KOOMUNITY

Privacy Policy

Koocester Group Pte Ltd (UEN: 202344802R)  |  Koocester Media Sdn Bhd (202501056186 / 1657592-K)  |  PT Koocester Media Indonesia (NIB: 03072500093943)

Last Updated: 10 June 2026  |  Effective Date: 30 March 2026

Singapore (PDPA 2012) Malaysia (PDPA 2010, Amended 2024) Indonesia (PDP Law No. 27/2022)

Summary: This policy explains how Koocester Group collects, uses, and shares personal data collected from audiences in Singapore, Malaysia, and Indonesia. It complies with Singapore’s Personal Data Protection Act 2012 (PDPA), Malaysia’s Personal Data Protection Act 2010 (as amended in 2024), and Indonesia’s Personal Data Protection Law No. 27 of 2022 (PDP Law). By submitting your information, you consent to the practices described here. You have the right to withdraw consent, access, correct, or request deletion of your data at any time.

1. About This Policy

This Privacy Policy applies to personal data collected by Koocester Group (“the Company”, “We”, “Us” or “Our”) when you respond to our advertisements, use our services, or interact with us through any of our platforms and social media pages, including our Koocester pages in Singapore, Malaysia, and Indonesia.

We are committed to managing your personal data in accordance with the following applicable laws:

  • Singapore: Personal Data Protection Act 2012 (PDPA), administered by the Personal Data Protection Commission (PDPC)
  • Malaysia: Personal Data Protection Act 2010 (as amended by the Personal Data Protection (Amendment) Act 2024), administered by the Personal Data Protection Department (JPDP/PDPD)
  • Indonesia: Law No. 27 of 2022 on Personal Data Protection (PDP Law), administered by the Ministry of Communication and Digital Affairs (MOCD)

Where there is a conflict between the laws of different jurisdictions, we apply the higher standard of protection. Jurisdiction-specific provisions are set out in Section 13 of this Policy.

2. Definitions

For the purposes of this Privacy Policy:

Personal Data — Any data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access. This includes data collected from individuals located in Singapore, Malaysia, and Indonesia.

Processing — Any operation performed on personal data, including collection, use, disclosure, copying, modification, disposal, or destruction.

Data Subject — The individual to whom the personal data relates, including individuals located in Singapore, Malaysia, and Indonesia.

Data Controller — Koocester Group, which determines the purposes and means of processing personal data.

Business Partners — Third-party companies with whom We have a formal arrangement to offer products, services, or promotions. A current list of categories of Business Partners is available upon request.

Affiliates — Our parent company and any subsidiaries, joint venture partners, or companies under common control with Us.

Service Providers — Third-party vendors who process data solely on Our behalf under written data processing agreements.

3. Data We Collect

3.1 Information You Provide

When you respond to our advertisements, contact us, or use our services, we may collect:

  • Full name
  • Email address
  • Phone number
  • Mailing or delivery address
  • Personal preferences, requirements, or comments you voluntarily share

3.2 Automatically Collected Data

When you access our digital platforms, we may automatically collect:

  • Device identifiers and technical information
  • IP address and approximate location
  • Pages visited, links clicked, and time spent on our service
  • Referring URLs and browser/app information

3.3 Data from Third Parties

We may receive personal data about you from advertising platforms, referral partners, or public sources. Where this occurs, we will inform you within a reasonable period.

4. How We Use Your Personal Data

We collect and use your personal data only for purposes for which consent has been obtained or where permitted by applicable law.

4.1 Primary Purposes (Core Service Delivery)

  • To respond to your enquiries and manage your account or registration
  • To fulfil contracts, process orders, and deliver products or services you have requested
  • To send you transactional communications such as order confirmations, service updates, and security notices
  • To comply with legal and regulatory obligations in Singapore, Malaysia, and Indonesia

4.2 Secondary Purposes (Require Your Consent)

With your consent (obtained at the point of data collection or separately), we may also use your data for:

  • Marketing communications — To send you news, special offers, promotions, and information about goods and services offered by Us. You may opt out at any time (see Section 8).
  • Sharing with Business Partners — To share your contact information with our vetted Business Partners so they may offer you relevant products, services, or promotions. We will only do this where you have given explicit consent.
  • Market research and service improvement — To analyse usage trends and improve our products, marketing, and customer experience.

