1. Types of Customer Data
The types of Customer Data that EYS collects depends on the circumstances of collection and on the nature of the service requested or transaction undertaken.
The broad categories of Customer Data that EYS collects depending on the circumstances:
- Personal Data, being:
(i) personal information which includes first and last name, gender, date of birth, marital status, passport and personal identification numbers;
(ii) contact information which includes address, phone number, email address;
(iii) payment information which includes credit or debit card information, including the name of cardholder, card number, billing address and expiry date;
(iv) order information which includes order details, product purchased, EYS membership number and other service preferences;
(v) technical information which includes IP address, installed application information, geolocation data;
- Statistical Data which includes number of orders made, visits to the Website and usage pattern of our Mobile Services. This is purely for analytical purposes, and is entirely on an anonymous and aggregated basis. This information will not be stored to your customer record, and will only be aggregated for statistical analysis so that we can better understand EYS's customer profile and improve EYS's service offering.
- GeoLocation Data including information that permits us to determine your location, such as if you manually provide location information or enable your device to send us precise location information. This information is used to provide location-based push notifications where you are within the vicinity of a store, and/or when you try to find a store near you through the Eu Yan Sang Singapore App.
For purposes of this policy statement, the phrase Customer Data includes Personal Data, Statistical Data and GeoLocation Data.
The provision of Customer Data relevant for the transaction or service request at hand, (save for where the request for data is marked “optional” in the forms used to collect personal data) is obligatory in order for EYS to carry out its services to you.
The failure to supply such Customer Data may result in (i) EYS being unable to provide you with the services and/or products requested; (ii) EYS being unable to update you on our latest products and/or launches; and/or (iii) your inability to enter or participate in contests, promotions or redemption activities organised by EYS.
2. How We Collect Personal Data
We collect personal data relevant to our relationship with you. We may collect your personal data directly or indirectly through various channels, including when:
- you visit our Website, download or use our Mobile Services (including but not limited to EYS App);
- you use our services or enter into transactions with us (or express interest in doing so);
- you apply to be a member of any of our loyalty programs, respond to our promotions, or subscribe to our mailing lists;
- you share or disclose your comments, feedback or content that you provide through Social Networking Sites, through the Website or Mobile Services or to us (including at our retail stores);
- you provide us the information by participating in our Virtual TCM Advisor survey (featured in our EYS App), labelling your name, email, date of birth, gender and health conditions you or on behalf of someone who may experience;
- you register an account with us through our Website or Mobile Services;
- you transact with us, contact us or request that we contact you through various communication channels, for example, through social media platforms, messenger platforms, face-to-face meetings, telephone calls, emails, fax and letters;
- your images are captured via photographs or videos taken by us or our representatives when you are within our premises or attend events organised by us;
- you participate in events and programs, competitions, contests or games organised by us;
- we seek information about you and receive your personal data in connection with your relationship with us, for example, if you are a customer, investor or shareholder;
- you use services on our Eu Yan Sang Singapore App which requires access to your location/location data; or
- you submit your personal data to us for any other reason.
3. Purposes for Collection, Use and Disclosure
EYS collects Customer Data in order to fulfil the following purposes, which include but are not limited to:
- Providing services to you such as processing a transaction (e.g., making a purchase), processing payment via our payment service provider, providing technical assistance, assisting you in the transaction, providing promotion alert messages through EYS’s Mobile Services, facilitating internet purchases and registering for EYS’s Eu Rewards programme;
- Providing in-store services and other services that best meet your preferences and needs (which we may collect during our interactions with you);
- Marketing and communicating with you in relation to products and services offered by EYS, EYS’s service partners, as well as EYS’s appointed agents;
- Contacting you for product or customer satisfaction surveys and market research;
- Providing location-based recommendations, information and services; and
- Safety, security and legal compliance.
EYS may also use and disclose your Customer Data to persons who have been validly identified as being you or your authorised representative(s) pursuant to our then-current security procedures, for the purpose of the relevant transaction or enquiry.
EYS may disclose your Customer Data to law enforcement agencies and government for security, customs purposes. For example, in cases where you send a product from EYS to family and friends overseas.
In addition, EYS may disclose Customer Data to our legal advisors for establishing, exercising or defending our legal rights, to our other professional advisors, or as otherwise authorised or required by law. EYS also reserves the right to share Customer Data as is necessary to prevent a threat to the life, health or security of an individual. Further, EYS may disclose Customer Data, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.
EYS collects, uses, shares and discloses only on a necessary basis in order to provide you the services you have requested for. EYS will not share or disclose unnecessarily or sell personal and sensitive user data to Third Parties.
4. Third Party Payment Service Provider
If you do not wish to have your data collected through such technology, you may disable the operation of these technology on your devices (where possible), or you may refrain from using our Websites and Mobile Services.
5. Transfer of information overseas
The EYS Head Office is based in Singapore. Customer Data may be transmitted to data storage facilities where EYS keeps its central records or for backup purpose. Customer Data may be transferred to EYS’s offices and appointed agents in Singapore or other countries in connection with EYS’s performance of services to you.
Where Customer Data is transferred out of Singapore, we will comply with the PDPA in doing so. The overseas recipient will be bound by obligations that are at least comparable to the PDPA.
You may submit a request to withdraw your consent at any time by contacting EYS (see Section 12) or by logging on to your Website or Mobile Services account with EYS (if you are a EuRewards member or a non-EuRewards member registered as a user of the Website or Mobile Services).
