PRIVACY POLICY

This Privacy Policy (“Policy”) sets out the basis which Commonwealth Concepts Pte Ltd and its affiliated brands and companies may collect, use, disclose or otherwise process Personal Data of our Customers and others who visit our stores, websites, loyalty program (tripleplus.sg) mobile apps and social media pages in accordance with the Personal Data Protection Act (“PDPA”). We refer to our websites, loyalty program (tripleplus.sg), mobile app and social media pages collectively as “Online Services”. This Policy applies to Personal Data in our possession or under our control, including Personal Data in the possession of organisations which we have engaged to collect, use, disclose or process Personal Data for our purposes.

PERSONAL DATA

1. As used in this Policy:  

“Customer” means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any goods or services by us; and  

“Personal Data” means data, whether true or not, about a Customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. 

2. Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).

COLLECTION OF PERSONAL DATA

3. We generally do not collect your Personal Data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Data to us (your “Authorised Representative”) after (i) you (or your Authorised Representative) have been notified of the purposes for which the data is collected, and (ii) you (or your Authorised Representative) have provided written consent to the collection and usage of your Personal Data for those purposes, or (b) collection and use of Personal Data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional Personal Data and before using your Personal Data for a purpose which has not been notified to you (except where permitted or authorised by law).

4. We may collect information from the devices and systems you use through automated technologies when you visit our stores or use our Online Services. These automated technologies may include cookies, local shared objects and web beacons. Such information is automatically received and recorded from your browser on our server logs which may include but are not limited to your IP address, device type, device operating system, browser type and the webpage you were visiting before you access our Online Services.

5. Depending on the nature of your interaction with us, some examples of Personal Data which we may collect from you may include but are not limited to: 

a) Identity data, such as your name, gender, nationality date of birth, photographs and other audio-visual information; 

b) Contact data, such as your billing address, delivery address, email address and telephone numbers; 

c) Transaction data, such as date of purchase, product purchased, quantity purchased, which outlet you transacted at, method of payment and payment details; 

d) Account data, such as your username and password; 

e) Technical and usage data, such as type of device used, browser type, internet protocol (IP) address, location, what you view on and how long you use our Online Services; and 

f) Marketing and communications data, such as your preferences to receive marketing messages from us and your communications preferences. 

6. The situations in which we may receive Personal Data from you may include but are not limited to when you: 

a) create an account with us;

b) visit any of our Online Services;

c) dine at our food and beverage outlets;

d) purchase products at our stores, through our Online Services or via third party channels;

e) request to receive marketing or other communications from us;

f) use our Wi-Fi networks, self-ordering kiosks or other in-store technologies;

g) enter in our contests, competitions, prize draws, or surveys; or

h) submit information when providing feedback.

7. We may combine information we collect about you with information we receive from third party sources.

USE AND DISCLOSURE OF PERSONAL DATA

8. We may use the Personal Data collected for certain purposes, which include but are not limited to the following:

a) To fulfil orders and process payments for our products and services;

b) To communicate with you about your orders or accounts with us;

c) To respond to your queries, feedback, claims or disputes;

d) To send you marketing information about our brands, products and services, including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions such as co-branded offers and affiliate and partner offers, provided you have indicated that you have not objected to being contacted for these purposes;

e) To communicate with you about and administer your participation in contests, competitions, prize draws, or surveys;

f) To ascertain your identity for fraud detection purposes;

g) For internal operations and evaluation, including troubleshooting, data analysis, testing, research, improvement of existing and development of new products and services;

h) To comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority; or

i) To transmit to our affiliates or third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes.

9. In sharing your Personal Data with our affiliates or third parties, we endeavour to ensure that they protect the data and keep it secure from unauthorised access, and only use, disclose, and retain the data for as long as they need your Personal Data to achieve the abovementioned purposes and only in accordance with the PDPA, thereafter securely destroying or disposing of your Personal Data when there is no longer a purpose to retain it.

10. For our Online Services, information collected through automated technologies are used for purposes such as to (i) help us remember and process items in your shopping cart, (ii) understand and deliver personalized content and advertising according to our users’ interests, and (iii) compile aggregate data about site traffic and site interaction so that we can evaluate and improve on our Online Services and site experiences in the future. 

11. We may also use the information we obtain in other ways for which we will provide specific notice at the time of collection.

12. We may disclose your Personal Data:

a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you;

b) to third-party service providers, agents and other organisations located in and outside of Singapore we have engaged which provides administrative, data processing, information technology or other services to enable us to perform any of the functions listed in Clauses 8, 10 and 11 above for us; or

c) to those involved in the negotiation or transfer of our company in the event of a merger, acquisition, financing, or sale of assets or any other situation involving the transfer of some or all of our business assets.

13. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

MINORS

14. Personal Data may be collected from minors (individuals under the age of 21) who access our Online Services, visit any of our stores or participate in any of our events, workshops, promotions, contests, competitions, prize draws, or surveys. 

15. The situations in which we may receive Personal Data from a minor may include but are not limited to when they:

a) visit any of our Online Services;

b) dine at our food and beverage outlets;

c) purchase products at our stores, through our Online Services or via third party channels;

d) use our Wi-Fi networks, self-ordering kiosks or other in-store technologies;

e) enter in our contests, competitions, prize draws, or surveys; or

f) participate in any of our events or workshops.

WITHDRAWING YOUR CONSENT

16. The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Data for any or all of the purposes listed above by submitting your request in writing via email to our Data Protection Officer at the contact details provided below.

17. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

18. Depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in Clause 16 above.

19. Please note that if you opt-out of receiving marketing communications from us, we may still send communications to you concerning your transactions, accounts with us and any contests, competitions, prize draws, or surveys in which you have enrolled prior to your withdrawal of consent.

20. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclosure without consent is permitted or required under applicable laws.

ACCESS TO AND CORRECTION OF PERSONAL DATA

21. If you wish to make (a) an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data, or (b) a correction request to correct or update any of your Personal Data which we hold about you, you may submit your request in writing via email to our Data Protection Officer at the contact details provided below.

22. In order to facilitate processing your request, it may be necessary for us to request further information relating to your request. We may also ask you to verify your identity and/or provide other details to help us respond to your request. If you are below the age of 18, a parent, guardian or ward may request access to, correction or deletion of your Personal Data.

23. We reserve the right to charge a reasonable administrative fee for retrieving your Personal Data records. If so, we will inform you of the fee before processing your request.

24. We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA). In certain circumstances, including when required by applicable law, we will comply with your request. Please note that we may be required by law to retain certain information.

PROTECTION OF PERSONAL DATA

25. To safeguard your Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection and SSL encryption services to secure all storage and transmission of Personal Data by us, and disclosing Personal Data both internally and to our authorised third-party service providers and agents only on a need-to-know basis.

26. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

27. Your password is the key to your account. You are strongly encouraged to create a strong password by using a mix of unique numbers, letters and special characters. Do not share your password with anyone. If you do share your password with others, you will be responsible for all actions taken in the name of your account and the consequences. If you lose your password, you may lose substantial control over your Personal Data and other data submitted to us. You could also be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised or if you have grounds to believe that your password has been compromised, you should contact us immediately and change your password. You are reminded to exercise due diligence in the protection of your own account, password and Personal Data, such as always logging out of your account and closing the browser when you are finished with using a shared computer.

28. If you believe that your privacy has been breached by us, please contact us immediately.

ACCURACY OF PERSONAL DATA

29. We generally rely on Personal Data provided by you (or your Authorised Representative). In order to ensure that your Personal Data is current, complete and accurate, please update us by informing our Data Protection Officer in writing via email at the contact details provided below if (i) there are changes to your Personal Data, or (ii) you believe that the Personal Data we have about you is inaccurate, incomplete, misleading or out of date.

RETENTION OF PERSONAL DATA

30. We may retain your Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

31. We will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes.

TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE

32. We generally do not transfer your Personal Data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

DATA PORTABILITY

33. If you require us to transmit your Personal data that is in our possession to another Organisation in a commonly used machine-readable format, you can submit your request in writing via email to our Data Protection Officer at the contact details provided below.

34. Upon receipt of your written request for data portability, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed. In general, we shall seek to process your request within ten (10) business days of receiving it.

DATA BREACH

35. In the event of a data breach, we will take steps to assess if it is notifiable. If the data breach likely results in significant harm to individuals, and/or are of significant scale, we will take steps to notify the PDPC and the affected individuals as soon as practicable.

HOW TO CONTACT US

36. Should you have any enquiries or feedback on our Personal Data protection policies and procedures, or if you wish to make any request, you may contact our Data Protection Officer via email at pdpa@commonwealthconcepts.com.sg.

EFFECTS OF POLICY AND CHANGES TO POLICY

37. This Policy applies in conjunction with any other Policies, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your Personal Data by us.

38. We may revise this Privacy Policy from time to time. You may determine if any revision has taken place by referring to the date on which this Policy was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes. We encourage you to check here periodically for the most up-to-date version of our Policy.

Policy Version: 9 May 2023