The protection of your personal data is of utmost importance to us. We are committed to protecting your personal data in compliance with the data protection laws applicable to you. While data protection laws in Asia may differ and while some countries do not yet have data protection laws in place, we generally aim to protect your personal data to the standard of the Personal Data Protection Act 2012 of Singapore (“PDPA”) or to a stricter standard of the data protection laws applicable to you.

This privacy policy (the “Privacy Policy”) sets out the manner in which Digital Services SG Four Pte. Ltd., and its related entities, affiliates and subsidiaries in Asia (collectively referred to herein as “Flash Coffee”, “us“, “we” or “our“) collect, use, disclose and manage your personal data in compliance with the applicable data protection laws. 

This Privacy Policy applies to all our other products and services (collectively, the “Services”). By submitting any personal data to us and by using our Services, you consent to us collecting, using, processing and disclosing your personal data in accordance with the terms of this Privacy Policy. 

1. What is “Personal Data”? 

“Personal Data” means data, whether true or not, about an individual who can be directly or indirectly identified from that data or from that data and other information to which Flash Coffee has access to. Personal Data which you may provide to us include the following: 

1. Full name; birth of date, city of birth;
2. Mobile telephone number; 
3. Personal email address; 
4. Residential address;
5. Payment-related information such as bank account details;
6. Information about cookies and IP address (insofar as you may be identified from such information);

For Singapore only (and not for other countries), please note that “business contact information” is not covered by the PDPA and this Privacy Policy. “Business contact information” means an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes.

2. When do we collect your Personal Data?

We will only collect your Personal Data where it is reasonable and appropriate to do so in the circumstances, and to the extent necessary in relation to the lawful purposes under the data protection laws applicable to you. We generally do not collect your Personal Data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided consent to the collection and usage of your Personal Data for those purposes, or (b) collection and use of Personal Data based on deemed consent or without consent is permitted or required by the data protection laws or other laws applicable to you.

In general, the ways in which Flash Coffee may collect your Personal Data include: 

1. When you use Flash Coffee’s Services via the mobile application:

• Full Name, phone number, and e-mail address;
• Four last digits of the credit card number in masked format (e.g. XXXX XXXX XXXX 1324) in accordance with the Payment Card Industry Data Security Standard (PCI DSS).

2. When you take a survey or interact with Flash Coffee in various other ways

• Demographics information, comments, feedback, questions or suggestions, and information about subjects that may interest you.

Flash Coffee may also combine information collected about an individual with information Flash Coffee receives from authorised third parties.

By submitting your Personal Data to us, you warrant that all Personal Data submitted to us is complete, accurate, true and correct. Failure to ensure that such data provided to us is complete, accurate, true and correct may result in inability on our part to provide you with the requested products or services. 

Use of Cookies/Web services: Flash Coffee may automatically collect online use information when you visit Flash Coffee’s website or use Flash Coffee’s mobile application or services. This information may include information about the Internet service provider, operating system, browser type, domain name, Internet protocol (IP) address, access times, website referrals, web page requests, and the date and time of those requests. Flash Coffee’s collection of online use information may involve the use of cookies and web beacons. Cookies are small data files stored on your hard drive by a website. Among other things, cookies help Flash Coffee to improve services and user experience. Flash Coffee uses cookies to see which areas and features are popular. Web beacons are electronic images that may be used on Flash Coffee’s website, mobile applications or emails. Flash Coffee may use Web beacons to deliver cookies, count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon.

Aggregated Data: Further, Flash Coffee may also collect aggregated data or anonymised data that does not directly identify the individual.

3. For what purposes do we collect, use or disclose your Personal Data? 

In general, the purposes for which Flash Coffee may collect, use, process or disclose your Personal Data include (but are not limited to the following): 

1. to conduct and complete transactions, to process and manage purchases and use of Flash Coffee products and payments, including account and program participation;
2. to respond to your service inquiries, to post your comments or statements on any blog or other online forum maintained on Flash Coffees sites, or take other actions in response your inquiries or other website or app activities;
3. to conduct marketing and promotional activities, and to create personalised promotions by combining personal information with non-personal information, such as the amounts and types of purchases or any benefits you receive through Flash Coffee’s programs;
4. to communicate with you by post, telephone, email, SMS, social media and engagement platforms, and/or Flash Coffee’s mobile app (including but not limited to any in-app messaging services) about Flash Coffee brands, products, events or other promotional purposes, including co-branded offers and affiliate and partner offers;
5. for internal operations, including troubleshooting, data analysis, testing, research and service improvement;
6. complying with the compliance and disclosure requirements of any and all governmental and/or quasi governmental departments and/or agencies, regulatory and/or statutory bodies; and/or
7. purposes relating thereto.
8. Who do we share your Personal Data with?

