Privacy Policy

Talent Reform Consulting Sdn. Bhd. (Registration No: 202401034083 (1579931-K)), trading as Novatra Reverse ("we", "us", or "our"), is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our restaurant reservation platform and related services.

This policy is prepared in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and applies to all users of our services operating within Malaysia.

1. Personal Data We Collect

We collect personal data that you voluntarily provide to us when you register for an account, make a reservation, or contact us. The types of personal data we may collect include:

For Restaurant Customers:

• Full name
• Phone number (including WhatsApp number)
• Email address (if provided)
• Reservation details (date, time, party size, special requests)
• Dietary preferences or allergies (if provided)
• Payment slip images for deposit verification

For Restaurant Business Users:

• Full name and job title
• Business email address
• Phone number
• Company/restaurant name and address
• Business registration information
• Payment and billing information
• WhatsApp Business Account credentials

Automatically Collected Information:

• IP address and device information
• Browser type and version
• Pages visited and time spent on our platform
• Referral source

2. How We Use Your Personal Data

We process your personal data for the following purposes:

• Reservation Processing: To create, manage, and confirm restaurant reservations
• Communication: To send booking confirmations, reminders, and updates via WhatsApp or SMS
• Account Management: To create and manage your user account
• Customer Service: To respond to your inquiries and provide support
• Payment Processing: To verify deposit payments and process refunds
• Service Improvement: To analyze usage patterns and improve our platform
• Legal Compliance: To comply with applicable laws and regulations
• Marketing: To send promotional materials (only with your consent)

3. WhatsApp Integration

Our platform integrates with WhatsApp Business API to provide a seamless reservation experience. When you interact with a restaurant through WhatsApp:

• Your WhatsApp phone number and display name are collected
• Message content related to reservations is processed and stored
• Images you send (such as payment slips) are processed and stored
• Your conversation history with the restaurant is maintained for service purposes

WhatsApp messages are processed in accordance with Meta's (WhatsApp's parent company) terms of service and privacy policy. We recommend reviewing WhatsApp's Privacy Policy for more information.

4. Disclosure of Personal Data

We may disclose your personal data to the following parties:

• Restaurants: Your reservation details are shared with the restaurant you are booking with
• Service Providers: Third-party vendors who assist us in operating our platform (hosting, analytics, payment processing)
• WhatsApp/Meta: As required for WhatsApp Business API functionality
• Legal Authorities: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Secure data centers with physical access controls
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection practices
• Incident response procedures

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Reservation Data: Retained for 3 years after the reservation date for analytics and dispute resolution
• Account Data: Retained for the duration of your account and 2 years after account closure
• WhatsApp Conversations: Retained for 24 months
• Payment Records: Retained for 7 years as required by Malaysian tax laws
• Marketing Preferences: Retained until you withdraw consent

After the retention period, personal data is securely deleted or anonymized.

7. Your Rights Under PDPA

Under the Personal Data Protection Act 2010 (PDPA) of Malaysia, you have the following rights:

• Right of Access: You may request access to your personal data that we hold and obtain information about how it is processed.
• Right of Correction: You may request correction of any personal data that is inaccurate, incomplete, misleading, or not up-to-date.
• Right to Withdraw Consent: You may withdraw your consent for the processing of your personal data at any time. This will not affect the lawfulness of processing based on consent before withdrawal.
• Right to Prevent Processing: You may request that we cease processing your personal data for direct marketing purposes.
• Right to Data Portability: You may request a copy of your personal data in a structured, commonly used format.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We will respond to your request within 21 days as required by the PDPA. A fee may be charged for access requests as permitted under the Act.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform:

• Essential Cookies: Required for basic platform functionality and security
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our platform.

9. Third-Party Services

Our platform may integrate with or link to third-party services, including:

• WhatsApp Business API (Meta Platforms, Inc.)
• Payment gateways
• Analytics services
• Cloud hosting providers

These third parties have their own privacy policies governing their use of your information. We encourage you to review their privacy practices.

10. Children's Privacy

Our services are not intended for children under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately so we can delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our platform with a new "Last updated" date. We encourage you to review this policy periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights under the PDPA, or have concerns about our data practices, please contact us:

For data deletion requests, please visit our Data Deletion page for instructions.