THE BAKERY DEPOT PTE LTD – PERSONAL DATA PROTECTION POLICY
Thank you for visiting the The Bakery Depot Singapore’s website (the “Website”).
Your visit to this Website and your use of our products and services provided herein are subject to the terms and conditions herein contained. Please read these carefully. The Bakery Depot’s Websites’ Personal Data Protection shall be binding for the following Websites:
1. THE BAKERY DEPOT PTE LTD (“us“, “we“, “our“) is the operator of this Website. We take our responsibilities under the Republic of Singapore’s Personal Data Protection Act 2012 (the “PDPA“) seriously. We also recognise the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
2. In this Policy, as under the PDPA, “personal data” means data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. Common examples of personal data could include names, identification numbers, dates of birth, contact information, skin records, photographs and video images.
3. This Policy, together with our Website’s Terms and Conditions form the Agreement between us in respect of the subject matter therein.
4. Unless restricted by the PDPA or any other applicable law, you agree that we may process your personal data in the manner and for the purposes set out in the terms described in this Policy.
How Personal Data is Collected
5. We may collect your personal data in several situations, including, without limitation, the following:
(a) when you complete purchase orders, requests or applications for our products or services (by telephone, in person, mail or electronically);
(b) when you communicate with us directly in relation to our products and services (in person; via our customer service; or via our consultants in our office or outlets; by email, telephone or any other means);
(c) when you use services that are made available on the Website, third party websites (example, social media platforms), our office or outlets;
(d) when you apply for employment with us;
(e) when you participate in surveys and other types of research we may conduct;
(f) when we reply to your enquiries via email using the email address “@bakdepot.com” or “@cedeledepot.com” (the sender’s email address will be displayed to the recipient);
(g) when you interact with our social media pages (such as your Account ID, profile photo and any other publicly available data); or
(h) when you participate in contests or events organised by THE BAKERY DEPOT (via pictures, audio files, or videos you may submit, which may include images of yourself or others known to you).
Collection of Personal Data
6. You can use and browse the Website without disclosing your personal data. The provision of your personal data is voluntary. However, we may not be able to provide some or all of the products and services that you may require from us on our website if you do not provide your personal data to us.
7. If you are a candidate for employment, we will collect personal data that you provide to us during the recruitment process, including personal data that is contained in your resume and in any application form that we require you to fill up. Such personal data may include your employment history and working eligibility rights. Further, you consent to us contacting the character references stated therein (if any); and your previous employers to evaluate your suitability for the role you have applied for.
8. The types of personal data which we may collect about you include, without limitation:
(a) your contact information such as names, addresses, telephone numbers, and email addresses;
(b) billing information such as billing address and credit/debit card information;
(c) unique information such as NRIC or passport numbers whenever required by law; photographs; contact preferences; and date of birth;
(d) details of any membership that you have with us;
(e) details of your visits to the Website, such as traffic data; location data; and the resources that you access on the Website; and
(f) your transaction history.
Provision of Third Party Personal Data by You
9. Should you provide us with personal data of individual(s) other than yourself, you represent and warrant to us and you hereby confirm that:
(a) prior to disclosing such personal data to us, you would have and had obtained consent from the individuals whose personal data are being disclosed to us, to:
(i) permit you to disclose the individuals’ personal data to us for the purposes we have disclosed to you; and
(ii) permit us to collect, use, disclose and/or process the individuals’ personal data for the said purposes;
(b) any personal data of individuals that you disclose to us is accurate;
(c) you are validly acting on behalf of such individuals and that you have the authority of such individuals to provide their personal data to us and for us to collect, use, disclose and process such personal data for the purposes; and
(d) proof of such given consent may be required for verification purposes.
