We, Marvelous Toys Pte Ltd (‘the Company’), may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, sector developments and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time on our website. Please check back regularly for updated information on the handling of your Personal Data.

1 PREAMBLE AND INTRODUCTION

1.1 This policy states the Company’s commitment to safeguarding personal information provided to it in the course of its work and lays out the principles and practices in managing and securing such data. The Company should comply with all statutes under the Personal Data Protection Act and where the Company does not, its primary objective is to ensure compliance as soon as practicable.

1.2 The Company’s primary commitment with reference to the Data Protection Act is to ensure individuals’ personal data are not misused. This is done by ensuring that personal data are:

• Obtained for specified and lawful purposes and not further processed in a manner incompatible with that purpose;
• Relevant and not excessive;
• Accurate;
• Kept for no longer than necessary;
• Protected by appropriate security.

2 INFORMATION – TYPES, COLLECTION AND USE

2.1 Types of Information Collected

2.1.1 For the purposes of this Policy document, the types of information collected/captured by the Company, for professional purposes, include but are not limited to the following:

• Full name
• Address (only for customers who opt for delivery of item(s))
• Contact number(s)
• Email

2.2 Use of Information Collected

2.2.1 The Company will only use the information for safekeeping in our confidential customer database and for ease of purchase for future orders

3 PROVIDERS OF DATA

3.1 The Providers of the data can include, but are not limited to the following:

• Individuals/customers

4 CONSENT

4.1 Consent to Disclose Information

4.1.1 The Company shall seek consent from individual to collect, use or disclose the individual’s personal data, except in specific circumstances where collection, use or disclosure without consent is authorised or required by law, law enforcement officers and/or authorised representatives of the Government. Where there is any other need to disclose without consent, the disclosure shall be approved by the Data Protection Officer.

4.1.2 Consent may be collected through written documentations (e.g. consent form, written note) or electronically (email consent, electronic forms). In situations that consent cannot be conveniently obtain in written form or electronically, the Company may opt to obtain verbal consent and such process shall be approved by the Data Protection Officer.

4.2 Withdrawal of Consent

4.2.1 Any individual may withdraw their consent to the use and disclosure of their personal data at any time, unless such personal data is necessary for the Company to fulfil its legal obligations. The Company shall comply with the withdrawal request, and inform the individual if such withdrawal will affect the services and arrangements between the individual and the Company. The Company may therefore be required to cease such services or arrangements as a result of the withdrawal.

5 SECURITY

5.1 The Company shall adopt security arrangements that are reasonable and appropriate while taking into consideration the nature of the personal data, the form in which the personal data is collected (physical or electronic) and the possible impact to the individual concerned if an unauthorized person were to obtain, modify or dispose of the personal data. Each department shall determine such arrangements appropriate for their operating unit. The Data Protection Officer shall review and examine such arrangements and provide necessary recommendations to ensure safe storage.

5.2 The Company shall take reasonable and appropriate security measures to protect the storage of personal data, such as:

• Marking confidential on documents with personal records clearly and prominently;
• Storing electronic files that contain personal data in secured folders;

5.3 The Data Protection Officer shall ensure that:

• The Company’s IT networks that host personal data are secured and protected against unauthorised access.
• Personal computers and other computing devices that may access to personal data are password protected. 
• Personnel and other files that contain sensitive or confidential personal data are secured and only made available to staff with authorised access.
• The IT service providers’ services and/or provisions comply with security standards in line with industry practices.

5.4 In the event of a security breach, the Data Protection Officer shall be notified. The Data Protection Officer shall investigate if such breach is a malicious act and shall take appropriate action after consulting with the Chief Executive.

6 HOW TO CONTACT US

6.1 If you have any questions about this Policy, or you would like to obtain access, make corrections to your personal data records and/or request for withdrawal of the use and disclosure of any specific set of your personal data, please contact our Data Protection Officer with the relevant information at, email us at yufan@marvelous.toys.