Private Policy

At BROAD VISTA PTE. LTD. (“we,” “us,” or “our”), a Singapore-based e-commerce company specializing in clothing retail, we prioritize the protection of your personal data. This Privacy Policy adheres strictly to Singapore’s Personal Data Protection Act 2012 (2020 Revised Edition) (PDPA) and outlines in detail how we collect, use, store, disclose, and protect your personal information when you access or use our e-commerce platform (including our website, mobile application, and related services). By engaging with our services—such as browsing products, creating an account, placing orders, or subscribing to marketing communications—you acknowledge that you have read, understood, and agreed to the terms of this Policy.​

1. Scope of Application​

This Privacy Policy applies to all personal data processing activities conducted by or on behalf of BROAD VISTA PTE. LTD. in connection with our clothing e-commerce services. This includes, but is not limited to, data collected when you: (a) register for a user account; (b) search, select, or purchase clothing items (e.g., dresses, tops, bottoms, outerwear); (c) provide delivery or payment information; (d) participate in promotions (e.g., seasonal sales, loyalty programs); (e) contact our customer service team; or (f) interact with our platform’s features (e.g., saving “wishlist” items, leaving product reviews). This Policy does not apply to third-party websites or services linked to our platform (e.g., social media plugins, payment gateways), as those are governed by their own privacy policies.​

2. Types of Personal Data Collected​

We only collect personal data that is necessary to fulfill the specific purposes outlined in this Policy. The types of data we may gather include:​

  • Identifying Data: Full name, email address, phone number, and date of birth (required for account creation and age verification, if applicable).​
  • Transactional Data: Purchase history (e.g., items bought, order dates, prices), payment method details (e.g., credit card last four digits, PayPal account information—note: we do not store full credit card details; these are processed by licensed payment service providers), and order tracking numbers.​
  • Preference Data: Clothing size preferences (e.g., XS-XL, shoe size), color/fabric preferences (e.g., cotton, linen, polyester), style preferences (e.g., casual, formal), and “wishlist” items saved to your account.​
  • Delivery Data: Residential or business address, postal code, and delivery instructions (e.g., “leave at front door”).​
  • Technical Data: IP address, browser type, device information (e.g., smartphone model, operating system), browsing behavior (e.g., pages visited, time spent on product pages), and cookie data (see Section 13 for details).​

All data collection is done with your explicit consent—for example, when you check a box to agree to data use during account registration or when you provide information to complete an order.

3. Purposes of Data Collection​

We use your personal data exclusively for legitimate, specific, and transparent purposes related to our clothing e-commerce operations. These purposes include:​

  • Order Fulfillment: Processing your clothing purchases, coordinating with logistics partners to deliver items to your specified address, and providing order updates (e.g., “shipped,” “out for delivery”).​
  • After-Sales Service: Assisting with returns, exchanges, or refunds (e.g., verifying your order details to process a return for a ill-fitting garment), addressing product quality inquiries (e.g., “fabric defect”), and resolving delivery issues (e.g., missing packages).​
  • Personalized Recommendations: Suggesting clothing items that align with your preferences (e.g., recommending linen shirts if you previously purchased linen pants) or browsing history (e.g., showing similar dresses to one you viewed).​
  • Account Management: Maintaining your user account, updating you on account activity (e.g., password changes, login attempts), and ensuring access to platform features (e.g., “wishlist,” order history).​
  • Marketing Communications: Sending you information about new clothing collections, seasonal promotions (e.g., “Summer Sale: 30% Off Dresses”), or loyalty program benefits—only if you have opted in to receive such communications.​
  • Platform Improvement: Analyzing user behavior to enhance our website/mobile app functionality (e.g., optimizing product search filters) and improving our clothing offerings (e.g., increasing stock of popular sizes/styles).​

4. Consent Management​

Under the PDPA, we obtain your clear and voluntary consent before collecting, using, or disclosing your personal data. You may provide consent in various ways, such as:​

  • Checking a box to agree to data use during account registration or checkout.​
  • Verbally confirming consent when speaking to our customer service team (e.g., agreeing to share your address with a logistics partner).​
  • Taking affirmative action (e.g., clicking a link to subscribe to our newsletter).​

You have the right to withdraw or modify your consent at any time. To do so:​

  • Update your preferences in the “Privacy Settings” section of your user account (e.g., opt out of marketing emails).​
  • Contact our customer service team via email ([email protected]) or phone (+65-8032-5569) to request consent withdrawal.​

Please note that withdrawing consent may affect your ability to use certain services (e.g., opting out of delivery address sharing will prevent us from fulfilling your orders).

