Privacy Policy

1. Who We Are

RUEMA Cafe & Event Space ("RUEMA", "we", "our", or "us") is located at Bandar Sri Permaisuri, Cheras, Kuala Lumpur, Malaysia. We are committed to protecting the privacy of our customers and website visitors in accordance with the Personal Data Protection Act 2010 (PDPA).

2. Information We Collect

We may collect the following types of personal data when you contact us, make a booking, or use our website:

• Full name and contact number
• Email address
• WhatsApp messages and enquiry details
• Event date, type, and guest count
• Payment information (processed securely via Razorpay — we do not store card details)
• Website usage data via cookies (browser type, pages visited, session duration)

3. How We Use Your Information

Your personal data is used solely for the following purposes:

• Processing and confirming event bookings
• Communicating event details, invoices, and receipts
• Responding to enquiries and customer service requests
• Processing payments securely
• Improving our website and services through analytics
• Sending promotional updates, where you have provided consent

4. Sharing of Information

We do not sell or rent your personal data to third parties. We may share your data only with:

• Razorpay — our payment gateway provider, for secure transaction processing. Razorpay is PCI-DSS compliant.
• Google Analytics — for anonymised website usage statistics to improve user experience.
• Approved third-party vendors — only where necessary for your event (e.g., approved florists or photographers), and only with your knowledge.
• Legal authorities — where required by Malaysian law or court order.

5. Cookies

Our website uses cookies to enhance your browsing experience and gather anonymised analytics data. Cookies are small text files stored on your device. You may disable cookies through your browser settings; however, some features of the website may not function correctly as a result. By continuing to use our website, you consent to our use of cookies.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by Malaysian law. Booking and payment records are retained for a minimum of 7 years for accounting and legal compliance purposes.

7. Your Rights

Under the PDPA 2010, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete personal data
• Withdraw consent for marketing communications at any time
• Request deletion of your personal data, subject to legal retention requirements

To exercise any of these rights, please contact us via WhatsApp or email.

8. Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. All payment transactions are encrypted using SSL technology and processed by our PCI-DSS compliant payment partner, Razorpay.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.