JYX collects Customer Data from you for the purpose of providing services to you such as processing a transaction, assisting you in the transaction, and responding to your enquiries or requests, research and analytics purposes, including market research.
We request information from you in several areas of our website and other channels including in-store, that may be used to personally identify you (“Personal Data”), including but not limited to:
– Your contact information such as your telephone numbers, mailing addresses, email addresses, and fax numbers.
– Your credit or debit card information and billing information, including name of cardholder, card number, billing address and expiry date.
– Your responses to market surveys and contests conducted by us or on our behalf.
– Images of you captured by CCTV cameras that are in operation, and this is for security and safety reasons
Kindly note that images of yourself that are captured via our CCTV cameras are strictly for safety and security purposes. All such images are secured stored and access to the same restricted.
Certain Personal Data (particularly relating to your personal information and contact information) are required for specific services and if you fail to supply such Personal Data as requested, we may be unable to deliver you the services in full.
We may use the Personal Data you provided for one or more of the following purposes:
– For your use of the online services available at any of our websites and/or through other telecommunication channels.
– For the supply of any products and/or services which we may offer to you, or you may require from us from time to time including text message (SMS) alerts.
– For marketing, promotional and customer relationship management purposes, such as sending you updates on latest offers and promotions in connection with our products and services and conducting market research.
– For identification and verification purposes in connection with any of the services or products that may be supplied to you.
– To contact you regarding your enquiries.
– To administer contests and giveaways conducted by us or on our behalf.
– To disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside of Singapore.
– To facilitate the payment for products and services provided by us or our subsidiaries, associated companies and/or business associates including verification of credit card details with third parties and using the Personal Data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties).
– To improve our security, including in relation to the processing of payment by credit card to guard against the risk of fraud including carrying out matching procedures against databases of known fraudulent transactions (maintained by us or third parties).
Except as provided below, we will not knowingly or intentionally use or share the Personal Data you provide to use in ways unrelated to the aforementioned purposes without your prior consent.
If you have any query or feedback regarding this Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at: dpo@idsskincare.com
Any query or complaint should include, at least, the following details:
- Your full name and contact information
- Brief description of your query or complaint
We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.
JYX may disclose and transfer Personal Data to and jointly use Personal Data with (whether within or outside of your jurisdiction) our subsidiaries, associated companies, business associates, service providers, and other persons who we consider appropriate, in connection with the services and products provided to or requested by you. We may disclose this information to facilitate communication of news and information about such services and products and otherwise for the purposes mentioned above, under Section 3, “Purposes for which the Personal Data are Collected and Used.”
The entities with whom we may share your Personal Data include but are not limited to:
– Any agent, contractor or third party service provider who provides administrative, marketing and research, distribution, data processing, telemarketing, telecommunications, computer, payment or other services to JYX in connection with the operation of its business.
– Other business associates such as loyalty program operators and other companies involved in providing customer service or fulfilling customer requests.
– Credit reference agencies.
– Credit, debit and /or charge card companies and/or banks.
– Government or non-government authorities, agencies and/or regulators.
– Medical professionals, insurers and clinics/hospitals.
We may also transfer any information we have about you as an asset in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of JYX or as part of a corporate reorganization or stock sale or other change in corporate control.
Please be advised that the Personal Data that JYX collects or obtains may be transferred to jurisdictions that offer lesser protection of Personal Data than that provided in your jurisdiction. By submitting personal information to JYX or using any JYX website, you understand and consent to such transfer.
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date.
From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).
We have implemented appropriate information security and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.
We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a "need to know" basis.
If and when we engage third-party data processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees to us to have implemented the necessary organisational and technical security measures and have taken reasonable steps to comply with these measures.
We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.
You may write in to us to find out how we have been using or disclosing your personal data over the past one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.
If you find that the personal data we hold about you is inaccurate, incomplete, misleading or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.
Where there is a need to transfer your personal data to another country outside Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as those in Singapore.
We may update this Data Privacy Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.
Changes to this Notice take effect when they are posted on our website.