Purposes for Collection, Use, Disclosure
10. The personal data which we collect from you may be used, disclosed and/or processed for various purposes, depending on the circumstances for which we may/will need to process your personal data, including, without limitation:
(a) to communicate with you;
(b) to maintain and improve our working relationship;
(c) to assess, process and provide products and/or services to you across our various business verticals;
(d) to create, administer and/or update your account
(e) to administer and process any payments (including refunds) related to products and/or services requested by you;
(f) to establish your identity and background;
(g) to identify your location for geolocation services online;
(h) to respond to your enquiries or complaints and resolve any issues and disputes which may arise in connection with any dealings with us;
(i) to provide you with services or assistance that you have requested;
(j) to provide you with information and/or updates on our products, services, upcoming promotions offered by us and/or events organised by us and selected third parties which may be of interest to you from time to time, including, without limitation:
(i) to order our products for dine-in, takeaway, or delivery;
(ii) to reserve your seat(s) or table(s);
(iii) personalise your experience on our website or in-store;
(k) for direct marketing purposes via SMS, WhatsApp, Messenger, phone call, email, fax, mail, social media and/or any other appropriate communication channels, if you are a member of any of our loyalty programmes (Cedele Rewards or CandyBar), in accordance with your consent;
(l) to maintain and update internal record keeping;
(m) for internal administrative purposes;
(n) to send you seasonal greetings messages from time to time;
(o) to send you invitations to join our events and promotions and product launch events;
(p) to monitor, review and improve our events and promotions, products and/or services;
(q) to enter in one of our contests, competitions, prize draws, sweepstakes or giveaways;
(r) to administer, process and fulfil your commercial transactions with us (such as a purchase on the Website, a tender award or contract for service);
(s) to process any payments related to your commercial transactions with us;
(t) to process and analyse your personal data either individually or collectively with other individuals;
(u) to conduct market research or surveys, internal data analytics, customer research, trend analysis, financial analysis, marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products and/or services;
(v) to share any of your personal data with an approved auditor for our internal audit and reporting purposes;
(w) to share any of your personal data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
(x) to share any of your personal data with our business partners to jointly develop products and/or services or launch marketing campaigns;
(y) to share any of your personal data with financial institutions necessary for the purpose of applying and obtaining credit facility(ies), if necessary;
(z) to operate, evaluate and improve our business, including the development of new products and/or services; determination of effectiveness of our sales, marketing and advertising efforts; and analysis and improvement of our products, offers, promotions, websites, mobile app(s) and other technologies used online, offline and/or in-store;
(aa) for audit, risk management and security purposes;
(bb) for detecting, investigating and preventing fraudulent, prohibited or illegal activities;
(cc) for enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
(dd) to transfer or assign our rights, interests and obligations under any agreements entered into with us;
(ee) for meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
(ff) to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws and regulations;
(gg) to carry out verification and background checks as part of any recruitment and selection process in connection with your application for employment with us (some of the Personal Data that we collect may be sensitive in nature. This includes Personal Data pertaining to your race; national ID information; religious beliefs; background information including financial and criminal record, where legally permissible; health data, disability, marital status and biometric data, as applicable, only with your consent and/or in strict compliance with applicable laws);
(hh) for other purposes required to operate, maintain and better manage our business and your relationship with us; which we notify you of at the time of obtaining your consent; and/or
(ii) administering, facilitating, processing and/or dealing in any matters relating to your use or access of the Website. Without limiting the generality of the foregoing, if you:
(i) gain access to or sign into the Website, using your login credentials of a Social Networking Site, or
(ii) use any features of a Social Networking Site such as its widgets, plug-ins and browser push notifications, made available to you on our Website, it may result in information or your personal data being collected or shared between us and the third party. For example, if you use Facebook’s “Like” feature, Facebook may register the fact that you “liked” a product and may post that information on Facebook. (“Social Networking Site” refers to an online or digital platform owned or operated by a third party, that is used by people to build social networks or social relations, or to interact, with other people, such as but not limited to Facebook, Instagram, Twitter, TikTok, Weibo, WeChat). By your proceeding pursuant to (i) or (ii) above, you consent to such collection, use or disclosure of your personal data, or
(iii) post on our Blogs and interact with us through Social Media, or
(iv) enable features that personalises your experience on all our platforms, such as listing product recommendations, or
(v) perform internal operations necessary to provide our products or services, including troubleshooting software bugs and/or operational issues, testing and research, monitoring and analysing usage and activity trends, or
(vi) protect the security and integrity of our products and/or services, or
(vii) process and manage your Cedele Rewards or CandyBar membership, or
(viii) process, manage or verify your application of promotions, rewards and subscriptions.
11. As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear in the instances listed above. However, we will notify you of such other purpose(s) at the time of obtaining your consent, unless we are permitted by the PDPA or any other applicable law to process your personal data without your consent.
Disclosure of Personal Data to Third Parties
12. In order to smoothly conduct our business operations or to fulfil our obligations to you, we may also disclose the personal data that you have provided to us to our third party service providers, agents, affiliates or related corporations, which may be situated inside or outside of the Republic of Singapore, for one or more of the purposes stated in or notified to you under the Purposes for Collection, Use, Disclosure (Clause 10) section. We will also disclose your personal data to government regulators or authorities in order to comply with any laws, rules, guidelines, regulations or schemes that apply to us.
13. Examples of third parties that we disclose your personal data include, without limitation:
(a) data entry service providers;
(b) professional advisors, consultants and/or external auditors;
(c) data storage and processing servers located locally or overseas;
(d) third party service providers who provide administrative or operational services in connection with our business such as telecommunications, information technology, logistics, delivery, printing and postal services or services relating to marketing and promotional activity;
(e) relevant government regulators, agencies or authorities;
(f) THE BAKERY DEPOT group of companies; and our related corporations and affiliates either in Singapore or overseas; and
(g) third-party credit reporting or employment agencies as part of the recruitment and selection process and/or otherwise in connection with your application for employment with us.
14. The third parties which we conduct business are only authorised to use your information to perform the service for which they were hired. As part of our agreement with them, they are required to adhere to the PDPA and any policies that we provide by signing THE BAKERY DEPOT’s Personal Data Transfer Agreement, and to take reasonable measures to ensure your personal data is secure.
15. We respect the confidentiality of the personal data that you provide to us.
16. We do not sell personal data to any third party.
Request for Access and/or Correction of Personal Data
17. You may request to access and/or correct your personal data that is in our possession or under our control by writing to us at firstname.lastname@example.org.
