Privacy Policy

This Privacy Policy explains how Bestie collects, uses, stores, discloses, protects, and otherwise processes your personal data when you use our mobile application, website, services, and related features.

By accessing or using Bestie, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, your continued use of the Platform and/or your provision of personal data may constitute your consent to the processing described below.

1. INTRODUCTION

Bestie is a multi-service digital platform that connects users with independent service providers for ride-hailing, parcel delivery, emergency transport facilitation, dignity care transport, and vehicle rental services.

Because Bestie operates in a service environment that depends on booking, communication, verification, payments, and location-based matching, we may collect and process certain personal data in order to operate the Platform, provide the Services, improve service quality, maintain safety, and meet our legal obligations.

This Privacy Policy is designed to explain our practices in a clear and transparent way so that you understand what information we collect, why we collect it, how we use it, and what choices you may have.

2. SCOPE OF THIS POLICY

This Privacy Policy applies to:

• users of the Bestie mobile application;
• visitors to our website and landing pages;
• customers who request services;
• partners, drivers, delivery providers, ambulance-related providers, care providers, and rental providers;
• support and customer service contacts;
• any other person whose personal data we collect in connection with Bestie’s Services.

This Privacy Policy applies to personal data collected online and offline in connection with the Platform and related business operations, unless a separate privacy notice or service-specific privacy statement is provided.

3. DEFINITIONS

For the purposes of this Privacy Policy:

• "Account" means a unique account created for You to access our Service or parts of our Service.
• "Application" refers to Bestie, the software program provided by the Company.
• "Company" (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Gold-Cheers Holding (M) Sdn. Bhd., 12-1, Jalan Seri Impian 8/1A, Bandar Seri Impian, Impiana Square, 86000 Kluang, Johor Darul Ta'zim, Malaysia.
• "Cookies" are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
• "Country" refers to: Malaysia
• "Device" means any device that can access the Service such as a computer, a cellphone or a digital tablet.
• "Personal Data" means any information that relates directly or indirectly to an identified or identifiable person.
• "Service" means Bestie Ride, Bestie Go, Bestie Aid, Bestie Care, Bestie Way, and any other service offered through Bestie.
• "Service Provider" means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
• "Processing" means collecting, recording, holding, storing, using, disclosing, transferring, correcting, erasing, destroying, or otherwise dealing with personal data.
• "Usage Data" refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• "You" means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
• "PDPA" means the Personal Data Protection Act 2010 of Malaysia.
• "User" means an individual or entity that accesses or uses the Service.

4. INFORMATION WE COLLECT

We may collect the following categories of information, depending on how you use the Platform.

4.1 Information You Provide Directly

You may provide us with:

• Full name;
• Phone number;
• Email address;
• Username and password;
• Profile photo;
• Date of birth or age confirmation;
• Identification details for verification;
• Vehicle information if you register as a partner;
• Driving license, permit, certification, or registration details where required;
• Delivery instructions;
• Emergency contact details;
• Booking details;
• Payment-related details;
• Communication content sent to customer support;
• Any information you submit in forms, surveys, feedback, complaints, or promotions.

4.2 Information We Collect Automatically

When you use the Platform, we may automatically collect:

• Device type and model;
• Operating system;
• IP address;
• Device identifiers;
• App version;
• Browser type;
• Language preferences;
• Log data;
• Session data;
• Crash data;
• Usage data;
• Referral information;
• Interaction data such as clicks, page views, and time spent on screens.

4.3 Location Data

Because Bestie is a location-based service, we may collect:

• real-time GPS location;
• approximate location;
• pickup and drop-off locations;
• route information;
• destination information;
• location-based service history.

Location data may be collected only when necessary to provide the service, improve safety, or support booking and tracking features.

4.4 Transaction and Booking Data

We may collect:

• booking requests;
• trip history;
• delivery history;
• cancellation history;
• fare or charge history;
• refund records;
• payment confirmations;
• invoice or receipt details;
• service status updates.

4.5 Communication Data

We may collect:

• in-app chat messages;
• call records made through masked or support systems where applicable;
• email correspondence;
• support tickets;
• complaints and dispute messages;
• feedback and review content.

4.6 Partner and Business Data

If you are a Partner or business user, we may collect:

• business registration details;
• company profile;
• owner or director details;
• bank account details;
• tax or billing information;
• service certificates or accreditations;
• vehicle ownership details;
• service coverage and scheduling details;
• partner performance information.

4.7 Sensitive or Special Data

In some circumstances, we may process information that is sensitive in nature due to the type of service requested, for example:

• emergency-related information;
• health or mobility-related service instructions;
• dignity care arrangements;
• special assistance requirements.

