Effective Date: Nov 13, 2019 | Last Updated: May 2, 2025

Esmond Service Centre ("Esmond", "we", "us", or "our") is operated by Esmond Holding Pte. Ltd. ("Company"), a company registered in Singapore. This Privacy Policy ("Policy") outlines how Esmond Holding Pte. Ltd., operating as Esmond Service Centre, collects, uses, discloses, and protects the personal data of our customers and website visitors, in compliance with the Singapore Personal Data Protection Act 2012 (PDPA) and international best practices. It also explains how we handle user consent (including online form submissions via QR code), email marketing (via Brevo, formerly Sendinblue), use of birthdays for personalized messages, display of third-party trademarks, cookies, and other important privacy matters. By interacting with us, submitting any forms, or using our services or website, you agree to the terms of this Policy. If you do not agree, please do not provide us with any personal data or use our services.

At Esmond Service Centre, we value your trust. We have appointed Mr. Esmond Liu as our dedicated Data Protection Officer (DPO) to oversee our data protection responsibilities and ensure compliance with PDPA. If you have any questions about this Policy or your personal data, you can find our contact details in the Contact and Data Protection Officer section below.

Personal Data We Collect

Definition of Personal Data: In this Policy, “personal data” means any data, whether true or not, about an individual who can be identified from that data (or from that data and other information to which we have access), as defined under the PDPA. This may include data such as your name, address, telephone number, email address, and any other information that can identify you.

Types of Data Collected: The types of personal data we may collect from you depend on your interaction with us, including but not limited to:

• Contact Information: Name, email address, phone number, mailing address, WhatsApp number (if different from phone), and other contact details.

• Identification Details: We do not collect NRIC numbers, not even the last 4 digits. We only collect your full name as shown in your NRIC.

• Device and Service Details: Information about your device(s) needing repair or service (e.g. device type, brand, model, serial number, issues reported, passwords or PINs for device testing only if you choose to provide them), service history, and related information.

• Transaction Data: Records of the services you requested or products you purchased, including dates, device condition, services performed, warranty information, trade-in details, and any quotations or invoices.

• Online Form Inputs: Information you submit through our online forms (including those accessed via QR code in-store), such as details about the device problem, appointment preferences, and any other information you choose to provide in form fields.

• Marketing Preferences: Your preferences in receiving marketing from us (for example, whether you have consented to receive service updates and promotions, which is obtained when you submit our service form).

• Personal Preferences or Demographics: Such as your date of birth (if you provide it for birthday rewards), and possibly your preferred language or communication mode. We do not collect sensitive personal data (such as health, biometric, financial, or credit card details) at all. If a payment is processed via PayNow, bank transfer, or any other payment method, relevant transaction details are handled securely through regulated payment systems and processors, and such financial information is not stored by us.

• Website Usage Data (Cookies): We use Google Analytics (a web analytics service) on our website. This means we may collect information such as your IP address, browser type, and pages visited on our site via cookies or similar technologies (see the Cookies and Tracking section for more details). We use the data collected to analyze website traffic and improve our services. We do not use any advertising tracking cookies that profile you across other sites. If we introduce additional cookies or tracking tools in the future, we will update this Policy and obtain consent as required.

We typically collect personal data directly from you. You provide data to us when you: bring a device in for repair, request a quote (online or in person), communicate with us via phone or messaging, fill out our service request forms, subscribe to our marketing communications, or otherwise interact with our services. If you contact us on behalf of someone else or provide someone else’s personal data (for example, dropping off a device for a family member), please ensure that you have the authority or that individual’s consent to share their data with us as described in this Policy.

Purposes for Collection, Use, and Disclosure of Personal Data

We collect, use, and disclose your personal data for purposes reasonably necessary or directly related to our relationship with you as a customer, as well as those for which you have provided consent. These purposes include:

Providing Services and Customer Support: To record and process your service requests or repairs (e.g. diagnosing your device issues, performing repair or maintenance work, contacting you with status updates, and returning your device to you). We use your data to identify you and your device, keep track of the services performed, and contact you as needed to fulfill your request. For example, we will use your name and contact details to create a service order, log the repair details, inform you when your device is ready for collection, and follow up on any post-service issues.

Communication and Enquiries: To respond to your enquiries, feedback, or requests. For example, if you contact us via our website form, email, social media, or phone, we will use your provided contact information to communicate with you and address your questions or concerns.

Marketing and Promotions: To send you marketing communications about our latest services, offers, promotions, events, or news. This may include newsletters via email, promotional messages via WhatsApp or SMS, or other channels using the contact details you provided. We will only use your personal data for additional marketing purposes if you have given us consent or have not opted out (see Marketing Communications & Consent below). You have the right to opt out of these at any time.

Personalized Offers (Birthdays & Special Occasions): If you choose to provide your date of birth, we may use it to send you a personalized birthday greeting and a special discount or promotional offer around your birthday. Such messages might be sent via WhatsApp or email and are intended to appreciate you as our customer. We will do this only if you have not objected to receiving marketing messages from us. You can inform us if you prefer not to receive birthday or special occasion messages.

