Privacy Policy

Last updated: 7 September 2025

This Privacy Policy explains how Crest Insignia Pte. Ltd. (“Crest Insignia”, “we”, “us”, “our”) collects, uses, discloses, and protects your personal data when you use our website, purchase our products, or otherwise interact with us. We are based in Singapore and primarily serve customers in Singapore and South Korea.

1. Who we are (Data Controller)

Crest Insignia Pte. Ltd.
141 Cecil Street, #07-01, Tung Ann Association Building, Singapore 069541
Phone: +65 8917 4194 · Email: info@thecrestinsignia.com
Contact person: Khamis Sukudi

2. Scope

This Policy applies to personal data we collect online (our website, checkout, support channels) and offline (phone support, delivery coordination), including data processed through third-party services we use to run our store (e.g., payment gateways, shipping carriers, analytics).

3. Definitions

• Personal Data: any data that identifies you or can be used to identify you (e.g., name, email, shipping address, phone, order details).
• Process/Processing: any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).
• Website: our e-commerce site and related pages operated by Crest Insignia.

4. Personal data we collect

• Identity & Contact Data: name, email, billing and shipping address, phone number.
• Account Data: login details, passwords (hashed), preferences, saved addresses, wishlists.
• Order & Transaction Data: products purchased, order numbers, invoices, delivery status, warranty claims.
• Payment Data: payment status and tokens processed via payment providers (we do not store full card numbers).
• Device/Technical Data: IP address, browser type/version, device identifiers, time zone, cookies, approximate location for fraud prevention and currency display.
• Usage Data: pages visited, clicks, referring URLs, session duration, error logs.
• Communications: emails, messages, call notes, support tickets, product reviews.
• Marketing Preferences: newsletter opt-in/opt-out, cookie consent settings.

5. How we collect personal data

• Directly from you: when you place an order, create an account, contact support, request returns/warranty, or subscribe to newsletters.
• Automatically: via cookies, pixels, and similar technologies when you browse our Website.
• From third parties: payment gateways, identity verification and fraud-prevention services, logistics partners, analytics providers.

6. Why we process your data (purposes & legal bases)

We process personal data for the following purposes:

• Order processing & delivery (contract necessity): to accept payment, fulfill orders, arrange shipping, handle returns and warranty.
• Customer support (contract necessity/legitimate interests): to respond to queries, troubleshoot, and resolve issues.
• Account management (contract necessity/consent): to create and maintain your account and preferences.
• Fraud prevention & security (legitimate interests/legal obligations): to secure our Website, detect suspicious activity, and comply with laws.
• Analytics & improvements (legitimate interests/consent where required): to understand usage and improve our Website and services.
• Marketing (consent/legitimate interests): to send product updates, promotions, and recommendations (you can opt out anytime).
• Legal compliance (legal obligations): tax, accounting, regulatory reporting, and responding to lawful requests.

For Singapore customers, we comply with the Personal Data Protection Act 2012 (PDPA), including consent and purpose limitation. For South Korea customers, we align with the Personal Information Protection Act (PIPA), including notices for overseas transfers (see Section 11).

7. Cookies & similar technologies

We use cookies, pixels, and similar technologies to operate the Website, enable shopping cart functions, remember your preferences (e.g., currency), measure performance, and support marketing (with your consent where required).

7.1 Cookie categories

• Strictly necessary: required for core functions (cart, checkout, security).
• Performance/Analytics: to understand site usage and improve functionality.
• Functional: to remember preferences (e.g., language, currency, region).
• Marketing/Advertising: to deliver and measure relevant offers.

7.2 Managing cookies

You may manage non-essential cookies via our cookie banner or your browser settings. Blocking some cookies may affect site functionality.

