Data Privacy Policy

At Tongkat Ali Shop, we are committed to safeguarding your privacy and ensuring the protection of your personal data. This policy outlines our data processing practices and your rights concerning your personal data.

Data Collection and Purpose

Direct Information for E-Commerce

We collect data such as your name, email address, shipping and billing addresses, and payment details for the purpose of processing and shipping your orders. This processing is necessary for the performance of a contract to which you are a party.


For processing payments on our website, we use third-party payment providers: Klarna, PayPal, and WooCommerce Payment. When you make a purchase, some of your personal data will be passed to these providers, including information required to process or support the payment, such as the purchase total and your billing information.

Order Processing & Fulfillment

We use your data to fulfill your orders, communicate with you about your purchases, and provide customer service. We share your address data with our fulfillment partner.

User Accounts

When you create a user account on our website, we collect and store information that you provide, such as your name, email address, and password. This data is used to personalize your experience, track your orders, and manage your preferences. Your account information is protected by the password you use to access your online account. It is important that you keep this password confidential. We recommend using a unique password for our website and regularly updating it. If you suspect any unauthorized access to or use of your account, please contact us immediately.

E-Mail Marketing

With your explicit consent, we may send you emails about new products, special offers, and other updates using Klaviyo.

Website Analytics

We gather information about your visit using Google Analytics 4 in order to understand website traffic and user interactions. This processing is based on our legitimate interest in monitoring and improving our website and services. This data is anonymized and does not personally identify individual users.


We employ Google Ads and Meta Ads to display relevant advertisements to you. These platforms use cookies and other tracking mechanisms.

Cookies and Consent

What Are Cookies?

Cookies are small text files that are stored on your computer or mobile device when you visit a website. They are used to remember your preferences, track information about your visit, and make your browsing experience more seamless. Cookies can be “persistent” or “session” based. Persistent cookies remain on your device when you go offline, while session cookies are deleted as soon as you close your web browser. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Our website uses cookies to enhance user experience. Non-essential cookies, especially those used for advertising and analytics, will only be set with your explicit consent. You can manage or withdraw your consent at any time and set your browser to refuse cookies.

Third-Party Integrations

Klaviyo: We utilize Klaviyo for email marketing. When you subscribe to our newsletter, your email address is stored in Klaviyo.

Klaviyo Data Privacy Terms

Google Ads & Meta Ads: These platforms use cookies and pixels to track interactions with our advertisements.

Google Data Privacy Terms

Meta Data Privacy Terms

Google Analytics: As mentioned above, we use Google Analytics 4 in order to

Google Data Privacy Terms

Payment Providers:

Klarna Data Privacy Terms

Paypal Privacy Terms

Automattic (WordPress) Data Privacy Terms

Data Protection and Retention

We employ robust security measures to protect your personal data. We retain your data only for as long as necessary for the purposes set out in this policy, after which it is securely deleted.

International Data Transfers

If we transfer personal data outside the EU, we ensure that adequate safeguards, such as Standard Contractual Clauses, are in place as per GDPR requirements.

Your Rights

You have several rights under the GDPR:

  • Access: Request a copy of your personal data.
  • Rectification: Correct any inaccurate data.
  • Erasure: Request deletion of your data.
  • Restriction: Limit the processing of your data.
  • Portability: Obtain your data in a machine-readable format.
  • Objection: Object to certain types of processing, such as marketing.

To exercise any of these rights, contact us at

How Do We Protect Your Data

We have taken appropriate security measures to protect your personal data against loss, misuse and unauthorized access. The number of people who have access to your personal data is limited. Only people with us who need to process your personal data have access to them. We use industry standards to store, process and communicate sensitive information in a secure manner, e.g. SSL/TLS and other encryption solutions.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours.

Children’s Data

Our website is not intended for children, and we do not knowingly collect data from individuals under 16 without parental consent.

Links to Other Websites

Our privacy policy applies only to our website. For external links, we recommend reviewing their respective privacy policies.

Right to Lodge a Complaint

If you believe your data is being processed unlawfully, you have the right to lodge a complaint with your local supervisory authority.

Changes to This Policy

We may periodically update our privacy policy. Changes will be posted on this page.

Contact Us

For questions or concerns about this policy or your data, reach out to us at