1. Introduction

Dhafir Holiday Travel & Tours Sdn Bhd (Company No. 201201015317 & 988834-M), a company incorporated in Malaysia and having its registered office at 7-1, Jalan Bidara 8, Saujana Utama 3, 47000 Sungai Buloh, Selangor (“we”, “us”, or “our”), values your privacy and is committed to protecting your personal data.

This Privacy Policy outlines how we collect, use, store, disclose, and safeguard your personal data in accordance with the PDPA.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

• Full name, IC number/passport number

• Contact details (phone number, email address, home address)

• Travel details (destination, date, preferences)

• Payment and billing information

• Dietary or medical information (if necessary for travel)

• Social media handles or marketing preferences

• Emergency contact information

3. How We Collect Personal Data

Your personal data may be collected directly or indirectly through the following:

• When you make a booking or enquiry via our website, WhatsApp, phone call, email, or social media

• When you fill out forms, surveys, contests, or marketing promotions

• From payment gateway platforms (e.g. Stripe, iPay88)

• From third-party booking agents, referral partners, or affiliates

4. Purpose of Data Collection

We collect and process your personal data for the following purposes:

• To manage and process your bookings and payments

• To communicate important travel updates or changes

• To make arrangements with third-party service providers (e.g. airlines, hotels, transport)

• To provide customer support and respond to enquiries

• For internal record-keeping, invoicing, and auditing

• For marketing, promotional, and remarketing purposes (if consented)

• To comply with legal obligations or requirements from authorities

5. Disclosure of Personal Data

We may disclose your personal data to the following third parties when necessary:

• Airlines, hotels, and local service providers to fulfill travel arrangements

• Payment gateway service providers

• Government or regulatory bodies for immigration or compliance purposes

• Marketing or IT service providers engaged by us

We do not sell or rent your personal data to any third party.

6. Security and Retention

We take reasonable steps to ensure your personal data is secure, including:

• Restricted access to personal data

• Use of secure servers and firewalls

• Staff confidentiality agreements and internal data policies

Your personal data will be retained for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.

7. Cookies and Tracking

Our website may use cookies and similar technologies to enhance user experience. You can control the use of cookies via your browser settings. However, disabling cookies may affect your access to some website features.

8. Your Rights Under PDPA

Under the PDPA, you have the right to:

• Access your personal data held by us

• Request correction of inaccurate data

• Withdraw consent for data processing (where applicable)

• Request deletion of personal data (if legally permissible)

To exercise your rights, please contact us using the details below.

9. Contact Us

If you have any questions, requests, or complaints regarding your personal data or this policy, please contact:

Data Protection Officer
Dhafir Holiday Travel & Tours Sdn Bhd
Tel: +6012-336 8805
Email: afs@dhafirholiday.com
Website: www.dhafirholiday.com

10. Policy Updates

We reserve the right to amend this Privacy Policy from time to time. Any changes will be published on our website. Your continued use of our services following such changes constitutes your acceptance of the revised policy.

By using our services or submitting personal data to us, you confirm that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.