Note (Singapore): Under Section 14 of the PDPA, individuals may withdraw consent for secondary purposes at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Note (Malaysia): Under the Personal Data Protection Act 2010 (as amended), withdrawal of consent for secondary purposes is similarly permitted and will be processed within 10 business days.

Note (Indonesia): Under the PDP Law, consent must be obtained explicitly and separately for each processing purpose. You may withdraw consent at any time.

5. Disclosure of Your Personal Data

We may share your personal data in the following circumstances:

5.1 Service Providers

We engage third-party service providers to assist in operating our business (e.g., IT hosting, payment processing, analytics). These providers are permitted to process your data only as instructed by us and under written agreements that require them to protect your data in accordance with applicable law.

5.2 Business Partners

Where you have given your explicit consent, we may share your personal data with Business Partners to offer you specific products, services, or promotions. Each Business Partner is contractually required to:

  • Use your data only for the disclosed purpose
  • Not further disclose your data without your consent
  • Comply with all applicable data protection laws (including the SG PDPA, MY PDPA, and Indonesia PDP Law)
  • Delete or return your data upon request or end of the arrangement

You have the right to request a list of the specific Business Partners your data has been shared with. Contact us at connect@koocester.com.

5.3 Affiliates

We may share your information with Affiliates for purposes consistent with this Privacy Policy. Affiliates are bound by equivalent data protection standards.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business assets, your personal data may be transferred as part of the transaction. We will notify you via email or a prominent notice on our website prior to any such transfer.

5.5 Legal Disclosure

We may disclose your personal data if required by law, court order, or government authority in Singapore, Malaysia, or Indonesia, or where we reasonably believe disclosure is necessary to protect the rights or safety of any person.

5.6 With Your Consent

We may disclose your personal data for any other purpose with your explicit prior consent.

6. Cross-Border Transfers

Koocester Group is incorporated in Singapore and operates across Singapore, Malaysia, and Indonesia. As a result, personal data collected from any of these markets may be transferred to and processed in another country within our operating region.

Where cross-border transfers occur, we will ensure that:

  • The recipient country provides a comparable standard of data protection, OR
  • We put in place contractual safeguards (such as standard data protection clauses or binding corporate rules) to protect your data

Specific cross-border transfer obligations by jurisdiction:

  • Singapore: We comply with the PDPC’s requirements on overseas transfers under the PDPA, including ensuring comparable protection in recipient countries.
  • Malaysia: We comply with the Cross-Border Personal Data Transfer (CBPDT) Guidelines issued by the PDPD, which require Transfer Impact Assessments (TIAs), appropriate consent, and contractual safeguards.
  • Indonesia: Transfers outside Indonesia are made only where the recipient country provides an equivalent standard of protection, or where legally binding safeguards are in place, in accordance with the PDP Law.

By using our services or interacting with our platforms, you consent to such transfers as described in this Policy.

7. Retention of Your Personal Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Upon expiry of the retention period, we will securely delete or anonymise your personal data.

General retention guidelines:

  • Customer and transaction records: 5 years from last transaction (or as required by law)
  • Marketing consent records: Until consent is withdrawn, plus 1 year
  • Enquiry and correspondence records: 2 years from last interaction

8. Your Rights

As a data subject, you have the following rights. These apply across all three jurisdictions we operate in, though the specific mechanisms and timelines may vary by law (see Section 13 for jurisdiction-specific details).

8.1 Right of Access

You may request access to the personal data we hold about you, as well as information about how it has been used or disclosed.

8.2 Right of Correction / Rectification

You may request that we correct any inaccurate or incomplete personal data we hold about you.

8.3 Right to Withdraw Consent

You may withdraw your consent to any secondary use of your personal data (including marketing and sharing with Business Partners) at any time, without charge, by:

  • Clicking the “Unsubscribe” link in any marketing email
  • Emailing us at connect@koocester.com with the subject line “Withdraw Consent”

Withdrawal will be processed within 10 business days. Withdrawal does not affect any processing already carried out prior to the date of withdrawal.

