At SriCandy, we respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal data in accordance with Singapore’s Personal Data Protection Act 2012 (PDPA). By using our website, www.sricandy.com, and our services, you agree to the practices described in this policy.

1. Collection of Personal Data

We may collect the following types of personal data when you interact with us:

• Identity Data: Name, date of birth, gender.
• Contact Data: Email address, phone number, mailing address.
• Account Data: Username, password, and other credentials for account creation.
• Transaction Data: Details about payments to and from you, including payment method and order history.
• Technical Data: IP address, browser type and version, time zone setting, and other technology on the devices you use to access our website.
• Usage Data: Information about how you use our website, products, and services.
• Marketing and Communications Data: Your preferences in receiving marketing materials and communication from us.

We collect personal data directly from you through our website, email, phone, social media, and other communication channels. We may also collect data through cookies and similar tracking technologies when you use our website.

2. Use of Personal Data

We may use your personal data for the following purposes:

• Order Fulfillment: Processing your orders, including payment transactions, delivery, and customer support.
• Account Management: Managing your account and providing customer service.
• Marketing and Promotions: Sending you updates, promotions, newsletters, and offers related to our products. You may opt out of receiving such communications at any time.
• Improving Our Services: Analyzing data to enhance our website, products, and customer experience.
• Legal and Compliance: Complying with legal obligations, preventing fraud, and protecting our rights and interests. 

3. Disclosure of Personal Data

We may share your personal data with:

• Third-party service providers such as payment processors, logistics partners, and IT service providers, for the purpose of providing our services to you.
• Law enforcement agencies, regulatory bodies, and other authorities if required by law.
• Marketing partners for the purpose of analyzing website traffic or advertising. We will obtain your consent where required before sharing your data for marketing purposes.

We do not sell or rent your personal data to third parties.

4. Data Protection and Security

We are committed to ensuring the security of your personal data. We have implemented the following measures to protect your data:

• Data Encryption: Sensitive information transmitted online is encrypted using Secure Socket Layer (SSL) technology to protect your data during transmission.
• Access Controls: Only authorized personnel have access to your personal data. We regularly review access privileges and ensure that your information is accessible only to those who need it.
• Data Minimization: We only collect, use, or disclose personal data that is necessary for the purposes outlined in this policy.
• Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security risks. 

5. Data Breach Management

In the unlikely event of a data breach, we have put in place a response plan to manage the situation:

• Notification: We will notify affected individuals and the relevant authorities as required under the PDPA in the event of a data breach that poses a risk of harm to individuals.
• Containment and Recovery: We will take immediate steps to contain the breach and prevent further unauthorized access. Our team will work to recover any lost or compromised data.
• Investigation: We will investigate the cause of the breach and implement measures to prevent future occurrences. 

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. When personal data is no longer required, we will securely delete or anonymize it.

7. Your Rights

Under the PDPA, you have the following rights regarding your personal data:

• Access: You have the right to request access to your personal data held by us.
• Correction: You have the right to request corrections to your personal data if you believe it is inaccurate or incomplete.
• Withdrawal of Consent: You may withdraw your consent for us to use your personal data for specific purposes at any time. To do so, please contact us at the email address provided below.

Please note that withdrawing consent may affect our ability to provide certain products or services to you.

8. Use of Cookies

We use cookies and similar technologies to enhance your browsing experience, analyze site traffic, and provide personalized content and ads. You can adjust your browser settings to refuse cookies, but this may affect your ability to use some features of our website.

9. Third-party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read the privacy policies of any external websites you visit.

10. Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes through our website or via email. Your continued use of our services after the changes take effect constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact our Data Protection Officer:

Email: cs@sricandy.com