Privacy Policy

1. Introduction & Scope

Collect Fun Pte. Ltd. ("Collect Fun", "CollectFUN!", "we", "us", or "our") values your privacy. This Privacy Policy ("Policy") explains how we collect, use, disclose, and protect Personal Data when you access our websites, mobile apps, social media pages, communications, products and services (collectively, the "Services").

By using the Services, you acknowledge this Policy.

This Policy is designed to comply with Singapore's Personal Data Protection Act 2012 (No. 26 of 2012) and its regulations ("PDPA"). Where we process Personal Data of individuals outside Singapore, we will comply with local laws as required.

2. Key Definitions

• Personal Data: Data, whether true or not, about an individual who can be identified from that data or from that data and other information to which we have or are likely to have access (PDPA).
• Process/Processing: Any operation on Personal Data, including collection, recording, use, disclosure, storage, deletion, etc.
• Business Partners/Service Providers: Third parties engaged by us to support our operations (e.g., payment, hosting, analytics, logistics, KYC/AML).

3. What We Collect

We collect Personal Data from you, your devices, and third parties (e.g., identity verification partners, payment processors, anti-fraud vendors), including:

3.1 Identification & Contact

Name, alias/handle, postal address, email, telephone, date of birth, country of residence, account IDs, in-app profile data.

3.2 Account, Usage & Interaction Data

Login identifiers, device and browser data, IP address, app telemetry, interaction logs, pages viewed, session replay or chat transcripts (for quality control, security, and support), preferences, likes/saves, wishlist, referral data.

3.3 Transaction & Financial Data

Purchase history, order details, payment instrument token or last 4 digits (if applicable), billing/shipping details. (We do not store full card numbers; payment processing is handled by PCI-compliant providers.)

3.4 Verification & Compliance Data

Government-issued identifiers (e.g., NRIC (masked where feasible), passport number), KYC/AML information, sanctions screening results, proofs of address/identity, and fraud/risk signals. We minimise and do not retain copies longer than necessary for verification and legal obligations.

3.5 User-Generated Content

Listings, images, videos, reviews, messages, and community interactions.

3.6 Marketing & Communications

Marketing preferences, survey responses, contest entries, and engagement metrics (open/click rates).

3.7 Location & Cookies/Similar Technologies

Approximate location from IP; cookies, SDKs, pixels and similar tools for essential functions, analytics, personalisation, and (where permitted) advertising. See Section 10 (Cookies & Similar Technologies).

4. How We Use Personal Data (Purposes)

We Process Personal Data for the following purposes permitted by PDPA (including Consent, Deemed Consent, Legitimate Interests, Business Improvement, Research, and Legal Obligations):

1. Provide & Operate Services: Account creation, authentication, profile management, order processing, delivery, returns, dispute management, and customer support.
2. Personalisation: Recommend items, closets, content, promotions, and features based on your activity and preferences.
3. Safety, Security & Integrity: Fraud monitoring, abuse detection, trust & safety, KYC/AML screening, chargeback and risk controls, and platform governance.
4. Payments & Accounting: Payments, refunds, receipts, reconciliation, financial reporting, audits, and compliance.
5. Communications: Service notices, transactional updates, policy changes, surveys; marketing where permitted (see Section 7).
6. Analytics & Service Improvement: Measure performance, debug, research & development, test new features, and create aggregated/anonymised insights.
7. Legal & Regulatory: Comply with laws, assist law enforcement, enforce agreements, and manage claims.
8. Corporate Transactions: Support mergers, acquisitions, financing, or transfer of assets, subject to safeguarding measures.
9. With Consent: Any other purpose with your express consent.

We do not sell Personal Data for monetary consideration.

