Privacy Policy
COMMITTED TO YOUR PRIVACY
This Personal Data Protection Policy notice for personal data (“Policy”) is issued to all our valued customers and guests of Founders Beauty Pte Ltd (“us”, “we”, “our” or “ours”), pursuant to the statutory requirements of the Personal Data Protection Act 2012 (Act 26 of 2012) (“PDPA”).
We take our responsibilities under Singapore’s PDPA seriously. We recognise the importance of the personal data entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
In order to conduct our business operations, we may disclose the personal data you have provided us to our third-party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether located in Singapore or outside of Singapore.
Please take a moment to read our Policy so that you know and understand the purposes for which we collect, use and disclose your personal data.
This Policy supplements but does not supersede nor replace any consents you may have previously provided to us in respect of your personal data, and your consents herein are additional to any rights which any of us may have at law to collect, use and/or disclose your personal data.
If you have any questions or concerns about our privacy practices, we welcome you to contact us by email at concierge@foundersbeauty.com.
1. INTRODUCTION TO THE PDPA
1.1 “Personal data” is defined under the PDPA to mean data, whether true or false, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Common examples of personal data include names, identification numbers, contact information, medical records, photographs and video images.
1.2 Personal data is collected in accordance with the PDPA. You will be notified of the purposes for which your personal data may be collected, used, disclosed and/or processed, as well as obtain your consent for the collection, use, disclosure and/or processing of your personal data for the intended purposes, unless an exception under the law permits us otherwise
2. COLLECTION OF YOUR PERSONAL DATA
2.1 The provision of your personal data is voluntary. However, withholding your personal data from us will mean that we may not be able to provide you the relevant Products and / or Services required.
2.2 We collect personal data during the course of our ordinary business activities and will only collect such personal data if it is necessary for our functions, operations or activities. We will never knowingly seek access to your information which is confidential or subject to privilege (including medical or legal) except with your express prior consent.
2.3 The PDPA requires us to collect personal data about you, only from you, if it is reasonable and practical to do so. Some examples of the types of information which we may collect include:
- (a) Information in exchange for products or services - From time to time, we ask for personal and / or contact information, such as names, email or physical addresses, phone numbers, credit card numbers, account information and/or billing addresses in an exchange for our Product, content, or Services.
- (b) Unique Information - There may be specific instances where we require additional information from you such as National Registration Identity Card (NRIC) number or passport number, photograph, contact preferences, and date of birth. If you are a candidate for employment, we may collect your resume, other information as set in our application or during our recruitment process. This may include information relating to your employment history, working eligibility rights, and your referee details.
- (c) Transaction Information - When you download or purchase a Product or contract a Service from our Website, certain information may be tracked or collected, such as the date of the purchase and Product or Service details. This information is collected and used for internal purposes only, in order to enhance the general user experience. If you purchase one of our Products or contract our Services, certain data is required to fulfil your request, such as credit card numbers/expirations/security codes, billing information and addresses, postcodes, and names, which will be processed through a third-party payment program. This information will not be shared intentionally with any party other than the third-party programs responsible for processing your payment and procuring payment to us.
- (d) Analytics - This Website collects data, such as your location and use time, in order to help us analyse user data and better serve our users. From time to time, our Website may collect data such as cookies, pixel tags, clickstreams, and other technology to collect information such as browser type, web pages viewed, links clicked, and other actions you may engage in on our Website and social media accounts. This information may be used from time to time to help us personalise your experience or for security purposes.
- (e) Third Party Information - We may receive information from social media platforms or other programs or plugins, including (but not limited to) Paypal, Stripe, Squarespace, Mailchimp, Google, Wordpress, Kajabi.
- (f) Others - Any other miscellaneous information accumulated or tracked in relation to your use of the Website or engagement in any user interface on it which may relate to the above purposes.
