This Personal Data Policy (the “Personal Data Policy”) has been adopted by Jumbo Group Limited (a company incorporated in Singapore, and operating at 4 Kaki Bukit Avenue 1, #03-08, Singapore 417939)(“Jumbo”), its subsidiaries and associated companies (collectively, the “Group”, “we”, “us”, “our”). For the avoidance of doubt, these include Jumbo Group of Restaurants Pte. Ltd., a company incorporated in Singapore, and operating at 4 Kaki Bukit Avenue 1, #03-08, Singapore 417939.
Although this Personal Data Policy is in common use by the aforementioned entities, except where applicable laws provide otherwise, each organisation is only responsible to you in relation to its own collection and use of your personal data, and its own actions.
This Personal Data Policy describes how we may collect, use, disclose and process your personal data when you:
access or use our websites and applications (including mobile and web-based applications)(collectively, “Applications”), and services; and/or
provide us with your personal data, regardless of the medium through which such personal data is provided.
This Personal Data Policy also applies to any individual’s personal data which is in our possession or under our control, including personal data in the possession of entities which we have engaged to collect, use, disclose or otherwise process personal data for our purposes. Please take a moment to read this Personal Data Policy so that you know and understand the purposes for which we collect, use or disclose your personal data.
We will only use your personal data where you have given us your consent or where we have other lawful basis for doing so, and in the manner set out in this Personal Data Policy.
By providing us with personal data (through any means of interacting with us, including signing up for any product or service offered by us or accessing and/or using our services and products), you acknowledge that our collection, use, disclosure and processing of personal data will be in accordance with the manner set forth in this Personal Data Policy, including, for the avoidance of doubt, the cross-jurisdictional transfer of your data. DO NOT provide any personal data to us if you do not accept this Personal Data Policy.
This Personal Data Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your personal data.
Our Applications may contain links to other websites that are not owned or maintained by us. These links are provided only for your convenience. You may also be accessing our Applications through third party websites and/or platforms. This Personal Data Policy only applies to our Applications. When visiting these third party websites, their privacy policies apply.
If you (a) have any questions or feedback relating to your personal data or our Personal Data Policy; (b) would like to withdraw your consent to any use of your personal data as set out in this Personal Data Policy; or (c) would like to exercise your rights under the Personal Data Protection Act 2012 (“PDPA”), you may contact our Data Protection Officer at:-
When you contact us, we may require that you submit certain forms or provide certain information, including verification of your identity, before we are able to respond.
AMENDMENTS TO THIS PERSONAL DATA POLICY
We may amend this Personal Data Policy from time to time without notice to you, in compliance with applicable laws or as we update our data usage and handling processes. The updated policy will supersede earlier versions and will apply to personal data provided to us previously. The updated Personal Data Policy will take effect when made available on https://www.jumbogroup.sg/en/privacy-policy-pdpa. If we make a change that significantly affects your rights or, to the extent we are permitted to do so, significantly changes how or why we use personal data, we will notify you by way of a prominent notice on our website or, if we have your email address, by email.
WHAT PERSONAL DATA WE COLLECT
What is personal data. Personal data refers to data about an individual (whether true or not) who can be identified from data or other information that we have or likely to have access to. Examples of personal data which we may collect include your name, NRIC, passport or any other identification number, telephone numbers, mailing address, email address, photograph, financial information (such as bank account or credit/debit card numbers), signature, date of birth, age, network data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us, or via other forms of interaction with you.
Voluntary provision of personal data. We may collect personal data (1) that you voluntarily provide to us; or (2) from third parties; or (3) through your use of our (or our services provider’s) digital technologies and services (Please see Section 4 How We Collect Personal Data for further details). What personal data we collect depends on the purposes for which the personal data is collected and what you have chosen to provide.
When our collection is based on consent, you can choose not to provide us with personal data. You also have the right to withdraw your consent for us to continue collecting, using, disclosing and processing your personal data, by contacting us in accordance with paragraph 1.7. However, if you do so, it may not be possible for us to fulfil the purposes for which we require the personal data, including processing your transactions or providing you with the products and services that you require.
