Privacy Policy

This Privacy Policy applies to all information collected through our website, mobile applications (if applicable), and any related services, sales, marketing, or events (collectively, the "Services").

1. Our Commitment to Privacy: We are committed to compliance with Singapore's Personal Data Protection Act 2012 (PDPA) and other applicable data protection laws. We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

2. INFORMATION WE COLLECT: We collect information that you provide directly to us, information we obtain automatically when you use our Services, and information from third-party sources.

2.1 Personal Information You Provide to Us

We collect personal information that you voluntarily provide to us when you:

  • Create an account on our website
  • Make a purchase or place an order
  • Subscribe to our newsletter or marketing communications
  • Contact us with inquiries or customer support requests
  • Participate in surveys, contests, or promotions
  • Leave reviews or testimonials
  • Apply for employment with our company

The personal information we may collect includes:

  • Identity Information: Full name, username, title, date of birth, gender
  • Contact Information: Email address, telephone number, billing address, shipping address
  • Financial Information: Payment card details, billing information (processed securely by our payment processors)
  • Transaction Information: Details about purchases, order history, shipping and delivery information
  • Account Information: Username, password, purchase history, preferences, feedback
  • Marketing Information: Your preferences for receiving communications from us and your communication preferences
  • Correspondence: Records of your communications with us, including emails, live chat messages, and phone calls
  • Survey/Feedback Information: Information you provide when participating in surveys or providing feedback

2.2 Information We Collect Automatically

When you access or use our Services, we automatically collect certain information about your device and usage patterns:

  • Device Information: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device type
  • Usage Information: Information about how you use our website, products, and services, including your browsing actions and patterns
  • Location Information: General geographic location based on your IP address
  • Log Information: Server logs that may include information such as your web request, referring/exit pages and URLs, number of clicks, domain names, landing pages, pages viewed
  • Analytics Data: Time spent on pages, page interaction information (scrolling, clicks, mouse-overs), methods used to browse away from the page

2.3 Information from Cookies and Similar Technologies

We use cookies, web beacons, pixel tags, and other tracking technologies to collect information about your browsing activities. For detailed information, please see Section 4 (Cookies and Tracking Technologies).

2.4 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

  • Payment Processors: Transaction and payment information when you make purchases
  • Social Media Platforms: If you interact with us on social media or link your social media account to our Services
  • Business Partners: Marketing partners, affiliates, and advertising networks
  • Public Databases: Information from publicly available sources
  • Service Providers: Analytics providers, search information providers, technology partners

3. HOW WE USE YOUR INFORMATION: We use your personal information for various purposes in accordance with the PDPA and other applicable laws. We will only use your personal information when the law allows us to.

3.1 Primary Purposes

We use your information to:

Provide, Maintain, and Improve Our Services:

  • Process and fulfill your orders, including processing payments, arranging shipping, and providing invoices
  • Manage your account and provide customer support
  • Communicate with you about your orders, account, or our Services
  • Respond to your inquiries, comments, and questions
  • Provide you with updates about your orders and delivery status

Marketing and Communications:

  • Send you marketing and promotional communications about our products, services, special offers, and events (with your consent where required)
  • Personalize your experience and deliver content and product offerings relevant to your interests
  • Conduct market research, surveys, and analyze customer trends
  • Administer contests, promotions, and sweepstakes

Business Operations:

  • Monitor and analyze usage trends and preferences to improve our Services
  • Detect, prevent, and address technical issues, security threats, and fraudulent activities
  • Enforce our terms, conditions, and policies
  • Comply with legal obligations and resolve disputes
  • Maintain business records and conduct data analysis

Personalization and Enhancement:

  • Remember your preferences and settings
  • Provide personalized product recommendations
  • Customize content and advertising relevant to you
  • Improve our website functionality and user experience

3.2 Legal Basis for Processing (PDPA Compliance)

Under the PDPA, we process your personal data on the following legal bases:

  • Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications)
  • Contractual Necessity: Processing is necessary for the performance of a contract with you (e.g., order fulfillment)
  • Legal Obligation: Processing is necessary for compliance with legal obligations
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, network security, business analytics) except where such interests are overridden by your rights


4. COOKIES AND TRACKING TECHNOLOGIES

4.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.