3. PERSONAL DATA OF MINORS
3.1 As our Site is designed for individuals aged 18 and above or not considered a minor in the user’s country of residence for the purposes of entering into a contract, we do not knowingly collect personal data from minors who may visit our Site, and we do not knowingly include any such information in our customer databases.
4. HOW PERSONAL DATA IS COLLECTED
4.1 Some examples of how your personal data can be collected:
- (a) Registration of details on our Website, apps or over the counter;
- (b) When you complete bookings, requests or applications for our Products and / or Services (by phone, in person, postal or courier mail, or electronically);
- (c) When you communicate with us directly via our customer service officers, via our co-workers (in person, by email, telephone, postal or courier mail or any other means);
- (d) When you conduct certain types of transactions such as cancellations;
- (e) When you enter, and when you interact with us during promotions, competitions, contests, lucky draws, special events, or by using devices within our stores;
- (f) Participate in surveys and other types of research; and
- (g) If you are a candidate for employment, when you complete forms in relation to the recruitment and selection process for the purpose of assessment. We may also collect information about you from your nominated referees with your authorisation.
5. PURPOSES FOR COLLECTION, USE, DISCLOSURE AND PROCESSING OF PERSONAL DATA
5.1 The personal data we collect from you may be used, disclosed and/or processed for various purposes, depending on the circumstances for which we may need to process your personal data, including but not limited to:
- (a) To communicate with you;
- (b) To maintain and improve customer relationship;
- (c) To assess, process and provide products, services and/or facilities to you;
- (d) To administer and process any payments related to products, services and/or facilities requested by you;
- (e) To establish your identity and background;
- (f) To respond to enquiries or complaints, and resolve issues or disputes which may arise in connection with dealings with us;
- (g) To provide you with information and/or updates on our products, services, upcoming promotions or events organised by us and selected third parties which may be of interest to you from time to time;
- (h) For notifications via SMS, phone call, email, fax, mail, social media and/or any other appropriate communication channels in accordance with your consent;
- (i) To maintain and update internal record keeping;
- (j) For internal administrative purposes;
- (k) To administer and give effect to your commercial transactions with us;
- (l) To process any payments related to your commercial transactions with us;
- (m) To conduct market research or surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products and/or services;
- (n) To share any of your personal data with the auditor for our internal audit and reporting purposes;
- (o) To share any of your personal data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal or for purposes of commencing legal action;
- (p) To share any of your personal data with our business partners to jointly develop products and/or services;
- (q) For audit, risk management and security purposes;
- (r) For detecting, investigating and preventing fraudulent, prohibited or illegal activities;
- (s) For enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
- (t) For meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
- (u) To enforce or defend our rights and yours, and to comply with, our obligations under the applicable laws, legislation and regulations; and
- (v) For other purposes required to better operate, maintain and manage our business and your relationship with us.
As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, some purposes may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless the collection, use, disclosure or processing of your personal data without your consent is permitted under the PDPA or under any other law.
5.2 In order to conduct our business operations better, we may also disclose your personal data to our third-party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether Singapore, or outside of Singapore, for one or more of the purposes referred to in paragraph 5.1. Such third-party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the purposes referred to in paragraph 5.1.
6. DISCLOSURES OF PERSONAL DATA TO THIRD PARTIES
6.1 Save as expressly provided in this Policy or permitted under the PDPA or under any other law, we will not share, sell, rent or release any personal data collected to any third party individuals, companies or groups. Any personal data we collect is used for our own purposes as described in this Policy.
6.2 In order to enable us to provide a wide range of products and services to you, we may from time to time engage third party service providers, including but not limited to:
- (a) Professional advisors, consultants and/or external auditors; and
- (b) Third party service providers who provide operational services such as telecommunications, information technology, printing, postal service, marketing promotions, and relevant government regulators to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority.
6.3 The third party service providers are only authorised to use your personal data to perform the service for which they were hired. They are required to comply with the PDPA, all other laws and any of our prevailing policies in relation thereto (including this Policy), and to take reasonable measures to ensure your personal data is secure.
