Privacy Policy
This page explains what personal data Tioman SpeedBoat collects when you book a ferry ticket through our website, why we collect it, and how we keep it safe. We comply with the Malaysian Personal Data Protection Act 2010 (PDPA).
1. What we collect
- Booking details — buyer name, email, phone number, NRIC / passport number, and per-passenger identity required for the JLM (Jabatan Laut Malaysia) manifest.
- Payment data — handled by our payment gateway (HitPay). We never store full card numbers.
- Technical data — IP address, browser type, and referring page, used only for fraud prevention and aggregated analytics.
2. How we use it
- To issue your e-ticket and JLM-compliant manifest entry.
- To contact you about schedule changes, weather disruptions, or refund processing.
- To meet Marine Department record-keeping rules for passenger ferry operators.
3. How long we keep it
Booking and manifest records are retained for 7 years as required by Malaysian transport-operator regulations, then permanently deleted. Marketing-list emails are retained until you unsubscribe.
4. Your rights
Under PDPA you may request access to or correction of your personal data, withdraw consent for marketing, or ask us to delete data we no longer need to keep. Email [email protected] with your request.
5. Cookies
We use a minimum set of cookies for cart/session continuity and CSRF protection. We do not sell your data to third parties.
6. Updates to this policy
If we make material changes we'll post a new effective date at the top of this page and (where required) email registered users.