4.2 Types of Cookies We Use

We use the following types of cookies:

Strictly Necessary Cookies:

  • Essential for the operation of our website
  • Enable core functionality such as security, network management, and accessibility
  • Cannot be disabled in our systems
  • You may block these through your browser settings, but some parts of the site may not function properly

Performance and Analytics Cookies:

  • Help us understand how visitors interact with our website
  • Collect information about pages visited, time spent on pages, and any error messages
  • Used to improve website performance and user experience
  • All information is aggregated and anonymous

Examples: Google Analytics, Hotjar

Functionality Cookies:

  • Remember your preferences and choices (e.g., language, region, login details)
  • Provide enhanced and personalized features
  • May be set by us or third-party providers

Marketing/Advertising Cookies:

  • Track your browsing habits to show you relevant advertisements
  • Limit the number of times you see an advertisement
  • Measure the effectiveness of advertising campaigns
  • Remember that you have visited our website

Examples: Facebook Pixel, Google Ads, retargeting pixels

4.3 Other Tracking Technologies

We also use:

  • Web Beacons/Pixel Tags: Small graphic images that track user behavior and campaign effectiveness
  • Local Storage: HTML5 local storage for storing user preferences and settings
  • Session Storage: Temporary storage that is deleted when you close your browser

4.4 Third-Party Cookies

Third-party service providers may set cookies on your device when you visit our website, including:

  • Google Analytics (analytics)
  • Facebook Pixel (advertising)
  • Payment processors (transaction processing)
  • Social media platforms (social sharing)
  • Advertising networks (targeted advertising)

These third parties have their own privacy policies, and we have no control over their cookies or how they use information collected through their cookies.

4.5 Managing Cookies

You can control and manage cookies in various ways:

Browser Settings:

  • Most browsers allow you to refuse or accept cookies, delete existing cookies, or set preferences for certain websites
  • The "Help" function in your browser should explain how to do this
  • Note that disabling cookies may affect the functionality of our website

Opt-Out Tools:

  • Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
  • Network Advertising Initiative Opt-out: http://www.networkadvertising.org/choices/
  • Digital Advertising Alliance Opt-out: http://www.aboutads.info/choices/

Mobile Devices:

  • You can reset your advertising identifier or opt out of personalized ads in your device settings
  • iOS: Settings > Privacy > Advertising > Limit Ad Tracking
  • Android: Settings > Google > Ads > Opt out of Ads Personalization

For more information about cookies, visit www.allaboutcookies.org or www.youronlinechoices.eu.

5. HOW WE SHARE YOUR INFORMATION: We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We share your information with third-party service providers who perform services on our behalf:

  • Payment Processors: To process transactions and payments securely (e.g., Stripe, PayPal)
  • Shipping and Logistics Partners: To fulfill and deliver your orders (e.g., SingPost, DHL, FedEx)
  • Email Service Providers: To send marketing communications and transactional emails (e.g., Mailchimp, SendGrid)
  • Cloud Storage Providers: To host and store data securely (e.g., AWS, Google Cloud)
  • Analytics Providers: To analyze website usage and improve our Services (e.g., Google Analytics)
  • Customer Support Tools: To provide customer service and support (e.g., Zendesk, Intercom)
  • Marketing and Advertising Partners: To deliver targeted advertising and measure campaign effectiveness

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Business Transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your personal information.

5.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to:

  • Comply with legal obligations, court orders, or government requests
  • Enforce our terms and conditions and other agreements
  • Protect our rights, property, or safety, and that of our users or others
  • Detect, prevent, or address fraud, security, or technical issues
  • Investigate potential violations of our policies

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5.5 Aggregate or De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you, for business, marketing, or research purposes.


6. DATA SECURITY

6.1 Security Measures

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Safeguards:

  • SSL/TLS encryption for data transmission
  • Encryption of sensitive data at rest
  • Secure hosting infrastructure with regular security updates
  • Firewalls and intrusion detection systems
  • Regular security assessments and vulnerability testing
  • Secure authentication and access controls

Organizational Safeguards:

  • Access to personal information is restricted to authorized personnel only on a need-to-know basis
  • Background checks and confidentiality agreements for employees and contractors
  • Regular security awareness training for staff
  • Incident response procedures for data breaches
  • Regular audits of data processing activities

Payment Security:

  • We do not store complete credit card information on our servers
  • Payment information is processed through PCI-DSS compliant payment processors
  • Tokenization of payment card data for recurring transactions

6.2 Your Responsibility

While we implement robust security measures, please note that:

  • No method of transmission over the internet or electronic storage is 100% secure
  • You are responsible for maintaining the confidentiality of your account credentials
  • You should use a strong, unique password and never share it with others
  • You should log out of your account after each session, especially on shared devices
  • You should notify us immediately if you suspect any unauthorized access to your account

6.3 Data Breach Notification

In the event of a data breach that poses a significant risk to your rights, we will:

  • Notify the Personal Data Protection Commission (PDPC) without undue delay
  • Inform affected individuals promptly where required by law
  • Provide information about the nature of the breach and steps being taken to address it
  • Take immediate action to contain and remediate the breach

7. DATA RETENTION

7.1 Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, tax, accounting, or reporting requirements.

