Privacy Policy

At ShoreKit, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with Singapore's Personal Data Protection Act (PDPA).

Data Protection Officer (DPO)

Collection of Personal Data

We collect the following types of personal data:

• Contact information - name, email address, phone number, company details
• Account credentials - login information and preferences
• Payment and transaction information - processed securely via Stripe
• Technical data - IP addresses, browser type, device information
• Usage data - how you interact with our booking and management platform
• Booking and scheduling information - student details, appointments, class registrations

Purposes of Collection

Under PDPA, your personal data is collected and used for the following legitimate purposes:

• To provide, manage, and improve our booking and management services
• To process payments, transactions, and refunds
• To respond to enquiries, provide customer support, and handle complaints
• To send service-related communications (booking confirmations, reminders, updates)
• To analyze usage patterns and improve user experience
• To detect and prevent fraud, security incidents, and other prohibited activities
• To comply with legal and regulatory obligations

Legal Basis for Processing (PDPA)

We collect, use, and disclose your personal data only with your consent or as permitted under the PDPA, including for purposes that a reasonable person would consider appropriate in the circumstances.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Singapore laws.

• Active accounts: Data retained while your account is active
• Deleted accounts: Data is anonymized or deleted within 30 days
• Transaction records: Retained for 7 years as required by Singapore tax laws
• Support communications: Retained for 3 years

When personal data is no longer needed, we will securely dispose of it through deletion or anonymization.

Your Rights Under PDPA

Under the Personal Data Protection Act (PDPA) of Singapore, you have the following rights:

• Right of Access - Request access to your personal data held by us
• Right of Correction - Request correction of inaccurate or incomplete personal data
• Right to Withdraw Consent - Withdraw your consent to our collection, use, or disclosure of your personal data
• Right to Request Information - Request information about how your data has been used or disclosed

To exercise these rights, please contact our DPO at shorekit@shorekit.com. We will respond to your request within 3 business days as required by PDPA.

Data Security

We implement reasonable security measures to protect your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. These measures include:

• Encryption of data in transit (TLS/SSL)
• Encryption of sensitive data at rest
• Access controls and authentication requirements
• Regular security assessments and vulnerability scanning
• Staff training on data protection and privacy

Data Breach Notification

In the event of a data breach that is likely to result in significant harm to affected individuals, we will:

• Notify the Personal Data Protection Commission (PDPC) as soon as practicable, and
• Notify affected individuals within 3 calendar days as required by Singapore law

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Types of cookies we use:

• Essential cookies - Required for basic website functionality
• Functional cookies - Remember your preferences and settings
• Analytics cookies - Help us understand how visitors use our site

You may manage or disable cookies through your browser settings. However, disabling cookies may affect certain features of our platform.

Third-Party Services

We use third-party service providers who may have access to your personal data only to perform specific tasks on our behalf:

• Stripe - Payment processing (PCI-DSS compliant)
• Google Analytics - Website analytics (data anonymized)
• AWS / Cloud Hosting - Data storage and infrastructure
• Email Service Providers - Transactional and marketing communications

These providers are contractually obligated to protect your data and comply with PDPA requirements.

Transfer of Data Outside Singapore

Your personal data may be transferred to and processed in countries outside Singapore (including the United States where our cloud servers are located). We will ensure that any such transfer complies with PDPA requirements and that your data receives a level of protection comparable to PDPA standards through:

• Data transfer agreements incorporating standard contractual clauses
• Ensuring recipients are bound by legally enforceable obligations
• Verifying that overseas recipients provide comparable protection to PDPA

Marketing Communications

By providing your contact information, you consent to receive marketing communications from us. You may opt out at any time by:

• Clicking the "unsubscribe" link in our marketing emails
• Contacting our DPO at shorekit@shorekit.com

Under the Spam Control Act of Singapore, we will process opt-out requests within 10 business days.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via:

• Email notification to registered users
• Notice on our website
• Platform notification for active accounts

The "Last Updated" date at the top of this page indicates when this policy was last revised.

Complaints and PDPC Contact

If you are not satisfied with our handling of your personal data or privacy complaint, you may contact the Personal Data Protection Commission (PDPC) of Singapore:

• Website: www.pdpc.gov.sg
• Address: 10 Pasir Panjang Road, #03-01, Mapletree Business City, Singapore 117438
• Hotline: +65 6377 3131

Contact Us

If you have questions about this Privacy Policy or wish to exercise your PDPA rights, please contact us:

• DPO Email: shorekit@shorekit.com
• General Enquiries: shorekit@shorekit.com

← Back to Home