Use of Services as an Authorized Service Provider: We are an authorized or certified service provider for certain brands (e.g. MSI, Actxa, Gain City Extended Warranty, and an Apple Independent Repair Provider). In such cases, we may need to use or share your personal data with the respective brand or partner to fulfill the service obligations. For example, if we service your device under a manufacturer’s warranty or an extended warranty program, we may have to provide the serial number, your name and contact, and details of the repair to the manufacturer or warranty provider for validation and record-keeping. We will only share the minimum data necessary and ensure that these partners are also PDPA-compliant or meet equivalent international standards.

Internal Records and Administration: To maintain proper business and service records, such as logging service jobs, tracking device history, and updating our customer database. This helps us manage our relationship with you – for instance, by recalling past repairs on your device or honoring warranty on our repair work (e.g. our 90-day repair warranty).

Security and Fraud Prevention: To ensure the security of our premises, website, and customers. For example, CCTV footage at our service centers (if you visit in person) is collected for security and crime prevention purposes. We may also use your data to verify identity when returning devices to the correct owner and to prevent or detect fraud or other misuse of our services (such as fraudulent warranty claims or theft).

Legal and Regulatory Compliance: To comply with applicable laws, regulations, industry standards, and our internal policies. This includes using or disclosing personal data as required to fulfill legal obligations, such as keeping transaction records for tax/audit purposes, ensuring we honor Do-Not-Call registry rules, and responding to lawful requests by public authorities. If law enforcement or regulatory agencies require us to disclose personal data (for example, under a court order or for an investigation), we will only do so if legally compelled and in accordance with PDPA and other applicable laws.

Other Purposes You Have Consented To: We may use your personal data for any other purpose that you have specifically consented to. For instance, if you agree to participate in a customer testimonial or case study, we might use your feedback or story on our website or marketing materials, with your permission.

We will notify you and seek additional consent if we intend to use your personal data for purposes that are not listed above or not obvious to you. In general, we do not use your personal data for any purpose not reasonably related to the original purpose of collection unless you consent or it is permitted by law. We also do not engage in selling your personal data to third parties for their own marketing purposes.

Obtaining Consent & Online Form Submissions

Under the PDPA and global privacy principles, we will only collect, use, or disclose your personal data with your knowledge and consent, except where exceptions apply (e.g. emergencies or legal requirements). By providing your personal data to us (whether in person, through our website, via a QR code form, or any other channel), you consent to our collection, use, and disclosure of that data for the purposes outlined in this Policy.

When you submit your information through our online service request forms – for example, by scanning a QR code at our service centre that leads you to a digital form – you will typically be asked to agree to this Privacy Policy (via a link) at the point of data collection. These online forms serve as a convenient way to gather details about your repair needs and contact information. Here’s how we handle consent in such cases:

• Acknowledgment of this Privacy Policy: The form will notify you that by submitting your personal data, you agree to the terms of our Privacy Policy (i.e. you have read and accept how we will handle your data). We encourage you to read the Policy via the link provided in the form before submitting.

• Service Updates Consent: By filling in the service form and providing your contact details, you implicitly consent that we can contact you about that specific service order. This is considered deemed consent or necessary for us to perform the service. For example, if you provide your phone number or email in the repair form, we will use that to send you service status updates, appointment confirmations, or any communications necessary to complete your repair request. These communications are part of delivering the service you requested. (If you do not wish to be contacted at all about your ongoing service, we might not be able to fulfill the service properly – providing your contact data for service inherently includes consenting to essential service communications.)

• Marketing Communications: By filling in and submitting our service form (or other online forms such as quote requests), you consent to receive marketing and promotional messages from us in addition to the necessary service updates. We will use your contact information to inform you about our latest services, offers, promotions, events, or news. These communications may be sent via email, WhatsApp, SMS, or other channels using the details you provided. You have the right to opt out of these marketing communications at any time (see Marketing Communications & Consent below), and opting out will not affect the essential service-related communications we send to you.

• WhatsApp Communications: We often use WhatsApp to update you on your service status and to send important information or promotions. By providing your phone number, you consent to us contacting you via WhatsApp for both service-related updates and marketing messages as part of our standard communication process. (Standard messaging rates from your mobile provider may apply, but we do not charge any fees for messages sent via WhatsApp.)

• Withdrawal of Consent: Providing consent is voluntary. You have the right to withdraw your consent at any time after giving it, subject to legal or contractual restrictions. (Please see Your Rights: Access, Correction, and Withdrawal for details on how to withdraw consent and what it means for you.) For example, if you initially consent to marketing emails but later change your mind, you can opt out and we will stop sending them. Do note that if you withdraw consent for us to use data that is necessary to serve you (e.g. if you withdraw consent to be contacted about a repair in progress), we may have to discontinue the service if we cannot reach you with critical information. We will inform you if such a situation arises so you can make an informed decision.

In some cases, PDPA allows us to collect or use personal data without consent (for instance, to respond to an emergency, conduct investigations, or fulfill legal obligations). We generally will not rely on these exceptions unless truly necessary. If we ever do collect or use data under an exception, we will ensure it falls within the PDPA’s allowed scope and will notify you where required.

