This is a Data Protection Notice which also sets out the agreement and between yourself, the user of this Website (“You”) and Iki Concepts Pte Ltd (“Iki Concepts”) regarding your use of the Iki Concepts website located at www.ikiconcepts.com (the “Website”). Your acceptance and consent to the terms of this agreement takes effect by your continued use of the website.
This Data Protection Notice sets out the basis which Iki Concepts may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purpose.
1. Iki Concepts is the operator of Website. We take our responsibilities under Singapore’s Personal Data Protection Act 2012 (the “PDPA”) seriously. We also recognise the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
2 This Personal Data Protection Policy, together with our Terms & Conditions (if you make a purchase on the website) are designed to assist you in understanding how we collect, use, disclose and/or process your personal data.
3 Unless restricted by the PDPA or any other applicable law, you agree that we may process your personal data in the manner, and for the purposes set out in the terms described in paragraph 2 above.
4. As used in this Notice:
“customer” means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any goods or services by us; and
Iki Concepts Pte Ltd operates as a concept creator of a group of restaurants hereinafter knows as “Iki Concepts Group of Restaurants” or “ICGR”, and they are as follows:
(ii) Nomi Dining Bar
“personal data” means data, whether true or not, about a customer who can be identified:
(a) from that data; or
(b) from that data and other information to which we have or are likely to have access.
5. Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your name and identification information such as your NRIC number, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs, and other audio-visual information, employment information and financial information such as credit card numbers, debit card numbers or bank account information.
6. Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).
HOW PERSONAL DATA IS COLLECTED, COLLECTION USE AND DISCLOSURE OF PERSONAL DATA
7. We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purpose for which the data is collected, and (ii) you (or your authorised epresentative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
8. We may collect and use your personal data for any or all of the followings for which examples may not be exhaustive:
(a) when you register to receive our e-newsletter via our website;
(b) when you submit a request or query via our websites;
(c) when you make a reservation with us through our website, telephone or third party vendor we employ to assist us with our reservations;3
(d) when you communicate with us directly in relation to our products and services (in person or via our co-workers in our restaurant, by email, telephone or any other means);
(e) when you use services that are made available on the website or at our restaurants; such as home delivery and takeaway;
(f) when you conduct certain types of transactions such as refunds;
(g) when you enter, and when you interact with us during promotions, competitions, contests, lucky draws or special events;
(h) when you apply for employment with us;
(i) when you participate in surveys and other types of research;
(j) responding to complaints and feedback from you;
(k) through accessing your transactional history;
(l) through accessing our site traffic data;
(m) any other incidental business purpose related to or in connection with the above.
9. You may, in certain circumstances, provide us with personal data relating to third parties (for example, your next-of-kin or any person who may receive delivery of your purchased item on your behalf or, any person whom you have nominated as your referee if you are a candidate for employment). When this happens, you are deemed to have represented and confirmed to us that you have obtained the consent of such third party to provide his/her personal data to us for processing.
10. The personal data which we collect from you may be collected, used, disclosed and/or processed for various purposes, depending on the circumstances for which we
may/will need to process your personal data, including:
(a) to receive e-newsletters from Iki Concepts Pte Ltd and /or ICGR
(b) to communicate with you;
(b) to maintain and improve customer relationships;
(c) to assess, process and provide products, services and/or facilities to you;
(d) to administer and process any payments (including refunds) related to
products, services and facilities requested by you;
(e) to establish your identity and background;
(f) to respond to your enquiries or complaints and resolve any issues and disputes
which may arise in connection with any dealings with us;
(g) to provide you with services or assistance that you have requested;
(h) to provide you with information and/or updates on our products, services, upcoming promotions offered by us and/or events organised by us and selected third parties which may be of interest to you from time to time;
(i) for direct marketing purposes via SMS, phone call, email, fax, mail, social media and/or any other appropriate communication channels in accordance with your consent;
(j) to facilitate your participation in, and our administration of, any events including contests, promotions or campaigns;
(k) to maintain and update internal record keeping;
(l) for internal administrative purposes;
(m) to send you seasonal greetings messages from time to time;
(n) to send you invitation to join our events and promotions and product launch events;
(o) to monitor, review and improve our events and promotions, products and/or services;
(p) to conduct credit reference checks and establish your creditworthiness, where necessary, when providing you with products, services and/or facilities;
(q) to administer, process and fulfil your commercial transactions with us (such as a purchase on the Website, a tender award, contract for service or tenancy agreement);
(r) to process any payments related to your commercial transactions with us;
(s) to process and analyse your personal data either individually or collectively with other individuals;
(t) to conduct market research or surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products and/or services;
(u) to share any of your personal data with the auditor for internal audit and reporting purposes;
(v) to share any of your personal data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
(w) to share any of your personal data with our business partners to jointly develop products and/or services or launch marketing campaigns;
(x) to share any of your personal data with financial institutions necessary for the purpose of applying and obtaining credit facility(ies), if necessary;
(y) for audit, risk management and security purposes;
(z) for detecting, investigating and preventing fraudulent, prohibited or illegal activities;
(aa) for enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
(bb) to transfer or assign our rights, interests and obligations under any agreements entered into with us;
(cc) for meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
(dd) to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws, legislation and regulations; and/or
(ee) for other purposes required to operate, maintain and better manage our business and your relationship with us; which we notify you of at the time of obtaining your consent.
