OOPS.SG PTE. LTD.

Privacy and Data Protection Policy

This Privacy and Data Protection Policy sets out the basis which Oops® (hereinafter referred to as ‘we’ or ‘us’ or ‘our’, as the case may be) may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

By interacting with us using your personal data, or submitting your personal data to us, or signing up for any products, services, or activities offered by us, you agree and consent to the collection, use, and disclosure of your personal data set forth in this Privacy and Data Protection Policy.

Gathering and use of information

We will only collect your personal information when you use our services, or when you voluntarily sign-up for an account to access certain areas of our website. Access to our website is generally unrestricted, and you may browse it anonymously. We may collect personal information directly from you, through this website, or by email.

Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your full name and identification such as your NRIC number, contact information such as billing and/or delivery address, email address, or telephone number, and financial information such as credit card numbers, debit card numbers or bank account information. Generally, we will only process your personal data as described in this Privacy and Data Protection Policy. For example, we will obtain your personal data when you purchase goods or services from our website.

We generally do not collect your personal data unless:

  1. It is provided to us voluntarily by you directly or via a third party who has been duly authorized by you to disclose your personal data to us (your “authorized representative”) after:
    1. You, or your authorized representative, have been notified of the purposes for which the data is collected; and
    2. You, or your authorized representative, have provided written consent to the collection and usage of your personal data for those purposes
  2. Collection and use of personal data without consent is permitted or required by the PDPA or other laws.

We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorized by law).

Cookies

A “cookie’ is a small text file that permits us to recognize your browser in order to customize your experience, save your preferences for future visits, or permit you to access restricted areas. Oops® does not use cookies, however, we employ the services of third parties that may use cookies.

How we use your personal data

We may collect and use your personal data for any or all of the following purposes: —

  1. Performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;
  2. To help us verify your identity and any accounts you hold with us;
  3. Responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
  4. Managing your relationship with us;
  5. Processing payment or credit transactions;
  6. Any other administrative purposes;
  7. For research, statistical analysis, and behavioral analysis;
  8. Customer profiling and analyzing your purchasing preferences;
  9. Sending you marketing information about our goods or services including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes, and other promotions;
  10. Complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
  11. Customizing this website and its content to your preferences;
  12. To notify you of any changes to this website or to our services that may affect you;
  13. Security vetting; and
  14. Improving our services

Social networks

Our website has social media features such as Facebook. These features may collect information such as your IP address and the web pages you have visited on our website. These features may also set cookies to allow the feature to function accurately. Social media features are hosted by third parties and any interaction with such features will be governed by the privacy policy of the social media company providing it. Please refer to the privacy policies of the relevant social media companies for detailed information on your rights and the collection and transfer of personal data.

Marketing and opting out

If you have given permission, we may contact you by email, notification, SMS, telephone, or mail about products, services, promotions, or special offers that may be of interest to you. The consent that you provide for the collection, use, and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing.

If you would like to withdraw your consent to the above, please contact us at the contact details stated below. In such an event, whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing by contacting us at the contact details stated below.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use, and disclosure without consent is permitted or required under applicable laws.

IP address

Your Internet Protocol ("IP") address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognize and communicate with one another. We may use your IP address for system diagnostic purposes, to gather demographic information, for performance analysis, and for the administration of our website.

Disclosure of your personal data

We may disclose your personal data:

  • To other companies within our group;
  • To third-party service providers, agents, and other organisations we may engage to perform services for us or on our behalf;
  • To credit reference agents;
  • To law enforcement agencies in connection with any investigation to help prevent unlawful activity including exchanging information with other entities for fraud protection and credit risk reduction;
  • To our business partners in accordance with the marketing and opting out section above; and
  • Where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you

Keeping your data secure

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks, we will use technical and organizational measures to safeguard your personal data, for example:

  • Access to your account is controlled by an email address and password that are unique to you;
  • Your password is not stored, but its hash value is stored, using the SHA-256 cryptographic hash function;
  • All communication and data transmission is secured by an SSL certificate;
  • Implementing up to date antivirus protection; and
  • Disclosing personal data both internally and to our authorized third-party service providers and agents only on a need-to-know basis

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the Internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the Internet.