Marketing Communications & Consent

We respect your choices when it comes to receiving marketing communications. Here’s how we handle marketing and what you can expect:

• Consent for Marketing: By providing your contact information to us (for example, when submitting a service form or enquiry), you consent to receive marketing and promotional messages from us. “Marketing communications” include newsletters, special offers, promotions, new service or product announcements, customer satisfaction surveys, and event invitations from Esmond Service Centre. We no longer require a separate opt-in step (such as checking a box) for these messages – your agreement to this Privacy Policy and your submission of details constitutes your consent. If you prefer not to receive marketing messages, you may opt out at any time, and we will honor your choice by removing you from our marketing list.

• Channels: We may send marketing communications via email, WhatsApp, SMS, phone call, or other channels using the contact information you have provided. We aim to tailor the channel to your usage and preference when possible. For example, if you gave us an email address, we may send newsletters to your email. If you provided a phone number, we might send promotions via WhatsApp or SMS.

• Brevo (Sendinblue) Email Marketing: We use a third-party email service provider called Brevo (formerly known as Sendinblue) to manage and send our marketing emails and newsletters. If you receive email updates from us, your name and email address will be stored on Brevo’s secure servers and processed through their platform when we send out newsletters. Brevo is a reputable email marketing platform that complies with international data protection standards (including GDPR in the EU). Our use of Brevo is in line with PDPA requirements – Brevo acts as our data intermediary (data processor) to send emails on our behalf, and they are contractually bound to protect your data and not use it for their own purposes.

• Unsubscribe and Opt-Out: Every marketing email we send via Brevo will contain an “Unsubscribe” link at the bottom. You can click the unsubscribe link at any time to automatically remove yourself from our mailing list – we will then cease sending you marketing emails (please allow a few days for complete removal). You can also opt out of specific channels by contacting us directly. For example, to stop WhatsApp or SMS messages, you can reply to us or send a request to opt out, or reach out to our DPO using the contact information below with your instruction. We will promptly process your opt-out request. There is no fee or penalty for withdrawing consent to marketing, and opting out of marketing will not affect the service communications we send for ongoing repairs or your ability to use our core services.

• What Happens When You Opt Out: If you opt out of all marketing, we will stop using your contact information for promotional purposes. However, we may retain minimal contact details on a “suppression list” to ensure we honor your opt-out (i.e. to make sure we don’t accidentally send you any marketing communications if you have unsubscribed). We may still send you non-marketing messages if necessary (such as invoices, service updates about a repair in progress, or responses to inquiries), as those are transactional or service-related communications.

• Third-Party Marketing: Esmond Service Centre does not sell or share your personal data with third-party companies for them to market to you. We handle our own marketing in-house through tools like Brevo. In the event we ever collaborate with a partner (for example, a co-branded event or referral program) that might involve some marketing activity, we would only do so with appropriate consent from you and clear information given at that time.

• Compliance with Spam and DNC Laws: We abide by Singapore’s Spam Control Act and the PDPA’s Do Not Call (DNC) provisions. If you have registered your Singapore telephone number on the national DNC registry, we will not send you promotional messages via phone or SMS to that number unless you have given clear consent. Our emails include our business contact information and an unsubscribe option as required under law. We take these regulations seriously and have measures in place to ensure our marketing practices remain compliant.

Cookies and Tracking

Use of Analytics: As of the latest update of this Policy, our website uses a web analytics tool (Google Analytics) to help us understand site traffic and how visitors engage with our site. We do not deploy any third-party advertising or marketing cookies that track your behavior across other websites. Google Analytics may set cookies to collect information such as your IP address, browser type, and pages visited on our site. We utilize this information in aggregate form to improve our website and services. We do not collect any personal browsing information beyond what you voluntarily submit to us through forms, and we do not use web beacons, fingerprinting techniques, or other invasive tracking technologies on our site. Our site is primarily informational (about our services and contact details), and any forms on the site are provided for you to communicate with us or request our services directly.

Essential Cookies: We may use a very limited set of cookies that are necessary for the functioning of the website or forms. For example, if our site has a login function or a shopping cart (for our online store), an essential cookie might be used to keep you logged in or remember your cart items. These are generally session cookies that do not collect personal data beyond what’s necessary and are not used to track you across other sites. By using our site, you implicitly consent to these functional cookies, as they are needed for the service you request (e.g. staying logged in or submitting a form). You can set your browser to block cookies, but some parts of our site might not work properly if you do.

Future Use of Cookies or Analytics: We remain committed to transparency and adaptability in our privacy practices. Currently, our use of third-party tracking tools is limited to Google Analytics. However, in the future, we may introduce additional analytics services or enable other cookies to further understand site traffic or improve user experience. If we implement any new cookies or tracking technologies, we will update this Privacy Policy beforehand and inform you of the changes. Where required by law (for example, if our site is accessed from jurisdictions like the EU or UK), we will also implement a cookie consent banner or similar mechanism to obtain the necessary consent for non-essential cookies. Our aim is to fully comply with evolving privacy laws globally regarding cookies (such as the EU ePrivacy Directive/GDPR requirements for consent).