We will process such information only when necessary for the relevant service, safety, support, legal compliance, or with your consent where required.

5. HOW WE COLLECT YOUR INFORMATION

We collect personal data in several ways, including:

• when you register for an account;
• when you request a ride, delivery, emergency service, dignity care service, or rental;
• when you communicate with us;
• when you contact support;
• when you upload documents;
• when you participate in promotions or campaigns;
• when you use the app or website;
• when you interact with our partners;
• when you enable location services;
• when you make payments or request refunds;
• when we receive information from third parties that assist with verification, payment processing, technical support, analytics, or compliance.

6. WHY WE COLLECT AND USE PERSONAL DATA

We may use your personal data for the following purposes:

6.1 To Provide the Platform and Services

• create and manage your account;
• match you with the relevant Partner;
• process bookings and reservations;
• support trip, delivery, emergency, care, and rental services;
• send confirmations and status updates.

6.2 To Process Payments and Refunds

• charge applicable fees;
• process payment transactions;
• issue receipts and invoices;
• manage refunds, chargebacks, and disputes;
• detect fraud or suspicious payment activity.

6.3 To Improve Safety and Security

• verify users and partners;
• prevent misuse, abuse, fraud, and unauthorized access;
• detect suspicious activity;
• help locate services where relevant;
• support incident reporting and investigations.

6.4 To Communicate With You

• respond to support requests;
• send service notifications;
• provide account-related updates;
• send policy changes and important notices;
• send promotional or marketing messages where permitted and where you have not opted out, subject to applicable law.

6.5 To Improve Our Services

• analyze app usage and performance;
• understand service demand;
• improve product design and user experience;
• conduct research, troubleshooting, and analytics;
• test new features;
• optimize service allocation and platform reliability.

6.6 To Comply With Legal and Regulatory Obligations

• comply with applicable laws and regulations;
• respond to lawful requests from authorities;
• maintain records where required by law;
• support audits, investigations, or legal claims;
• enforce our terms and policies.

6.7 To Run Promotions and Business Operations

• administer campaigns and referral programs;
• verify eligibility for offers;
• prevent duplicate or abusive participation;
• perform internal administrative tasks;
• manage partner onboarding, training, and performance.

7. LEGAL BASES AND PRINCIPLES OF PROCESSING

Bestie processes personal data in a manner intended to be consistent with the PDPA framework, including the principles of notice and choice, disclosure, security, retention, data integrity, and access. The official PDP guidance states that the Act contains seven personal data protection principles and that a written notice is a mandatory element under section 7 of Act 709.

In practical terms, this means we aim to:

• inform you about the collection and use of your data;
• collect only what is reasonably needed;
• use data for legitimate Platform purposes;
• keep data secure;
• retain data only as long as needed;
• maintain accurate and relevant data where possible;
• provide access or correction pathways where required by law.

8. DISCLOSURE OF YOUR PERSONAL DATA

We may disclose your personal data to the following categories of recipients where necessary and appropriate:

8.1 Partners

We may share booking-related information with the relevant Partner so they can fulfill your request.

8.2 Payment Processors

We may share payment and transaction-related information with banks, payment gateways, e-wallet providers, and other payment service providers.

8.3 Technology and Service Providers

We may use third-party providers for:

• cloud hosting;
• data storage;
• analytics;
• communications;
• customer support;
• mapping;
• crash reporting;
• fraud prevention;
• identity verification;
• software maintenance;
• security monitoring.

8.4 Professional Advisors

We may disclose data to lawyers, auditors, consultants, or insurers where necessary for legitimate business purposes or legal compliance.

8.5 Authorities and Regulators

We may disclose data to law enforcement, courts, regulators, tax authorities, or other government bodies when required or permitted by law.

8.6 Business Transfers

If Bestie is involved in a merger, acquisition, financing, restructuring, sale of assets, or other business transaction, your personal data may be disclosed as part of the due diligence or transaction process, subject to applicable law and confidentiality obligations.

9. LOCATION DATA AND REAL-TIME TRACKING

Because Bestie is a mobility and service platform, location data is central to many features.

We may use location data to:

• show nearby drivers or service providers;
• estimate trip or delivery routes;
• calculate pricing;
• track service progress;
• support emergency or care-related requests;
• improve service safety;
• detect fraud or misuse.

You may control certain location permissions through your device settings, but disabling location access may reduce or prevent the use of some features.

