top of page

Privacy Policy

1. Introduction

Beauty Secret ("we," "us," or "our") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data. By engaging our services, you consent to the practices described in this policy.

2. Collection of Personal Data

We may collect the following types of personal data:

  • Identification and Contact Information: Name, NRIC/FIN, date of birth, address, phone number, email address.

  • Beauty and Treatment Information: Skin type, concerns, treatment history, preferences, photographs for assessment and treatment progress.

  • Payment Information: Credit card details, billing address.

  • Appointment and Service History: Records of appointments, treatments received, products purchased, and feedback.

  • Marketing and Communication Preferences: Preferences for receiving marketing materials and communications.

  • Website and Online Interactions: IP addresses, cookies, browsing history (when you use our website).

  • CCTV footage: For security and safety purposes within our premises.

3. Purposes of Collection, Use, and Disclosure of Personal Data

We collect, use, and disclose your personal data for the following purposes:

  • Providing and Managing Services: Delivering beauty treatments and services, scheduling appointments, maintaining treatment records, and ensuring continuity of care.

  • Personalizing Treatments and Recommendations: Understanding your beauty needs and preferences to provide tailored treatments and product recommendations.

  • Processing Payments: Billing and processing payments for services and products purchased.

  • Communication: Sending appointment reminders, treatment updates, and responding to inquiries.

  • Marketing and Promotions: Sending promotional materials, newsletters, and special offers on our services and products (with your consent).

  • Internal Operations: Conducting internal audits, data analysis, and improving our services and product offerings.

  • Legal and Regulatory Compliance: Complying with applicable laws, regulations, and court orders.

  • Security and Safety: Maintaining security of our premises and protecting our staff and clients.

  • Research and Development: Conducting research to improve our services and develop new treatments and products (with anonymized or aggregated data whenever possible).

4. Consent

We will obtain your consent for the collection, use, and disclosure of your personal data, except where required or authorized by law. Consent may be obtained:

  • Explicitly: Through written or verbal consent.

  • Impliedly: When you voluntarily provide personal data for a specific purpose.

  • Deemed consent: as allowed under the PDPA.

You may withdraw your consent at any time by contacting our Data Protection Officer (DPO). However, withdrawing consent may affect our ability to provide certain services or product information.

5. Disclosure of Personal Data

We may disclose your personal data to:

  • Third-Party Service Providers: Such as payment processors, IT support, marketing agencies, and product suppliers, who assist us in providing our services and products. These providers are bound by confidentiality obligations and are required to comply with the PDPA.

  • Healthcare Professionals: When necessary for your treatment or with your consent (e.g., referrals).

  • Regulatory Authorities: When required by law or to comply with legal obligations.

  • Insurance Providers: if required for insurance claims and with your consent.

  • Other parties: where you have provided explicit consent.

6. Protection of Personal Data

We implement appropriate security measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Secure Storage: Using secure servers and databases.

  • Access Control: Limiting access to personal data to authorized personnel.

  • Encryption: Encrypting sensitive data during transmission.

  • Regular Security Audits: Conducting regular security assessments and updates.

  • Staff Training: Educating our staff on data protection best practices.

7. Retention of Personal Data

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal data is no longer needed, we will securely dispose of it.

8. Access and Correction of Personal Data

You have the right to:

  • Access: Request access to your personal data that we hold.

  • Correction: Request correction of any inaccuracies in your personal data.

To request access or correction, please contact our Data Protection Officer (DPO). We may charge a reasonable fee for access requests.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website or through other appropriate communication channels. Your continued use of our services and purchase of our products after any changes indicates your acceptance of the updated policy.

10. Complaints

If you have any complaints regarding our handling of your personal data, please contact our DPO. If you are not satisfied with our response, you may file a complaint with the Personal Data Protection Commission (PDPC) of Singapore.

11. Governing Law

This Privacy Policy is governed by the laws of Singapore.

By using our services and purchasing our products, you acknowledge that you have read and understood this Privacy Policy.

bottom of page