8. How we share personal data

• Payment processors: to process your payments and prevent fraud. We do not store full card details.
• Logistics & delivery partners: couriers, postal services, and customs brokers to deliver orders and handle returns.
• IT/hosting & analytics: website hosting, security services, backup, analytics, and error monitoring providers.
• Customer support tools: ticketing and communication platforms to manage your requests.
• Professional advisers: accountants, auditors, legal counsel for compliance and business operations.
• Regulators & law enforcement: where required by law or to protect our rights or users.
• Business transfers: in connection with any merger, acquisition, financing, or sale of assets, your data may be transferred to the new owner.

We require our service providers to use personal data only for the services we request and to protect it appropriately.

9. International transfers

We may transfer, store, and process personal data outside your country (e.g., in Singapore and other jurisdictions where our service providers operate). When we transfer data internationally, we implement appropriate safeguards consistent with applicable laws (e.g., contractual protections).

10. Data retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, including satisfying legal, accounting, or reporting requirements. Typical retention: order and invoice records are kept for 5–7 years to meet tax and regulatory obligations; support records are retained for operational needs and then securely deleted or anonymized.

11. Supplemental notice for South Korea (PIPA)

For customers in South Korea, we may transfer your personal data overseas to service providers (e.g., payment gateways, hosting, analytics, and logistics providers) to fulfill your orders and operate our Website. Where required, we will notify you of (i) the recipient’s name/contact, (ii) country of transfer, (iii) items of personal data, (iv) purpose and (v) retention period. If you need details of current overseas transfer recipients, please contact us (see Section 18).

Your rights under PIPA may include the right to request access, correction, deletion, and suspension of processing, subject to legal exceptions.

12. Your rights

Singapore (PDPA) — You may:

• Request access to your personal data and information on how it has been used or disclosed.
• Request correction of inaccurate or incomplete personal data.
• Withdraw consent at any time; this may affect our ability to provide certain services.

South Korea (PIPA) — You may:

• Request access, correction, deletion, or suspension of processing, subject to legal limits.

If you are located in other regions (e.g., EEA/UK), additional rights may apply (such as data portability or objection); contact us for region-specific information.

13. Marketing communications

With your consent (where required), we may send you newsletters, promotions, and product updates. You can opt out at any time by using the unsubscribe link in our emails or contacting us. We may still send transactional or service emails (e.g., order confirmations, delivery notices).

14. Children’s privacy

Our Website and products are intended for adults. We do not knowingly collect personal data from children under the age required by applicable law (e.g., under 13). If you believe a child has provided personal data to us, please contact us and we will take appropriate steps to delete such data.

15. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. However, no method of transmission or storage is completely secure; we cannot guarantee absolute security.

16. Third-party websites

Our Website may contain links to third-party sites. We are not responsible for the privacy practices or the content of such sites. Please review their policies.

17. Do Not Track

Some browsers offer a “Do Not Track” (DNT) setting. Our Website does not currently respond to DNT signals. You may manage cookies as described in Section 7.

18. How to contact us (including DPO)

For questions, requests, or complaints about this Policy or your personal data, contact:
Data Protection Officer (DPO)
Email: info@thecrestinsignia.com
Address: 141 Cecil Street, #07-01, Tung Ann Association Building, Singapore 069541

Singapore residents may also contact the Personal Data Protection Commission (PDPC). South Korea residents may contact the Personal Information Protection Commission (PIPC).

19. Changes to this Policy

We may update this Policy from time to time to reflect changes in law or our practices. We will post the updated version on our Website with a new “Last updated” date. Where required by law, we will notify you and/or seek your consent to significant changes.

Appendix A — Examples of data disclosures to service providers

The following are examples of disclosures made in order to operate our store. The exact recipients may vary over time:

• Payment processing: payment gateways and anti-fraud services for authorization and settlement.
• Logistics: couriers, postal services, and customs brokers for pickup, tracking, and delivery.
• IT & hosting: web hosting, content delivery networks (CDNs), backup and security providers.
• Analytics: traffic analysis and performance monitoring tools.
• Customer communications: email service providers and support/ticketing platforms.

Appendix B — Cookie examples