We at Winwell Digital Pte. Ltd. (“WDPL”) operate this website https://sg.dorothyperkins.com (“Website”).
We take our responsibilities under the Singapore Personal Data Protection Act 2012 (the “PDPA”) and other applicable data protection laws seriously. We also recognise the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
1 YOUR PERSONAL DATA
1.1 “Personal Data” means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Common examples of personal data could include names, identification numbers, contact information, financial records, credit card information, photographs and video images.
1.2 We will collect your personal data in accordance with the PDPA and other applicable data protection laws. We will notify you of the purposes for which your personal data may be collected, used, disclosed and/or processed, as well as obtain your consent for the collection, use, disclosure and/or processing of your personal data for the intended purposes, unless an exception under the law permits us to collect and process your personal data without your consent.
2 COLLECTION, USE, DISCLOSURE AND PROCESSING OF PERSONAL DATA
Personal data we collect
2.1 We may collect and process personal data about you such as:
- Personal data that you may provide when submitting or making available personal data to, our Website. This includes but is not limited to any personal data provided when you contact us through our contact page, open a member account and/or use our services on our Website such as your name, date of birth, email address, billing address, phone number, shipping address, and credit card information;
- If you contact us for any reason, we may keep a record of that correspondence;
- Personal data that may be captured via any error logging and reporting tool that captures error report data and, at your option and with your consent, sends this data to us in order for us to be informed of any software errors or problems that may occur during your use of our Website or the services provided on it; and
- Personal data that may be captured when you use our Website, include but is not limited to details of your visits to our Website, the activities you engage in when accessing our Website, the resources that you access on or via our Website and information sent by or associated with the device used to access our Website such as your device’s Internet Protocol (“IP”) address, operating system, browser type and the location of your device.
Becoming a Member
2.2 In order to become a member, you need to share some personal data, such as your name and email address. For the avoidance of doubt, you do not have to register as a member to place orders on our Website. The functionality of placing orders as a guest is available on the Website.
2.3 Once you register as a member, you will have an account with WDPL and a password to access that account. You may not use another person’s account without our permission and you may not use anyone else’s password without our permission. You should keep your registration current and complete. You are responsible for maintaining the confidentiality of your account and password. Please also let us know if there is any unauthorised use of your account or password. We recommend that you always log out from your account at the end of a session with us, to prevent other people from accessing your account without your permission.
Making a Purchase
2.4 When making a purchase online from WDPL, whether as a registered member or guest, you are required to supply the following information which are essential to process your order: name, date of birth, email address, a billing address, phone number, shipping address, and credit card information.
2.5 If you are a registered member, you can choose to store information needed to make a purchase, such as your credit card information, shipping and billing addresses in the “My Account” page. If you change your mind about storing this information, you can amend or delete it by going to “my account” page and follow the instructions on that page to delete or amend the stored information. You can access this section using your password which you registered an account with.
3 PURPOSES FOR COLLECTION, USE, DISCLOSURE AND PROCESSING OF PERSONAL DATA
3.1 The personal data which we collect from you may be collected, used, disclosed and/or processedfor various purposes vis-a-vis your relationship with us, depending on the circumstances for which we may/will need to process your personal data, including:
- facilitating and/or processing your transaction with us including but not limited to processing your payment for the order and delivering the products you purchased;
- contacting you as may from time to time be necessary in connection with your use of our Website and/or the services made available on it;
- processing, administering and/or managing your membership with us;
- contacting you on matters relating to your membership with us;
- enrolling you in contests, lucky draws and similar promotions, and administering these activities. Some of these activities have additional terms and conditions, which could contain additional information about how WDPL uses and discloses your personal data, so WDPL suggests that you read these additional terms and conditions carefully;
- conducting customer satisfaction surveys and collecting feedback from you;
- carrying out your instructions or responding to any enquiries and requests made by you;
- processing and sending to you marketing, advertising and promotional information on products, future events, launches and promotions of WDPL and WDPL’s business/brand partners via postal mail and/or electronic mail;
- if so consented by you, sending you marketing, advertising and promotional information about products / services of WDPL and WDPL’s business/brand partners, which WDPL believes may be of interest or benefit to you, by voice call / phone call, SMS and/or fax;
- conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our services and facilities in order to enhance your relationship with us or for your benefit, or to improve any of our products or services for your benefit;
- collecting information relating to your online interactions with us (including, for example, your IP address and the pages you view) so that we can offer you a more consistent and personalised experience in your relationship with us and better serve your needs by customising the content that we share with you;
- storing, hosting and/or keeping a back up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
- performing internal and statutory reporting and/or record-keeping purposes;
- performing credit risk, know-your-customer, anti-money laundering / countering the financing of terrorism, financial and other relevant risk assessments;
- performing identification checks on you such as verifying your identity or age;
- responding to legal process, pursuing legal rights and remedies, defending litigation and managing any complaints or claims;
- responding to requests for information from public and governmental / regulatory authorities, statutory boards, related companies and for audit, compliance, investigation and inspection purposes;
- complying with any applicable law, regulation, legal process or government request;
- enforcing or applying our Website Terms and Conditions;
- protecting the rights, property or safety of any person (including for the purposes of fraud detection and prevention);
- preventing or investigating any fraud, unlawful activity, omission or misconduct, whether relating to your use of our Website or any other matter arising from your relationship with us, and whether or not there is any suspicion of the aforementioned; and
- any other purposes which we notify you of at the time of obtaining your consent.