Typical Retention Periods:

  • Account Information: Retained for the duration of your account plus 7 years after account closure (for tax and legal compliance)
  • Transaction Records: Retained for 7 years from the date of transaction (for financial and tax records)
  • Marketing Communications: Retained until you unsubscribe or withdraw consent, then deleted within 30 days
  • Customer Support Records: Retained for 3 years from the date of the last interaction
  • Website Usage Data: Analytics data retained for 26 months
  • Security and Fraud Prevention Data: Retained for up to 7 years or as required by law

7.2 Retention Criteria

When determining retention periods, we consider:

  • The purpose for which we collected the information
  • Legal, regulatory, tax, accounting, or reporting requirements
  • Whether our relationship with you is ongoing
  • Whether you have requested deletion of your information
  • Our legitimate business interests (e.g., fraud prevention, dispute resolution)

7.3 Deletion and Anonymization

After the retention period expires, we will:

  • Securely delete or destroy your personal information
  • Anonymize the data so it can no longer identify you
  • Archive data in a secure, restricted environment if required for legal compliance

You may request deletion of your personal information at any time, subject to certain legal exceptions (see Section 9 - Singapore Privacy Rights).

8. INTERNATIONAL DATA TRANSFERS

8.1 Cross-Border Transfers

Your personal information may be transferred to, stored, and processed in countries other than Singapore, including countries that may not have the same level of data protection laws as Singapore.

We may transfer your information to:

  • Our service providers and business partners located in other countries
  • Cloud storage facilities in various jurisdictions
  • Payment processors operating in multiple countries
  • International shipping and logistics partners

8.2 Safeguards for International Transfers

When we transfer your personal information internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses: We use PDPC-approved or equivalent standard contractual clauses with our service providers
  • Adequacy Decisions: We transfer data to countries that have been deemed to provide adequate protection
  • Binding Corporate Rules: For transfers within corporate groups
  • Your Consent: In some cases, we may seek your explicit consent for international transfers

8.3 Data Processing Locations

Our primary data processing locations include:

  • Singapore (primary data center)
  • United States (cloud infrastructure, payment processing)
  • European Union (analytics, email services)
  • Other locations as disclosed in service provider agreements

By using our Services, you acknowledge and consent to the transfer of your information to these jurisdictions.

9. SINGAPORE PRIVACY RIGHTS

Your Rights Under the Personal Data Protection Act (PDPA)

If you are a resident of Singapore, you have specific rights regarding your personal data under the Personal Data Protection Act 2012 (PDPA). We are committed to respecting and facilitating the exercise of these rights.

9.1 Right to Access

You have the right to request access to your personal data that we hold. This includes:

  • Confirmation of whether we are processing your personal data
  • A copy of the personal data we hold about you
  • Information about how we have been using or disclosing your personal data in the past year

9.2 Right to Correction

You have the right to request correction of your personal data if you believe it is inaccurate, incomplete, misleading, or not up-to-date. We will make reasonable efforts to correct your personal data as soon as practicable, unless we are satisfied on reasonable grounds that a correction should not be made.

9.3 Right to Withdraw Consent

Where we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. Please note that:

  • Withdrawal of consent may affect our ability to provide certain services to you
  • Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal
  • We may continue to process your personal data if we have other legal grounds to do so

To Opt-Out of Marketing Communications:

  • Click the "unsubscribe" link in our marketing emails
  • Update your communication preferences in your account settings
  • Contact us at go@nanocollagenshop.com

9.4 Right to Object to Data Processing

You have the right to object to the processing of your personal data for direct marketing purposes. We will cease processing your personal data for such purposes upon receiving your objection.

9.5 Right to Data Portability

Where technically feasible, you have the right to request that we transmit your personal data that you have provided to us to another organization, or directly to you, in a commonly used and machine-readable format (e.g., CSV, JSON).

