SODA Inc. (hereinafter referred to as the “Company”) is aware of the importance of the protection of Personal Information (as defined below) and shall comply with the Personal Data Protection Act 2012 (No. 26 of 2012) (hereinafter referred to as the “PDPA”), and accordingly, the Company shall ensure the appropriate collection, use, disclosure and protection of Personal Information (as defined below) in accordance with the following privacy policy (hereinafter referred to as this “Privacy Policy”); unless otherwise provided for in this Privacy Policy, capitalized terms used in this Privacy Policy shall bear the same meanings ascribed to them in the Company’s Terms of Use at (“ Terms”):
The term “Personal Information” refers to any data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which the Company has or is likely to have access, including data in the Company’s records as may be updated from time to time.
1. The Personal Information that the Company may collect may include the User’s name, email address, phone number, date of birth, residential address, personal identification number, bank account details, information from the User’s device or equipment used to access and/or use the Service (including network activity and IP address), and any other Personal Information necessary for the Company to provide the Service.
2. Apart from collecting Personal Information directly from the User, the Company may also
collect Personal Information in other ways (e.g. using automated technology such as click-stream data, cookies, flash cookies,
web beacons, and tracking links) and from third parties (e.g. the use of third party websites and applications that interact
with the Company’s websites and/or web-based applications) or from publicly available sources. While Users may restrict or
block the use of cookie files by browser settings, it shall be noted that in the event of restrictions on the use of cookie
files, use of the Service’s features or on the Company’s website may be restricted. The Company also uses Google Analytics to
grasp the usage of its website. For details of Google Analytics such as methods of collection and processing of data, please
refer to the following URLs:
https://marketingplatform.google.com/about/analytics/terms/us/
https://policies.google.com/privacy
https://policies.google.com/technologies/partner-sites
3. Please also note that the Company’s website, mobile or web-based applications may offer location-enabled services. If the User uses the Company’s website, mobile or web-based applications, the website, mobile or web-based applications may receive information about the User’s actual locations (such as GPS signals sent by the mobile device) or information that can be used to approximate a location. The User will always be asked if the location-enabled service may be activated and the User may also object or withdraw his or her consent to such location-enabled service within the respective mobile or web-based application.
4. For the avoidance of doubt, in the event that any applicable laws, regulations, rules, guidelines, and regulations or schemes imposed by any governmental bodies and authorities (collectively, “Applicable Laws”) permit the Company’s collection of the Personal Information of the User without the User’s consent, such permissions granted by the Applicable Laws shall apply.
1. Purposes for which the Company collects and uses Personal Information shall be as follows:
1.1 Providing, operating and improving the Company’s Service;
1.2. Receiving orders for and shipping goods, and responding to inquiries from Users (including obtaining identity confirmation);
1.3. Sending emails containing information about matters such as new features, updates, and campaigns for the Service;
1.4. Informing Users as necessary of matters such as maintenance operations and important announcements;
1.5. Identifying Users violating the Company’s Terms or intending to use the Service for illicit or unjust purposes and refusing such use;
1.6. Allowing Users to confirm, amend, or delete their Member Information, or confirm their usage history;
1.7. Requesting that Users pay the Service Charge;
1.8. Creating data such as statistical data in which individuals are not identifiable;
1.9. Studying and developing any new service(s) of the Company;
1.10. Other purposes incidental to any of the abovementioned purposes of collection and use; and
1.11. Other purposes which the Company notifies the User of at the time of obtaining the User’s consent,(collectively, the “Purposes”, and each, a “Purpose”).
2. The Company will not use Personal Information for Purposes which it is not permitted to or required under the PDPA or other Applicable Laws.
3. Notwithstanding the above, the Company may collect and use any Personal Information without the User’s consent provided that it is in accordance with any Applicable Laws, including but not limited to the PDPA.
