Privacy Policy
Medibeu Sdn Bhd • Last updated: May 2026 • Governed by Malaysia’s Personal Data Protection Act 2010 (PDPA)
1. Who we are
Medibeu Sdn Bhd (“we”, “our”, “us”) is the data controller for personal data collected through bnr17.my. We are the sole authorised distributor of BNRThin Slim+ in Malaysia. Our Data Protection Officer (DPO) can be contacted at support@bnr17.my.
2. Data we collect
Information you provide: Name, email address, delivery address, phone number, and order details when you make a purchase or create an account. Payment card details are processed directly by Stripe — we receive only the last 4 digits and card type.
Information collected automatically: IP address, browser type, pages visited, time on site, referral source, and cookies. This data is collected via Google Analytics 4 and Meta Pixel.
Communications: If you subscribe to our mailing list or contact us, we retain your email and the content of those communications.
3. Why we collect it (purpose)
- Order fulfilment: Processing and shipping your purchase, sending order confirmations and tracking updates.
- Customer support: Responding to enquiries, returns, and complaints.
- Marketing (with consent): Sending promotional emails via MailPoet if you have opted in. You may unsubscribe at any time.
- Analytics & advertising: Understanding site usage and measuring ad campaign performance via GA4 and Meta Pixel.
- Legal compliance: Retaining transaction records as required under Malaysian law.
4. Third-party processors
| Processor | Purpose | Data shared |
|---|---|---|
| Stripe Inc. | Payment processing | Name, email, billing address, card details (Stripe is PCI-DSS compliant; we do not store card data) |
| MailPoet / Automattic | Email marketing | Name, email address |
| Google (GA4) | Website analytics | Anonymised usage data, IP address |
| Meta Platforms | Advertising measurement | Hashed email, pixel events (page view, purchase) |
We do not sell your personal data to any third party.
5. Retention
Transaction records (name, address, order value) are retained for 7 years to comply with Malaysian accounting and tax obligations. Marketing data is retained until you unsubscribe or request deletion. Analytics data follows Google’s and Meta’s standard retention policies (typically 14–26 months).
6. Your rights under PDPA 2010
- Right of access: Request a copy of the personal data we hold about you.
- Right of correction: Request correction of inaccurate or incomplete data.
- Right to withdraw consent: Withdraw marketing consent at any time via the unsubscribe link in any email, or by contacting us.
- Right to limit processing: Request that we restrict how we use your data in certain circumstances.
To exercise any of these rights, contact our DPO at support@bnr17.my. We will respond within 21 days as required by PDPA.
7. Cookies
We use essential cookies (for cart/session), analytics cookies (GA4), and advertising cookies (Meta Pixel). Non-essential cookies are only set after you accept our cookie notice. You may disable cookies in your browser settings; this may affect site functionality.
8. Contact
Medibeu Sdn Bhd • DPO: support@bnr17.my • This policy is governed by the laws of Malaysia.