Privacy policy

NINOKO (ninokokid.com)

Last Updated: 24 December 2025

1. Introduction

OASIS CTG ALLIANCE SDN. BHD. (“we,” “us,” “our”) operates the NINOKO website and brand.
We are committed to protecting your privacy and handling personal data responsibly.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you access or use the NINOKO website, products, or services (collectively, the “Services”).

2. Scope & Legal Compliance

This Privacy Policy applies globally and is designed to comply with:

  • Malaysia Personal Data Protection Act 2010 (PDPA)

  • EU General Data Protection Regulation (GDPR) where applicable

NINOKO products are intended to be purchased by parents or legal guardians.
We do not knowingly collect personal data directly from children.

3. Types of Data We Collect

3.1 Personal Data You Provide

Account & Order Information

  • Name

  • Email address

  • Phone number

  • Billing and shipping address

  • Order history and invoices

Payments

  • Transaction references and payment status
    (Payment card or banking details are processed securely by third-party payment gateways and are not stored by us.)

Customer Support

  • Communications with us

  • Feedback, reviews, or inquiries you submit voluntarily

3.2 Technical & Usage Data

  • IP address

  • Device type, operating system, browser type

  • Pages viewed, session duration, referral source

  • Cookies, local storage, and similar technologies

3.3 Marketing & Preference Data

  • Newsletter subscriptions

  • Marketing preferences and consent records

  • Interactions with promotions or campaigns

4. How We Use Your Data

4.1 To Provide & Operate Services

  • Process orders, payments, deliveries, returns, and refunds

  • Manage customer accounts

  • Respond to inquiries and support requests

  • Prevent fraud, misuse, or security incidents

4.2 To Improve Our Website & Services

  • Analyze website usage and performance

  • Improve user experience and content relevance

  • Maintain system security and operational integrity

4.3 Marketing Communications (Where Consented)

  • Send newsletters, promotions, or product updates

  • You may opt out at any time using unsubscribe links or by contacting us

4.4 Legal & Regulatory Compliance

  • Maintain records for tax, audit, and compliance purposes

  • Enforce our Terms & Conditions

  • Respond to lawful requests from authorities

5. Legal Basis for Processing

We process personal data based on one or more of the following:

  • Consent – marketing communications and optional cookies

  • Contractual necessity – fulfilling orders and providing Services

  • Legal obligation – compliance with laws and regulations

  • Legitimate interests – improving Services, preventing fraud, ensuring security

6. Children’s Privacy (Important)

NINOKO products are intended for children, but our Services are designed for adults (parents or legal guardians).

  • We do not knowingly collect personal data directly from children under 16

  • Accounts, orders, and communications must be made by adults

  • If we discover that personal data of a child has been collected without parental consent, we will delete it promptly

Parents or guardians may contact us to review or request deletion of such data.

7. Sharing & Disclosure of Data

7.1 Service Providers

We may share limited personal data with trusted third parties, including:

  • Payment processors

  • Shipping and logistics providers

  • IT hosting and cloud service providers

  • Marketing and analytics platforms

All third parties are required to protect your data and use it only for specified purposes.

7.2 Legal & Safety Disclosure

We may disclose data where required to:

  • Comply with legal obligations or court orders

  • Protect our legal rights, customers, or public safety

  • Investigate fraud or security threats

7.3 Business Transfers

In the event of a merger, restructuring, or sale of assets, personal data may be transferred as part of the transaction, subject to this Privacy Policy.

8. Cookies & Tracking Technologies

8.1 Types of Cookies Used

  • Essential cookies – required for website functionality

  • Performance cookies – analytics and performance measurement

  • Functional cookies – remember user preferences

  • Advertising cookies – measure campaign effectiveness (where applicable)

8.2 Managing Cookies

You can manage or disable cookies through your browser settings.
You may also opt out of certain targeted advertising via industry tools.

9. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill the purposes described in this Policy

  • Meet legal, tax, and regulatory requirements

  • Resolve disputes and enforce agreements

Data no longer required is securely deleted or anonymized.

10. Your Rights

Subject to applicable laws, you may have the right to:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request deletion or restriction of processing

  • Object to direct marketing

  • Withdraw consent at any time

Requests can be made using the contact details below.

11. Data Security

We implement appropriate technical, administrative, and organizational safeguards, including encryption, access controls, and secure infrastructure, to protect personal data against unauthorized access, loss, or misuse.

12. International Data Transfers

Your personal data may be transferred to and processed in Malaysia or other countries where our service providers operate.
We ensure appropriate safeguards are in place to comply with PDPA and, where applicable, GDPR requirements.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
The “Last Updated” date will reflect any changes. Continued use of the Services constitutes acceptance of the revised Policy.

Contact Information

For privacy-related inquiries or requests, please contact:

OASIS CTG ALLIANCE SDN. BHD.
📧 Email: oasisctg1015@gmail.com