6.4 We will not disclose your personal data to third parties without first obtaining your consent. However, we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, where in our opinion any of the following arises:
- (a) Disclosure is required or authorised based on the applicable laws and/or regulations;
- (b) Disclosure is clearly in your interests, and consent cannot be obtained in a timely way;
- (c) Disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself, your child/children or another individual;
- (d) Disclosure is necessary for any investigation or proceedings;
- (e) Cases where the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
- (f) Disclosure is to a public agency and such disclosure is necessary in the public interest; and
- (g) Disclosure without your consent is permitted under the PDPA or under any other law
6.5 The instances listed above at paragraph 6.4 are not intended to be exhaustive. For more information on the exceptions, you are encouraged to refer to the Second, Third and Fourth Schedules of the PDPA which can be found at https://sso.agc.gov.sg/.
6.6 Where we disclose your personal data to third parties with your consent, we will employ our best efforts to require such third parties to protect your personal data in a manner required under the PDPA or any other law
7. REQUEST FOR ACCESS AND / OR CORRECTION OF YOUR PERSONAL DATA
7.1 You may request to access and/or correct your personal data for the time being in our possession by submitting your request through email or in person (if applicable).
7.2 For a request to access personal data, we will provide you with the relevant personal data within thirty (30) days from the date of your request.
7.3 Where a request cannot be fulfilled within the above time frame, you will be informed of the earliest time in which we will respond.
7.4 For a request to correct personal data, we will correct your personal data as soon as possible after our receipt of such request, unless we have reasonable grounds to do otherwise.
7.5 Depending on the scope and nature of the work required to process an access or correction request, a fee may be charged to recover administrative costs. This will be assessed on a case-by-case basis. Where such a fee is required, you will be provided with a written estimate of the fee for your consideration. Your request will be processed once payment of the fee is received. In certain cases, we may also require a deposit from you before we process your request. You will be notified if a deposit is required, if any.
8. REQUEST TO WITHDRAW CONSENT
8.1 You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession by submitting your request through email or in person (if applicable).
8.2 Your request will be processed within a reasonable time. Thereafter we will not collect, use and/or disclose your personal data in the manner stated in your request.
8.3 However, your withdrawal of consent may result in certain legal consequences arising. In this regard, depending on the extent of your withdrawal of consent for us to collect, use, disclose and/or process your personal data, it may mean discontinuing your existing relationship with us
8.4 The collection of your personal data may be mandatory or voluntary depending on the purposes for which your personal data is collected. Where it is necessary for you to provide us with your personal data, and you fail or choose not to provide us with such personal data, or do not consent to the above or this Policy, we will not be able to provide our products and/or services (or any part thereof) to you.
9. ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA
9.1 We will take all reasonable effort to ensure that your personal data is accurate and complete, if usage of your personal data is likely to affect you. This means that you are required to update us of any changes in your personal data from time to time. We will not be responsible or liable for any consequences arising from the provision of any inaccurate or incomplete personal data to us.
9.2 We will arrange for reasonable security measures to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties, or for instances attributable to factors beyond our control.
9.3 We will put in place measures to destroy and/or anonymise your personal data in our possession as soon as it is reasonable to assume that:
- (a) The purpose for which that personal data was collected is no longer being served; and
- (b) Retention of that personal data is no longer necessary for any other legal or business purposes.
10. COMPLAINT AND GRIEVANCES
10.1 If you have any complaint or grievance regarding the handling of your personal data, or about how we are complying with the PDPA, you are welcome to contact us through email at concierge@foundersbeauty.com.
10.2 You may also contact us through one of the following methods with your complaint or grievance: email or letter.
10.3 When drafting an email or a letter, your indication at the subject header that it is a PDPA complaint will assist us in attending to your complaint expeditiously. For example, the subject header can be titled “PDPA Complaint”.
