call Hotline: +60 19-830 1228
WhatsApp help FAQ πŸ‡²πŸ‡Ύ EN · MYR expand_more
qr_code_scanner Check In
shield Privacy Policy

Your data, handled
under the PDPA 2010.

Tioman SpeedBoat is committed to respecting and protecting your privacy in accordance with the Personal Data Protection Act 2010 of Malaysia. This policy explains what we collect, why, how long we keep it, and your rights.

corporate_fareTioman SpeedBoat Sdn. Bhd. badgeCo. No. 202501060135 eventLast updated 7 May 2026
expand_circle_down Read the policy key Exercise your rights

For all our services, the data controller responsible for your privacy is Tioman SpeedBoat Sdn. Bhd. This Privacy Policy should be read together with our Terms of Use, Terms and Conditions of Carriage, and Refund Policy.

database

2. Personal Information We Collect

We collect personal information only with your knowledge and consent — when you use our website, make a booking, contact us, or otherwise interact with our services.

badge
Identification & contact

Full name, gender, date of birth, nationality, identification number (NRIC for Malaysians, passport number for foreigners), email, phone, and address.

directions_boat
Booking & travel

Travel itinerary, departure and destination jetties, sailing date and time, seat selection, and other booking details.

credit_card
Payment

Card details (cardholder name, card number, expiry, issuing bank), FPX bank details, e-wallet identifiers (TNG, GrabPay, Boost), and transaction records. Sensitive payment data is processed by HitPay and is not stored on our servers.

groups
Co-travellers

When you book on behalf of others, we collect their personal information for the purposes of completing the booking and submitting passenger manifests.

history
Booking history

Details of any past bookings, including any customer service interactions or feedback.

devices
Website & device

IP address, browser type and version, operating system, language preferences, and content viewed on our website (collected via cookies and similar technologies).

flag

3. Why We Use Your Personal Information

Your personal information is used for the following purposes:

  • To process and confirm your booking and deliver ferry services;
  • To send booking confirmations, e-tickets, departure reminders, and other service communications;
  • To submit the passenger manifest to the Marine Department of Malaysia (JLM) as required by Malaysian maritime law;
  • To verify identity at boarding;
  • To process refunds, reschedules, and customer service requests;
  • For accounting, billing, auditing, and tax purposes;
  • For safety, security, and emergency response on our vessels;
  • To send marketing communications (only with your consent and where you have not opted out);
  • To improve our website, products, and services through analysis and research.
campaign

4. Marketing Communications

With your consent, we may send you marketing messages via email or SMS to keep you updated on:

  • Latest fare promotions and seasonal offers;
  • Schedule changes and new route announcements;
  • Monsoon schedule updates;
  • Reminders about upcoming travel dates.

You can unsubscribe from marketing messages at any time by:

  • Clicking the “unsubscribe” link in any marketing email;
  • Replying to a marketing email with the request to unsubscribe;
  • Contacting our customer support team at hello@tiomanspeedboat.com.

We will action your unsubscribe request within 2 business days.

notifications_active
Service communications (booking confirmations, schedule alerts, refund notifications) will continue regardless of marketing preferences, as these are required to fulfil our contract with you.
share

5. When We Share Your Information

We may share your personal information with the following parties:

Marine Department of Malaysia (JLM)
For passenger manifest submission as required by law.
Payment processors
Including HitPay, FPX, Visa, Mastercard, and e-wallet providers, to process your payment.
Insurance providers
Where travel insurance is bundled with your booking.
Tioman Marine Park Authority
For marine park entry fee processing where applicable.
Government authorities
Including customs, immigration, and law enforcement, where required by Malaysian law or court order.
Service providers
Including IT hosting providers, email service providers, and customer service platforms that help us operate our business.
Successor entities
In the event of a merger, acquisition, or sale of the business, your information may be transferred to the acquiring entity.
verified
We do not sell your personal information to third parties. We do not share your information with marketing companies without your express consent.
cookie

6. Cookies

We use cookies to recognise your device on subsequent visits, personalise your experience, and improve our website. Cookies do not store sensitive information such as payment details or passwords. We use two types of cookies:

Session cookies
Expire when you close your browser.
Persistent cookies
Remain on your device until they expire or until you delete them.

You may configure your browser to prompt you before accepting cookies, or to reject all cookies. However, certain features of our website (such as logging in or completing a booking) require cookies to function. Refer to your browser documentation for instructions on managing cookies.

key

7. Your Rights Under the PDPA

Under the Personal Data Protection Act 2010 of Malaysia, you have the following rights:

visibility
Right to access

Request a copy of any personal information we hold about you.

edit
Right to correct

Request correction of inaccurate or incomplete information.

undo
Right to withdraw consent

Withdraw your consent for marketing or other consent-based processing at any time.

do_not_disturb_on
Right to limit processing

Request that we limit the processing of your information in certain circumstances.

file_download
Right to data portability

Request your data in a portable format.

To exercise any of these rights, please email hello@tiomanspeedboat.com with your full name, booking reference (if applicable), and details of your request. We will respond within 30 business days as required under the PDPA. We may request additional information to verify your identity before responding.

schedule

8. Data Retention

We retain your personal information for the following periods:

Data category Retention period
Booking records schedule7 years from last booking
Passenger manifest data gavelAs required by JLM
Marketing consent records campaignUntil consent withdrawn
Customer service records support_agent3 years from last interaction

After these periods expire, your personal information is anonymised or securely deleted.

lock

9. Data Security

We implement industry-standard technical, physical, and managerial safeguards to protect your personal information from unauthorised access, accidental loss, alteration, or destruction. These include:

https
256-bit SSL

Encryption for all data transmission between your device and our servers.

database
Encrypted storage

Encrypted database storage for all personal data at rest.

key
Access controls

Limiting employee access to personal data on a strict need-to-know basis.

policy
Security audits

Regular security audits and dependency updates across our infrastructure.

credit_score
PCI-DSS compliance

For payment processing through our payment partners.

info
While we use our best efforts, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify affected users in the event of a data breach in accordance with PDPA requirements.
update

10. Changes to This Policy

We may occasionally update this Privacy Policy to reflect changes in how we process your data or to comply with new legal requirements. Significant changes will be communicated via our website or by email. The “Last updated” date at the top of this policy indicates when it was most recently revised.

support_agent

11. Contact for Privacy Matters

For any queries, requests, or complaints regarding your personal information or this Privacy Policy, please contact:

Email
hello@tiomanspeedboat.com
Phone
+60 19-830 1228
Counter address
Kaunter No. 5, Terminal Jeti Penumpang Tanjung Gemok,
26820 Kuala Rompin, Pahang, Malaysia
Company
Tioman SpeedBoat Sdn. Bhd. (Co. No. 202501060135)
gavel
If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Department of Malaysia (Jabatan Perlindungan Data Peribadi) at www.pdp.gov.my.

Related policies

verified_user Terms of Use description Terms & Conditions policy Refund Policy support_agent Contact us

Want to access or delete your data?

Email us with your full name and booking reference. We respond to all PDPA requests within 30 business days.

key Submit a request call +60 19-830 1228 support_agent All contact options