Your Booking

No booking yet

Browse bikes

Privacy Policy

We take your privacy seriously. This policy explains what personal data we collect, why we collect it, and your rights under Malaysian law.

Last updated: 1 June 2025  ·  Effective: 1 June 2025

1. Who We Are (Data User)

This Privacy Policy is issued by [COMPANY NAME SDN BHD (XXXXXX-X)], trading as MotorcyclesRide ("we", "us", "our"). We are the data user as defined under the Personal Data Protection Act 2010 (Malaysia) ("PDPA").

For privacy-related enquiries or to exercise your rights, contact us at:

2. Scope of This Policy

This policy applies to personal data collected through our website (motorcyclesride.com and any subdomain), through our booking process, and through any direct communication you initiate with us (email, WhatsApp, or phone).

It does not apply to third-party websites that we may link to. We encourage you to review the privacy policies of any third-party sites you visit.

3. Personal Data We Collect

We collect the following categories of personal data:

CategoryData ElementsWhen Collected
IdentityFull name, date of birth (where provided), IC / passport number, licence number and classAt booking and at pick-up
ContactEmail address, phone number (including WhatsApp number where provided)At registration or booking
BookingRental dates, Vehicle selected, order reference, rental amount, payment status, booking historyAt booking
AccountEmail address, hashed password (we never store plain-text passwords), account creation dateAt registration
TechnicalIP address (for rate limiting and fraud prevention), browser type (from request headers), session tokens stored in cookiesAutomatically, during site use
CommunicationsContent of messages you send us via email or WhatsAppWhen you contact us

We do not collect sensitive personal data as defined under the PDPA (such as health, biometric, or financial account data) unless you voluntarily disclose it in a message to us.

4. Why We Collect Your Data (Purposes)

We process your personal data for the following purposes, each of which is either necessary for the performance of our rental contract with you, required by law, or based on our legitimate business interests:

  • Processing and managing your booking — including sending confirmation emails, order status updates, and cancellation notifications.
  • Verifying your eligibility to rent — checking licence class, age, and identity at pick-up.
  • Administering your account — allowing you to log in, view booking history, and manage your profile.
  • Collecting and processing payments and deposits — recording rental fees and deposit status.
  • Communicating with you — responding to enquiries, resolving disputes, and sending service-related notifications.
  • Fraud prevention and security — rate limiting repeated failed logins and booking attempts by IP address.
  • Legal compliance — retaining records as required under Malaysian tax and commercial law.
  • Improving our service — analysing aggregated, anonymised usage patterns to improve the website and fleet.

We will not use your personal data for automated profiling or decision-making that produces legal effects on you.

5. Disclosure to Third Parties

We do not sell, rent, or trade your personal data. We may share your data with:

  • Service providers acting on our behalf — such as email delivery services and cloud hosting providers (Cloudflare) — who are contractually bound to use your data only as instructed by us.
  • Law enforcement or regulatory bodies — where we are required or permitted to do so by applicable Malaysian law (including in response to a court order or police report).
  • Insurance parties — to the extent necessary to process any claim arising from a rental incident.

Any third-party service provider we engage is selected with regard to their data protection practices and is bound by appropriate confidentiality obligations.

6. Cookies and Session Tokens

We use cookies and similar technologies for authentication and session management only. We do not use third-party advertising cookies or behavioural tracking cookies.

CookiePurposeExpiry
auth_tokenCustomer authentication session (JWT)7 days or on logout
admin_tokenAdmin authentication session (JWT)Session / on logout

These cookies are marked HttpOnly and SameSite=Lax. They cannot be accessed by JavaScript and are not transmitted to third-party domains.

7. Data Retention

We retain your personal data for as long as necessary for the purposes set out in Clause 4, subject to the following:

  • Active account data is retained for as long as your account remains open.
  • Booking and transaction records are retained for a minimum of 7 years to comply with Malaysian tax legislation.
  • Rate-limiting records (IP addresses and attempt counts) are retained for a maximum of 30 days.
  • Communications (email and WhatsApp messages) are retained for 2 years from the date of the last message in a thread.

When retention periods expire, personal data is securely deleted or anonymised so that it can no longer be associated with you.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Specific measures include:

  • Passwords are stored as salted hashes (PBKDF2-SHA256 with 100,000 iterations) — we cannot recover your plain-text password.
  • All data in transit is encrypted via HTTPS/TLS.
  • Authentication tokens use HMAC-signed JWTs with a server-side secret.
  • Rate limiting is applied to login and registration endpoints to mitigate brute-force attacks.

No method of transmission over the internet is 100% secure. While we use commercially reasonable measures, we cannot guarantee absolute security. In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.

9. Your Rights Under the PDPA 2010

Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights:

  • Access You may request a copy of the personal data we hold about you (subject to any applicable exemptions).
  • Correction You may request that we correct any inaccurate or incomplete personal data.
  • Withdrawal You may withdraw consent to processing for direct marketing purposes at any time. Withdrawal does not affect processing already carried out or processing necessary for the performance of our contract with you.
  • Complaint You may lodge a complaint with the Department of Personal Data Protection (JPDP) if you believe we have handled your data unlawfully.

To exercise any of the above rights, email us at booking@motorcyclesride.com with the subject line "Data Rights Request". We will respond within 21 days as required by the PDPA.

10. Minors

Our services are not directed at persons under 18 years of age, and our minimum rental age is 21. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the most recent revision was made. We will notify you of material changes by displaying a notice on our homepage for at least 14 days before the updated policy takes effect. Continued use of the website after that date constitutes acceptance of the revised policy.

12. Contact Us

For any privacy-related questions, complaints, or requests:

Complaints may also be directed to the Department of Personal Data Protection Malaysia (JPDP): www.pdp.gov.my

⚖️ Legal Review Recommended

This Privacy Policy is drafted to align with the Personal Data Protection Act 2010 (Malaysia) as of the date shown above. PDPA compliance requirements may be updated by the JPDP. Placeholder fields in square brackets must be completed prior to publication. Consider a legal review before going live, particularly if you process data of EU residents (which would additionally trigger GDPR obligations).