11. UPDATES ON PERSONAL DATA PROTECTION POLICY
11.1 As part of our efforts to properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
11.2 We reserve the right to amend the terms of this Policy at our discretion. Any amended Policy will be posted on our website and can be viewed on this page.
11.3 You are encouraged to visit this page from time to time to keep updated of our latest policies in relation to personal data protection.
12. PRIVACY SECURITY
12.1 In order to maintain the security of your personal data, we have taken reasonable methods to prevent unauthorised access and maintain accuracy of all personal data collected by our Website. Physical and technical methods of protection include limited access by internal personnel to your personal data on a need-to-know basis, and password protecting documents or logs that contain personal data.
12.2 By remaining on our Website, you acknowledge that transmission of information over the internet is not fully secure and at your own risk. We cannot therefore guarantee that any information you submit to us will be accessible to only us as the intended recipients. We shall, however, do our best to protect your personal data. Nevertheless, if there is a security breach on behalf of an unauthorised party, you agree to indemnify us and hold us harmless for any and all claims against the unauthorised party.
12.4 You acknowledge that your use of our Website, Products and Services is completely voluntary. As such, you shall indemnify us and hold us and our agents and affiliates harmless for any damages or injury that may arise from your use of our Website, Products and Services, which include, but are not limited to, issues regarding the confidentiality and security of your Personal Information.
12.5 We securely store your data on our servers which are located in Singapore.
12.6 We will keep your personal data for a period of time no longer than that permitted by the PDPA from time to time. Upon expiry of such period, we will delete your data by erasure from our servers and online systems.
13. EU GDPR
13.1 The parties agree that in relation to any information, whether confidential or not that is shared between us and yourself, that we shall each be individually responsible to comply with any and all relevant data protection laws and legislation including the General Data Protection Regulation of the European Union (EU GDPR).
13.2 Any information or data that is provided by either of us pursuant to this engagement, including personal data, will be maintained by the other party and stored, accessed and processed in accordance with recognised data protection legislation including the General Data Protection Regulation of the European Union (EU GDPR).
13.3 Terms of the PDPA shall prevail to the extent of any inconsistencies between the PDPA and the EU GDPR.
1. COOKIE POLICY
1.1 Cookies are data from a server to your browser which are saved on your hard drive. Cookies do not contain personally identifiable information, such as your name or contact information. You may adjust your browser settings with regards to the collection of internet cookies - for example, you may delete, block and/or refuse cookies, or you may elect to be notified before cookies are placed.
1.2 This Site uses cookies to collect information to monitor and aggregate web traffic to our Website. This Site may also use web beacons, pixels, tracking gifs and social media widgets set by us or third parties to help us understand browsing activity and traffic patterns. This information helps us improve our Website, products and Services, and your online experience. For example, social media widgets may be placed on our Website by third party social media platforms to allow you to interact with our social media accounts. These technologies may also collect browsing data, although the collection and use of data amongst these third parties is subject to their control and respective privacy policies.
1.3 You may opt out or limit how we use cookies, including by the following methods:
- (a) Google Analytics - In order to opt out of Google Analytics, you may visit: https://tools.google.com/dlpage/gaoptout.
- (b) European Union - Residents of the European Union may have the following rights with respect to the collection and use of their Personal Information: i) right to review, verify, correct, and request erasure of your Personal Information that we collect and store; ii) limit, restrict, or object to the use of your Personal Information under certain circumstances; iii) the right to request the transfer of your Personal Information to another party under certain circumstances. For more information regarding your rights to your Personal Information in the European Union, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.
- (c) State of California - Residents of the State of California who are users of our Website may request certain information regarding the disclosure of their Personal Information to third parties for marketing purposes. All requests of this nature should be specific and addressed via email to concierge@foundersbeauty.com. You may utilise a preference on your internet browser called Do Not Track. However, we may not respond to Do Not Track settings. For more information about California Do Not Track and your rights as a State of California resident with respect to your Personal Information, please visit: www.allaboutdnt.org.