(collectively, the “Purposes”)
4 DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
4.1 In order to conduct our business operations more smoothly, your personal data may be used, disclosed, maintained, accessed, processed and/or transferred to the following third parties, whether sited in or outside of your country of residence, for one or more of the above-stated Purposes:
- our affiliates, related corporations and/or agents;
- third party service providers who help with our business operations or who provide certain services to you on our behalf, for example, third party service providers which have been engaged by us to: (i) to provide and maintain any IT equipment used to store and access your personal information; (ii) to host and maintain our Website; or (iii) to provide logistics and product transportation services;
- our auditors and legal advisors;
- public and governmental/regulatory authorities, statutory boards, industry associations; and /or
- courts and other alternative dispute forums.
4.2 In certain circumstances we may provide third parties (whether or not located in your country of residence) with information about our Website's users. This may include information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. Aggregate information is anonymised statistical data about our users' browsing actions and patterns and does not identify any individual.
5 SPECIFIC ISSUES FOR THE DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
5.1 We respect the confidentiality of the personal data you have provided to us.
5.2 In that regard, we will not disclose any of your personal data to any third parties without first obtaining your express consent permitting us to do so. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:
- cases in which the disclosure is required based on the applicable laws and/or regulations;
- cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
- cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
- cases in which there are reasonable grounds to believe that the health or safety of yourself or another individual will be seriously affected and consent for the disclosure of the data cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;
- cases in which the disclosure is necessary for any investigation or proceedings;
- cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer; and/or
- cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest.
5.3 In all other instances of disclosure of personal data to third parties with your express consent, we will endeavor to provide adequate supervision over the handling and administration of your personal data by such third parties, as well as to provide for adequate forms of protection over such personal data.
5.4 Where personal data is transferred by us to any third parties outside of your country of residence, we will ensure that such transfers are adequately protected and compliant with the requirements under the PDPA and other applicable data protection laws, where applicable.
6 REQUEST FOR ACCESS AND/OR CORRECTION OF PERSONAL DATA
6.1 You may request to access and/or correct the personal data currently in our possession or control by submitting a written request to us via email to our DPO. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request.
6.2 For a request to access your personal data that we have collected and how it has been used and disclosed in the past year, once we have sufficient information from you to deal with your request, we will seek to provide you with the relevant personal data within 30 calendar days. Where we are unable to respond to you within the said 30 calendar days, we will notify you of the soonest possible time within which we can provide you with the information requested. Note that the PDPA and other applicable data protection laws may exempt certain types of personal data from being subject to your access request.
6.3 We will also be charging you a reasonable fee for the handling and processing of your requests to access your personal data. We will provide you with a written estimate of the fee we will be charging. Please note that we are not required to respond to or deal with your access request unless you have agreed to pay the fee.
6.4 For a request to correct personal data, once we have sufficient information from you to deal with the request, we will correct your personal data within 30 calendar days. Where we are unable to do so within the said 30 calendar days, we will notify you of the soonest practicable time within which we can make the correction.
6.5 Note that the PDPA and other applicable data protection laws may exempt certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request.
6.6 Please note that the corrected personal data will be sent to the organisations to which the personal data was disclosed by us within a year before the date the correction was made, unless the organisations do not need the correct personal data for any legal or business purpose. However, please let us know if you prefer or agree to send the corrected personal data only to specific organisations, and we will send the corrected personal data only to those specific organisations.
7 REQUEST TO WITHDRAW CONSENT
7.1 You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by submitting your request to our DPO.
7.2 We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using and/or disclosing your personal data in the manner stated in your request.
7.3 Should you not wish to receive marketing information, relevant news and updates from WDPL via our newsletter, please email us at email@example.com
7.4 If you are a registered member, you can change your preferences relating to the receiving of marketing information, relevant news and updates from WDPL through accessing “My Account”.
8 ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA
8.1 We will take reasonable efforts to ensure that your personal data is accurate and complete, if your personal data is likely to be used by us to make a decision that affects you, or disclosed to another organisation. However, this means that you must also update us of any changes in your personal data that you had initially provided to us with. We will not be responsible for relying on inaccurate or incomplete personal data arising from you not updating us of any changes in your personal data that you had initially provided us with.
8.2 We will also put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorised use of your personal data by third parties which are wholly attributable to factors beyond our control.
8.3 We will also take commercially reasonably efforts to ensure that the personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
9 LINKS TO OTHER WEBSITES
10 COMPLAINT PROCESS
10.1 If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA and other applicable data protection laws, we welcome you to contact our DPO.
10.2 Please contact our DPO through one of the following methods with your complaint or grievance:
- Singapore telephone number: +65 62809111
- E-mail: firstname.lastname@example.org. Attention it to the ‘Data Protection Officer’.
- Office address: 3 Killiney Rd, #10-01 Winsland House I, Singapore 239519. Attention it to the ‘Data Protection Officer’
10.3 Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a data protection complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in WDPL to handle. For example, you could insert the subject header as “Data Protection Complaint”.
10.4 We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
11.1 As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
11.3 You are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
Last Updated on Jan 1st, 2020 Version 1.0