1. The Company may share and disclose Personal Information with:
1.1. the Company’s parent company, subsidiary or other affiliates (including SODA inc.);
1.2 the Company’s partners, vendors, agents, contractors, or third party service providers who provide services to the Company;
1.3 the Company’s partners, licensors, vendors, agents, contractors, or third party service providers who provide operational services to the Company such as courier services, telecommunications, IT, payment, printing, billing, payroll processing, technical services, training, market research, call centre, security, or other such services;
1.4 the Company’s partners, licensees, agents, contractors, or third party service providers who provide operational services for and on behalf of the Company;
1.5 in the event of an actual or prospective business asset transaction (such as any merger, acquisition, or asset sale), any business partner, investor, assignee, or transferee for the purposes of facilitating such a transaction; and
1.6 any relevant government regulators, statutory boards or authorities, or law enforcement agencies as required by any Applicable Laws.
2. Personal Information is disclosed to the above only for the Purposes and/or where any Applicable Laws permit.
3. In appropriate cases, the Company shall encrypt, anonymize, and aggregate Personal Information before sharing it. Anonymizing means stripping the information of personally identifiable features. Aggregating means presenting the information in groups or segments (e.g., age groups).
4. The Company shall not be responsible for any Personal Information that the User supplies to third parties. Such Personal Information shall be subject to such third parties’ privacy policies and terms of service (if any).
1. The Company will not collect, use, or disclose Personal Information beyond the extent necessary to achieve any Purpose without the consent of the User, unless:
1.1 It is permitted by the PDPA or any other Applicable Laws;
1.2. Consent of the User cannot be obtained in a timely way and there are reasonable grounds to believe that the health or safety of the User or another individual will be seriously affected; or
1.3. The Personal Information was disclosed by a public agency and the collection and/or use of the Personal Information by the Company is consistent with the purpose of the disclosure by the public agency, and/or the disclosure of Personal Information is to a public agency, where the disclosure is necessary in the public interest.
2. The Company will not collect or store any payment information (including but not limited to the credit or debit card information) that the User may provide in the context of the Services. Payments made on the Services (such as when using a credit or debit card) are made through a third party payment gateway provider. The User will provide payment information (including but not limited to credit or debit card information) directly to that payment gateway provider which operates a secure server to process payment details, encrypting the User’s payment information (including but not limited to credit or debit card information) and authorizing payment. For the avoidance of doubt, the Company shall not be responsible for any Personal Information (including any payment information) that the User supplies to the third party payment gateway provider and such Personal Information shall be subject to the third party payment gateway’s privacy policy and terms of service (if any).
1. Each User must ensure that all Personal Information submitted to the Company is complete, accurate, true and correct. Each User further represents and warrants to the Company that, if the User has provided any Personal Information relating to a third party, the User has obtained the consent of the third party to provide the Company with the third party’s Personal Information, unless otherwise provided in the PDPA.
2. Each User may request that the Company update and correct the User’s Personal Information in the possession or control of the Company by contacting the Data Protection Officer (whose contact is set out below).
3. Upon a User’s request under the preceding paragraph, the Company shall correct the Personal Information without delay unless it is satisfied on reasonable grounds that it should not comply with the request.
4. If the Company corrects the Personal Information under the preceding paragraph or is satisfied on reasonable grounds that it should not comply with the User’s request to correct the Personal Information, the Company will notify the User thereof without delay.
5. Each User may request for access to the Personal Information that the Company has relating to the User, inquire about the way in which the Personal Information relating to the User has been used or disclosed by the Company in the past year, or withdraw consent to the Company’s use of such Personal Information, by contacting the Data Protection Officer (whose contact is set out below). The Company will seek to attend to the User’s request as best as it reasonably can and without delay.
6. Please note that:
6.1. in order for the Company to provide any Personal Information, the Company will need to verify the User’s identity and may request further information about the User’s request;
6.2. the Company may refuse access to the User’s Personal Data if it would affect the privacy rights of other persons or if it breaches any confidentiality that attaches to that information;
6.3. the Company may also refuse the User’s request where the Company is legally permitted to do so and gives the User reasons for doing so;
6.4. the User should be aware that the Company may take a reasonable time to process the User’s application for access as the Company may need to retrieve information from storage and review the information in order to determine what information may be provided; and
6.5. the Company may have to charge the User a reasonable administrative fee for retrieving Personal Information relating to the User.