Credit checking

To enable us and other companies in our group (if applicable) to make credit decisions about you and members of your household and for fraud prevention and money laundering purposes, we may search the files of credit reference and fraud prevention agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit grantors may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing, and money laundering purposes. If you provide false or inaccurate information and we suspect fraud, we will record this and if the situation warrants it, we may have to make a report to the relevant government authorities.

Information about other individuals

If you give us information on behalf of someone else, you warrant that the other person has appointed you to act on his or her behalf and has agreed that you can: —

  • Give consent on his or her behalf to the processing of his or her personal data in accordance with this Privacy and Data Protection Policy;
  • Receive on his or her behalf any data protection notices; and
  • Give consent to the transfer of his or her personal data abroad.

Accuracy of personal data

We generally rely on personal data provided by you or your authorized representative. In order to ensure that your personal data is current, complete, and accurate, please update us if there are changes to your personal data by informing us in writing or via email at the contact details provided below.

Retention of personal data

We may retain your personal data for as long as it is necessary to fulfill the purpose for which it was collected, or as required or permitted by applicable laws.

We will cease to retain your personal data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected and is no longer necessary for legal or business purposes.

Transfer of data out of Singapore

Any transfer of your data out of Singapore will be subject to the PDPA which will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.

Your rights

We will, upon your written request to us (see contact details and requirements below), allow you to enquire about the ways in which your personal data has been or may have been used or disclosed within a year before the request, unless we are required or authorized to do so by law, to deny your request for access to your personal data.

You have the right, subject to the payment of a reasonable administrative fee, as may be further notified by us, to request access to personal data that we may process about you. If you wish to exercise this right, you should:

  • Put your request in writing;
  • Include proof of your identity and address (e.g., a copy of your driving license or passport, and a recent utility or credit card bill); and
  • Specify the personal data you want access to, including any mailbox number, email address, billing information, or reference numbers where applicable

We shall inform you of the administrative fee once we receive your request. Please note that we may not perform your request until payment of the administrative fee.

You have the right to require us to correct any inaccuracies in your data free of charge. If you wish to exercise this right, you should:

  • Put your request in writing;
  • Provide us with enough information to identify you (e.g., mailbox number, email address, billing information); and
  • Specify the information that is incorrect and what it should be replaced with

We will respond to your requests for access to and correction of your personal data as soon as reasonably possible. If we are not able to respond to your requests within thirty (30) days after receiving them, we will inform you, in writing within thirty (30) days, of the time by which we will be able to respond to your requests. If we are unable to provide you with any personal data or unable to make a correction as requested by you, we shall inform you of the reasons as to why we are unable to do so (except where we are not obligated to do so under the PDPA).

You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, you should:

  • Put your request in an email sent to dpo@oops.sg with a header that says 'Unsubscribe';
  • Provide us with enough information to identify you (e.g., mailbox number, email address, billing information); and
  • If your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g., email, notification, SMS, telephone, or mail), please specify the channel you are objecting to

Upon receipt of your written requests to stop processing your personal data, we may require reasonable time for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities. In general, we shall seek to process your requests within ten (10) business days of receiving them.

Our contact details

We welcome your feedback and questions. If you wish to contact us, please send an email to dpo@oops.sg or you can write to us using registered mail to our registered office at 10 Anson Road, #10-11 International Plaza, Singapore 079903.

We may change this Privacy and Data Protection Policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this website.

Changes to Privacy and Data Protection Policy

You also acknowledge that Oops®, as well as our respective representatives and/or agents, may from time to time amend, modify or otherwise update this Privacy and Data Protection Policy at its discretion, without prior notification. We, therefore, advise you to periodically check this Privacy and Data Protection Policy for any updates to this Privacy and Data Protection Policy.

Governing law

This Privacy and Data Protection Policy and your use of this website shall be governed in all aspects by the laws of Singapore. You agree to submit any disputes arising out of or in connection with this Privacy and Data Protection Policy to the exclusive jurisdiction of the Singapore courts.