10. PAYMENT INFORMATION

We may collect or receive information related to payments, including:

• amount charged;
• payment status;
• transaction references;
• masked card details or tokenized payment references;
• wallet or bank transaction confirmations;
• refund or reversal data.

We generally do not store complete card numbers or banking login credentials unless required by a secure payment process and lawfully permitted.

Payment information may be handled by trusted third-party payment processors, who may have their own privacy policies and security practices.

11. COOKIES, SDKS, AND ANALYTICS

When you visit our website or use the Platform, we may use cookies, software development kits (SDKs), pixels, tags, and similar technologies to:

• remember your preferences;
• keep you signed in;
• measure traffic and performance;
• analyze app behavior;
• personalize content;
• improve functionality;
• detect errors and abuse.

You may be able to manage cookies or similar technologies through your browser or device settings, but doing so may affect some features.

12. MARKETING COMMUNICATIONS

We may send you:

• service notifications;
• booking messages;
• account alerts;
• policy updates;
• customer support communications;
• promotional or marketing materials.

Where required, we will give you an option to opt out of marketing communications. Even if you opt out of marketing, we may still send operational messages that are necessary for service delivery, account management, safety, or legal compliance.

13. DATA RETENTION

We retain personal data only for as long as reasonably necessary to:

• provide the Services;
• maintain your account;
• complete transactions;
• resolve disputes;
• enforce our agreements;
• prevent fraud;
• comply with law, tax, accounting, and regulatory requirements;
• defend legal claims;
• support business operations.

When personal data is no longer needed, we will take reasonable steps to securely delete, destroy, anonymize, or de-identify it, unless retention is required or allowed by law.

14. DATA SECURITY

We take reasonable administrative, technical, and organizational measures to protect personal data from unauthorized access, misuse, alteration, disclosure, loss, or destruction.

These measures may include:

• access controls;
• password protections;
• role-based permissions;
• encryption or tokenization where appropriate;
• secure servers;
• backup systems;
• monitoring and logging;
• staff access limitation;
• vendor due diligence;
• internal policies and procedures.

No method of storage or transmission is completely secure, and we cannot guarantee absolute security. However, we work to protect personal data using measures that are reasonable and proportionate to the nature of the information we process.

15. DATA ACCURACY AND UPDATES

We aim to keep personal data accurate, complete, and up to date where reasonably possible.

You are responsible for helping us maintain accurate information by:

• updating your profile details;
• correcting errors;
• keeping your contact information current;
• ensuring payment details remain valid;
• notifying us of changes relevant to your account or service use.

If you believe your data is inaccurate or incomplete, you may contact us to request correction.

16. ACCESS AND CORRECTION RIGHTS

The official PDP guidance notes that, under the PDPA, a data subject may request access to personal data and may request correction of personal data, subject to the applicable rules and verification requirements.

Subject to applicable law, you may request:

• access to your personal data;
• correction of inaccurate or outdated data;
• updates to your account details;
• explanation of categories of data we hold;
• deletion or restriction where permitted by law and technically feasible.

To protect your privacy, we may need to verify your identity before responding to a request. Some access or correction requests may be subject to legal limitations, operational constraints, or mandatory record-keeping requirements.

17. WITHDRAWAL OF CONSENT

Where our processing of your personal data is based on consent, you may withdraw that consent at any time by contacting us.

However, withdrawing consent may affect our ability to provide some or all Services to you, especially where certain information is required to:

• complete a booking;
• verify identity;
• comply with law;
• process payment;
• ensure safety;
• handle disputes.

Withdrawal of consent does not affect processing already carried out before the withdrawal took effect.

18. CHILDREN’S PRIVACY

Bestie is intended primarily for adult users or users who are otherwise permitted to use the Platform under applicable law and service rules.

We do not knowingly collect personal data from children without appropriate authorization or legal basis where required. If we discover that data from a child has been collected in violation of this Policy, we may delete it or take appropriate steps in accordance with law and operational requirements.

19. THIRD-PARTY LINKS AND SERVICES

The Platform may contain links to third-party websites, applications, payment services, or external platforms.

We are not responsible for the privacy practices, security, or content of third-party services. We encourage you to read the privacy policies of those third parties before providing them with your personal data.

20. CROSS-BORDER DATA TRANSFERS

In some cases, your personal data may be stored or processed on servers located outside Malaysia or accessed by service providers in other jurisdictions.

Where such transfers occur, we will take reasonable steps to ensure that the data remains protected and that the transfer is conducted in a lawful and secure manner consistent with applicable requirements.

