Legal

Security Policy

Effective Date: 30 March 2026  ·  RUEMA Cafe & Event Space, Bandar Sri Permaisuri, Cheras, Kuala Lumpur.

1. Our Commitment to Security

RUEMA Cafe & Event Space is committed to protecting the security of your personal information and payment data. We implement industry-standard security measures across all digital touchpoints — from our website to our payment processing infrastructure — to ensure your data remains safe and confidential.

2. Website Security (SSL/TLS Encryption)

Our event microsite, events.ruema.my, is secured with SSL/TLS (Secure Sockets Layer / Transport Layer Security) encryption. This means all data transmitted between your browser and our website is encrypted and protected from interception. You can verify this by looking for the padlock icon and "https://" prefix in your browser's address bar.

3. Payment Security

All online payments are processed by Razorpay, a Payment Card Industry Data Security Standard (PCI-DSS) Level 1 certified payment gateway. This is the highest level of certification available in the payments industry.

What this means for you:

  • RUEMA does not store, access, or process your full card number, CVV, or PIN
  • Your payment details are entered directly on Razorpay's encrypted payment page
  • Card data is tokenised and never transmitted to RUEMA's servers
  • All transactions are monitored for fraud in real time

4. Data Access Controls

Access to customer personal data within our organisation is restricted to authorised personnel only, on a need-to-know basis. All team members handling customer data are bound by confidentiality obligations. We do not share, sell, or rent your personal data to third parties for commercial purposes.

5. Data Storage

Customer data (such as booking details and contact information) is stored securely using cloud-based systems with access controls and regular backups. We do not store any sensitive financial information such as full card numbers on our systems. Payment transaction records are maintained solely for accounting and legal compliance purposes.

6. Incident Response

In the unlikely event of a data security incident, RUEMA will promptly investigate the matter, take appropriate remedial action, and notify affected individuals in accordance with Malaysian data protection regulations (PDPA 2010) and applicable legal requirements. We will take all necessary steps to contain and resolve any security breach.

7. Your Responsibilities

While we take every measure to protect your data, you also play an important role in keeping your information secure:

  • Do not share your booking confirmation or payment receipts with unauthorised third parties
  • Ensure you are using a secure, private network when making online payments
  • Contact us immediately if you suspect any unauthorised use of your booking

8. Third-Party Links

Our website may contain links to third-party websites (such as Google Maps or Instagram). RUEMA is not responsible for the security or privacy practices of these external sites. We encourage you to review the privacy and security policies of any third-party site you visit.

If you have any security concerns or wish to report a vulnerability, please contact us immediately via WhatsApp. We take all security reports seriously and will respond within 2 business days.