Providing personal data belonging to others. In certain circumstances, you may also provide us with personal data of persons other than yourself (such as your family members and next-of-kin). If you do so, you represent and warrant that you have brought this Personal Data Policy to his/her attention, informed him/her of the purposes for which we are collecting his/her personal data and that he/she has consented to your disclosure of his/her personal data to us for those purposes and accepts this Personal Data Policy. You agree to indemnify and hold us harmless from and against any and all claims by such individuals relating to our collection, use and disclosure of such personal data in accordance with the terms of this Personal Data Policy.
Minors. Our Applications and/or services are not intended to be accessed or used by children, minors or persons who are not of legal age. If you are a parent or guardian and you have reason to believe your child or ward has provided us with their personal data without your consent, please contact us.
HOW WE COLLECT PERSONAL DATA
Personal data you provide. We collect personal data that is relevant to our relationship with you. Generally, the ways (whether directly or indirectly) in which we may collect your personal data include (but are not limited to):
when you submit any form, including but not limited to customer inquiry forms or other forms relating to any of our goods and/or services;
when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our goods and/or services;
when you transact with us, contact us or request that we contact you through various communication channels, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and e-mails;
when you browse, surf, access and/or use our Applications;
when you register an account with us through our Applications;
when you request that you be included in email, email alerts or other mailing lists;
when you respond to our promotions, marketing events, loyalty programs (including Jumbo Rewards), memberships, initiatives or to any request for additional personal data;
when you purchase and make payments for any of our products and/or services including online purchases;
when you submit an employment application or when you provide documents or information including your resume/CVs in connection with any position as an officer, director, representative or any other position;
when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives and/or agents when you attend our events;
when you are contacted by, and respond to, our marketing representatives and customer service officers;
when we seek information about you and receive your personal data in connection with your relationship with us;
when you provide your personal data to us at any of our restaurants, whether through leaving a copy of your business card with us or otherwise; and/or
when you submit your personal data to us for any other reasons.
Personal data provided by others. Depending on your relationship with us, we may also collect your personal data from third party sources, for example:
when your representatives, agents, intermediaries, and/or next-of-kin discloses your personal data to us on your behalf, or in connection with their own transactions, agreements or interactions with us;
when your employers or previous employers discloses your personal data to us on your behalf, or in connection with their own transactions, agreements or interactions with us;
from any third parties whom you have authorised us to obtain your personal data from;
from entities in which you (or a party connected to you) have an interest;
from our business partners such as third parties providing services to us; and
from public agencies or other public sources.
WHAT WE DO WITH YOUR PERSONAL DATA
What we do. We collect, use, disclose and process your personal data where:
you have given us consent;
necessary to comply with our legal or regulatory obligations, e.g. responding to valid requests from public authorities;
necessary to support our legitimate business interests, provided that this does not override your interests or rights; and
necessary to perform a transaction you have entered into with us, or provide a service that you have requested or require from us.
General purposes. We collect, use, disclose and process your personal data for purposes connected or relevant to our business, and/or to manage your relationship with us: Such purposes would include:
performing obligations in the course of or in connection with our provision of the products and/or services to you;
providing customer service and support;
facilitating your use of our Applications, including verifying and establishing your identity, and authenticating, operating and maintaining user accounts;
responding to and handling of your applications, complaints, feedback, queries and requests;
resolving any disputes, investigating any complaint, claim or dispute or any actual or suspected illegal or unlawful conduct;
administrative purposes, including finance, IT and HR purposes, quality assurance and staff training, and compliance with internal policies and procedures, including audit, accounting, risk management and record keeping;
processing of and the management of your payment and/or credit transactions;
conducting market research and surveys to enable us to understand and determine customer location, preferences and demographics to develop special offers and marketing programmes in relation to Jumbo’s products and services, to improve our service delivery and your customer experience at our touchpoints;
providing you with updates about our goods and services;
organising and implementation of corporate social responsibility projects;
preventing, detecting and investigating crime and analysing and managing commercial risks;
security purposes, e.g. managing the safety and security of our premises and/or our employees, and protecting our Applications from unauthorised access or usage and to monitor for security threats;
administering, processing and/or management of employment including employment applications;
complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
performing data analytics and related technologies on data, to enable us to deliver relevant content and information to you, and to improve our Applications;
managing and engaging third parties or data processors that provide services to us, e.g. IT services, technological services, delivery services, and other professional services;
facilitating business asset transactions including merger, acquisitions or asset sale;
carrying out our legitimate business interests;
such purposes that may be informed to you when your personal data Is collected; and/or
any other purposes reasonably related to the aforesaid.