Third-Party Website Features: Sometimes, we may embed content or links from other websites (for example, a YouTube video, a map from Google Maps, or social media share buttons). These third-party services might set their own cookies on your browser when you interact with them. We do not control these cookies and they are governed by the policies of the respective third parties. However, we will try to minimize such usage or at least inform you when you’re interacting with an external service via our site (e.g., by indicating “Map data by Google” when showing an embedded map). If you prefer not to have data collected by these external services, you may choose not to use those features on our site or use browser settings to block third-party cookies.

Do-Not-Track Signals: Some web browsers offer a “Do Not Track” (DNT) setting that lets you signal that you do not want to be tracked across websites. Because we do not utilize any cross-site advertising trackers and only use limited analytics tools, our website’s behavior is generally the same whether or not a DNT signal is enabled. We will strive to honor DNT signals to the extent feasible. For instance, if we detect a DNT preference, we will avoid loading non-essential tracking cookies, and we plan to provide options for you to opt out of analytics whenever possible.

In summary, your browsing on our site is not being monitored for profiling or targeted advertising purposes. We take a minimalist approach to cookies, using them mainly for basic analytics and necessary site functions. If this ever changes, we will seek your permission where appropriate. Feel free to adjust your browser settings to control cookies; you will still be able to access our site content without significant issues even with cookies disabled.

Disclosure of Personal Data to Third Parties

Esmond Service Centre respects the confidentiality of your personal data. In general, we will not disclose your personal data to third parties without your consent, except in certain permitted situations described below. When we do share your data, we will take steps to ensure that the third party provides sufficient guarantees to protect your data in accordance with PDPA and, if applicable, other privacy laws.

Situations where we may disclose data include:

• Authorized Service Partners & Manufacturers: If your service involves a third-party company – for example, a device manufacturer, a warranty provider, or a specialized technician – we may need to share relevant details to carry out or complete the service. This includes scenarios like sending your device (with its serial number and your contact info) to an authorized repair center for a specific fix, or informing a warranty provider of your name, contact, and service details for claim processing. We only do this when necessary and within the context of an authorized partnership or service arrangement. These partners are often themselves bound by privacy laws or contractual confidentiality. For instance, as an MSI Authorized Service Provider (ASP), MSI may require that we input your repair details into their secure system, which is used only for after-sales service management.

• Third-Party Service Providers (Data Intermediaries): Like most businesses, we use third-party vendors to support our operations. We may disclose personal data to such vendors strictly for them to perform services on our behalf, such as:

  • IT and Hosting providers: Companies that host our website or cloud storage for our databases, or providers of software we use (e.g. a customer relationship management system or appointment scheduling tool). They may process data like your name and contact information if it’s stored on their cloud. We ensure these providers have strong data protection practices.

  • Email/SMS/Messaging platforms: As mentioned, we use Brevo (Sendinblue) for email newsletters, and we might use a WhatsApp Business API or SMS service for sending messages. These vendors use the data only to send out communications as instructed by us and not for their own purposes.

  • Payment Processors: If you pay by credit card, PayNow, or other electronic means, your payment details go through secure payment processing companies (e.g., Stripe, PayPal, banking systems). We do not store your card number ourselves. Those processors are responsible for your payment data under their own robust security standards and privacy policies.

  • Couriers or Delivery Services: If we ever deliver a repaired device or ship a purchased item to you, we would give your address and necessary contact details (name/phone) to a delivery company (e.g., SingPost or a courier service) to fulfill that delivery. They are only allowed to use it for that delivery task and should not retain your data longer than needed.

  • Marketing and Advertising Partners: At present, we do not share personal data with third parties for advertising profiles. If we collaborate with a marketing agency or use services like Google Ads in the future, any data sharing would be limited and consent-based (for example, providing a hashed email list to Google for a custom audience ad campaign, which we would only do if we have consent from those individuals). We will update our Policy if such practices are adopted.

• Professional Advisors: We may disclose necessary data to our professional advisors – such as auditors, lawyers, insurers, or consultants – who need it to provide us with their services or advice and who are bound to confidentiality. For example, an auditor might review sample customer records for compliance checks, or a lawyer might need details if there is a legal claim or dispute.

• Business Transfers: If there is a future event such as a merger, acquisition, sale of business assets, or joint venture, your personal data may be disclosed to the new owners or counterparties as part of the transaction. For instance, as part of due diligence, we might need to show customer databases to a potential acquirer under strict confidentiality, or transfer customer service records to an entity that acquires our business or assets. In such cases, we would only do so in compliance with PDPA, and the receiving party will be obligated to honor the commitments we have made in this Policy.

• Legal Obligations and Public Safety: We may disclose personal data if required to do so by law or in response to valid requests by public authorities (such as a subpoena, court order, or government demand). We may also disclose data in good faith when it is necessary to prevent a threat to life, health, or security of an individual, or to investigate and address suspected illegal activities, fraud, or security vulnerabilities. For example, if required by the Police or Personal Data Protection Commission (PDPC) during an investigation, or if there is an immediate risk of harm and we need to alert law enforcement.