5. Disclosure of Personal Data

We may disclose Personal Data to:

• Service Providers: Hosting (cloud), security, analytics, payment, KYC/AML, logistics, messaging, customer support, marketing operations—bound by confidentiality and data protection obligations, used only for instructed purposes.
• Business Partners & Integrations: Where you engage optional features (e.g., social login, promotions, co-marketing), we disclose limited data necessary for that feature.
• Corporate Affiliates: For operational support consistent with this Policy.
• Legal/Regulatory & Safety: Courts, law enforcement, regulators, and counterparties where required by law or necessary to protect rights, safety, and property.
• Corporate Transactions: Prospective or actual acquirers/assignees, subject to confidentiality and continued protection.

6. Cross-Border Transfers

Our systems and providers may be located outside Singapore. When transferring Personal Data overseas, we ensure it is protected to a standard comparable to the PDPA (e.g., contractual clauses, due diligence, and technical/organisational measures). By using the Services, you authorise such transfers for the purposes stated.

7. Marketing, Promotions & the DNC Registry

• Email/SMS/Push marketing is sent with your consent or if otherwise permitted by PDPA. You may opt-out at any time via in-message unsubscribe links or by contacting us.
• For Singapore telephone numbers, we comply with the Do Not Call (DNC) Registry requirements and will screen numbers unless an exception applies or you have given clear and unambiguous consent.
• Opting out of marketing does not affect transactional/service communications.

8. Your Rights & Choices

Subject to PDPA and applicable exceptions, you may:

• Access Personal Data we hold about you and learn how it has been used or disclosed in the past year.
• Correct inaccurate Personal Data.
• Withdraw Consent: For non-essential Processing; we will inform you of likely consequences (e.g., we may be unable to provide certain features).
• Data Portability (if implemented by law/regulation): Where applicable.

Requests can be made to [email protected]. We will respond generally within 30 calendar days or inform you of a reasonable timeframe. A reasonable administrative fee may apply for access requests as permitted by PDPA.

9. Retention

We retain Personal Data only for as long as necessary to fulfil the purposes in this Policy and meet legal, regulatory, tax, and accounting requirements. After retention periods lapse, we will anonymise or securely delete the data.

10. Cookies & Similar Technologies

We use:

• Necessary cookies/SDKs for core functions (login, security, transactions).
• Functional tools to remember preferences.
• Performance/Analytics to understand usage and improve Services.
• Advertising/Personalisation (where permitted) to measure and deliver relevant content.

You can manage cookies in your browser/app settings. Blocking certain cookies may impact functionality. Where required, we will present consent controls.

11. Protection & Security

We implement reasonable administrative, technical, and physical safeguards aligned with industry practices (e.g., encryption in transit and at rest where appropriate, access controls, monitoring, secure development practices). However, no method of transmission or storage is fully secure; you use the Services at your own risk. If you suspect unauthorised use of your account, please contact us immediately.

12. Data Breach Notification

Where a data breach results in, or is likely to result in, significant harm to affected individuals, or involves 500 or more individuals, we will notify the PDPC as soon as practicable and notify affected individuals as required by the PDPA. We maintain incident response procedures to investigate and mitigate such events.

13. Children's Privacy

Our Services are not intended for children under 13. We do not knowingly collect Personal Data from children under 13 without verifiable parental consent. If you believe a child has provided Personal Data, contact [email protected] and we will delete it in accordance with law. Certain areas or activities may be restricted to users 18 or older.

14. Third-Party Sites & Services

Our Services may link to third-party sites or offer integrations (including social media). We are not responsible for third-party privacy practices. Review the privacy policies of those sites before providing Personal Data.

15. Automated Decision-Making & Profiling

We may use automated systems (e.g., fraud scoring, recommendations) to enhance safety and personalisation. We maintain oversight and safeguards. You may contact us to learn more about the logic involved, subject to legal limits and protection of our trade secrets and security controls.

16. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified via our website/app and, where required, we will seek consent or provide opt-out options. Your continued use of the Services indicates acceptance of the updated Policy.

17. Contact Us (DPO)

18. Governing Law

This Policy is governed by the laws of Singapore.

Last Updated: 28 October 2025