This Privacy Policy (“Policy”) sets out the basis which HARVEST FRESH and its affiliated brands and companies may collect, use, disclose or otherwise process Personal Data of our Customers and others who visit our stores, websites, loyalty program, mobile apps and social media pages in accordance with the Personal Data Protection Act (“PDPA”). We refer to our websites, loyalty program, mobile app and social media pages collectively as “Online Services”. This Policy applies to Personal Data in our possession or under our control, including Personal Data in the possession of organisations which we have engaged to collect, use, disclose or process Personal Data for our purposes.
Personal Data
- As used in this Policy:
“customer” means an individual who (a) has contact us through any means to find out more about any goods or services which we provide or (b) may, or has, entered into a contract with us for the supply of any goods or services by us; and
“personal data” means any data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).
- Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your name and your identification information such as your NRIC number, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio-visual information, employment information and financial information such as credit card numbers, debit card numbers or bank account information including other payment processing technologies.
Collection of Personal Data
- We typically refrain from gathering your Personal Data unless (a) it is voluntarily supplied either directly by you or through a third party, such as your authorized representative, who has received your explicit authorization to disclose your Personal Data to us. This disclosure occurs after (i) you (or your Authorized Representative) have been informed about the intended purposes for which the data will be collected and (ii) you (or your Authorized Representative) have provided written consent for the collection and utilization of your Personal Data for those specific purposes. Alternatively, (b) we may collect and employ Personal Data without consent when permitted or mandated by the PDPA or other applicable laws. We will always request your consent before acquiring any additional Personal Data or before using your Personal Data for a purpose that has not been previously communicated to you, unless such actions are allowed or mandated by the law.
- We may gather data from the devices and systems you employ through automated technologies when you visit our physical stores or utilize our Online Services. These automated technologies encompass cookies, local shared objects, and web beacons. Such information is automatically acquired and stored by our server logs from your web browser and may encompass, among other things, your IP address, device category, device operating system, browser type, and the webpage you were viewing prior to accessing our Online Services.
- Depending on the nature of your interaction with us, some examples of Personal Data that we may potentially collect from you encompass, but are not confined to:
- Identity data, including your name, gender, nationality, date of birth, photographs, and other audio-visual content.
- Contact data, such as your billing address, delivery address, email address, and telephone numbers.
- Transaction data, encompassing the date of purchase, the products you've purchased, the quantity bought, the specific outlet where the transaction occurred, the method of payment, and payment details.
- Account data, like your username and password.
- Technical and usage data, which may encompass the type of device used, browser type, internet protocol (IP) address, location, the content you access, and the duration of your use of our Online Services.
- Marketing and communications data, including your preferences regarding receiving marketing messages from us and your communication preferences.
- Depending on the nature of your interaction with us, some examples of Personal Data that we may potentially collect from you encompass, but are not confined to when you:
a) Establish an account with us.
b) Access any of our Online Services.
c) Dine at our food and beverage establishments.
d) Acquire products at our physical stores, through our Online Services, or via third-party channels.
e) Express a desire to receive marketing materials or other communications from us.
f) Utilize our Wi-Fi networks, self-ordering kiosks, or other in-store technologies.
g) Participate in our contests, competitions, prize draws, or surveys.
h) Submit information when providing feedback.
7. We may combine information we collect about you with information we receive from third party sources.
Use and Disclosure of Personal Data
- We may use the Personal Data collected for certain purposes, which include but are not limited to the following:
a) To complete orders and handle payments for our products and services.
b) To engage in communication with you regarding your orders or accounts with us.
c) To address your inquiries, feedback, claims, or disputes.
d) To deliver marketing information about our brands, products, and services, which includes notifying you about marketing events, initiatives, promotions, lucky draws, membership and rewards programs, as well as other promotions such as co-branded offers and affiliate and partner offers. This is provided you have not expressed objection to being contacted for such purposes.
e) To communicate with you regarding and manage your participation in contests, competitions, prize draws, or surveys.
f) To verify your identity for the purpose of fraud detection.
g) For internal operations and evaluation, which involves troubleshooting, data analysis, testing, research, improving existing products and services, and developing new ones.
h) To comply with applicable laws, regulations, codes of practice, guidelines, or rules, and to assist in law enforcement and investigations conducted by governmental and/or regulatory authorities.
i) To share with our affiliates or third parties, including our third-party service providers and agents, as well as relevant governmental and/or regulatory authorities, both within Singapore and abroad, for the previously mentioned purposes.