In the course of providing you with our products and services, your Personal Data may be disclosed to the following third parties for the purposes listed above: 

1. agents, contractors or third party service providers who have been engaged by Flash Coffee to provide services such as data processing, analytics, customer engagement, customer segmentation, performance marketing  or market research;
2. Flash Coffee’s parent, affiliates and/or subsidiaries within and/or outside Singapore; 
3. business partners of Flash Coffee; 
4. cloud hosting and IT service providers of Flash Coffee; 
5. payment service providers, banks, credit card companies and their respective service providers; 
6. professional advisors engaged by Flash Coffee such as lawyers and auditors; 
7. relevant government authorities or law enforcement agencies; and
8. any party to whom you authorise us to disclose your Personal Data. 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Because we use different data processors and change them from time to time, it is not appropriate to identify specific recipients of personal information. However, if you are interested, we will be happy to disclose the name of the processor(s) in use at that time upon request.

Your Personal Data may be transferred, stored and/or processed in a country or territory outside the country in which you gave the Personal Data to us. We will take appropriate steps to ensure that any party in a country or territory outside the country in which you gave the Personal Data to us to whom we transfer Personal Data is bound by legally enforceable obligations or specified certifications to provide to the transferred Personal Data a standard of protection which is at least comparable to the protection under the PDPA or to a stricter standard prescribed by the data protection laws applicable to you. 

5. How do we manage, protect and store your Personal Data? 

We have appointed a Data Protection Officer who will oversee and ensure management of Personal Data in accordance with the applicable data protection laws. The contact details of our Data Protection Officer are listed below. 

1. Protection 

We take breaches of privacy very seriously and will take all reasonable steps and employ appropriate security measures to ensure that your Personal Data is securely stored and protected against unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. In the event of a data breach we shall notify you if required by and in accordance with the data protection laws applicable to you.

2. Accuracy and Correction 

We endeavour to ensure that your Personal Data is accurate and complete if the Personal Data is likely to be used by Flash Coffee to make a decision that affects you or is likely to be disclosed by Flash Coffee to another organisation.  

To help us maintain the accuracy of your Personal Data, if there is any change or update in your Personal Data, or if you wish to correct any of your Personal Data which we have, please write to our Data Protection Officer at the contact details below. 

3. Retention 

We will only retain Personal Data for as long as the retention is required for (i) the purposes for which such Personal Data was collected, or (ii) as required for legal and business purposes. 

We will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, you have requested to do so or withdrawn your consent, and is no longer necessary for legal or business purposes.

Generally we do not retain Personal Data for a period of more than seven years after the original purposes for which the Personal Data was collected have ceased to be applicable, unless otherwise required by law.

4. Links to Other Sites

Our Services may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

6. What are your rights?  
   1. Right to withdraw consent and request to delete data

The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing as well as to erase, destroy, or anonymize your Personal Data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described above.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclose without consent is permitted or required under applicable laws.

2. Right of access, correction, and data transfer

If you wish to make (a) an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data, or (b) a correction request to correct or update any of your Personal Data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

You may also request a copy of your Personal Data which we hold about you to be transmitted to another service provider if it can be transmitted by electronic means, and subject to the conditions of the applicable data protection laws.

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty days after receiving your request, we will inform you in writing within thirty days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the applicable data protection laws).

7. Privacy Policy Updates

We reserve the right to update our Privacy Policy from time to time to adapt them to legal developments and to reflect changes in our company’s internal processes. If we make fundamental changes regarding the collection, use or dissemination of your personal data, we will notify you thereof by e-mail sent to the last e-mail address specified by you, asking for your consent again, if need be. 

8. Who should you approach? 

If you have any feedback or enquiries relating to your Personal Data or if you wish to know more about our data protection policies and practices, please contact us at the following: 

Flash Coffee Data Protection Officer

Email Address: [email protected]

Postal Address for Singapore: Digital Services SG Four Pte. Ltd., Data Protection Officer, 4 Battery Road, #25-01 Bank of China Building, Singapore 049908

Postal Address for Indonesia: PT Sembilan Puluh Enam Derajat., Data Protection Officer, WeWork Revenue Tower, Jl. Jend. Sudirman Kav. 52-53, Jakarta 12190

This Privacy Policy was last updated in May 2021.