21. PARTNER AND BUSINESS USER DATA

If you are a Partner or business user, we may collect and process additional information such as:

• business registration details;
• director or owner information;
• license or permit documents;
• service certification;
• vehicle details;
• insurance details;
• payout or settlement information;
• performance and ratings data;
• compliance documents.

This information may be used for:

• onboarding and verification;
• maintaining partner records;
• service allocation;
• support and training;
• compliance monitoring;
• dispute handling;
• legal and accounting obligations.

22. COMMUNICATION LOGS AND SUPPORT RECORDS

We may keep records of:

• support tickets;
• chat messages;
• complaint submissions;
• call logs related to customer service;
• feedback and investigations;
• incident reports.

These records may be used to improve support, resolve disputes, protect users, and ensure accountability.

23. AUTOMATED DECISION-MAKING AND PLATFORM OPERATIONS

Some functions of the Platform may use automated systems to assist with:

• matching users and partners;
• estimating arrival times;
• route suggestions;
• fraud prevention;
• safety scoring or risk detection;
• operational prioritization;
• service recommendations.

Where automation is used, it is intended to improve efficiency and service quality. We may also use human review where appropriate for complaints, disputes, security, or account action decisions.

24. HOW WE HANDLE SENSITIVE SERVICE INFORMATION

Some Bestie services may involve sensitive or delicate arrangements, especially emergency-related or dignity care-related services.

For such services, we aim to:

• limit access to necessary staff and service providers only;
• share only the information needed to deliver the service;
• handle information with sensitivity and professionalism;
• retain such data only as long as reasonably necessary;
• protect it using enhanced access and confidentiality controls where appropriate.

25. DISCLOSURE FOR LEGAL AND SAFETY REASONS

We may disclose personal data if we believe in good faith that disclosure is necessary to:

• comply with the law, regulation, legal process, or court order;
• enforce our terms and policies;
• protect the rights, property, or safety of Bestie, our users, our partners, or the public;
• investigate and prevent fraud, security incidents, or abuse;
• respond to emergencies or urgent safety concerns.

26. CHANGES TO THIS PRIVACY POLICY

We may revise this Privacy Policy from time to time to reflect:

• legal changes;
• operational changes;
• new features;
• new services;
• updated security practices;
• business developments.

When we update this Policy, we may post the revised version on the Platform and update the “Last Updated” date. Continued use of the Platform after changes become effective may indicate acceptance of the revised Policy, where permitted by law.

27. DATA BREACH RESPONSE

If we become aware of a suspected or actual personal data breach, we may take steps that include:

• investigating the incident;
• securing affected systems;
• assessing scope and impact;
• notifying affected parties or authorities where required by law;
• taking remedial actions;
• reviewing internal controls to prevent recurrence.

Our response will depend on the nature, severity, and legal context of the incident.

28. RETENTION OF BUSINESS RECORDS

We may retain data and records for accounting, compliance, audit, fraud prevention, legal defense, and business continuity purposes, even if you close your account or stop using the Platform, where such retention is permitted or required by law.

29. YOUR CHOICES

Depending on your account type, device settings, and applicable law, you may be able to:

• update account information;
• adjust app permissions;
• limit location access;
• disable certain notifications;
• opt out of marketing messages;
• request access or correction;
• close your account.

Some choices may reduce your ability to use certain features.

30. CONSEQUENCES OF NOT PROVIDING PERSONAL DATA

If you do not provide certain personal data, we may be unable to:

• create or verify your account;
• match you with a partner;
• process a booking;
• process payment;
• provide support;
• comply with legal requirements;
• maintain safety and fraud prevention controls.

31. CONFIDENTIALITY

We expect our employees, contractors, and service providers to handle personal data in a confidential and responsible manner. Access is limited to persons who need it for legitimate business purposes.

32. GOVERNING LAW

This Privacy Policy is intended to be read in conjunction with the laws of Malaysia, including the PDPA framework governing personal data processing in commercial transactions.

33. CONTACT US

If you have questions, requests, complaints, or concerns about this Privacy Policy or your personal data, please contact:

• Gold-Cheers Holding (M) Sdn. Bhd.
• 12-1, Jalan Seri Impian 8/1A, Bandar Seri Impian, Impiana Square, 86000 Kluang, Johor Darul Ta'zim
• Email: admin@goldcheers.com.my

Where required, please include enough information for us to verify your identity and process your request.

34. ACKNOWLEDGMENT

By using Bestie, you acknowledge that you have read and understood this Privacy Policy and that you agree to the collection, use, disclosure, storage, and processing of your personal data as described herein, subject always to applicable law.