- When sharing your Personal Data with our affiliates or third parties, we take steps to ensure that they uphold the data's security, protect it from unauthorized access, and utilize, disclose, and retain the data only for the duration necessary to fulfill the aforementioned purposes, all in compliance with the PDPA. Subsequently, they securely dispose of or destroy your Personal Data when there is no longer a valid reason to retain it.
- Regarding our Online Services, data gathered through automated technologies serves several purposes, including (i) aiding us in retaining and processing items in your shopping cart, (ii) comprehending and delivering personalized content and advertising tailored to our users' preferences, and (iii) aggregating data on site traffic and user interactions. This allows us to assess and enhance our Online Services and website experiences in the future.
- Additionally, we may employ the information we collect for other purposes, for which we will offer explicit notification at the time of data collection.
- We may disclose your Personal Data under the following circumstances:
- When such disclosure is necessary to fulfill obligations related to our provision of the goods or services requested by you.
- To third-party service providers, agents, and other organizations, both within and outside of Singapore, that we have engaged to provide administrative, data processing, information technology, or other services to facilitate the functions outlined in Clauses 8, 10, and 11.
- To parties involved in negotiations or the transfer of our company, in the event of a merger, acquisition, financing, sale of assets, or any other scenario involving the transfer of some or all of our business assets.
- The purposes specified in the clauses above may persist even in situations where your relationship with us, such as a contract, has been terminated or altered in any manner. This continuation will apply for a reasonable period thereafter, which may include, if applicable, a duration necessary for us to enforce our rights under any contract with you.
Dealing with Minors
- Personal Data may be collected from minors (individuals under the age of 21) who access our Online Services, visit our stores, or engage in any of our events, workshops, promotions, contests, competitions, prize draws, or surveys.
- Situations in which we may receive Personal Data from a minor include, but are not limited to, when they:
- Utilize any of our Online Services.
- Dine at our food and beverage establishments.
- Make purchases at our stores, through our Online Services, or via third-party channels.
- Access our Wi-Fi networks, self-ordering kiosks, or other in-store technologies.
- Participate in our contests, competitions, prize draws, or surveys.
- Take part in any of our events or workshops.
Withdrawing your Consent
- The consent you grant for the collection, use, and disclosure of your Personal Data remains valid until you choose to withdraw it in writing. You can withdraw your consent and request us to cease using and/or disclosing your Personal Data for any or all of the purposes listed above by submitting a written request via email to our Data Protection Officer using the contact information provided below.
- Upon receiving your written request to withdraw your consent, we may need a reasonable amount of time (depending on the complexity of the request and its impact on our relationship with you) to process your request and to inform you of the potential consequences of us complying with it, including any legal implications that might affect your rights and responsibilities toward us. Generally, we aim to address your request within ten (10) business days of receipt.
- Depending on the nature and scope of your request, we may be unable to continue providing our goods or services to you. In such cases, we will notify you before finalizing the processing of your request. If you decide to cancel your withdrawal of consent, please inform us in writing using the method described in Clause 16 above.
- It's important to note that if you opt out of receiving marketing communications from us, we may still send you communications related to your transactions, accounts with us, and any contests, competitions, prize draws, or surveys in which you have participated prior to withdrawing your consent.
- Please be aware that withdrawing consent does not affect our right to continue collecting, using, and disclosing Personal Data when such actions are permitted or required under applicable laws, even without your consent.
Access To and Correction of Personal Data
- If you wish to (a) access a copy of the Personal Data we have on file about you or obtain information regarding how we use or disclose your Personal Data, or (b) make a request to correct or update any of your Personal Data within our records, you can do so by submitting your request in writing via email to our Data Protection Officer using the provided contact information below.
- To facilitate the processing of your request, we may need to obtain further details related to your request. We may also request that you verify your identity and provide additional information to assist us in addressing your request. If you are under the age of 18, a parent, guardian, or legal guardian may request access to, correction, or deletion of your Personal Data.