Where personal data is used for a new purpose and where required under applicable law, we shall obtain your consent.
Legitimate business interests. We may also collect, use, disclose and process your personal data for the following purposes to support our legitimate business interests, provided that this does not override your interests or rights, which include:
managing our business and relationship with you, and providing services to our customers;
assistance of carrying out corporate restructuring plans;
complying with internal policies, and procedures;
protecting our rights and interests, and those of our customers;
enforcing our terms and conditions, and obligations owed to us, or protecting ourselves from legal liability;
managing our investor and shareholder relations; and
process or share your personal data to facilitate acquisitions, mergers, or transfers of our business.
Marketing purposes. In order for us to market products, events and services which are of specific interest and relevance to you, we may analyse and rely on your personal data provided to us, or data collected from your interactions with us However, no marketing, using your personal data in non-aggregated and/or identifiable form, would be carried out unless you have provided us with your consent to use your personal data for such marketing purposes. If you do not want us to use your personal data for the purposes of marketing you can withdraw your consent at any time by contacting us in accordance with paragraph 1.7 above.
Use permitted under applicable laws. We may also collect, use, disclose and process your personal data for other purposes, without your knowledge or consent, where this is required or permitted by law. Your personal data may be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
Contacting you. When we contact or send you information for the above purposes and purposes for which you have consented, we may do so by post, e-mail, SMS, telephone or such other means provided by you. If you do not wish to receive any communication or information from us, or wish to restrict the manner by which we may contact or send you information, you may contact us in accordance with paragraph 1.7 above.
USE OF AUTOMATED DATA COLLECTION TECHNOLOGIES
Cookies. In order to improve our products or services, we collect data by way of “cookies”. A cookie is a small file of letters and numbers that we store via your browser on the hard drive of your computer or mobile device. There are three main types of cookies:
Session cookies: specific to a particular visit and limited to sending session identifiers (random numbers generated by the server) so you don't have to re-enter information when you navigate to a new page or check out. Session cookies are not permanently stored on your device and are deleted when the browser closes;
Persistent cookies: record information about your preferences and are stored in your browser cache or mobile device; and
Third party cookies: placed by someone other than us which may gather data across multiple websites or sessions.
Strictly necessary: These cookies are essential for you to browse our Applications and use its features. The information collected relates to the operation of the Applications (e.g. website scripting language and security tokens) and enables us to provide you with the service you have requested.
Functionality: These cookies remember the choices you have made, for example the country you visit our Application from, your language and any changes you have made to text size and other parts of the web pages that you can customise to improve your user experience and to make your visits more tailored and enjoyable.
Performance/analytics: These cookies collect information on how users use our Applications for example which pages you visit most often, whether you receive any error messages and how you arrived at our Applications. Information collected by these cookies is used only to improve your use of our Applications. These cookies are sometimes placed by third party providers of web traffic and analysis services. We use Google Analytics. For information on how Google processes and collects your information and how you can opt out, please click here.
We may also automatically collect and store certain information about your interaction with our Applications including IP address, browser type, internet service provider, referring/exit pages, operating system, date/time stamps and related data.
Other technologies. In addition to cookies, we use some other similar technologies such as local shared objects (sometimes called flash cookies) that can be stored on your browser, and which are used to maintain preferences and usage records.
Mobile Opt-out. If you access our Applications through mobile devices, you can enable a "do not track" feature so as to control interest-based advertising on an iOS or Android mobile device by selecting the Limit Add Tracking option in the privacy section of your Settings on iOS or via advertising preferences on Android devices (e.g. in Google Settings). This will not prevent the display of advertisements but will mean that they will no longer be personalised to your interests.
