The PDPA comprises rules governing the collection, use, disclosure and care of personal data and requires organisations to have a legitimate and reasonable purpose for their collection, use or disclosure of personal data and to obtain the informed consent
Collection of personal data
IDS collects Customer Data from you for the purpose of providing services to you such as processing a transaction, assisting you in the transaction, and responding to your enquiries or requests, research and analytics purposes, including market research.
We request information from you in several areas of our website and other channels including in-store, that may be used to personally identify you (“Personal Data”), including but not limited to:
- Your contact information such as your telephone numbers, mailing addresses, email addresses, and fax numbers.
- Your credit or debit card information and billing information, including name of cardholder, card number, billing address and expiry date.
- Your responses to market surveys and contests conducted by us or on our behalf.
- Your photographs and past medical history to assist our Aesthetics Professionals in assessing your skin continue before and after each treatment and/or visit and other specific purposes. Such photograph will not be shared with 3rd parties unless specifically authorised by you.
- Your past medical history to assist our Aesthetics Professionals in assessing your skin condition.
- Images of you captured by CCTV cameras that are in operation, and this is for security and safety reasons
Kindly note that images of yourself that are captured via our CCTV cameras are strictly for safety and security purposes. All such images are secured stored and access to the same restricted.
Certain Personal Data (particularly relating to your personal information, contact information, photographs and past medical history) are required for specific services and if you fail to supply such Personal Data as requested, we may be unable to deliver you the services in full.
We may use the Personal Data you provided for one or more of the following purposes:
- For your use of the online services available at any of our websites and/or through other telecommunication channels.
- For the supply of any products and/or services which we may offer to you, or you may require from us from time to time including text message (SMS) alerts.
- For marketing, promotional and customer relationship management purposes, such as sending you updates on latest offers and promotions in connection with our products and services and conducting market research.
- For identification and verification purposes in connection with any of the services or products that may be supplied to you.
- To contact you regarding your enquiries.
- To administer contests and giveaways conducted by us or on our behalf.
- To disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside of Singapore.
- To facilitate the payment for products and services provided by us or our subsidiaries, associated companies and/or business associates including verification of credit card details with third parties and using the Personal Data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties).
- To improve our security, including in relation to the processing of payment by credit card to guard against the risk of fraud including carrying out matching procedures against databases of known fraudulent transactions (maintained by us or third parties).
Except as provided below, we will not knowingly or intentionally use or share the Personal Data you provide to use in ways unrelated to the aforementioned purposes without your prior consent.
Disclosure of collected personal data
IDS may disclose and transfer Personal Data to and jointly use Personal Data with (whether within or outside of your jurisdiction) our subsidiaries, associated companies, business associates, service providers, and other persons who we consider appropriate, in connection with the services and products provided to or requested by you. We may disclose this information to facilitate communication of news and information about such services and products and otherwise for the purposes mentioned above, under Section 3, “Purposes for which the Personal Data are Collected and Used.”
The entities with whom we may share your Personal Data include but are not limited to:
- Any agent, contractor or third party service provider who provides administrative, marketing and research, distribution, data processing, telemarketing, telecommunications, computer, payment or other services to IDS in connection with the operation of its business.
- Other business associates such as loyalty program operators and other companies involved in providing customer service or fulfilling customer requests.
- Credit reference agencies.
- Credit, debit and /or charge card companies and/or banks.
- Government or non-government authorities, agencies and/or regulators.
- Medical professionals, insurers, medical laboratories and clinics/hospitals.
We may also transfer any information we have about you as an asset in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of IDS or as part of a corporate reorganization or stock sale or other change in corporate control.
Please be advised that the Personal Data that IDS collects or obtains may be transferred to jurisdictions that offer lesser protection of Personal Data than that provided in your jurisdiction. By submitting personal information to IDS or using any IDS website, you understand and consent to such transfer.
Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g., without your personal contact information we may not be able to inform you of future services offered by us.
Your request for withdrawal of consent can take the form of an email or letter to us or simply click the “unsubscribe” at the end of our emails to you and we will revert to it a reasonable time.
We use “cookies” to collect information about your online activity on our website. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognise you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website or in filling electronic forms.
Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of your computer at the end of the session.
You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.
We do not get consent on behalf of another individual. We only get consent from the individual who will be dealing directly with us.
How We Ensure the Accuracy of Your Personal Data
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date.
From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).
How We Protect Your Personal Data
We have implemented appropriate information security and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.
We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a ‘need to know’ basis.
If and when we engage third-party data processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees to us to have implemented the necessary organisational and technical security measures and have taken reasonable steps to comply with these measures.
How We Retain Your Personal Data
We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.
How You Can Access and Make Correction to Your Personal Data
You may write in to us to find out how we have been using or disclosing your personal data over the past one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.
If you find that the personal data we hold about you is inaccurate, incomplete, misleading or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.
Transfer of Personal Data
Where there is a need to transfer your personal data to another country outside Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as those in Singapore.
If you have any query or feedback regarding this Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at: email@example.com
Any query or complaint should include, at least, the following details:
- Your full name and contact information
- Brief description of your query or complaint
We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.
Changes to this Data Privacy Notice
We may update this Data Privacy Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.
Changes to this Notice take effect when they are posted on our website.