• Third-Party Requests with Your Consent: If you instruct us or give us permission to share your information with a third party, we will do so. For example, if you ask us to coordinate with your company’s IT department on a repair, or if you engage a financing company for payments and want us to confirm details with them, we will share information as directed by you.

We strive to keep any sharing of your data to a necessary minimum. Whenever personal data is transferred out of our hands to a third party, we remain accountable to you for it under the PDPA. That means we choose our partners carefully and assess them to ensure your data remains safe.

We also ensure that any third party we work with is either bound by the PDPA, or if overseas, that they are bound by legally enforceable obligations to provide a standard of protection comparable to the PDPA (or we obtain your consent for the transfer as allowed by law).

Protection of Personal Data (Security Measures)

Your personal data is an important asset, and we take reasonable security measures to protect it from unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. We have implemented physical, administrative, and technical safeguards as follows:

• Access Control: Personal data in our custody is accessible only by authorized personnel who require it to perform their duties. For example, our service engineers and customer service staff will have access to your service records to serve you, but not all staff can see all data. Administrative access to our customer databases or systems is restricted to a limited number of employees on a need-to-know basis, and protected by strong passwords and (where possible) multi-factor authentication.

• Secure Storage: We store digital personal data on secure computer systems or cloud services that employ industry-standard security (such as encryption-at-rest, firewalls, and regular security updates). For instance, if your data resides in a cloud database, we ensure the provider encrypts the data on their servers. We also maintain up-to-date anti-malware protection on our devices that handle personal data. Physical documents containing personal data (e.g. printed service forms, signed agreements) are kept in locked cabinets or secured areas when not actively in use, with controlled access. We utilize a trusted third-party hosting provider (Exabytes.sg) to store and process our digital data. While we have agreements in place and expect Exabytes.sg to maintain strict security measures, any data breach that occurs on their infrastructure is beyond our direct control. In the unlikely event of a security incident at Exabytes.sg or another external vendor, we will respond promptly and work with them to resolve the issue. However, Esmond Service Centre will not be liable for data breaches that are solely due to lapses by our third-party service providers.

• Data Transmission: When transmitting personal data electronically – for example, via email or by uploading it to our cloud server hosted by Exabytes.sg – we use encryption and secure protocols whenever feasible. Our website is protected with HTTPS, meaning data you submit through web forms is encrypted in transit via SSL/TLS. Internal transfers of data (such as between our branches or to certain partners) are done over secure VPNs or encrypted channels when available. For example, if we share data with an authorized partner or principal, we use their secure portal or encrypt files/password-protect them before sending.

• Training and Policies: We educate our staff about their obligations to protect personal data. All staff members are trained on PDPA requirements and our internal privacy policies. We have guidelines for handling personal data, such as not downloading customer data onto personal devices, not sharing customer info via unsecured channels, and being vigilant against social engineering attempts. Our employees understand that failure to follow data protection rules can result in disciplinary action.

• Retention and Disposal Procedures: Security also involves proper data disposal. When personal data is no longer needed (and beyond any legal retention requirement), we erase or destroy it in a secure manner. This could mean shredding physical papers or using secure deletion tools for electronic files. We ensure that data isn’t kept longer than necessary (see Data Retention below for more). We also require that any third-party service providers do the same when data we’ve stored with them is no longer needed.

• Monitoring and Incident Response: We monitor our systems for suspicious activity and have incident response plans in place. If there are anomalies like unauthorized access attempts or indications of a data breach, we act quickly to contain and investigate the issue. In the unfortunate event of a data breach involving your personal data, we will notify affected individuals and the PDPC as required by PDPA’s breach notification requirements, and work to mitigate any harm.

Despite these measures, please note that no method of transmission over the Internet or method of electronic storage is completely secure. However, we continuously update and test our security measures to mitigate risks. We also ask you to play a part: please keep your own contact information secure. For instance, be careful when sending us sensitive info – we will never ask for more data than needed, and you should also be cautious with phishing attempts. If you receive any suspicious communication claiming to be from Esmond Service Centre asking for personal data, contact us directly to verify.

In summary, we treat your data with the same care we treat our own confidential information. We regularly review our security procedures to adopt new best practices or technologies as they become available, especially to counter emerging threats.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by applicable laws. This means:

• If you are a customer who has used our repair services or purchased products, we will keep your personal data on file while your device is under any service warranty with us, or as long as needed to provide after-service support. For example, if we provide a 90-day warranty on repairs, we’ll keep relevant data at least until that period ends in case you return with an issue.

• Even after our direct relationship with you ends (e.g., once your service is completed and you have no ongoing requests), we might retain some data for a reasonable period for legal, regulatory, or business purposes. Common reasons include: handling any possible disputes or claims (for example, if an issue arises a few months after service), internal accounting and auditing (e.g., keeping receipts and records for financial reporting), or compliance with tax, warranty, and consumer protection laws.

• We generally will review and purge personal data that is no longer needed. As a guideline, we may retain routine customer service records for a set period (for instance, 1–2 years, depending on our operational needs), after which we anonymize or securely delete them if they are not actively in use. Certain information, such as invoices or transaction records, may be kept longer (e.g., 5-7 years) if required by law or standard business practices (for example, financial and tax records).