18. For a request to access personal data, we shall reasonably endeavour to provide you with the relevant personal data within thirty (30) business days from such a request being made within the applicable laws of the Republic of Singapore. Where information you request requires more time and expense, we shall reach agreement with you on terms on how to process your request. Depending on the scope and nature of the work required to process your access request, we may be required to impose a fee to recover our administrative costs including legal fees where necessary. This will be assessed on a case-by-case basis by our Data Protection Officer. Where such a fee is to be imposed, we will provide you with a written estimate of the fee for your consideration. Please note that we will only process your request once you have agreed to the payment of the fee. In certain cases, we may also require a deposit from you before we process the access request. You will be notified if a deposit is required when we provide you with the written estimate of the fee, if any.
19. For a request to correct personal data, we will correct your personal data as soon as practicable after the request has been made unless we have reasonable grounds not to do so.
20. You understand that we are reliant on you to provide us with accurate and complete personal data and with updates if there are any changes to your personal data. We will not be responsible for relying or using any inaccurate or incomplete personal data where you have provided with such personal data and/or have failed to update us of any changes in your personal data.
Request to Withdraw Consent
21. You may withdraw your consent for the collection, use and/or disclosure of your personal data that is in our possession or under our control by writing to us at email@example.com.
22. We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request.
23. Your withdrawal of consent may result in certain consequences. For example, it may mean that we will not be able to provide you with certain products or services that you have requested or that we will not be able to continue with your existing relationship with us. We will inform you of such consequences after we receive your request for withdrawal.
24. However, you understand that notwithstanding your withdrawal of consent, we will still be entitled to collect, use or disclose your personal data if we are required or authorised to do so under the PDPA or any other applicable law.
Protection and Destruction of Personal Data
25. We will put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. In particular, reasonable security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data both online and offline. However, we cannot assume responsibility for any unauthorised use of your personal data by third parties which are wholly attributable to factors beyond our control, for example on social media using Facebook, Instagram, etc.
26. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will also put in place measures to ensure that any of your personal data that is in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that:
(a) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and
(b) retention is no longer necessary for any other legal or business purposes.
Cookies and Mobile Technology
28. Flash Cookies.
“Flash Cookies” (also called Local Shared Objects or “LSOs”) are data files similar to cookies, except that they can store more complex data. Flash Cookies are used to remember settings, preferences, and usage, particularly for video, interactive gaming, and other similar services.
29. Web Beacons.
Web beacons are small graphic images on a web page or in an e-mail that can be used for such things as recording the pages and advertisements clicked on by users, or tracking the performance of e-mail marketing campaigns.
30. Analytics Tags.
We use analytical tags to analyse what our clients like to do and the effectiveness of our features and advertising. They can also help us customise your browsing and shopping experience. We may use information collected through analytical tags or tracked links in combination with your Personal Data. We may also combine personal data you provide to us with other personal data (such as purchase history and demographic information). We often work with other companies such as Google Analytics or Facebook Pixel, to help us track, collect and analyse this information but they are prohibited from using this information for any other purpose.
31. Web Server Logs.
Web server logs are records of activity created by the mobile device or computer that delivers the webpages you request to your browser. For example, a web server log may record the search term you entered or the link you clicked to bring you the webpage. The Web server log also may record information about your browser, such as your IP address and the cookies set on your browser by the server.
32. Geo-Location Technologies.
Geo-location technology refers to technologies that permit us to determine your location. We may ask you to manually provide location information (like your postal code), or to enable your mobile device to send us precise location information for the purpose of ordering or processing our products and/or services. For example, the first time you download an App from the App Store or Google Play, you will/may be asked to choose between allowing or not allowing the App to access your location and/or to send you mobile notifications. If you choose “Do Not Allow,” you will have opted-out of having the App accessing your location to send you location-specific offer notifications. If you choose “OK” the App will communicate with your mobile device and collect certain data as provided in this Policy in order to send you targeted offers based on your location. You can always opt-out of sharing location data with the App by changing your device privacy settings.
33. Our Website contains areas where you can submit information to us (such as our registration service), and we also have features (such as cookies and performance tracking technology) that automatically collect information from the visitors to our Website. During the registration process, you must provide us with a password, your name, address and a valid email address, etc. It is your responsibility to keep your password strictly confidential.
34. If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us by writing to us at firstname.lastname@example.org.
35. We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
36. You may contact us (or send us any request or complaint form) either by post or by email at the following address:
Data Protection Officer
THE BAKERY DEPOT PTE LTD
Address: 1 Kaki Bukit Road 1, #02-41 Enterprise One, Singapore 415934
Contact No: +65 6922 9700
Email Address: email@example.com
37. As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
39. You are deemed to have acknowledged and agreed to any amended version of this Personal Data Protection Policy if you continue to use the Website after the changes have taken place. As such, you are encouraged to visit our Website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
Effect of Policy and Changes to Policy
40. This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
41. You are encouraged to check this Website for this Policy from time to time to ensure that you are well informed of our latest policies in relation to personal data protection. We may revise this Policy from time to time with or without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.
Last Updated: 9 March 2021