What Personal Data do we collect and process?
When you visit the Website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device.
As you browse through the Website, we also collect information about the individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website. We refer to this automatically-collected information as “Device Information.”
Additionally, when you make a purchase or attempt to make a purchase through the Website, we collect certain information from you, such as your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Order Information.”
“Personal Data” in this Private Policy refers to both Device Information and Order Information.
How do we collect your Personal Data?
Collection of Device Information
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags” and “pixels” are electronic files used to record information about how you browse through the Website.
Collection of Order Information
Our store is hosted on Shopify Inc., which provides us with the online e-commerce platform that allows us to sell you our products and services. Consequently, your data is stored through Shopify’s data storage, databases and the general Shopify application, on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data after encrypting it through the Payment Card Industry Data Security Standard (PCI-DSS). In fact, all direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. So, PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Your purchase transaction data is only stored as long as necessary to complete your purchase transaction, and then it is deleted.
For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
How is your Personal Data used?
We use the Order Information that we collect generally to fulfil any orders placed through the Website (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
Communicate with you;
Screen our orders for potential risk or fraud; and
When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services, as well as other information which may be of interest to you.
We may send this information by mail, email, on or via social media or other online channels (including by customising online content advertised or displayed on our websites or social media channels).
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Website (for example, by generating analytics about how our customers browse and interact with the Website, and to assess the success of our marketing and advertising campaigns).
How do we protect your Personal Data?
We take reasonable steps to ensure that your Personal Data is protected from unauthorised access, loss, misuse, disclosure or alteration, both online and offline.
Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure. and we cannot guarantee the security of your data transmitted to any of our websites; any transmission is at your own risk. However we will endeavour to take all reasonable steps to protect the Personal Data you may transmit to us. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Access to and use of Personal Data within our organization is limited by us to prevent misuse or unlawful disclosure of that Personal Data by others. Our employees, contractors and service providers are obliged to respect the confidentiality of any Personal Data held by us.
Do we hold your Personal Data forever?
We will destroy or anonymize your Personal Data as soon as we can reasonably assume that the purpose for which the information was collected is no longer served by its retention, and retention is no longer necessary for legal or business purposes.
Do we share your Personal Data?
We do not sell, rent, lease, or release your Personal Data to third-parties.
We may contract with third-party service providers to assist us in better understanding our Website visitors. However, these service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business. For example, we use Shopify to run our online store - you can read more about how Shopify uses your Personal Data here: https://www.shopify.com/legal/privacy.
If you intend to participate in any promotions, competitions, sweepstakes, surveys, questionnaires or other events proposed on the Website, please note that the rules or terms and conditions for those events may indicate that your Personal Data will be shared with third parties. By choosing to participate and submitting your Personal Data in that manner, you consent to disclose your Personal Data to such third parties.
We may also share your Personal Data to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Where your consent has been provided, the Personal Data you provide us may be transferred to third parties as may be advised to you, either within or outside Singapore, as may be necessary for any of the purposes stated above. We will comply with our obligations under the PDPA in relation to such transfer, or processing for as long as the data remains within our possession or control.
Finally, if our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell you our products.
Subject to the exceptions referred to in section 21(2) of PDPA, you have the right to request a copy of the information that we hold about you. You may exercise this right by contacting us at firstname.lastname@example.org.
We want to ensure that your Personal Data is accurate and up to date. If any of the information that you have provided to us changes, for example if you change your email address, name or contact number, please let us know the correct details by sending an email to email@example.com.
Additionally, you have the right to ask us not to collect, use, process, or disclose your Personal Data in any of the manner described herein. For that, you can give us notice of your intention at any time by contacting us at firstname.lastname@example.org. You can also opt out of some of our services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/. Please note that this may affect or remove our ability to provide you with certain or all the services.
Do Not Track
Please note that we do not alter our Website’s data collection and use practices when we see a Do Not Track signal from your browser.
Third-party links to other websites
If we make material changes to this policy, we will notify you that it has been updated, so that you can be aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact our Data Protection Officer by e-mail at email@example.com or by mail using the details provided below: