This page explains what personal information Riffblox Logistics Sdn Bhd (“Riffblox”, “we”) collects when you use this site or engage our freight, customs or warehousing services — and what we do with that information. It is published in line with the Malaysian Personal Data Protection Act 2010 (Act 709) and its subsidiary rules.
1. Who the data controller is
Riffblox Logistics Sdn Bhd (SSM Reg. 202401045672 (1564987-A)) is the data user, registered at Level 22, Menara Worldwide, 198 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia. The Data Protection Officer can be reached at [email protected].
2. What we collect
- Contact details — name, company, work email, work phone — supplied when you ask for a quote or send us an enquiry.
- Shipment details — origin, destination, commodity, weights and dimensions — supplied to allow us to quote and book.
- Identity documents — passport or NRIC copies of authorised signatories, where required by Kastam for the customs filing.
- Technical data — IP address, browser type, referrer URL and timestamps — logged by our hosting infrastructure for fraud-prevention and uptime monitoring.
- Cookie data — see the cookie policy.
3. Why we collect it
- To prepare quotations, accept bookings and execute freight and brokerage instructions.
- To file customs declarations on your behalf with Kastam Malaysia and overseas customs authorities.
- To invoice for services delivered and to chase outstanding amounts.
- To meet our anti-money-laundering, sanctions screening and export-control obligations.
- To respond to general enquiries, partnership proposals and recruitment applications.
4. Who we share it with
Personal data is shared, only where strictly necessary, with: ocean and air carriers, our partner forwarder desks abroad, customs authorities (Malaysian and foreign), insurers where you elect to buy cover, banks for cross-border payment processing, our legal and tax advisors, and external auditors. We do not sell personal data and we do not pass it to marketing networks.
5. Cross-border transfers
Because freight forwarding is, by definition, cross-border, your data will be shared with parties outside Malaysia. We rely on contractual safeguards equivalent to those required by Section 129 of the PDPA, and on the destination country’s own legal framework where it provides adequate protection.
6. How long we keep it
Shipment records are retained for seven years after the calendar year of clearance, in line with the recordkeeping requirements of the Customs Act 1967. General enquiry correspondence is retained for 24 months. Recruitment data is retained for 12 months from the date of application unless you ask us to keep it longer.
7. Your rights
Under the PDPA you may ask for access to your personal data, ask us to correct anything inaccurate, withdraw any consent you have previously given, or limit how we process specific data points. Send any such request to [email protected]. We will respond within 21 calendar days.
8. Security
All Riffblox infrastructure sits inside Malaysian data-centre footprints with ISO 27001 certification. We encrypt data in transit (TLS 1.3) and at rest (AES-256). Access to client data is role-restricted and logged. Phishing simulations are run quarterly across all staff.
9. Changes
If this policy changes materially, we’ll publish the revised text on this page and post a notice on the home page for 30 days. The “last reviewed” date at the top of this page always reflects the current version.
10. Complaints
If you’re not satisfied with how we’ve handled a request, you can complain to the Department of Personal Data Protection Malaysia (Jabatan Perlindungan Data Peribadi, JPDP), Aras 6, Kompleks Kementerian Komunikasi dan Multimedia, Lot 4G9, Persiaran Perdana, Presint 4, 62100 Putrajaya.