5. Data Accuracy and Updating​

We take reasonable steps to ensure that your personal data is accurate, complete, and up-to-date, as incorrect data may lead to errors (e.g., delivering clothing to the wrong address). You are responsible for notifying us of any changes to your information, and we provide easy ways to update your data:​

  • Edit your name, contact details, delivery address, or size preferences directly in the “My Account” section of our platform.​
  • Contact our customer service team to correct errors (e.g., updating a misspelled email address) or add missing information (e.g., providing a postal code for delivery).​

We may also verify data accuracy periodically (e.g., cross-checking delivery addresses with postal service records) to ensure reliability.​

6. Third-Party Disclosure​

We do not sell, rent, or trade your personal data to third parties for commercial purposes. However, we may disclose your data to trusted third parties who assist us in delivering our services, provided that these parties are bound by strict confidentiality agreements and only use the data for the specified purpose. These third parties include:​

  • Logistics Partners: Courier services (e.g., SingPost, Ninja Van) that deliver your clothing orders—we share your delivery address and contact number to ensure timely drop-off.​
  • Payment Processors: Licensed providers (e.g., Stripe, PayPal) that handle payment transactions—we share your order amount and payment method details (excluding full credit card numbers) to process payments securely.​
  • Marketing Service Providers: Email marketing platforms (e.g., Mailchimp) that send promotional communications—we share your email address only if you have opted in to marketing.​
  • Customer Service Vendors: Third-party teams that assist with handling inquiries (e.g., return requests)—we share your order history and contact details to resolve issues effectively.​

We ensure that all third parties comply with the PDPA and other applicable data protection laws, and we monitor their data handling practices to prevent misuse.

7. Data Security Measures​

We implement robust technical, administrative, and physical security measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. These measures include:​

  • Encryption: All data transmitted between your device and our platform (e.g., during checkout) is encrypted using Secure Sockets Layer (SSL) technology. Stored data (e.g., user accounts, order history) is encrypted using Advanced Encryption Standard (AES-256).​
  • Access Controls: Only authorized employees (e.g., customer service staff, order processors) with a legitimate business need can access your data, and they are required to use unique login credentials (e.g., username + password) and multi-factor authentication (MFA) for sensitive systems.​
  • Regular Audits: We conduct periodic security audits and vulnerability assessments to identify and address potential risks (e.g., software bugs, unauthorized access points).​
  • Employee Training: All staff receive training on data protection best practices and the PDPA to ensure they understand their responsibilities in safeguarding user data.​
  • Incident Response Plan: We have a dedicated plan to respond to data breaches (see Section 8) and minimize harm to users.​

8. Breach Notification​

In the event of a data breach (e.g., unauthorized access to user accounts, theft of delivery addresses), we will take immediate action to contain the breach, assess its impact, and mitigate further risks. Under the PDPA, we are required to:​

  • Notify the Singapore Personal Data Protection Commission (PDPC) within 72 hours of discovering the breach, provided that the breach is likely to result in significant harm to affected users (e.g., identity theft, financial loss).​
  • Notify affected users promptly if the breach poses a risk to their personal data or privacy. Notifications will include details of the breach (e.g., types of data compromised), steps we have taken to address it, and actions users can take to protect themselves (e.g., changing passwords, monitoring bank statements).​

We will also maintain records of the breach and our response for at least 2 years, as required by the PDPC.

9. Data Retention​

We do not retain your personal data longer than necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are as follows:​

  • Order-Related Data: We retain your purchase history, delivery address, and payment transaction details for 2 years after the completion of your order (i.e., after delivery or final resolution of returns/refunds). This allows us to address post-purchase inquiries and comply with tax or consumer protection laws.​
  • Account Data: If you maintain an active user account, we retain your identifying data (e.g., name, email) and preference data (e.g., size preferences) for as long as your account is active. If your account is inactive for 3 consecutive years, we will notify you and, if no response is received, securely anonymize your data.​
  • Marketing Data: We retain your email address or phone number for marketing purposes only until you opt out, or for 1 year after your last interaction with our marketing communications (e.g., opening an email, clicking a promotion link).​

After the retention period expires, we securely delete or anonymize your data (e.g., removing identifying details from purchase records) so that it can no longer be linked to you.​

10. Do Not Call (DNC) Compliance​

Singapore’s DNC Registry prohibits businesses from sending unsolicited marketing messages (e.g., SMS, phone calls) to individuals who have registered their contact details on the registry. We fully comply with the DNC Registry requirements by:​