7. For the avoidance of doubt, if the Company refuses to grant the User access to the User’s Personal Information, the Company shall preserve a complete and accurate copy of the Personal Information for a period of 30 days after the date on which the Company notifies the User of the Company’s refusal to do so.
8. In the event that a User withdraws his or her consent for the Company to collect, use and/or disclosure the User’s Personal Information, the Company may not be able to provide the Service to the User and will advise the User of the consequences of such withdrawal upon receiving the User’s withdrawal request.
1. If the individual who is the subject of Personal Information (hereinafter referred to as the “Relevant Individual”) requests that the Company delete Personal Information on the grounds that such information has been collected, used or disclosed beyond the scope of any Purpose or acquired by wrongful means, the Company will conduct the necessary investigation without delay.
2. If the Company determines that it is necessary to comply with such request based on the result of the investigation under the preceding paragraph, the Company will promptly delete such Personal Information.
3. If the Company deletes the Personal Information in accordance with the preceding paragraph or decides that it should not delete the Personal Information, the Company will notify the User thereof without delay.
4. Notwithstanding the preceding two paragraphs, if significant costs are incurred for deletion of the Personal Information or it is otherwise difficult to delete the Personal Information, and the Company is able to take necessary alternative measures to protect the rights and interests of the User, the Company shall take such alternative measures.
The Personal Information provided to the Company are stored on secure servers. The Company also has security measures in place to protect against unauthorized access, loss, misuse and alteration of the Personal Information under the Company’s possession and/or control. However, to the extent permissible under the Applicable Laws, the Company will not be held liable or responsible for any loss, misuse or alteration of the Personal Information that may be caused by third parties.
1. The Company will only retain Personal Information for only as long as:
1.1 the retention of the Personal Information continues to serve any Purpose; and
1.2 there is a business or legal need.
2. In the event that retention of Personal Information is no longer necessary for any business or legal purposes or when any Purpose for which the Personal Information was collected is no longer being served by the retention of the Personal Information, the Company will remove, destroy or anonymise the Personal Information.
1. Each User’s Personal Information may be transferred to, stored, or processed outside of Singapore.
2. The Company will only transfer Personal Information overseas in accordance with the Applicable Laws and will ensure that overseas organisations the Company works with observe strict confidentiality and data protection obligations.
3. Unless allowed otherwise under the Applicable laws, the Company will ensure that the overseas organisations to which the Personal Information is transferred provide a standard of protection comparable to the protection under the PDPA.
In the event of a data breach of the Personal Information (“Breach”), the Company will promptly conduct an assessment of whether the Breach is notifiable to the Personal Data Protection Commission (“PDPC”) in accordance with the PDPA. If the Breach is notifiable to the PDPC, the Company will also notify each affected User of the occurrence of the Breach in accordance with the PDPA.
In the event that any User wishes to transfer any of his or her Personal Information that is in the Company’s possession or control to another organisation, the User must submit a request in writing to the Company’s Data Protection Officer (whose details are set out below) and the Company will assist as best as it can to transmit such Personal Information to the other organisation in a commonly used machine-readable format.
The Company uses Facebook Custom Audiences to display advertisements based on the usage of the Company’s service. For details, please check Facebook Custom Audiences (https://www.facebook.com/business/help/744354708981227). Advertisements delivered using Facebook Custom Audiences may be avoided from the Facebook opt-out page (https://www.facebook.com/about/ads).
1. This Privacy Policy shall be allowed to be amended without notice to Users except as otherwise provided for in the Applicable Laws or this Privacy Policy.
2. The amended Privacy Policy shall come into force upon publication on this website except as otherwise determined by the Company.
For request for access, correction, or withdrawal of consent in respect of the Personal Information, and any inquiries about this Privacy Policy, please contact the Company’s Data Protection Officer whose details are set out as follows:
Established on 13/12/2021
Updated 17/01/2023