Privacy policy

 

Privacy Policy — Blomdahl Singapore

Effective date: [28/9/2025]

Blomdahl Singapore (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store and protect personal data collected via our website, products and services, and how you may exercise your rights.

1. Applicability

This policy applies to personal data collected by Blomdahl Singapore through www.blomdahl.com.sg and other direct channels (e.g., customer service, email, in-store if applicable). We operate under the Personal Data Protection Act (PDPA) in Singapore and also implement practices to meet common international privacy standards (for example, GDPR and CCPA-style rights) where they apply to you. PDPC+1

2. Personal data we collect

We collect personal data that is reasonably necessary for our business and service delivery, for example:

  • Identity & contact: name, email, telephone, billing/shipping address.

  • Account data: username, password (securely stored), order history.

  • Payment & transaction: payment card token / last 4 digits (we do not store full card details; payment processed via [payment provider]).

  • Communications: email/chat transcripts, marketing preferences, survey responses.

  • Technical & analytics: IP address, device/browser information, cookies, usage logs.

  • Health/allergy information only when voluntarily provided (e.g., in product suitability queries).

We collect this data when you create an account, place orders, contact us, subscribe to marketing, or otherwise interact with the Site.

3. How we use personal data (purposes)

We process personal data only for specific, reasonable purposes such as:

  • to provide and fulfill orders, payments, shipping and customer support;

  • to manage accounts, returns, warranties and after-sales service;

  • to comply with legal/regulatory obligations;

  • to provide marketing (only with consent where required) and improve our services;

  • to detect and prevent fraud and abuse; and

  • to perform analytics and improve our website and offerings.

Under the PDPA, we will only collect, use or disclose personal data for purposes that a reasonable person would consider appropriate and for which consent has been obtained unless an exception applies. PDPC

4. Legal basis and consent

  • Singapore (PDPA): where required we rely on consent for collection/use/disclosure of personal data and on other PDPA exceptions where applicable (e.g., necessary for performance of a contract). We will always inform you of the purposes at or before collection. PDPC

  • EU/EEA (GDPR visitors): if you are located in the EU/EEA, our lawful bases include performance of a contract, legitimate interests (e.g., fraud prevention, analytics) and consent for direct marketing where required. You have specific rights under the GDPR (see Section 8). EUR-Lex

5. Cookies & similar technologies

We use cookies and similar technologies to operate the Site, analyze usage, and show relevant content/ads. You can manage cookie preferences via the cookie banner or browser settings. For more information on the categories of cookies we use and how to opt-out, see our [Cookie Policy / Cookie Settings].

6. Sharing & disclosures

We may share personal data with:

  • service providers and processors (payment processors, shipping partners, hosting, CRM, analytics, marketing platforms);

  • professional advisors and auditors;

  • law enforcement, regulators or courts when required by law;

  • acquirers or successor entities in the event of a corporate sale, merger or reorganization.

We require third-party processors to maintain appropriate security, and contractual safeguards are used where applicable.

7. International transfers

Where we transfer personal data outside Singapore (for example to vendors or cloud providers in other countries), we will take reasonable steps to ensure the recipient protects personal data to a standard comparable to Singapore’s PDPA and, where applicable, to the protections required under GDPR (e.g., appropriate contractual safeguards). If you are subject to stricter transfer rules (e.g., EU), we will rely on permitted transfer mechanisms as required by law. EUR-Lex

8. Your rights

We respect your data subject rights and will assist you to exercise them. Depending on applicable law, you may have rights to:

  • access your personal data and obtain a copy;

  • correct or update inaccurate data;

  • request deletion or restriction of processing (where permitted by law);

  • object to processing (including for direct marketing);

  • request data portability (where applicable); and

  • withdraw consent at any time for processing based on consent.

If you are an EU/EEA resident, these rights are consistent with the GDPR. If you are a California resident, certain CCPA/CPRA rights (such as right to know, right to delete and right to opt-out of sale) may apply — we do not “sell” personal information for CCPA purposes without providing required notices. To exercise your rights, contact us at: [privacy@blomdahl.com.sg]. We will verify requests and respond within applicable statutory timeframes. EUR-Lex+1

9. Data retention

We retain personal data only as long as necessary for the purposes set out in this Policy and to meet legal, accounting, or reporting obligations. Where specific retention periods are required by law or business needs (for example order records, warranty claims), we will retain data for that period and then securely delete or anonymize it. See [Data Retention Schedule] for typical retention periods.

10. Security

We maintain reasonable organizational, technical and administrative safeguards to protect personal data against unauthorized access, disclosure, alteration and destruction. Measures include access controls, encryption where appropriate, vulnerability management and staff training. However, no system is completely secure and we cannot guarantee absolute security.

11. Data breach notification

If a notifiable data breach occurs, we will manage and report the breach in accordance with Singapore’s mandatory Data Breach Notification obligations and guidance, including notifying the PDPC and affected individuals as required (PDPC expects notification as soon as practicable, and in any case no later than three (3) calendar days where criteria are met). We will also follow applicable international breach notification rules where required. PDPC+1

12. Children

Our Site and services are not directed to children under 16. We do not knowingly collect personal data from children under the applicable minimum age. If you believe a child has provided us personal data, contact us and we will take steps to delete it.

13. Third-party services & links

Our Site may contain links to third-party websites and services (e.g., social media, payment providers). This Policy does not apply to third parties. Please review their privacy policies before providing personal data.

14. How to contact us & complaints

Questions, requests or complaints about this Policy or our data practices can be sent to:
Email: support@blomdahl.com.sg
Data Protection Officer (DPO): [Name, if appointed]
If you remain unsatisfied after contacting us, Singapore residents may lodge a complaint with the Personal Data Protection Commission (PDPC). Visitors in other jurisdictions may also contact their local supervisory authority (for example, EU supervisory authorities for GDPR complaints). PDPC+1

15. Updates to this Policy

We may update this Privacy Policy to reflect changes in law, our services, or business practices. We will publish the updated policy on www.blomdahl.com.sg with a revised effective date.