Introduction

The company (“we”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, why we collect it, how we use and disclose it, and how you can contact us. This policy is intended to align with Singapore’s Personal Data Protection Act (PDPA). For PDPA guidance see PDPC.

1. Personal data we collect
We may collect personal data including: name, billing and shipping addresses, email, phone number, payment details (via secure payment processor), purchase history, IP address, and other data you provide (e.g., account registration, marketing preferences).

2. How we use personal data
We use personal data to:

• Process and fulfil orders, payments and deliveries;

• Communicate order updates and customer service;

• Manage customer accounts and store preferences;

• Improve our services, perform analytics, and manage fraud detection;

• Send marketing only where you have given consent (you may opt out at any time).

3. Legal basis & consent
We collect and use personal data where it is necessary to perform the contract with you (process orders), where we have legitimate interests (fraud prevention, service improvement), or where you have consented (marketing communications). As required in Singapore, we will obtain consent for uses beyond these purposes.

4. Cookies & tracking
We and third parties use cookies and similar technologies to provide functionality, analyze site usage and support advertising. You can control cookie settings via your browser; please note disabling certain cookies may affect site functionality.

5. Disclosure to third parties
We may disclose personal data to: payment processors, delivery/courier partners, marketing and analytics providers, IT hosting and service providers, and professional advisors. We require third parties to maintain appropriate data protection measures.

6. Cross-border transfers
If we transfer personal data outside Singapore (for example, to cloud providers), we will ensure appropriate safeguards are in place in accordance with PDPA.

7. Data retention
We retain personal data for as long as necessary to fulfil the purpose (e.g., order fulfilment, warranty, fraud prevention, accounting and tax records) and to comply with legal obligations. Typical retention periods vary by data type and legal requirement.

8. Your rights
You may: request access to your personal data, request correction, request deletion (subject to legal or contractual retention obligations), withdraw consent for marketing, or lodge complaints. To exercise rights, contact info@fashionofgrace.com.

9. Security
We use reasonable organisational and technical measures to protect personal data. However, no internet transmission is completely secure — absolute security cannot be guaranteed.

10. Children
We do not knowingly collect personal data from children under 16. If a parent/guardian believes we have collected such data, contact us to request deletion.

11. Changes to this policy
We may update this Privacy Policy. Material changes will be communicated via the website or email.

12. Contact & complaints
For privacy enquiries or complaints contact: info@fashionofgrace.com. You can also learn more from the PDPC (Personal Data Protection Commission) for guidance on PDPA requirements.