Introduction
IDS Aesthetics Pte Ltd (IDS) undertakes to comply with the terms of our Privacy Policy in relation to the collection and use of your personal information in accordance with the Personal Data Protection Act 2012 (“PDPA”). IDS collects, uses, and discloses Customer Data in order to provide you with a smooth and efficient experience with IDS. The collection, use, and disclosure of Customer Data enable IDS to provide services and products that are most likely to meet your needs and requirements. This Privacy Policy outlines IDS's policies and responsibilities regarding the collection, use, and disclosure of Customer Data.
By continuing to use IDS' services, you indicate that you have read, understood, and agree to be bound by this Privacy Policy as amended from time to time in respect of IDS' collection, use, and disclosure of your Customer Data.
The PDPA comprises rules governing the collection, use, disclosure, and care of personal data and requires organisations to have a legitimate and reasonable purpose for their collection, use, or disclosure, and to obtain informed consent.
We will obtain your confirmation of your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek your fresh consent if the original purpose for the collection, use, or disclosure of your personal data has changed.
Collection of Personal Data
IDS collects Customer Data from you for the purpose of providing services to you, such as processing a transaction, assisting you with a transaction, responding to your enquiries or requests, and research and analytics purposes, including market research.
We request information from you in several areas of our website and other channels, including in-store, that may be used to personally identify you (“Personal Data”), including but not limited to:
– Your contact information, such as your telephone numbers, mailing addresses, email addresses, and fax numbers.
– Your credit or debit card information and billing information, including the name of the cardholder, card number, billing address, and expiry date.
– Your responses to market surveys and contests conducted by us or on our behalf.
– Images of you captured by CCTV cameras that are in operation, and this is for security and safety reasons
Kindly note that images of yourself captured by our CCTV cameras are for safety and security purposes only. All such images are securely stored, and access to them is restricted.
Certain Personal Data (particularly your personal and contact information) is required for specific services, and if you fail to supply such Personal Data as requested, we may be unable to deliver the services in full.
We may use the Personal Data you provided for one or more of the following purposes:
– For your use of the online services available at any of our websites and/or through other telecommunication channels.
– For the supply of any products and/or services which we may offer to you, or you may require from us from time to time, including text message (SMS) alerts.
– For marketing, promotional, and customer relationship management purposes, such as sending you updates on the latest offers and promotions in connection with our products and services, and conducting market research.
– For identification and verification purposes in connection with any of the services or products that may be supplied to you.
– To contact you regarding your enquiries.
– To administer contests and giveaways conducted by us or on our behalf.
– To disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside of Singapore.
– To facilitate the payment for products and services provided by us or our subsidiaries, associated companies, and/or business associates, including verification of credit card details with third parties and using the Personal Data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties).
– To improve our security, including in relation to the processing of payment by credit card, to guard against the risk of fraud, including carrying out matching procedures against databases of known fraudulent transactions (maintained by us or third parties).
Except as provided below, we will not knowingly or intentionally use or share the Personal Data you provide to us in ways unrelated to the aforementioned purposes without your prior consent.
Disclosure of Collected Personal Data
IDS may disclose and transfer Personal Data to and jointly use Personal Data with (whether within or outside of your jurisdiction) our subsidiaries, associated companies, business associates, service providers, and other persons who we consider appropriate, in connection with the services and products provided to or requested by you. We may disclose this information to facilitate communication of news and information about such services and products and otherwise for the purposes mentioned above, under Section 3, "Purposes for which the Personal Data are Collected and Used.".
The entities with whom we may share your Personal Data include, but are not limited to:
– Any agent, contractor, or third-party service provider who provides administrative, marketing, research, distribution, data processing, telemarketing, telecommunications, computer, payment, or other services to IDS in connection with the operation of its business.
– Other business associates, such as loyalty program operators and other companies involved in providing customer service or fulfilling customer requests.
– Credit reference agencies.
– Credit, debit, and /or charge card companies and/or banks.
– Government or non-government authorities, agencies, and/or regulators.
– Medical professionals, insurers, and clinics/hospitals.
We may also transfer any information we have about you as an asset in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of IDS, or as part of a corporate reorganization, stock sale, or other change in corporate control.
Please be advised that the Personal Data that IDS collects or obtains may be transferred to jurisdictions that offer lesser protection of Personal Data than that provided in your jurisdiction. By submitting personal information to IDS or using any IDS website, you understand and consent to such transfer.
Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g., without your personal contact information, we may not be able to inform you about future services we offer.
Your request to withdraw your consent can take the form of an email or letter to us, and we will respond within a reasonable time.
Use of Cookies
We use "cookies" to collect information about your online activity on our website. A cookie is a small text file created by a website that is stored on your computer to enable the website to recognise you and keep track of your preferences. The cookie makes it convenient for you so you do not have to retype the same information when you revisit the website or when filling out electronic forms.
Most cookies we use are "session cookies", which will be deleted automatically from the hard disk of your computer at the end of the session.
You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.
Third-Party Consent
We do not get consent on behalf of another individual. We only get consent from the individual who will be dealing directly with us.
How We Ensure the Accuracy of Your Personal Data
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading, and kept up to date.
From time to time, we may conduct a data verification exercise to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us on any changes to your personal data (such as a change in your mailing address).
How We Protect Your Personal Data
We have implemented appropriate information security and technical measures (such as data encryption, firewalls, and secure network protocols) to protect the personal data we hold about you against loss, misuse, destruction, unauthorised alteration/modification, access, disclosure, or similar risks.
We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a "need to know" basis.
If and when we engage third-party data processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees to us that they have implemented the necessary organisational and technical security measures and have taken reasonable steps to comply with them.
In the unlikely event that we suffer a data breach pertaining to unauthorised access or disclosure of personal data being stored or processed by us, we will meet the PDPA's breach notification timelines and requirements to perform the needful, including but not limited to informing relevant authorities and affected individuals, based on the Significant Harm or Significant Scale definitions as set out by the PDPA.
How You Can Access and Make Corrections to Your Personal Data
You may write to us to find out how we have been using or disclosing your personal data over the past year. Before we accede to your request, we may need to verify your identity by checking your NRIC or another form of legal identification. We will respond to your request as soon as possible, within 30 days of receipt. If we are unable to do so within 30 days, we will let you know and provide an estimate of how much longer we will need. We may also charge you a reasonable fee for the cost involved in processing your access request.
If you find that the personal data we hold about you is inaccurate, incomplete, misleading, or not up-to-date, you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days of receiving your request.
How We Retain Your Personal Data
We have a document retention policy that tracks the retention schedules for the personal data you provide us, whether in paper or electronic form. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention period expires.
Transfer of Personal Data
Where there is a need to transfer your personal data to another country outside Singapore, we will ensure that the data protection standards in the recipient country are comparable to Singapore’s PDPA. If this is not the case, we will enter into a contractual agreement with the receiving party to accord data protection levels similar to those in Singapore.
Contacting Us
If you have any queries or feedback regarding this Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at: dpo@idsaesthetics.com
Any query or complaint should include, at least, the following details:
- Your full name and contact information
- Brief description of your query or complaint
We take such queries and feedback seriously and will address them confidentially and within a reasonable time.
Changes to this Data Privacy Notice
We may update this Data Privacy Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.
Changes to this Notice take effect when they are posted on our website.