11. As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose(s) at the time of obtaining your consent, unless we are permitted by the PDPA or any other applicable law to process your personal data without your consent.
12. The purpose listed above clauses may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
SPECIFIC ISSUES FOR THE DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
13. In order to smoothly conduct our business operations or to fulfil our obligations to you, we may also disclose the personal data that you have provided to us to our third-party service providers, parties agents, affiliates or related corporations, who may be situated inside or outside of Singapore, for one or more of the purposes stated in or notified to you under the Purposes for Collection, Use, Disclosure and Processing of Personal Data section. We will also disclose your personal data to government regulators or authorities, in order to comply with any laws, rules, guidelines, regulations or schemes that apply to us.
14. Examples of third parties that we disclose your personal data to include:
(a) data entry service providers;
(b) professional advisors, agencies, consultants and/or external auditors.
(c) third party service providers who provide operational services in connection with our business such as telecommunications, reservations, information technology, logistics, delivery, assembly,
installation, printing and postal services or services relating to marketing and promotional activity; and
(d) relevant government regulators or authorities.
(e) Facebook, Instagram and social media.
15. The third parties whom we conduct business are only authorized to use your information to perform the service for which they were hired.
16. We respect the confidentiality of the personal data that you provide to us. We do not sell personal data to any third party.
REQUEST FOR ACCESS AND/OR CORRECTION OF PERSONAL DATA
17. You may request to access and/or correct your personal data that is in our possession or under our control by writing to us at firstname.lastname@example.org
18. For a request to access personal data, we will provide you with the relevant personal data within thirty (30) days from such a request being made.
19. Where a request cannot be complied with within the above time frame, we will inform you of the reasonably soonest time in which we will respond.
20. For a request to correct personal data, we will:
(a) correct your personal data as soon as practicable after the request has been made unless we have reasonable grounds not to do so; and
(b) We will send the corrected personal data to every other organisation to which the personal data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
21. We may, if you so consent, send the corrected personal data only to specific organisations to which the personal data was disclosed by us within a year before the date the correction was made.
ACCURACY OF PERSONAL DATA
22. You understand that we are reliant on you to provide us with accurate and complete personal data and with updates if there are any changes to your personal data. We will not be responsible or liable for relying on or using any inaccurate or incomplete personal data which you have provided such personal data and/or have failed to update us of any changes in your personal data.
REQUEST TO WITHDRAW CONSENT
23. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw your consent for the collection, use and/or disclosure of your personal data that is in our possession or under our control by writing to us at email@example.com
24. We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request.
25. Your withdrawal of consent may result in certain consequences. For example, it may mean that we will not be able to provide you with certain products or services that you have requested or that we will not be able to continue with your existing relationship with us. We will inform you of such consequences after we receive your request for withdrawal.
26. However, you understand that notwithstanding your withdrawal of consent, we will still be entitled to collect, use or disclose your personal data if we are required or authorised to do so under the PDPA or any other applicable law.
PROTECTION AND DESTRUCTION OF PERSONAL DATA
27. We will put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. In particular, reasonable security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility
for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
28. You should be aware, however, that no method of transmission over the internet or method of internet storage is completely secure. Whilst security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
RETENTION OF PERSONAL DATA
29. We will also put in place measures to ensure that any of your personal data that is in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that:
(a) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and
(b) retention is no longer necessary for any other legal or business purposes.
(c) it is no longer required by the applicable laws.
TRANSFER OF PERSONAL DATA OUTSIDE SINGAPORE
30. We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
31. If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us by writing to us at firstname.lastname@example.org
32. We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
33. You may contact us (or send us any request or complaint form) either by post or by email at the following address:
DATA PROTECTION OFFICER
IKI Concepts Pte Ltd
Address: 12 Mohamed Sultan Road, #05-01, ACORN, Singapore 238961
(Attn: Data Protection Officer)
Email Address: email@example.com
UPDATES ON PERSONAL DATA PROTECTION POLICY
34. As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
35. We reserve the right to amend the terms of this Personal Data Protection Policy at our absolute discretion. Any amended Personal Data Protection Policy will be posted on the website and can be viewed at www.nomisake.com. No individual notice will be sent to you.
36. You are deemed to have acknowledged and agreed to any amended version of this Personal Data Protection Policy if you continue to use the website after the changes have taken place. As such, you are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.