This Privacy Policy (“Policy”) sets out the basis on which De Arte Hair Studio (“we”, “us”, or “our”) may collect, use, disclose, or otherwise process personal data if anyone decides to use our services or our website. This Policy is in accordance with the Singapore Personal Data Protection Act (“PDPA”) and applies to personal data in our possession or under our control, including personal data in the possession of organisations we have engaged to collect, use, disclose, or process personal data for our purposes.
1. PERSONAL DATA
As used in this Policy:
-
“Customer” refers to an individual who (a) has contacted us through any means to inquire about any goods or services we provide, or (b) has, or may have, entered into a contract with us for the supply of any goods or services.
-
“Personal Data” means data, whether true or not, about a customer that can be identified:
(a) from that data, or
(b) from that data combined with other information to which we have or are likely to have access. -
“Data Intermediary” refers to an organisation that processes personal data on behalf of another organisation (the data controller).
Depending on the nature of your interaction with us, some examples of personal data we may collect from you include your name, email address, telephone number, nationality, and employment information, including information provided through forms submitted on our website.
Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context permits).
2. COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
We collect data that you voluntarily provide to us when you enquire about our services via email, telephone, our website, or through forms submission. For a better experience while using our services, we may require you to provide us with certain personal data, including but not limited to your name, phone number, and email address. The information you provide will be handled in accordance with this Privacy Policy.
You have choices regarding our collection, use, or disclosure of your personal data. You have the right to object to the processing of your personal data and withdraw your consent as described in Clause 8. However, if you choose not to provide us with the personal data required for the purposes stated, we may not be able to fulfil those purposes.
We may collect, disclose, or use your personal data pursuant to an exception under the Personal Data Protection Act or other written law, such as during the following situations:
-
To respond to an emergency that threatens your life, health, or safety, or that of another individual,
-
If necessary in the national interest, for any investigation or proceedings.
Any unsolicited personal data received by us will be returned to the sender immediately. If received via email or through our website, these unsolicited personal data will be deleted right away. If received by telephone, these will not be recorded.
We may collect and use your personal data for any or all of the following purposes:
(a) performing obligations in connection with our provision of goods and/or services requested by you,
(b) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you,
(c) any other purposes for which you have provided the information, and
(d) any other incidental business purposes related to or in connection with the above.
We may disclose your personal data: (a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you.
The purposes listed above may continue to apply even if your relationship with us (e.g., your employment contract) has been terminated or altered for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).
3. ACCESS TO AND CORRECTION OF PERSONAL DATA
If you wish to make:
(a) an access request to obtain a copy of the personal data we hold about you, or information on how we use or disclose your personal data, or
(b) a correction request to update any personal data we hold about you,
you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
We will respond to your request as soon as reasonably possible, generally within thirty (30) calendar days. If we are unable to respond within this period, we will inform you in writing of the expected response time. If we are unable to provide personal data or make the requested correction, we will inform you of the reasons, except where we are not required to do so under the PDPA.
4. PROTECTION OF PERSONAL DATA
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks, we have implemented appropriate administrative, physical, and technical measures. These include up-to-date antivirus protection, encryption, the use of privacy filters, access control, and password protection, along with disclosing personal data only internally and to our authorised third-party service providers and agents on a need-to-know basis.
You should be aware that no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect the security of your information, we cannot guarantee it.
5. ACCURACY OF PERSONAL DATA
We rely on personal data provided by you (or your authorised representative). To ensure that your personal data is current, complete, and accurate, please inform us of any changes to your personal data by contacting our Data Protection Officer in writing or via email at the contact details provided below. We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, and kept up-to-date, based on its intended use.
6. RETENTION OF PERSONAL DATA
We may retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable laws.
We will cease retaining your personal data, or remove the means by which the data can be associated with you, when it is reasonable to assume that such retention no longer serves the original purpose for which it was collected, and is no longer necessary for legal or business purposes. You may contact our DPO if you would like to know more about how we retain your personal data.
7. TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE
We generally do not transfer your personal data to countries outside Singapore. However, if we do so, we will obtain your consent for the transfer and ensure that your personal data continues to be protected to a standard comparable to that under the PDPA.
8. WITHDRAWAL OF CONSENT
The consent you provide for the collection, use, and disclosure of your personal data will remain valid until such time as it is withdrawn by you in writing. You may withdraw consent and request that we stop collecting, using, or disclosing your personal data for any or all of the purposes listed in this Privacy Policy by submitting your request in writing or via email to us.
Upon receipt of your written request to withdraw consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) to process your request and notify you of the consequences of acceding to the same, including any legal consequences that may affect your rights and liabilities to us. In general, we aim to process your request within ten (10) business days of receiving it.
While we respect your decision to withdraw consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you. In such circumstances, we will notify you before processing your request. Should you decide to cancel your withdrawal of consent, please inform us in writing as described in this Clause 8.
Please note that withdrawing consent does not affect our right to continue collecting, using, and disclosing personal data where such collection, use, and disclosure is permitted or required under applicable laws.
9. DATA BREACH NOTIFICATION
In the event of a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data, we will promptly assess the impact. If deemed a notifiable breach, we will report it to the Personal Data Protection Commission (PDPC) within three (3) calendar days. We will notify you if the breach is likely to result in significant harm, following our notification to PDPC. We may also notify other relevant regulatory agencies, where required.
10. EFFECT OF POLICY AND CHANGES TO POLICY
This Policy applies in conjunction with any other notices, contractual clauses, and consent clauses relating to the collection, use, and disclosure of your personal data by us.
We may revise this Policy from time to time without prior notice. You can determine if any revision has occurred by referring to the date of the most recent update. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.