Privacy Statement

1. Introduction
Kim Choo Kueh Chang Pte Ltd (“Kim Choo”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of our customers, visitors, and all individuals who interact with us. This Privacy Statement explains how we collect, use, disclose, and protect your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore and its subsequent amendments.

We encourage you to read this Privacy Statement carefully. By using our website, online store, or any of our services, you acknowledge that you have read and understood this statement.

2. Scope of This Privacy Statement
This Privacy Statement applies to personal data collected through:
• Our website at www.kimchoo.com
• Our online store at www.kimchoo.store
• Our newsletter and email communications
• In-store purchases and workshop registrations
• Any other means by which you interact with Kim Choo

3. Personal Data We Collect
“Personal data” refers to any data, whether true or not, about an individual who can be identified from that data or from that data combined with other information we have access to. Depending on how you interact with us, we may collect the following:
• Identity information: your name
• Contact information: email address, phone number, mailing or delivery address
• Transaction information: purchase history, order details, payment references
• Workshop or event registration details
• Technical data: IP address, browser type, device information, timestamps of website interactions
• Newsletter data: email address, name, IP address and timestamp of sign-up and confirmation, subscription preferences
• Communication data: messages or enquiries sent to us by email or contact forms

If you are only browsing our website without submitting any forms or registering for an account, we do not collect data that identifies you individually.

4. How We Collect Personal Data
We collect personal data in the following ways:
• Directly from you, when you create an account, make a purchase, sign up for our newsletter, register for a workshop, or contact us
• Automatically, through cookies and similar technologies when you browse our website (see Section 9 on Cookies)
• From third-party service providers who assist us in operating our website, processing payments, or delivering communications, where applicable

5. Purposes for Collecting and Using Your Personal Data
We collect and use your personal data only for purposes that you have been notified of and, where required, have consented to. These purposes include:
• Processing and fulfilling your orders and purchases
• Communicating with you about your orders, enquiries, or feedback
• Sending you marketing and promotional materials (only where you have subscribed or consented)
• Sending transactional emails related to your account or purchases
• Managing your account on our online store
• Registering and administering workshop and activity bookings
• Improving our website, products, and services
• Complying with our legal and regulatory obligations
• Investigating and responding to any complaints or suspected breaches of security

6. Disclosure of Personal Data
We do not sell your personal data to any third party. We will not share your personal data with any government or non-government entities, except:
• Where required or authorised by law (e.g. in response to a lawful request or court order)
• To our trusted service providers who assist us in operating our business (such as payment processors, email delivery platforms, or website hosting providers), and who are bound by contractual obligations to keep your data confidential and use it only for the specified purpose
• With your explicit consent

Where we engage third-party service providers, we require them to handle your personal data in a manner consistent with this Privacy Statement and the PDPA.

7. Transfer of Personal Data Outside Singapore
Some of the third-party service providers we use (such as email marketing platforms or cloud hosting providers) may be located outside Singapore. Where we transfer personal data to recipients in other countries, we take steps to ensure that such transfers comply with the PDPA and that the recipient provides a standard of data protection comparable to that required under Singapore law. This may include entering into appropriate contractual arrangements with the recipient.

8. Retention of Personal Data
We retain your personal data only for as long as it is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Once your personal data is no longer needed, we will securely delete, anonymise, or destroy it.
As a general guide:
• Customer account and transaction data is retained for as long as your account is active, and for a reasonable period thereafter for accounting and legal compliance purposes
• Newsletter data is retained until you unsubscribe
• Enquiry and communication records are retained for up to two years

9. Cookies and Website Tracking
Our website uses cookies and similar technologies to improve your browsing experience and to collect analytical data about how visitors use the site. Cookies are small data files stored on your device.
The types of cookies we may use include:
• Essential cookies: necessary for the website to function correctly
• Analytical cookies: used to understand how visitors interact with our website (e.g. pages visited, time spent on site)
• Marketing cookies: used to track the effectiveness of our communications (e.g. whether you opened an email or clicked a link), only where you have not opted out

You may configure your browser to refuse cookies or to alert you when cookies are being set. Please note that disabling certain cookies may affect the functionality of our website. We note that our email marketing platform may track email opens and link clicks to measure the effectiveness of our communications; you may opt out of our marketing emails at any time using the unsubscribe link in any email we send you.

10. Security of Your Personal Data
We take the security of your personal data seriously. All electronic storage and transmission of personal data is protected with appropriate technical and organisational security measures, including encryption where applicable, to prevent unauthorised access, use, disclosure, or modification.
However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

11. Data Breach Notification
In the event of a data breach that is likely to result in significant harm to affected individuals, we will notify the Personal Data Protection Commission (PDPC) and the affected individuals as required under the PDPA, within three calendar days of assessing that the breach is notifiable. We maintain internal procedures to detect, investigate, and respond to data breaches.

12. Your Rights Under the PDPA
As an individual whose personal data we hold, you have the following rights:
• Access: you may request access to the personal data we hold about you
• Correction: you may request that we correct any inaccurate or incomplete personal data we hold about you
• Withdrawal of consent: you may withdraw your consent to our collection, use, or disclosure of your personal data at any time. Please note that withdrawal of consent may affect our ability to continue providing certain services to you
• Data portability: in certain circumstances, you may request that we provide your personal data in a portable format

We will respond to your access or correction request within 30 calendar days of receiving it. There may be a reasonable administrative fee for processing access requests.
To exercise any of these rights, please contact our Data Protection Officer (see Section 15).

13. Content You Submit to Us
When you submit enquiries, feedback, or other communications to us through our website or email, you consent to us using that information to respond to you and to improve our products and services. We will handle any personal data contained in your submission in accordance with this Privacy Statement. We will not claim ownership over your personal data and will not use it for any purpose beyond what is described in this Privacy Statement.

14. Links to External Websites
Our website may contain links to third-party websites. We are not responsible for the content or data protection practices of those websites. We encourage you to review the privacy policies of any external sites you visit.

15. Data Protection Officer & Contact Information
Kim Choo Kueh Chang Pte Ltd has appointed a Data Protection Officer (DPO) who is responsible for ensuring our compliance with the PDPA.
For any of the following, please contact our DPO:
• Enquiries or feedback on our data protection policies and procedures
• Requests to access or correct personal data we hold about you
• Withdrawal of consent to the use of your personal data
• To report a suspected data protection concern

Contact our Data Protection Officer at:
Kim Choo Kueh Chang Pte Ltd
111 East Coast Road, Singapore 428800
Email: customerservice@kimchoo.com
Phone: +65 6741 2125

16. Amendments to This Privacy Statement
We may update this Privacy Statement from time to time to reflect changes in our practices or applicable law. The updated version will be posted on our website with a revised “Last Updated” date. We encourage you to review this Privacy Statement periodically.

Last Updated on 26 May 2026