• If you have subscribed to our marketing communications but later unsubscribe or opt out, we will stop using your data for marketing. We will, however, keep minimal information (like your email or phone number) on an opt-out list to ensure we do not contact you again inadvertently.

• For data collected via CCTV at our premises (if applicable), such footage is typically overwritten or deleted after a short period (around 30 days), unless it is needed for an investigation of an incident (for example, if we are looking into a theft or safety incident captured on camera).

• When we dispose of personal data, we do so in a way that prevents further use or access. For digital data, we use secure deletion methods; for physical data, we use shredding or incineration. If data is stored with third-party processors (such as cloud service providers), we will ensure – either through contractual arrangements or by adhering to the vendor’s data management policies – that they delete the data from their systems once we no longer need it or upon our request.

In short, we don’t keep personal data indefinitely “just because.” We aim to strike a balance between retaining information for customer convenience (e.g., returning customers often appreciate if we remember their device history) and respecting privacy by not keeping data longer than justified. If you want us to delete your personal data sooner, you may request deletion (see Your Rights below). If it’s data we are not required to keep and we have no ongoing need for it, we will gladly comply with your deletion request.

International Transfers of Personal Data

While we are based in Singapore, we recognize that the nature of digital services may involve transferring or storing personal data across international borders at times. For instance, if we use cloud services or third-party providers located overseas, or if you are a customer accessing our services from outside Singapore, your data might travel or be stored in another country.

Whenever we transfer personal data out of Singapore, we will ensure that the recipient of the personal data is bound by legally enforceable obligations (for example, under contracts) to provide a standard of protection for the data that is comparable to the protection under the PDPA. This is in line with Singapore’s requirements for cross-border data transfers.

Practically, this means if we use an overseas data center or engage an overseas vendor, we will have a contract or agreement that requires them to handle your data with care, keep it secure, and use it only for the purposes we specify, in compliance with PDPA-like standards. If an exception under the law applies (such as the transfer is necessary for the performance of a contract with you, or you consent to the transfer despite knowing the risks), we will ensure that the transfer is still done securely.

We primarily store data in Singapore. For example, our web hosting and cloud storage are intended to be in data centers within Singapore (through our provider Exabytes.sg). If we ever need to transfer data to another country (say, to an analytics service or a support team overseas), we will take steps to protect it. Our aim is that no matter where your personal data goes, it remains subject to safeguards comparable to those in Singapore.

In summary, we treat your data with consistent care, regardless of where it’s processed. Singapore is our home base and your data will largely stay here, but when it doesn’t, we ensure the protections travel with the data. If you have concerns about a particular cross-border scenario, please contact our DPO – we will be transparent about how your data moves and ensure you are comfortable with it.

Third-Party Websites, Content, and Trademarks

Our website may contain links to third-party websites or display content and brand assets that are not owned by Esmond. It’s important to clarify how these are handled:

• Links to External Sites: For your convenience and information, our site might include hyperlinks to external websites (for example, a device manufacturer’s site, a relevant news article, or our social media pages like Facebook/Instagram). If you click on those links, you will be visiting sites that we do not control. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party websites you visit, as their data practices are independent of Esmond Service Centre. We are not responsible for the content, privacy practices, or use of personal data by those external sites. However, if you have feedback about any site we link to (for instance, if a link is broken or the content seems inappropriate), we appreciate you letting us know so we can address it.

• Third-Party Services on Our Site: Sometimes, we may embed third-party services on our site, such as a YouTube video player, a Google Map for directions, or a chat widget from a trusted provider. These features might collect data (like your IP address or set cookies) directly from you, even while you are on our page. We will inform you where practical (e.g., by noting “Map data © Google” when displaying a map) and clarify that such interactions are governed by the third party’s own terms and privacy policy (e.g., Google’s Privacy Policy for Google Maps). We try to minimize any unnecessary data sharing through these features. If you prefer not to have data collected by these third-party tools, you may choose not to use those embedded features (for example, you can refrain from playing the video or use browser plugins to block such content).

• Use of Third-Party Logos and Trademarks: Esmond Service Centre may display trademarks, service marks, logos, and brand names of other companies on our website and marketing materials. For instance, you might see logos of brands like Apple, Lenovo, MSI, Dell, HP, Acer, Microsoft, Actxa, Gain City, etc., often in contexts such as indicating that we repair those brands or that we are authorized service partners. We want to make it explicitly clear that Esmond Service Centre does not own these third-party trademarks. All such logos and brand names are the property of their respective trademark owners. Our use of them is solely to identify the products or services we work with, or the affiliations/authorizations we have. This is in accordance with Singapore’s intellectual property laws and international IP law principles that allow the use of trademarks for referential purposes (sometimes known as “nominative fair use” or to indicate compatibility or authorization).

For example, we might use the Apple logo with the label “Independent Repair Provider” to show that we are part of Apple’s Independent Repair Provider program. This does not imply that we are Apple Inc. or that we own the Apple logo. It simply means we have met Apple’s criteria to provide certain repairs with genuine parts. Similarly, the MSI logo on our site denotes that we are an Authorized Service Provider for MSI products in Singapore, which is a partnership credential. We acknowledge MSI’s ownership of their mark.