Disclosure to Group entities. We may disclose or share your personal data with any entity in the Group in order to provide our services to you, manage our shareholder and investor returns, for management and compliance purposes, to utilise shared group IT functions, and for any other purposes as described in paragraph 5 above.
Disclosure to third parties. We may also disclose your personal data to third parties in connection with purposes described in paragraph 5 above, including without limitation the following circumstances:
disclosing your personal data to third parties who provide services to us (including, but not limited to, data providers, technology providers, insurance providers, and other professional services (including accountants, lawyers and auditors));
disclosing your personal data to third parties that we conduct marketing activities and cross promotions with;
disclosing your personal data to external banks, credit card companies, other financial institutions and their respective service providers for the purposes of processing payment;
disclosing your personal data to third parties in order to fulfil such third party products and/or services as may be requested or directed by you;
disclosing your personal data to relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority;
If we are discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
If we are reorganised or sold, information may be transferred to a buyer who can continue to provide continued relationship with you;
If we are defending a legal claim your information may be transferred as required in connection with defending such claim; and/or
any other party to whom you authorise us to disclose your personal data to.
When disclosing personal data to third parties, we will (where appropriate and permissible) enter into contracts with these third parties to protect your personal data in a manner that is consistent with all applicable laws and/or ensure that they only process your personal data in accordance with our instructions.
TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES
Transfers. We may transfer your personal data to different jurisdictions in connection with the purposes described in paragraph 5 above:
from the jurisdiction where it is collected (or where you are located) to any other jurisdictions that we operate in; and
to third parties in other jurisdictions.
You fully understand and unambiguously consent that we may transfer your personal data to any country (including to third parties where necessary) for the purposes set out in this Personal Data Policy or as notified to you.
Safeguards. In the event that your personal data is transferred outside of Singapore, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under this Personal Data Policy and applicable data protection laws.
PROTECTION AND RETENTION OF PERSONAL DATA
Unauthorised access. While we take reasonable precautions to safeguard your personal data in our possession or under our control, you agree not to hold us liable or responsible for any loss or damage resulting from unauthorised or unintended access that is beyond our control, such as hacking or cybercrimes.
Vulnerabilities. You should be aware that no method of transmission over the Internet or method of electronic storage is completely secure. We do not make any warranty, guarantee, or representation that your use of our systems or applications is safe and protected from malware, and other vulnerabilities. We also do not guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.
Period of retention. We retain your personal data only for as long as is necessary to fulfil the purposes we collected it for, and to satisfy our business and/or legal purposes, including data analytics, audit, accounting or reporting purposes. How long we keep your personal data depends on the nature of the data, e.g. we keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings. Some information may also be retained for longer, e.g. where we are required to do so by law.
Anonymised data. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we are entitled to retain and use such data without restriction.
Rights you may enjoy. Under the PDPA, you enjoy certain rights under applicable law in relation to our collection, use, disclosure and processing of your personal data. Such rights may include:
Access: you may ask us if we hold your personal data and, if we are, you can request access to your personal data. This enables you to receive a copy of and information on the personal data we hold about you.
Correction: you may request that any incomplete or inaccurate personal data we hold about you is corrected.
Restriction: you may withdraw consent for our use of your personal data.
Portability: if you have an ongoing relationship with us, you may request the transfer of certain of your personal data to another party under certain conditions.
If you wish to exercise any of your rights, you may contact us in accordance with paragraph 1.7, or submit your request in such forms that we may make available to you (e.g. for Jumbo Rewards and users of our online retail services, you may access your profile and change your details in your profile page). We may require that you submit certain forms or provide certain information to process your request. Where permitted by law, we may also charge you a fee to process your request.
Limitations. We may be permitted under applicable laws to refuse a request, for example, we may refuse (a) a request for erasure where the personal data is required for in connection with claims; or (b) an objection request and continue processing your personal data based on compelling legitimate grounds for the processing.