  • Checking the DNC Registry at least once every 30 days to update our marketing contact lists.​
  • Ensuring that we do not send marketing SMS or make marketing calls to any phone number listed on the DNC Registry, unless you have explicitly opted in to receive such messages (even if your number is on the registry).​
  • Providing an easy way to opt out of marketing messages (e.g., replying “STOP” to a marketing SMS, or using the “Unsubscribe” link in marketing emails).​

If you believe you have received an unsolicited marketing message from us in violation of the DNC Registry, please contact our Data Protection Officer (see Section 15) to report the issue.​

11. User Access Rights​

Under the PDPA, you have the right to access the personal data we hold about you, to verify that it is accurate, and to ensure we are using it in compliance with this Policy. To request access to your data:​

  • Submit a written request via email to our customer service team ([email protected]) or to our Data Protection Officer (see Section 15). Your request should include your full name, registered email address, and details of the data you wish to access (e.g., “all order history from 2024”).​
  • We may ask you to provide additional information to verify your identity (e.g., answering a security question, providing a copy of your ID) to prevent unauthorized access to your data.​
  • We will respond to your access request within 30 days of receiving it. If we cannot fulfill your request (e.g., due to legal restrictions), we will notify you in writing and explain the reason.​

We do not charge a fee for accessing your data, unless the request is excessive or repetitive, in which case we may charge a reasonable administrative fee.

12. Cross-Border Data Transfer​

As a Singapore-based company, we primarily process and store your personal data within Singapore. However, in limited cases, we may transfer your data to third parties located outside Singapore (e.g., a global logistics partner with operations in another country, or a payment processor with servers overseas). We only make such transfers if:​

  • The destination country or region has data protection laws that are deemed “adequate” by the PDPC (e.g., the European Union under the EU-Singapore Data Protection Adequacy Decision).​
  • The third party agrees to implement equivalent security measures (e.g., using encryption, signing a data processing agreement) to protect your data as required by the PDPA.​
  • We obtain your explicit consent for the transfer, if required by law.​

We will never transfer your data to a jurisdiction where it will not be protected to the same standard as in Singapore.​

13. Cookies Usage​

Our platform uses “cookies”—small text files stored on your device—to enhance your browsing and shopping experience. We use two types of cookies:​

  • Essential Cookies: These are necessary for the basic functionality of our platform, such as remembering your shopping cart items, maintaining your login session, and processing checkout. You cannot disable essential cookies, as doing so will prevent you from using key features (e.g., completing a purchase).​
  • Non-Essential Cookies: These help us improve our platform and personalize your experience, such as tracking browsing behavior to provide product recommendations, or measuring the effectiveness of marketing campaigns. Examples include analytics cookies (e.g., Google Analytics) and marketing cookies (e.g., Facebook Pixel).​

You can manage your cookie preferences by adjusting your browser settings (e.g., in Chrome, Firefox, or Safari) to disable non-essential cookies. Please note that disabling non-essential cookies may limit certain features (e.g., personalized recommendations) but will not affect your ability to browse or purchase clothing. We also provide a “Cookie Consent Banner” on our homepage, where you can accept or decline non-essential cookies.​

14. Policy Updates​

We may update this Privacy Policy from time to time to reflect changes in Singapore’s data protection laws, our business practices (e.g., launching new services like virtual fitting rooms), or emerging privacy risks. When we make updates:​

  • We will revise the “Last Updated” date at the top of this Policy.​
  • We will notify you of significant changes via email (sent to your registered email address) or a prominent announcement on our platform (e.g., a pop-up on our homepage).​
  • The updated Policy will take effect immediately upon notification, unless stated otherwise.​

We encourage you to review this Policy regularly to stay informed about how we protect your data. Your continued use of our services after the Policy is updated constitutes your acceptance of the revised terms.​

15. Data Protection Enquiries​

If you have any questions, concerns, or complaints about this Privacy Policy, our data handling practices, or your personal data rights under the PDPA, please contact our Data Protection Officer (DPO) at:​

  • Email: [email protected]
  • Phone: +65-8032-5569​
  • Mailing Address: 21 WOODLANDS CLOSE, #04-30, PRIMZ BIZHUB, SINGAPORE 737854

Our DPO will respond to your enquiry within 14 business days and work with you to resolve any issues. You also have the right to lodge a complaint with the Singapore Personal Data Protection Commission (PDPC) if you are not satisfied with our response.

By using BROAD VISTA PTE. LTD.’s services, you confirm that you have read, understood, and agreed to this Comprehensive Privacy Policy.​