🛡 Data Protection Policy

Compliant with Singapore’s Personal Data Protection Act (PDPA)

Effective Date: July 15, 2025
Applies To: FISHINGKAKI (GLOBAL) PTE. LTD

1. Purpose

This Data Protection Policy sets out how FishingKaki Market collects, uses, discloses, and protects the personal data of our customers in compliance with the Personal Data Protection Act 2012 (“PDPA”) of Singapore.

2. Scope

This policy applies to all personal data collected by FishingKaki Market through:

• Our e-commerce platform (web & mobile)
   
• Support and contact forms
   
• Seller/vendor onboarding
   
• Payment and checkout processes
   

3. Definition of Personal Data

Under the PDPA, “personal data” refers to data about an individual who can be identified from that data alone or in combination with other data. This includes but is not limited to:

• Full name
   
• Email address
   
• Contact number
   
• Billing/shipping address
   
• NRIC (if collected)
   
• Payment information (masked or tokenized)
   

4. Collection of Personal Data

We collect personal data when:

• Users register or make a purchase
   
• Sellers sign up or update their profiles
   
• Customers contact us for support
   
• Payment is made via Stripe or PayNow
   

5. Use of Personal Data

Collected data may be used for:

• Account registration and authentication
   
• Order processing and delivery coordination
   
• Providing customer support
   
• Sending transactional and marketing emails (with consent)
   
• Complying with legal or regulatory requirements
   
• Fraud prevention and investigation
   

6. Disclosure of Personal Data

We do not disclose your personal data except:

• To trusted service providers (e.g. payment gateways, couriers, cloud storage)
   
• When required by law, regulation, or court order
   
• To enforce our legal rights
   

All third-party vendors handling personal data are subject to contractual data protection obligations.

7. Consent

Where consent is required for data collection or use, we:

• Obtain clear and unambiguous consent
   
• Allow users to withdraw consent at any time via account settings or written request
   

8. Accuracy & Retention

• We strive to ensure personal data is accurate and up-to-date.
   
• Personal data will be retained only as long as necessary for business or legal purposes, after which it will be securely deleted or anonymized.
   

9. Protection of Personal Data

We implement security measures including:

• HTTPS/SSL encryption
   
• Secure password storage (bcrypt)
   
• Role-based access control (RBAC)
   
• Firewall
   
• Regular system updates and vulnerability scans
   

10. Access & Correction

Users may request to:

• Access their personal data
   
• Correct inaccurate or incomplete data
   

Requests can be submitted to our Data Protection Officer (DPO).

11. Transfer of Data Outside Singapore

If personal data is transferred outside Singapore (e.g. AWS, Stripe), we ensure:

• Recipient jurisdictions have comparable data protection laws, or
   
• Contractual safeguards (Model Clauses) are in place
   

12. Data Breach Notification

In the event of a data breach:

• We will assess whether it poses a significant harm risk
   
• Affected individuals and the Personal Data Protection Commission (PDPC) will be notified within 3 calendar days if legally required
   

13. Contact: Data Protection Officer (DPO)

If you have any questions or wish to exercise your rights, please contact:

Data Protection Officer
[Your Company Name]
Email: dpo@[yourdomain].com

14. Policy Updates

This policy may be revised periodically to align with regulatory or operational changes. The latest version will be published on our website.

📅 Last Updated: July 15, 2025