Privacy Policy

This Privacy Policy describes how Xiao Qiang Holidays Sdn Bhd collects, uses, processes, stores, and protects personal data when users access or use the cruise booking platform located at https://cruise.xqholidays.com.my.

The website operates as an online booking platform that facilitates reservations for cruise tours and related experiences provided by independent cruise operators located in Langkawi, Malaysia.

This Privacy Policy applies to all users, buyers, passengers, and visitors who access the website or provide personal data through the platform.

All personal data is handled in accordance with the requirements of the Personal Data Protection Act 2010.

This policy applies to personal data collected through the website, booking forms, communication channels, and other interactions related to the cruise booking services offered through the platform.

This policy does not apply to websites, services, or platforms operated by third party cruise operators or external service providers that may be linked from the website.

Users are encouraged to review the privacy policies of those third party platforms separately.

Personal data may be collected when users browse the website, submit booking requests, complete payments, or communicate with the company.

Information collected may include identification details such as full name, nationality, identification number for Malaysian citizens, passport number for foreign nationals, email address, telephone number, and booking related information including travel dates, cruise selections, number of passengers, and reservation details.

Technical information may also be collected automatically when users access the website. This may include internet protocol address, browser type, device information, operating system, and website interaction data.

Payment information may be processed through secure third party payment gateways. The company does not store complete credit card details on its systems.

Personal data is collected for legitimate business and operational purposes.

These purposes include processing cruise reservations, confirming bookings with cruise operators, communicating booking confirmations and operational updates, verifying passenger identification where required by operators or port authorities, processing payments, responding to customer inquiries, improving the functionality of the website, detecting fraudulent transactions, and providing customer service support.

Personal data may also be used for internal operational management, business administration, and compliance with legal or regulatory requirements.

Personal data may be disclosed to third parties where necessary for the delivery of services or compliance with legal obligations.

Such parties may include cruise operators responsible for delivering the cruise experience, payment service providers that process online payments, insurance providers where coverage applies, port authorities or maritime authorities requiring passenger information for operational or security purposes, government agencies where disclosure is required by law, and technology service providers supporting website infrastructure or system operations.

These parties are expected to handle personal data responsibly and in accordance with applicable data protection regulations.

The platform may connect with reservation systems operated by cruise operators through automated system integration technologies.

Passenger information provided during booking may be transmitted to the cruise operator's system for the purpose of confirming reservations, verifying passenger identity, and facilitating boarding procedures.

The cruise operator acts as a separate data controller for information processed within its operational systems.

Users acknowledge that once passenger information is transmitted to the cruise operator, the operator may process such data according to its own operational and regulatory requirements.

Because the platform may accept bookings from international travelers, personal data may be transferred to cruise operators, service providers, or partners located outside Malaysia where necessary to fulfill booking and operational requirements.

Where cross border data transfer occurs, reasonable steps will be taken to ensure that personal data receives an appropriate level of protection consistent with applicable data protection principles.

The website may use cookies and similar technologies to improve the functionality and performance of the platform.

Cookies may be used to remember user preferences, maintain session functionality during booking processes, analyze website traffic, and improve user experience.

Users may disable cookies through browser settings, although doing so may affect certain features of the website.

The company implements reasonable administrative, technical, and physical safeguards to protect personal data from unauthorized access, misuse, disclosure, alteration, or destruction.

Security measures may include restricted system access, secure hosting infrastructure, and encryption protocols used by payment processing providers.

Despite reasonable security measures, no internet based system can guarantee absolute security, and users acknowledge that data transmission over the internet carries inherent risks.

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable legal, regulatory, or accounting requirements.

Booking records, transaction records, and operational documentation may be retained for administrative, legal, and financial compliance purposes.

When personal data is no longer required, reasonable steps will be taken to securely delete or anonymize the information.

The company may use contact information to send booking confirmations, operational notifications, and service related communications.

Where permitted by applicable regulations, users may also receive promotional or informational communications related to travel services offered through the platform.

Users may request to stop receiving marketing communications by contacting the company directly.

Individuals may have the right to request access to personal data held by the company and request corrections where the information is inaccurate, incomplete, misleading, or outdated.

Requests may be submitted in writing using the contact information provided in this policy.

The company may require verification of identity before processing such requests.

Requests will be handled in accordance with the requirements of the Personal Data Protection Act 2010.

Xiao Qiang Holidays Sdn Bhd reserves the right to update or modify this Privacy Policy where necessary to reflect operational changes, legal developments, or regulatory requirements.

Any updated version will be published on the website and will take effect immediately upon publication.

Continued use of the website after such updates constitutes acceptance of the revised Privacy Policy.

Xiao Qiang Holidays Sdn Bhd

Company Registration: 1047644-K

Business Address:
26 & 28 1st Floor
Jalan Pandak Mayah 4
Mukim Kuah 07000 Langkawi
Kedah, Malaysia

Phone: +60 4-966 5576

Email: [email protected]

Website: https://cruise.xqholidays.com.my