Any mention of other company names or products (like “Windows”, “Android”, etc.) on our site is purely descriptive to inform customers what devices or software we can service or have experience with. Those names belong to their respective owners (e.g., Microsoft, Google).

Esmond Service Centre fully respects all third-party intellectual property rights. Nothing on our website is intended to suggest that we have rights to someone else’s trademark beyond the right to use it as allowed (either via an official agreement or as permitted by law for informational use). If any trademark owner has concerns about the usage of their mark on our site, they may contact us and we will address the concern promptly. (Our intent is respectful use to benefit consumers by identifying brand compatibility or service offerings.)

This clarification benefits you as the user as well: when you see those logos on our site, you can trust that they are there to help guide you (e.g., you can quickly recognize we handle that brand), and not to mislead. We do not claim endorsement by those third parties unless explicitly stated (other than being an “authorized service partner” where applicable, which is a form of endorsement/license limited to service activities).

Your Rights: Access, Correction, and Withdrawal

We believe in being transparent and giving you control over your personal data. Subject to certain exceptions under the law, you have the following rights regarding the personal data we hold about you:

• Access Right: You have the right to request information about how your personal data has been used or disclosed by us over the past year, and to request a copy of the personal data we hold about you. Upon request, and after verifying your identity, we will provide you with details such as the personal data we have, how we have used or disclosed it (generally in the past 12 months), and the purposes of use. There are some situations under the PDPA where we may not be able to provide certain data (for example, if it would reveal personal data about another individual, if it is subject to legal privilege, or if it was collected during an investigation of a wrongdoing), but if any such exception applies, we will inform you of the reason we cannot fulfill your request.

• Correction Right: If you believe any personal data we have about you is incorrect or incomplete, you have the right to request that we correct or update it. For instance, you can ask us to update your contact number or correct the spelling of your name. When you make a correction request, please provide details of the data to correct and the accurate information. We will verify and make the necessary corrections promptly (usually within 30 days). If we have shared that data with third parties (data intermediaries processing it on our behalf), we will send the corrected data to them as well so their records are updated. There may be cases where we cannot make the correction you request (e.g., if we have a contrary legal obligation to retain the original data, or if the data in question is an evaluative opinion rather than a factual record), but we will inform you of the reasons in such situations.

• Withdrawal of Consent: As discussed earlier, you have the right to withdraw any consent you have given for us to use or disclose your personal data. This includes consent for marketing communications or even consent for us to hold your data at all. You can initiate a withdrawal by contacting our DPO with your request (see contact details below). We may require you to verify your identity to process the withdrawal (for instance, if you request by email, we might call you to confirm, or if you come in person we might ask for ID). Withdrawal of consent does not retroactively affect our use of your data that had already occurred but will apply going forward. Upon receiving a withdrawal request, we will inform you of the likely consequences of the withdrawal (for example, if withdrawing consent means we can no longer provide a service to you). If you confirm to proceed, we will cease collecting or using your personal data for the purposes you have withdrawn from, and will delete or anonymize it unless retention is required by law. Do note that if you withdraw consent for purposes that are necessary to us providing you with services, we may not be able to continue those services. We do not penalize anyone for choosing to withdraw consent – we respect your decision.

• Data Portability Right (if/when applicable): In the event that data portability obligations under PDPA come into effect or apply to our operations, you may have the right to request we transmit your data that is in our possession or under our control to another organization in a machine-readable format (where technically feasible). We will provide more information on this right if and when it becomes applicable.

We will not discriminate against you for exercising any of these rights. Our goal is to empower you with control over your personal data and ensure our practices align with your expectations and the law. To exercise any of your rights, please reach out to our Data Protection Officer using the contact information below. We will require that you verify your identity before we fulfill requests, to ensure the security of your data (e.g., we might require you to come in person with identification for highly sensitive requests, or at least verify via a known email/phone contact for remote requests).

We will endeavor to respond to all legitimate requests or inquiries within a reasonable timeframe, generally within 30 days. If we need more time (for example, due to complexity of the request), we will inform you of the extension and reason. If you are not satisfied with our response to your data access or correction request, you have the right to lodge a complaint with the PDPC or seek other legal avenues, but of course we invite you to address any concerns with us first so we have the opportunity to resolve them.

Contact and Data Protection Officer

We have appointed Mr. Esmond Liu as our Data Protection Officer (DPO) to oversee compliance with this Privacy Policy and applicable data protection laws. If you:

• Have any questions or feedback relating to your personal data or this Privacy Policy,

• Wish to make a request regarding your personal data (access, correction, withdrawal, etc.), or

• Believe that your privacy has been potentially compromised or have any concerns about our data handling,

please do not hesitate to contact us:

• Name (DPO): Mr. Esmond Liu (Data Protection Officer)

• Email: [email protected] (you may also use [email protected])

• Postal Address: Esmond Service Centre – Attn: Data Protection Officer
  460 Alexandra Road, #02-39 Alexandra Retail Centre,
  Singapore 119963

(Please note: The email address above is provided for privacy-related inquiries. If you prefer, you may also reach out via our general “Contact Us” form on our website – please mention that your query is for the attention of the DPO or is about “personal data/privacy,” and it will be forwarded appropriately. We strive to respond to all such inquiries within 3-7 working days.)

