information furnished by the User prevents us from verifying the identity of the User or we are unable to verify the need for the correction or in circumstances whereby we are not satisfied that the personal data to which the data correction request relates is inaccurate, incomplete, misleading or not up-to-date or the correction requested is accurate, complete, not misleading or up-to-date), we would do

the following within the time period allowed under the Act:-

i. make the necessary corrections to the personal data;

ii. supply you with a copy of the personal data as corrected; and

iii. where the personal data has been disclosed to a third party during the 12 months immediately preceding the day on which the correction is made and we have no reason to believe that the third party has ceased using the personal data for the purpose, including any directly related purpose, for which the personal data was disclosed to the third party, except as allowed by the Act not to furnish third party the data correction request, we would take practicable steps to supply the third party with a copy of personal data as so corrected accompanied by a notice in writing stating the reasons for the correction.

c. Upon exercising our discretion to refuse to comply with your data access request, we would within twenty-one (21) days from the date of receipt of your data correction request by notice in writing informing 

i. of our refusal and the reasons for the refusal; and

ii. informing you of the name and address of the other data controller concerned (where it is applicable).11.4 To limit the processing of your personal data

a. Subject to the circumstances stated at paragraph 11.3(b) below, you may at any time by notice in writing to us, require us

i. to cease processing your personal data; or

ii. not begin the personal data processing where the processing is causing or is likely to cause substantial and unwarranted damage or distress to you or another person.

b. You are not allowed to prevent us from processing the personal data where:

i. the Users consented to the processing; or

ii. The processing of personal data is necessary:-

• for the performance of a contract to which the User is a party;
• for the taking of steps at the request of the User with a view to entering into a contract;
• for compliance with any legal obligation to which the User is the subject, other than an obligation imposed by contract; or
• in order to protect the vital interest of the User.

c. We would within twenty-one (21) days from the date of receipt of your said written notice, respond to your said request vide a written notice informing you the status of compliance or we are unable to comply with your said request whether in whole or in part with reasons and extent of compliance (if any).

11.5 To withdraw your consent in respect of your personal data

a. You may by notice in writing withdraw your consent to the processing of your personal data.

b. Upon receipt of your withdrawal consent notice, we would cease the processing of the personal data except to the extent where the withdrawal of consent would affect our rights and obligations under contract or law including but not limited to:-

i. the right to be paid for the services rendered, for instance, the settlement of bookings or tax invoices or overdue payments;

ii. The right to bring and maintain legal proceedings against the Users;

iii. The right to commence or continue with internal investigations involving the Users;

iv. The obligation to maintain personal data for such durations as required under applicable legislation; and

v. The conduct of internal audits, risk management and/or fulfilment of legal or regulatory reporting requirements.

11.6 To limit processing for purpose of direct marketing

a. You may at any time by a notice in writing to us require us within a reasonable period to either cease or not to begin processing your personal data for purpose of direct marketing.

11.7 To transmit personal data to another data controller

a. Subject always to technical feasibility and compatibility of the data format, you may at any time by a notice in writing to us by way of electronic means require us within a reasonable period to transmit your personal data to another data controller of your choice directly.

12.1 Our Platform is not targeting at minors who is below the majority age in that particular jurisdiction (ie: in Malaysia, minor is defined as one is below the age of 18 years).12.2 You hereby represent and warrant that you are not a minor and is capable of understanding and has legal capacity to accept the terms of this Privacy Policy.

12.3 In any event, minors shall only be allowed to use our Platform with the involvement of parents or legal guardian or person who has parental responsibility on the minors.

12.4 If at all the personal data of a minor is disclosed to us, you as a parent or legal guardian or person who has parental responsibility on the minor unconditionally and irrevocably consent to such disclosure of personal data by the minor and undertake to be bound by this Privacy Notice and shall indemnify us for any losses and damages caused to us resulting from the minor’s action in relation to his/her personal data.

Additionally, you should contact us at care@plixstar.com for our further action.

Upon receiving such notification, Plixstar will:

a. verify the request and the identity of the parent/legal guardian;

b. immediately cease further processing of the minor’s personal data;

c. permanently delete or anonymize the minor’s personal data from our records and systems (except where retention is required by law); and

d. confirm to the parent/legal guardian once such action has been completed.

13.1 Plixstar reserves the right to modify/amend this Privacy Policy from time to time without prior notice to you. Any changes made to this Privacy Policy will be published on our Platform with the last reviewed date of this Privacy Policy. 

13.2 You agree that you shall check and review the terms of this Privacy Policy on our Platform (on the website, https://plixstar.com/ and/or Plixstar mobile application) on a regular basis/from time to time.

13.3 Following amendments and/or modification and/or changes made to this Privacy Notice from time to time. Your continued access to and/or use of our Platform shall constitute your acknowledgement and acceptance of any amendments and/or modification and/or changes (regardless of you have actually read the latest orreviewed version of Privacy Notice at that material time or not) made to this Privacy Notice.

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for as long as you remain our customer holding account(s) on our Platform and/or are involved in the sale and purchase of product(s) on the Platform, and in accordance with any applicable legal, regulatory, accounting or reporting requirements.

Upon the removal or deletion of your account(s), and where your personal data is no longer required for the purposes stated herein, we will take all reasonable steps to ensure that such personal data is destroyed or permanently deleted in accordance with the Personal Data Protection Act 2010, the Personal Data Protection Standards 2015 and guidelines issued by the Personal Data Protection Commissioner.

Personal data collection forms used in commercial transactions will be disposed of within fourteen (14) days after such data is no longer required, unless such data or forms carry legal value, in which case retention shall be in accordance with applicable laws.

We may retain records of data disposal for compliance and audit purposes.

Plixstar prohibits the purchase, sale, and/or trade of certain items and certain conducts, as outlined in our User Terms of Services. We reserve our rights to impose additional restrictions at our absolute discretion from time to time

By communicating, engaging with us and/or upon your registration of an account with us and/or by accessing and/or use of Plixstar website (https://plixstar.com/) and/or mobile application, you hereby acknowledge that you have read and understood this Privacy Notice and agree and consent to the use, processing, disclosure and transfer of your personal data by us as described in this Privacy Notice. Any email from us to you will contain an automated unsubscribe link so that you can opt-out of the mailinglist. You can also withdraw your consent by written notice by email to care@plixstar.com as stated at paragraph 11 above.

You can contact us or submit your inquiry in regard to the processing of your personal data at:-

 

Company : Inicorn Sdn. Bhd.

Address : Wisma Giap Chew, 28, Lebuh Gereja,  10200 Penang, Malaysia

Fax number/email address : care@plixstar.com

Thank you for trusting Plixstar. We are dedicated to safeguarding your privacy and

providing you with a secure online marketplace experience.

(Last reviewed/updated at 03.03.2026)