Wavemere Contact Us
Legal

Privacy Policy

Last Updated: 15 January 2026 Jurisdiction: Malaysia

1. Introduction

Wavemere ("we", "us", "our") is committed to protecting the personal data of individuals who use our yacht tour services, visit our website, or communicate with us in any capacity. This Privacy Policy describes what personal data we collect, why we collect it, how we use and protect it, and what rights you have regarding your information.

This policy applies to all personal data processed by Wavemere in connection with its operations, including tour bookings, website enquiries, and customer communications. Our operations are based at 22 Jalan Perdana, 62000 Putrajaya, Malaysia.

Questions about this policy may be directed to privacy@waveemel.

2. Data We Collect

When you interact with Wavemere — through our website, by phone, or by email — we may collect the following categories of personal data:

  • Identity data: Full name, as provided during booking or enquiry
  • Contact data: Email address, telephone number
  • Booking data: Preferred tour dates, group size, special requirements
  • Payment data: Payment confirmation references (we do not store card numbers)
  • Technical data: IP address, browser type, pages visited (collected via analytics cookies where consented)
  • Communication data: Content of emails, WhatsApp messages, or form submissions sent to us

We collect data directly from you when you submit an enquiry form, call our office, or make a booking. Technical data is collected automatically when you visit our website, subject to your cookie preferences.

3. How We Use Your Data

We use personal data for the following purposes:

  • To process and manage tour bookings and confirmations
  • To communicate with you about your enquiry or booking, including changes and rescheduling
  • To send pre-departure information, packing guides, and safety briefings
  • To manage payment records and issue invoices
  • To improve our website and services based on aggregate usage patterns
  • To respond to complaints or post-tour feedback
  • To comply with applicable Malaysian law, including record-keeping obligations

We do not use personal data for automated decision-making or profiling. We do not send unsolicited marketing emails unless you have specifically requested communications from us.

4. Legal Basis for Processing

Under the Personal Data Protection Act 2010 (PDPA) of Malaysia, we process personal data on the following legal grounds:

  • Contractual necessity: Processing required to fulfil your booking or respond to your enquiry
  • Legal obligation: Processing required to comply with Malaysian law (e.g., financial records, MMEA documentation)
  • Legitimate interests: Processing to improve our services, manage security, and communicate with existing customers — where these interests are not overridden by your rights
  • Consent: Where we rely on your consent (e.g., analytics cookies), you may withdraw it at any time without affecting the lawfulness of prior processing

5. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

  • Booking and payment records: 7 years (as required under Malaysian tax and accounting law)
  • Enquiry communications without a resulting booking: 12 months
  • Website analytics data: aggregated and anonymised after 12 months
  • Cookie preference records: 12 months from the date of consent

After the applicable retention period, data is securely deleted or anonymised.

6. Data Sharing

We do not sell personal data to third parties. We share data only in the following limited circumstances:

  • Service providers: Payment processors (DuitNow, online banking partners) who handle transactions on our behalf, under appropriate data processing agreements
  • Analytics: Where analytics cookies are consented to, aggregated and anonymised data may be processed by Google Analytics
  • Legal authorities: Where required by Malaysian law, court order, or regulatory request (e.g., MMEA, maritime authority)
  • Safety: In emergencies involving guest safety, relevant contact and booking information may be shared with emergency services

7. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These measures include:

  • Encrypted communication channels (HTTPS) for our website
  • Access controls restricting data access to relevant Wavemere personnel
  • Secure cloud storage for booking records with password protection and access logging
  • Regular review of data practices and security procedures

In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify affected individuals as required under applicable Malaysian law.

8. Cookies

Our website uses cookies to function properly and, where consented, to analyse visitor behaviour. Full details of the cookies we use and how to manage your preferences are set out in our Cookie Policy.

9. Your Rights

Under the PDPA 2010 and general data protection principles, you have the following rights regarding your personal data:

  • Right to access: Request a copy of personal data we hold about you
  • Right to correction: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of data we are no longer required to retain
  • Right to restrict processing: Request that we limit processing in certain circumstances
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time
  • Right to complain: Lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP)

To exercise any of these rights, contact us at privacy@waveemel. We will respond within 21 days of receiving a valid request.

10. Third-Party Links

Our website may contain links to external sites, including social media platforms and payment partners. We are not responsible for the privacy practices of those third-party websites. We encourage you to read their privacy policies before providing any personal information.

11. Children's Privacy

Our website and booking services are intended for users aged 18 and above. We do not knowingly collect personal data from individuals under 18 without parental consent. Where a booking includes children as guests, data is collected from the responsible adult making the booking.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated policy will be published on this page with a revised "Last Updated" date. For significant changes, we will communicate notice to affected individuals where feasible.

13. Contact Information

Data controller: Wavemere

Address: 22 Jalan Perdana, 62000 Putrajaya, Malaysia

Email: privacy@waveemel

Phone: +60 3-5291 8473