Privacy Policy
Last updated: December 26, 2024
πΈπ¬ Singapore PDPA Compliance
This privacy policy complies with Singapore's Personal Data Protection Act (PDPA) 2012. We are committed to protecting your personal data and respecting your privacy rights under Singapore law.
1. Introduction
Yumbari ("we", "our", "us") operates a B2B e-commerce platform for canteen supplies. This privacy policy explains how we collect, use, disclose, and protect your personal data in accordance with Singapore's Personal Data Protection Act (PDPA) 2012.
Data Protection Officer Contact:
Email: privacy@yumbari.com
Phone: +65 8066 5443
Address: 111 North Bridge Road, Peninsula Plaza, Singapore 179098
2. Personal Data We Collect
Account Information
- Email address (primary identifier)
- Company name and business details
- Contact information (phone, address)
- Account preferences and settings
Transaction Data
- Order history and purchase details
- Shopping cart contents
- Payment information (processed by secure third parties)
- Delivery addresses and instructions
Technical Data
- IP address and device information
- Browser type and version
- Session tokens and login timestamps
- Website usage analytics (anonymized)
3. Purpose of Data Collection
Under PDPA Section 13, we collect personal data for the following legitimate purposes:
- Service Delivery: Processing orders, managing accounts, and providing customer support
- Authentication: Securing user accounts through OTP verification and session management
- Business Operations: Inventory management, delivery coordination, and invoicing
- Marketing: Sending promotional offers and abandoned cart reminders (with consent)
- Legal Compliance: Meeting regulatory requirements and resolving disputes
- System Security: Preventing fraud, abuse, and unauthorized access
4. Data Security & Protection
π Security Measures
- End-to-end encryption for data transmission (TLS/SSL)
- Encrypted storage of sensitive data using AES-256
- OTP-based authentication (no password storage)
- Regular security audits and vulnerability assessments
- Access controls and audit logging
- Data backup and disaster recovery procedures
We implement technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction in compliance with PDPA Section 24.
5. Data Retention
| Data Type | Retention Period | Purpose |
|---|---|---|
| Account Information | Active + 7 years | Business records, tax compliance |
| Transaction Records | 7 years | Legal, accounting requirements |
| Session Tokens | 90 days | Security, session management |
| OTP Codes | 10 minutes | Authentication only |
| Cart Data | 6 months inactive | User convenience, reminders |
6. Your Rights Under PDPA
π Access Rights
Request a copy of your personal data we hold
βοΈ Correction Rights
Update or correct inaccurate personal data
ποΈ Deletion Rights
Request deletion of your personal data (subject to legal requirements)
π« Opt-out Rights
Withdraw consent for marketing communications
Exercise Your Rights: Contact us at privacy@yumbari.com or +65 8066 5443. We will respond within 30 days as required by PDPA Section 21.
7. Data Sharing & Disclosure
We may share your personal data only in the following circumstances:
- Service Providers: Delivery partners, payment processors (with data protection agreements)
- Legal Requirements: When required by Singapore law or court orders
- Business Transfers: In case of merger or acquisition (with consent notification)
- Safety & Security: To protect rights, property, or safety of users
Important: We do NOT sell your personal data to third parties. Any data sharing requires your explicit consent or legal justification under PDPA.
8. Consent Management
β When You Give Consent
- β’ Creating an account on our platform
- β’ Placing orders for products or services
- β’ Subscribing to marketing communications
- β’ Using our website and accepting cookies
π Withdrawing Consent
You can withdraw consent at any time by emailing privacy@yumbari.com or updating your preferences in your account dashboard. Note that withdrawing consent may affect our ability to provide certain services.
9. Contact Us & Complaints
π Contact Information
Data Protection Officer: privacy@yumbari.com
Phone: +65 8066 5443
Address: 111 North Bridge Road, Peninsula Plaza, Singapore 179098
Response Time: Within 30 days
βοΈ File a Complaint
PDPA Commission:
Personal Data Protection Commission Singapore
Website: pdpc.gov.sg
Email: enquiry@pdpc.gov.sg
Phone: +65 6377 3131