9.6 How to Exercise Your Rights

To exercise any of the rights described above, please submit your request to us:

Information Required for Processing Your Request:

To help us process your request efficiently and verify your identity, please provide:

  • Your full name and contact information
  • A clear description of the right you wish to exercise
  • Specific details about the personal data concerned (if applicable)
  • Proof of identity (e.g., copy of NRIC, passport, or other government-issued ID)
  • Order number or account information (if applicable)

9.7 Response Timeline

We will respond to your request as soon as reasonably possible, and in any case within 30 days of receiving your complete request. If we need more time, we will notify you of the extension and the reasons for it.

9.8 Request Fees

We may charge a reasonable fee to cover the administrative costs of processing your access request. The fee will be communicated to you before we process your request, and you may choose to withdraw your request if you do not wish to pay the fee.

We will not charge a fee for:

  • Requests to withdraw consent
  • Requests to correct personal data
  • Requests to stop receiving marketing communications

9.9 Limitations on Your Rights

In certain circumstances, we may not be able to fully comply with your request, such as when:

  • We are required or authorized by law to retain or process your personal data
  • The disclosure of personal data would reveal confidential commercial information
  • The request is frivolous, vexatious, or made in bad faith
  • The request would unreasonably interfere with the operations of our organization
  • The personal data is subject to legal privilege or ongoing investigations
  • Processing is necessary for fraud prevention or security purposes

If we are unable to comply with your request, we will inform you of the reasons in writing.

9.10 Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our compliance with the PDPA. For any questions about this Privacy Policy or how we handle your personal data, you may contact us at:

9.11 Complaints to the Personal Data Protection Commission (PDPC)

If you believe that we have not complied with the PDPA or if you are not satisfied with our response to your request, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore:

Personal Data Protection Commission

10 Pasir Panjang Road

Singapore 117438

Please note that the PDPC generally encourages you to first attempt to resolve the matter directly with us before filing a complaint.

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

Our Services are not intended for children under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children under 18.

10.2 Parental Consent

If we learn that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information as soon as possible.

10.3 Parental Rights

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at go@nanocollagenshop.com. We will:

  • Verify your identity and relationship to the child
  • Provide you with access to your child's information
  • Delete your child's information upon your request

11. THIRD-PARTY LINKS AND SERVICES

11.1 Third-Party Websites

Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices.

11.2 Social Media Features

Our website may include social media features, such as Facebook "Like" buttons, Instagram feeds, and other interactive mini-programs. These features may collect your IP address, which page you are visiting, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing them.

11.3 Third-Party Services

We use third-party services for various purposes, including:

  • Payment Processing: Stripe, PayPal (subject to their privacy policies)
  • Shipping and Fulfillment: SingPost, DHL, FedEx (subject to their privacy policies)
  • Analytics: Google Analytics (https://policies.google.com/privacy)
  • Email Marketing: Mailchimp, SendGrid (subject to their privacy policies)

We encourage you to review the privacy policies of any third-party services before providing them with your information.

12. YOUR CHOICES AND CONTROLS

12.1 Account Information

You can review and update your account information at any time by logging into your account and accessing your account settings. You can also contact us at go@nanocollagenshop.com for assistance.

12.2 Marketing Communications

You can opt out of receiving marketing communications from us by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your communication preferences in your account settings
  • Sending an opt-out request to go@nanocollagenshop.com

Please note that even if you opt out of marketing communications, we will still send you transactional and service-related messages (e.g., order confirmations, shipping updates, important account notices).

12.3 Cookies and Tracking

You can control cookies through your browser settings and opt-out tools as described in Section 4 (Cookies and Tracking Technologies).

12.4 Push Notifications

If you have enabled push notifications on your mobile device or browser, you can disable them at any time through your device or browser settings.

12.5 Location Information

You can disable location tracking by adjusting your device settings. Please note that disabling location services may affect certain features of our Services.

13. DO NOT TRACK SIGNALS

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. Our website does not currently respond to DNT signals or similar mechanisms. However, you can use the cookie controls described in Section 4 to manage tracking technologies.

14. DATA ACCURACY: We take reasonable steps to ensure that the personal information we hold is accurate, complete, and up-to-date. However, the accuracy of this information depends largely on the information you provide to us.

You can help us maintain accurate records by:

  • Providing accurate and complete information when you create an account or make a purchase
  • Updating your account information promptly when your details change
  • Notifying us of any errors or changes to your personal information

15. CHANGES TO THIS PRIVACY POLICY

15.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last Updated" date at the top of this Privacy Policy
  • Post the revised Privacy Policy on our website
  • Notify you of material changes via email or prominent notice on our website (where required by law)

15.2 Your Continued Use

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, please discontinue using our Services.

15.3 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

16. CONTACT US: For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at go@nanocollagenshop.com