- We retain the right to charge a reasonable administrative fee for accessing your Personal Data records. If such a fee applies, we will notify you of the fee before proceeding with your request.
- We will strive to respond to your request as promptly as reasonably possible. If we are unable to do so within thirty (30) days of receiving your request, we will inform you in writing of the timeframe within which we can provide a response, which will also be within thirty (30) days. If we cannot provide you with certain Personal Data or make a correction you've requested, we will generally explain the reasons for our inability to do so, unless not required by the PDPA. In specific situations, such as when mandated by applicable law, we will comply with your request. Please be aware that we may be obligated by law to retain certain information.
Protection of Personal Data
- To safeguard your Personal Data against unauthorized access, collection, use, disclosure, copying, alteration, disposal, or similar risks, we have implemented appropriate administrative, physical, and technical measures. These measures include up-to-date antivirus protection and SSL encryption services to secure the storage and transmission of Personal Data by us. Additionally, we restrict the internal and external disclosure of Personal Data to our authorized third-party service providers and agents on a need-to-know basis.
- It's important to note that no method of data transmission over the Internet or electronic storage can be guaranteed as completely secure. While we cannot provide an absolute assurance of security, we are committed to protecting the security of your information and continuously assess and enhance our information security measures.
- Your password serves as the key to your account. We strongly recommend creating a robust password that includes a combination of unique numbers, letters, and special characters. Do not share your password with anyone. If you do share your password, you are responsible for any actions taken on your account and their consequences. If you lose your password, you may lose substantial control over your Personal Data and other data submitted to us. Moreover, you could be subject to legally binding actions taken on your behalf. Therefore, if your password is compromised or you suspect it has been compromised, please contact us promptly and change your password. We also advise exercising caution in safeguarding your account, password, and Personal Data, such as always logging out of your account and closing the browser when using a shared computer.
- If you believe that your privacy has been violated by us, please get in touch with us immediately.
Accuracy of Personal Data
- We typically depend on the Personal Data you (or your Authorized Representative) provide to us. To maintain the currency, completeness, and accuracy of your Personal Data, please keep us informed of any changes by notifying our Data Protection Officer in writing via email, using the contact information provided below. This includes informing us if (i) there are alterations to your Personal Data, or (ii) you believe that the Personal Data we have on record about you is inaccurate, incomplete, misleading, or outdated.
Retention of Personal Data
- We may keep your Personal Data for the duration necessary to accomplish the initial purpose for its collection, or as mandated or permitted by relevant laws.
- We will discontinue retaining your Personal Data or eliminate the means by which it can be linked to you when it becomes reasonable to assume that further retention no longer serves the original purpose for which the Personal Data was gathered and is no longer required for legal or business motives.
Transfers of Personal Data Outside of Singapore
- We generally do not transfer your Personal Data to countries outside of Singapore. Nevertheless, if such a transfer is necessary, we will seek your consent before proceeding, and we will implement measures to guarantee that your Personal Data maintains a level of protection that is at least comparable to that provided under the PDPA.
Data Portability
- If you need us to transfer your Personal Data, which is under our control, to another organization in a commonly used machine-readable format, you can submit your request in writing via email to our Data Protection Officer using the contact details provided below.
- Upon receiving your written request for data portability, we may need a reasonable amount of time (depending on the complexity of the request and its impact on our relationship with you) to process your request. In general, we will strive to process your request within ten (10) business days of receiving it.
Data Breach
- In the event of a data breach, we will assess whether it is notifiable. If the data breach is likely to result in significant harm to individuals and/or is of significant scale, we will notify the PDPC and the affected individuals as soon as possible.
How to Contact Us
- If you have any inquiries or feedback regarding our Personal Data protection policies and procedures or if you wish to make any requests, you can contact our Data Protection Officer via email at wilsonlow@farocean.com.sg.
Effects of Policy and Change to Policy
- This Policy is applicable in conjunction with any other policies, contractual clauses, and consent clauses that pertain to the collection, use, and disclosure of your Personal Data by us.
- We may update this Privacy Policy periodically. You can determine if any revisions have been made by referring to the date of the last update of this Policy. Your continued use of our services signifies your acknowledgment and acceptance of these changes. We encourage you to check here regularly for the most recent version of our Policy.
Policy Version: 30 January 2024