Statistical Data is not linked to a customer record and EYS does not need to seek consent for the collection, use or disclosure of Statistical Data. For more information on the collection and usage of Customer Data obtained from the Website and through the Mobile Services, please refer to Part B.
EYS will, upon your written request to our Personal Data Protection Officer (see Section 12), allow you to access your stored Personal Data. Where permitted by law, EYS reserves the right to charge a reasonable administrative fee for this service. Where permitted by law, EYS reserves the right to deny you access to your Personal Data and may provide an explanation.
EYS will retain Customer Data for as long as it is necessary to fulfill the purpose for which it was collected, the legal or business purposes of EYS, or as required by relevant laws.
When destroying Customer Data, we will take commercially reasonable and technically possible measures to make the personal information irrecoverable or irreproducible in accordance with the applicable laws.
EYS needs your assistance to ensure that your Personal Data is current, complete and accurate. As such, please inform EYS of changes to your Personal Data by contacting EYS and submitting your updated particulars to EYS in writing (see Section 12).
EYS may also request Personal Data updates from you from time to time. As detailed in Section 3 above under the “Use and Disclosure” sub-section, your order information may be disclosed to the appropriate customs and immigration authorities (for overseas purchases) as required by law. As such, it is important to ensure that the Personal Data contained in your order information is current, complete and accurate.
10. Security safeguards
EYS takes the security and protection of your Customer Data very seriously. As such, EYS makes reasonable security arrangements to protect your Customer Data against loss or theft as well as unauthorised access and undue disclosure.
As an example of a procedural safeguard, EYS has implemented various authentication procedures internally and with our external service providers that may involve EYS requesting various personal particulars from you in order to verify your identity (or that of your duly authorised agent) before EYS processes your request for a particular service, product or transaction.
Examples of technical safeguards include encryption, “firewalls” and Secure Socket Layer (SSL). Further details of these technical safeguards for Customer Data collected through EYS’s Website and Mobile Services are set out at Part B below.
It is the Customer’s responsibility to take care and ensure the continued confidentiality and accuracy of their Customer Data. EYS will not be liable for any consequential misuse and/or fraud. If you have any concerns about security, you should contact EYS (see Section 12).
12. [For iOS Users Only] Closure of Online Account
The Online Account is a user registered account for you to purchase EYS products online.
At any time, you may submit a request to close your Online Account. After submitting the request through the EYS iOS App, we will process your request and delete all Personal Data from our records, unless an exception applies.Such exceptions include:
- Personal Data which is used for the EuRewards program.
- to complete a transaction, provide a good or service that you requested, or otherwise perform our contract with you.
- detecting security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- debugging products to identify and repair errors that impair existing intended functionality.
- compliance with a legal obligation.
You should note that closing of your Online Account is permanent and irreversible.
The EuRewards program is a separate member system and is not affected by the closure of your Online Account.
13. Contact us / Personal Data Protection Officer Contact Details
Personal Data Protection Officer
Eu Yan Sang Singapore Pte Ltd
Eu Yan Sang Centre
21 Tai Seng Drive
Alternatively for queries specific to Eu Rewards, you may contact:
Eu Rewards Membership Services
Eu Yan Sang Centre
21 Tai Seng Drive
You can turn off all cookies, in case you prefer not to receive them. You can also have your computer or mobile device warn you whenever cookies are being used. For both options you have to adjust your browser settings (like internet explorer). There are also software products available that can manage cookies for you. Please be aware though that when you have set your computer to reject cookies, it can limit the functionality of the Website and Mobile Services and it’s possible then that you do not have access to some of the features on the Website and Mobile Services.
1.2. Analytics Tools
2. Security safeguards
EYS takes the protection of your Customer Data collected on EYS’s websites and through EYS’s Mobile Services very seriously. All Customer Data collected through EYS’s websites, e.g., https://www.EuYanSang.com.sg and through EYS’s Mobile Services are protected by a secure server. In addition, SSL (Secure Socket Layer) protects the transmission of data from the internet to our systems.
- For example, when you transmit sensitive information such as credit card details through EYS’s Website or Mobile Services, such information will be encrypted before being dispatched over the internet.
- To further strengthen the integrity of your internet transactions on our Website and Mobile Services, EYS also employs relevant software programs to monitor network traffic with a view to identifying unauthorised attempts to upload or change Customer Data, perpetuate fraudulent or illegal activities or otherwise cause damage. If such monitoring reveals evidence of possible abuse or criminal activities, such evidence may be provided to appropriate law enforcement authorities or agencies without notice to you.
- To give you secure access to our online services, arising from your utilisation of EYS’s Mobile Services, and your EuRewards account, you will need to register a user account with us. The User Name/ User ID and Password / Pin is unique and personal to you and you should not share it with anyone. You should also always ‘log off' once you have finished your session on the Website and Mobiles Services as well as take the recommended precautions that ensure the safe and secure usage of EYS’s Website and Mobile Services.
- If you detect any anomalies you should inform EYS immediately.
3. Clickstream data
In order to improve your online experience, EYS may track online behaviour or clickstream data to advance your use of our web pages and track referrals from other websites or mobile services. Such data will not be stored to your customer record, and will only be aggregated for statistical analysis.
4. Links to other websites
EYS cannot distinguish the age of persons who access and use its Website and Mobile Services. If a minor (according to applicable laws) has provided EYS with Customer Data without parental or guardian consent, the parent or guardian should contact EYS to remove the relevant Customer Data and unsubscribe the minor.
Website where the Policy and amended Policy will be made available
Last updated on 18th Jul 2022