Mr. Esmond Liu, as the DPO, is responsible for ensuring our compliance with the PDPA and that we properly protect the data entrusted to us. You can expect professionalism and confidentiality when dealing with him or his delegate. If your inquiry is complex or may take longer to resolve, we will acknowledge receipt and let you know an estimated timeline. If, despite our best efforts, you feel we have not adequately addressed your concerns, you have the right to escalate the matter to the PDPC or seek other legal remedies. We do however request the chance to address your concerns first – we are committed to resolving any issues amicably and swiftly to maintain your trust.

Updates to this Privacy Policy

We may update or revise this Privacy Policy from time to time to ensure it remains accurate and up-to-date with our practices or to reflect any changes in legal requirements. Circumstances that might prompt an update include changes in technology, the introduction of new services or data practices, changes in the PDPA or other applicable laws, or feedback from our customers or regulatory authorities.

How we notify you of changes: If we make significant changes to this Policy, we will post the updated Policy on our website with a new effective date. For material changes (especially any that affect how your personal data is used or shared), we will also take additional steps to inform you – for example, we might send a notification to your email if you have one on file with us, or post an announcement in-store at our service centre, or display a notice on our website’s homepage. We may also request your consent to the new practices, if required by law. Minor updates (such as clarifications or typo corrections) may not be individually notified, but will be reflected in the version date at the top of the Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services or website after any changes to this Policy constitutes your acknowledgment and acceptance of the changes. If you do not agree with the updated policy, please contact us with your concerns and/or cease to use our services as applicable.

This Policy is written in English. If we provide translations in other languages (for ease of understanding), and if there is any conflict between the English version and a translated version, the English version will prevail for legal interpretation.

Privacy Commitment Statement

At Esmond Service Centre, protecting your personal data is a core priority. We are fully committed to safeguarding your privacy and ensuring transparency about how your information is collected, used, and protected. Here are our core privacy principles:

• Your data is secure with us — we maintain robust measures to protect it.

• We never sell your personal information.

• We only use your data to serve you better and enhance your experience.

• You have control over your personal data and privacy preferences.

• Your trust is paramount to us, and we strive to earn it every day through our actions.

Detailed Cookie Policy and Consent Banner

Currently, our website uses only limited tracking technologies. In particular, we use Google Analytics for site analytics, and aside from necessary functional cookies, we do not employ other analytics or advertising cookies at this time. We are working on implementing a more detailed cookie management approach (including a consent banner) to give you clear choices. When we introduce any new cookies or tracking tools, we will provide:

• A clear and detailed Cookie Policy outlining the types of cookies we use (e.g., Necessary, Analytics, Marketing).

• Granular control through a consent banner, allowing you to explicitly select which categories of cookies you consent to.

• Information about specific third-party tools used (such as Google Analytics) and detailed instructions on how to opt out of these cookies.

This approach ensures compliance with global privacy standards, including regulations such as the EU GDPR, and demonstrates our ongoing commitment to transparency and user control regarding cookies.

Privacy in Our Premises (CCTV and In-Store Privacy Notices)

To enhance security and protect both our customers and staff, Esmond Service Centre premises utilize CCTV cameras. Visitors to our service centre may be recorded by these CCTV systems solely for security monitoring and incident review purposes. All footage is managed in strict accordance with Singapore’s PDPA. CCTV recordings:

• Are securely stored and accessed only by authorized personnel.

• Are typically retained for no longer than 30 days, unless required for investigation of incidents or to comply with legal requirements.

• Are not used for any purpose other than maintaining security and safety at our premises.

Additionally, if we offer Wi-Fi access to visitors or require sign-ins via digital or physical logs (such as SafeEntry or similar platforms when mandated), all collected data is securely handled and used only for its intended purpose (e.g., contact tracing, safety compliance) in line with PDPA guidelines.

Rest assured, your privacy and security remain our top priorities even when you visit us in person.

Third-Party Policy References

For your convenience and knowledge, here are some key third-party services we currently use, along with links to their respective privacy policies:

• Brevo (Sendinblue): Privacy Policy – (Email marketing service used for our newsletters and promotional emails.)

• WhatsApp (provided by Meta): Privacy Policy – (Communication platform we may use to message you regarding services or promotions.)

• Google Services (including Google Analytics): Privacy Policy – (Analytics and other services from Google that we use on our website.)

(We regularly review and update this list as necessary to maintain transparency about our third-party relationships. Please note, while we trust these providers, we do not control their privacy practices and thus encourage you to review their policies. Esmond Service Centre is not responsible for the content of those external privacy policies.)

Thank you for taking the time to read our Privacy Policy. We strive to uphold the highest standards of privacy and trust. By being transparent about our practices, we hope you feel confident in dealing with Esmond Service Centre. Should you have any questions or concerns about how we handle your personal data, please reach out to our DPO or team – we are here to help and address any inquiries you may have.