8.4 Right to Data Portability

Where technically feasible and required by applicable law, you may request a copy of your personal data in a structured, commonly used format.

8.5 Right to Erasure / Deletion

Where permitted by applicable law (including under Indonesia’s PDP Law), you may request that we delete your personal data, subject to our legal obligations to retain certain records.

8.6 Right to Lodge a Complaint

If you believe your data protection rights have been infringed, you may lodge a complaint with the relevant authority in your jurisdiction:

  • Singapore: Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg
  • Malaysia: Personal Data Protection Department (JPDP) at www.pdp.gov.my / aduan@pdp.gov.my
  • Indonesia: Ministry of Communication and Digital Affairs (MOCD)

Response Timeframe: We will acknowledge access and correction requests within 5 business days and respond fully within 30 calendar days, or as otherwise required under applicable law.

9. Do Not Call (DNC) Registry — Singapore

We respect the Singapore Do Not Call (DNC) Registry. Before sending marketing messages via voice call, SMS, or fax to Singapore numbers, we will check the DNC Registry unless you have provided clear and unambiguous consent to receive such messages from us specifically.

If you wish to opt out of all telemarketing from us, you may register your Singapore number at www.dnc.pdpc.gov.sg.

For Malaysian and Indonesian audiences, equivalent opt-out mechanisms are available by emailing connect@koocester.com with the subject line “Marketing Opt-Out” and specifying your country of residence.

10. Cookies and Tracking Technologies

Our digital platforms may use cookies and similar tracking technologies to enhance your experience and collect usage data. By continuing to use our platforms, you consent to our use of cookies in accordance with this Policy.

You may disable cookies through your browser settings. Please note that some features of our services may not function correctly if cookies are disabled.

11. Security of Your Personal Data and Breach Notification

We implement reasonable administrative, technical, and physical safeguards to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These include access controls, encryption where appropriate, and staff training on data protection obligations.

In the event of a data breach, we will notify the relevant authority and affected individuals in accordance with applicable law:

  • Singapore: We will notify the PDPC and affected individuals as required under the PDPA mandatory breach notification obligations.
  • Malaysia: We will notify the PDPD within 72 hours of becoming aware of a breach likely to cause significant harm to affected individuals, in accordance with the Data Breach Notification Guideline (effective 1 June 2025).
  • Indonesia: We will notify affected individuals and the relevant authority as required under the PDP Law where a breach is likely to cause harm.

12. Third-Party Links

Our services may contain links to third-party websites or platforms. This Privacy Policy does not apply to such third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Jurisdiction-Specific Provisions

This section sets out additional provisions that apply specifically to data subjects in each jurisdiction we operate in.

13.1 Singapore — Personal Data Protection Act 2012 (PDPA)

Governing Law: Personal Data Protection Act 2012 (PDPA) of Singapore
Regulatory Authority: Personal Data Protection Commission (PDPC) — www.pdpc.gov.sg

Key provisions applicable to Singapore residents:

  • We comply with all obligations under the PDPA, including the Data Protection Provisions and the Do Not Call Provisions.
  • You may withdraw consent for secondary purposes at any time under Section 14 of the PDPA.
  • We will notify the PDPC and affected individuals in the event of a notifiable data breach.
  • Access and correction requests will be responded to within 30 calendar days.

