Your personal data is important to us and we are committed to complying with the Personal Data Protection Act 2012 (No. 26 of 2012) (the “PDPA”). This personal data protection policy (“Policy”) sets out how we collect, use and disclose your personal data and applies to Tung Lok Restaurants (2000) Ltd and its subsidiaries (collectively, the Slappy Cakes”).
This Policy supplements but does not supersede nor replace any other consents you may have previously provided to the Slappy Cakes in respect of your personal data, and your consents herein are additional to any rights which the Slappy Cakes may have at law to collect, use or disclose your personal data.
‘Personal data’ is defined under the PDPA to mean data about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.
Personal data may include your name, NRIC number, passport number, employment pass number, nationality, gender, photograph, telephone numbers, mailing address, email address, age, date of birth, marital status, signature, job title/profession, financial information (such as bank account or credit/debit card numbers) and any other information relating to any individuals which you have provided us in any forms you may have submitted to us or via other forms of interaction with you.
The ways in which we may collect your personal data include (but are not limited to) collecting your personal data directly or indirectly from you or your authorised representatives in the course of:
- you applying for any of our loyalty programs or similar programs;
- you contacting us for making any reservations (including but not limited to catering/banquet reservations), whether through phone, fax, letters, emails, online or otherwise;
- you contacting us with your queries, requests, complaints or feedback;
- you completing any of our forms, whether physical or online, including but not limited to survey and feedback forms;
- you participating in our marketing or promotional events, including but not limited to lucky draws, competitions, road shows, wedding shows or seasonal products launches;
- you purchasing and making payments for any of our products, including through our online web portals;
- you registering for or using any of our services, including but not limited to events and catering;
- you submitting an employment application to us;
- you providing us with your contact details at any of our restaurants, whether through leaving a copy of your business card with us or otherwise;
- your images being captured by our close-circuit television cameras while you are within our premises, or via photographs or videos taken by us or our representatives at our premises;
- you visiting or browsing our website(s);
- you establishing any online account(s) with us;
- you subscribing for email alerts on our website;
- our conducting interviews for matters including but not limited to employment;
- our conducting market research or surveys;
- you interacting with our staff via telephone calls, letters, fax, face-to-face meetings, social media platforms and emails; or
- you submitting your personal data to us for any other reason.
We may also collect personal data about you from third parties including (but not limited to):
- your representatives, intermediaries, agents or next-of-kin who may either be disclosing your personal data to us on your behalf, or in connection with their own transactions, agreements or interactions with us;
- your employers or previous employers; or
- our business partners.
If you provide us with any personal data relating to a third party (e.g. information of your next-of-kin, spouse, children, parents, dependants, and/or employees), you represent and warrant to us that you have obtained the necessary consent from the relevant third party to provide us with their personal data for the relevant purpose(s) for which we are collecting their personal data.
We use the personal data that we collect from you for the following purposes:
- to process and manage your purchase of products and services from Slappy Cakes;
- to process your application as a member to any of our loyalty programs, administer and manage your membership, and provide you the benefits of such membership;
- to administer, manage and execute marketing activities including but not limited to lucky draws, competitions, road shows, wedding shows or seasonal products launches;
- to announce, in any form of media including but not limited to social media platforms, the results of our lucky draws, competitions or other marketing or promotional events, and to identify and contact the winners of any prizes won from such events;
- to provide and send you marketing, advertising and promotional information and materials relating to loyalty programs, products, events and/or services offered by Slappy Cakes through various avenues including (but not limited to) SMS, voice calls, email, mail and online platforms (such as social media);
- to deal with or facilitate customer service and reservations, carry out your instructions, provide services, or deal with or respond to any enquiries, requests, complaints or feedback given by you or on your behalf;
- to manage our administrative and business operations and comply with internal policies and procedures;
- to conduct market research and improve customer service;
- to provide training to our staff;
- to facilitate access to our website;
- to manage the safety and security of our premises;
- for auditing, internal investigations, compliance, risk management, conflict of interest reporting and security processes;
- to comply with applicable laws, regulations, rules, codes of practice, guidelines and other requirements (including but not limited to providing assistance to law enforcement agencies, regulatory authorities and other governmental agencies);
- to prevent, detect and investigate crime;
- to analyse and manage commercial risks;
- for the purposes of legal proceedings;
- to defend or extend any rights of the Slappy Cakes;
- to administer and process your employment application;
- to administer and maintain shareholder relations;
- to verify your identity;
- for any evaluative purpose as defined in the PDPA;
- to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving any of the companies, subsidiaries or business units in the Slappy Cakes;
- for any other purposes that are incidental or ancillary or in furtherance to the above purposes which are not specifically mentioned herein;
- for any other purposes that we have specifically notified you of; or
- for any other purposes that a reasonable person would consider appropriate in the circumstances.
