DATA RETENTION & DATA DESTRUCTION POLICY

DATA RETENTION & DATA DESTRUCTION POLICY

Ordersini.asia
Owned & Operated by Netdesk Solution, Malaysia

This Data Retention & Data Destruction Policy (“Policy”) outlines how Netdesk Solution (“Company”, “we”, “our”, or “us”) manages the retention, storage, and deletion of personal data collected through the Ordersini.asia platform (“Platform”).
This Policy is established in compliance with the Personal Data Protection Act 2010 (PDPA Malaysia) and forms part of the Platform’s Privacy Policy and Terms of Service.

1. Purpose of This Policy

This Policy ensures that all personal data:

  • Is retained only as long as reasonably necessary

  • Is processed strictly for lawful and legitimate business purposes

  • Is protected against unauthorized access or misuse

  • Is deleted securely when no longer required

The Company adopts the PDPA principles of Notice & Choice, Disclosure, Security, Retention, and Data Integrity.

2. Scope

This Policy applies to all personal data collected from:

  • Customers

  • Vendors / Merchants

  • Delivery Riders

  • Platform Visitors

  • Any other individuals who interact with Ordersini.asia

It applies to both digital and physical formats.

3. Categories of Data Covered

This Policy covers the following categories of personal data:

  1. Account Information
    – Name, phone number, email, address, login details

  2. Order & Transaction Data
    – Food orders, delivery details, payment confirmations

  3. Vendor Business Information
    – Business name, SSM details (where applicable), contact person

  4. Rider Information
    – Identification, contact details, delivery logs

  5. Technical Data
    – Device information, IP address, cookies, access logs

  6. Communication Records
    – Emails, chat inquiries submitted through the platform

4. Data Retention Periods (PDPA-Compliant Minimum Requirements)

The Company retains personal data only for the duration necessary to fulfill its purposes, unless longer retention is required by law.

Data CategoryRetention PeriodLegal/Operational Justification
Customer Account DataUntil account deletion or inactivity for 24 monthsPDPA Retention Principle
Order History24 months from order dateOperational support & dispute resolution
Vendor Business DataWhile vendor account is active + 12 months after terminationContract obligations
Rider DataWhile rider account is active + 12 months after deactivationFraud prevention & security
Payment Confirmation Data7 years (if stored)Malaysian tax & audit compliance (LHDN)
System Logs (IP, device info, access logs)12 monthsSecurity monitoring
Support Requests / Complaints12 monthsCustomer service & dispute handling

5. Data Minimization

We strictly collect only the data necessary to:

  • Provide food ordering services

  • Manage vendor and rider operations

  • Facilitate delivery and support

  • Comply with Malaysian law

Unnecessary personal data is not requested or retained.

6. Secure Storage of Personal Data

All retained personal data is stored securely with measures including:

  • Access control restrictions

  • Password protection and encryption (where applicable)

  • Firewalls and intrusion prevention systems

  • Secure backup environment

Only authorized personnel may access retained data.

7. Data Destruction Policy

When personal data is no longer required for its original purpose, we ensure its secure and irreversible deletion, using methods such as:

Digital Data

  • Permanent deletion from databases

  • Secure wiping of storage devices

  • Removal from backup systems upon expiry

Physical Documents

  • Shredding or secure disposal

Data destruction is carried out in accordance with PDPA requirements and internal security controls.

8. User-Initiated Account Deletion

Users may request deletion of their personal data by contacting:

📧admin@ordersini.asia
(Managed by Netdesk Solution)

Upon verification:

  • Account data is deleted within 30 days

  • Order history may be retained separately for compliance (e.g., tax laws)

  • Backups may take up to 90 days before full removal due to system cycles

9. Exceptions (When Data Cannot Be Deleted)

Data may be retained longer if required for:

  • Legal obligations

  • Financial audits

  • Fraud investigation

  • Dispute resolution

  • Enforcement of contractual rights

In such cases, data is restricted and used only for the specific legal purpose.

10. Third-Party Data Processors

Where third-party service providers process personal data on our behalf, they are contractually required to:

  • Follow PDPA principles

  • Protect personal data

  • Delete or return data upon request

Examples include hosting providers, SMS/email gateways, and payment processors.

11. Amendments

The Company reserves the right to amend this Policy at any time.
Updates will be published on the Platform, and continued usage constitutes acceptance.

12. Contact Information

For concerns regarding data retention, deletion, or PDPA matters, contact:

📧admin@ordersini.asia
(Managed by Netdesk Solution)

Are you a restaurant owner?

Join us and reach new customers

Just a few steps to join our family
Join
Subscribe
Company