13.2 Malaysia — Personal Data Protection Act 2010 (as Amended 2024)

Governing Law: Personal Data Protection Act 2010 (PDPA Malaysia), as amended by the Personal Data Protection (Amendment) Act 2024
Local Entity: Koocester Media Sdn Bhd (Company No. 202501056186 / 1657592-K)
Regulatory Authority: Personal Data Protection Department (JPDP/PDPD) — www.pdp.gov.my

Key provisions applicable to Malaysian residents:

  • We process your personal data in compliance with the seven data protection principles under the MY PDPA: General, Notice & Choice, Disclosure, Security, Retention, Data Integrity, and Access Principles.
  • Data Breach Notification: In the event of a personal data breach likely to cause significant harm, we will notify the PDPD within 72 hours of becoming aware of the breach, and will notify affected Malaysian individuals where required.
  • Data Protection Officer (DPO): We have designated a DPO responsible for overseeing compliance with the MY PDPA. DPO contact details are published in accordance with the PDPD Guideline on the Appointment of a Data Protection Officer (effective 1 June 2025).
  • Cross-Border Transfers: Any transfer of Malaysian personal data outside Malaysia is conducted in compliance with the PDPD’s Cross-Border Personal Data Transfer Guidelines, including Transfer Impact Assessments where required.
  • Right to Withdraw Consent: Malaysian data subjects may withdraw consent at any time by contacting us at connect@koocester.com (subject: “Withdraw Consent – Malaysia”).
  • Right of Access and Correction: Requests will be acknowledged within 5 business days and responded to within 21 days, or such period as required under the MY PDPA.
  • Complaints: Malaysian residents may lodge complaints with the JPDP at aduan@pdp.gov.my or by calling 03-7456 3888.

13.3 Indonesia — Personal Data Protection Law No. 27 of 2022 (PDP Law)

Governing Law: Law No. 27 of 2022 on Personal Data Protection (PDP Law), fully effective since 17 October 2024
Regulatory Authority: Ministry of Communication and Digital Affairs (MOCD / Kementerian Komunikasi dan Digital)
Local Entity: PT Koocester Media Indonesia (NIB: 03072500093943)

Key provisions applicable to Indonesian residents:

  • Extraterritorial Application: The PDP Law applies to Koocester’s processing of personal data belonging to Indonesian citizens, regardless of where Koocester is located.
  • Explicit Consent: We obtain your explicit, specific, and informed consent before collecting and processing your personal data for each stated purpose. You may withdraw this consent at any time.
  • Data Subject Rights: Indonesian residents have the right to access, correct, delete/erase, and port their personal data, as well as the right to object to automated processing that produces legal effects.
  • Data Breach Notification: In the event of a breach affecting your personal data, we will notify you and the relevant authority in accordance with the PDP Law.
  • Cross-Border Transfers: Any transfer of Indonesian personal data to a country outside Indonesia is conducted only where the recipient country provides an equivalent standard of data protection, or where appropriate contractual safeguards are in place.
  • Data Protection Impact Assessment (DPIA): We conduct DPIAs for processing activities that carry a high potential risk to Indonesian data subjects.
  • Right to Erasure: Indonesian residents may request deletion of their personal data where there is no longer a lawful basis for processing, subject to our legal retention obligations.
  • Complaints: Indonesian residents may contact the MOCD for data protection complaints. Contact us first at connect@koocester.com (subject: “Data Protection Enquiry – Indonesia”) and we will assist in resolving your concern.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the laws of any jurisdiction in which we operate, or regulatory guidance. Material changes will be communicated to you via email (where we hold your email address) or by a prominent notice on our platforms at least 14 days before they take effect.

The effective date at the top of this document indicates when this Policy was last revised.

15. Data Protection Officer and Contact

Koocester Group has designated a Data Protection Officer (DPO) responsible for overseeing compliance with applicable data protection laws across all jurisdictions in which we operate.

To exercise your data rights, ask questions about this Policy, or raise a concern, please contact our DPO:

Email: connect@koocester.com
Subject line: “Data Protection Enquiry”

(For jurisdiction-specific queries, please include your country of residence in the subject line, e.g., “Data Protection Enquiry – Malaysia” or “Data Protection Enquiry – Indonesia”)

We aim to respond within 5 business days.

Koocester Group  |  connect@koocester.com  |  © 2026

Want to be featured?
connect@koocester.com

Quick Links
Contact us
  • +65 80403558
  • connect@koocester.com
  • Koocester Group Pte Ltd 122 Townerville Towner Rd Singapore 327814
Copyright © 2026 Koocester, All rights reserved.
Linkedin-in Instagram Tiktok
Scroll to Top