We may transfer or share your personal data with:
- our agents, contractors, sub-contractors, service providers or data processors who have been contracted to provide administrative, financial, legal, accounting, information technology, research, operational, marketing, telecommunications, transportation, payment, analytical, training, storage, printing, security or other services;
- our consultants and professional advisers (such as accountants, lawyers, auditors);
- our business partners and affiliates;
- clearing and depository houses;
- external banks, credit card companies and their respective service providers;
- courts, tribunals, law enforcement agencies, regulatory authorities and other governmental agencies as required or authorised by law;
- any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving any of the companies, subsidiaries or business units in the Slappy Cakes; or
- any other party to whom you authorise us to disclose your personal data to.
Slappy Cakes is a listed entity on the Singapore Exchange Securities Trading Limited with international presence. As such, the personal data you submit to us in one country may be transferred, used and accessed in one or more additional countries. You fully understand and unambiguously consent that we may transfer your personal data to any location outside of Singapore for the purposes set out above. When transferring your personal data outside of Singapore, we will ensure that your personal data will be protected to a standard comparable to the protection accorded to your personal data under the PDPA by ensuring that the recipient is either in a jurisdiction which has comparable data protection laws, or is contractually bound to protect your personal data.
Notwithstanding the above, we may process your personal data without your consent if it is permitted under the PDPA or any other relevant legislation.
We will take reasonable efforts to protect your personal data in our possession or control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks (“Risks”). However, we shall not be held responsible for Risks occurring in relation to your personal data that are beyond our control, such as Risks resulting from cyber-attacks.
Security arrangements which we undertake to protect your personal data may include the following:
- training our employees who handle your personal data to respect the confidentiality of such personal data and your privacy;
- restricting access of your personal data to employees who require it for their job functions; or
- storing personal data in a combination of secure computer storage facilities and physical storage facilities under lock-and-key.
While we strive to protect your personal data, we cannot ensure the security of the information you transmit to us via the Internet or through the use of our electronic services, and we urge you to take every precaution to protect your personal data when you use such platforms. If applicable, you undertake to use a combination of uppercase and lowercase letters, numbers and symbols for your password, change your password often, use a secure browser when accessing our website(s), keep your username and password secure and confidential and not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place.
We will cease to retain your personal data when we no longer require such personal data for any of the purposes for which it was collected or for any business or legal needs.
We will take reasonable efforts to ensure that your personal data in our records is accurate and complete, if your personal data is likely to be used by us to make a decision that affects you, or disclosed to another organisation. However, you must also update us of any changes in your personal data that you have initially provided us with. We will not be responsible for relying on inaccurate or incomplete personal data arising from you not updating us of any changes in your personal data that you have initially provided us with.
You must also ensure that all personal data submitted by you to us is complete, accurate, true and correct.
When you interact with us on our website(s), we automatically receive and record information (such as your server address, domain name, the date and time of visit and the pages viewed) on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
Cookies are small text files placed in your computer hard drive or mobile devices when you visit our website(s) and allow us to remember you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on a computer.
Should you wish to disable the cookies associated with these technologies, you may do so by changing your browser settings accordingly. However, you may not be able to enter certain part(s) of our website(s), and some of the functions and services may not be able to function without cookies. This may also impact your user experience while on our website(s).
- (a) have any questions, feedback or complaints relating to the collection, use or disclosure of your personal data or this Policy;
- (b) would like to withdraw your consent to any collection, use or disclosure of your personal data as set out in this Policy; or
- (c) would like to exercise your statutory rights under the PDPA in relation to access or correction of your personal data in our control or possession,
please do not hesitate to contact Ms Carolyn Tan through the following channels:
- Call: 6270 7998
- Fax: 6272 7120
- Email: email@example.com
- Address: 26 Tai Seng Street #02-01 Singapore 534057
We will endeavour to respond within a reasonable timeframe.
If you make a request to obtain access to your personal data records with us, we may charge a reasonable fee for verifying the authenticity of the request and locating, retrieving and copying any material requested. If a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received.
Please note that if your personal data had been provided to us by a third party, you should contact that organisation or individual to make such queries, complaints, and access and correction requests to us on your behalf.
Please also note that we are not required, under the PDPA, to provide access and correction to your personal data in certain exempted situations as set out in the PDPA.
If you withdraw your consent to any or all use of your personal data, depending on the nature of your request, we may not be in a position to continue to provide our products and services to you, or administer any contractual relationships in place, which in turn may also result in termination of any agreements you have entered into with us, and your being in breach of your contractual obligations or undertakings. Our legal rights and remedies in such event are expressly reserved.
This Policy shall be governed by and construed in accordance with the laws of Singapore. Any dispute arising out of or in connection with this Policy including any question regarding its existence, validity or termination, shall be referred to and finally resolved by the courts of Singapore.
A person who is not a party to this Policy shall have no right under the Contracts (Rights of Third Parties) Act (Chapter 53B) to enforce any of its terms.
We reserve the right to periodically review and amend this Policy from time to time to take account of new laws and technology, changes to our operations and practices and the changing business environment. The updated Policy will be made available on http://www.tunglok.com/privacy-policy and date stamped so that you are aware of when the Policy was last updated.
You are encouraged to visit the above website on a regular basis to ensure that you are well informed of our latest policies in relation to personal data protection.
This Policy was last updated on 17 August 2015.