Privacy Policy

Who we are

Our website address is: http://incognito.com.sg.

Effective date: 20 September 2025

1. Introduction

Incognito (“we”, “us”, “our”) operates the e-commerce website at www.incognito.com.sg (the “Site”) and sells the Incognito Brand range of insect repellent products. This Privacy Policy describes how we collect, use, disclose and protect personal data when you visit or make purchases on the Site, sign up for marketing, contact us, or otherwise interact with us.

This Policy is designed to meet the requirements of Singapore’s Personal Data Protection Act (PDPA) and to address privacy expectations for customers in jurisdictions such as the European Union (GDPR) and California (CCPA/CPRA), where applicable. If you are located in a different jurisdiction, additional rights or obligations may apply.

2. Controller / Contact Information

Data Controller: Incognito (registered in Singapore).
Address: [insert company address in Singapore].
Data Protection Officer / Privacy Contact: [name / email / phone].

3. Scope — When this Policy applies

This Policy applies to personal data collected through the Site (www.incognito.com.sg), by phone, email, or other channels when you interact with us as a customer, prospect or supplier. It does not apply to anonymized or aggregated data that cannot reasonably be linked back to an individual.

4. Personal data we collect

We collect the categories of personal data needed to provide our services and for legitimate business purposes, including:

  • Identity & contact: name, email, delivery and billing addresses, telephone number.
  • Account & transaction: order history, payment details (only as permitted by payment provider; we do not store full card numbers unless you explicitly opt into a secure tokenisation feature), receipts, invoices.
  • Technical & usage: IP address, device type, browser, cookie identifiers, pages viewed, purchase behavior, conversion data.
  • Marketing preferences: subscription status, communication preferences.
  • Support information: messages you send via contact forms, customer service chats.
  • Optional: photos or reviews you submit, or data you voluntarily provide (e.g., social handle when you sign in via social login).

We may also collect limited business-contact information for B2B interactions (job title, company email, business telephone). We do not knowingly collect children’s personal data for marketing purposes; if we learn we have collected personal data from a child without parental consent we will delete it unless retention is permitted by law.

5. Legal bases and PDPA obligations

Under the PDPA, our processing of personal data is governed by obligations including consent, purpose limitation, notification, access/correction, accuracy, protection, retention limitation and accountability. We will:

  • collect, use or disclose personal data only where we have a valid legal basis (e.g., consent, to perform the contract for the sale, for fraud prevention, or as required by law),
  • notify you of the purposes for collection, and
  • retain and protect personal data in accordance with the PDPA.

If you are an EU resident, some processing may also rely on GDPR lawful bases (consent, performance of contract, legal obligation, legitimate interests) and you may have the rights described below. If you are a California resident, certain additional rights under the CCPA/CPRA may apply (see Section 10).

6. Purposes of collection, use and disclosure

We collect and use personal data for the following primary purposes:

  • To process and fulfill orders, deliveries and returns; payment processing and fraud prevention.
  • To create and manage your account, provide customer service and respond to requests.
  • To send transactional communications (order confirmations, shipping notices).
  • To send marketing communications where you consent or where permitted by law; to personalise offers and product recommendations.
  • To comply with legal obligations (tax, regulatory requests, law enforcement) and to protect our legal rights.
  • To operate, secure and improve the Site (analytics, debugging), and to detect and prevent abuse or malicious activity.
  • For internal business purposes such as record-keeping, accounting and dispute resolution.

We will not use your personal data for new purposes without notifying you and, where required by law, obtaining consent.

7. Cookies and tracking technologies

We use cookies, web beacons and similar technologies to operate the Site, analyse usage, and serve relevant ads and marketing. At first visit you will be offered a cookie banner where you can manage preferences. You may disable non-essential cookies via the cookie settings, but that could affect website functionality or your shopping experience.

Third-party analytics and advertising partners (e.g., Google Analytics, advertising networks) may set cookies and collect information about your browsing across sites to provide interest-based advertising — their use is governed by their own privacy policies.

8. Sharing with third parties and processors

We may disclose personal data to third parties for the purposes above, including:

  • Payment service providers and gateways; shipping and logistics partners.
  • Cloud hosting providers and email/CRM/marketing platforms.
  • Analytics providers and fraud-prevention services.
  • Professional advisors, auditors, and law enforcement where legally required.

We use written contracts (Data Processing Agreements) to require vendors to protect personal data and to process data only on our instructions. For international transfers, we use appropriate safeguards consistent with legal requirements (e.g., contractual protections or relying on adequacy decisions where applicable). Under the PDPA transfer limitation obligation we will ensure overseas transfers remain adequately protected.

9. International transfers

Because we use global cloud providers and vendors, personal data may be stored or processed outside Singapore. We will ensure such transfers comply with PDPA obligations — using contractual safeguards or ensuring the recipient is subject to a law or binding instrument providing comparable protection — and we will notify you of transfer destinations where required.

If you are an EU resident, we will comply with GDPR transfer rules (adequacy, standard contractual clauses, or other permitted mechanisms). If you are in California, your rights described below apply regardless of where data is processed.

10. Your rights and how to exercise them

Singapore (PDPA)

You have the right to request access to and correction of personal data we hold about you, and to withdraw consent where processing is based on consent (subject to legal or contractual restrictions). To submit a PDPA request (access, correction, withdrawal), contact our DPO at [DPO email]. We will respond within a reasonable timeframe and in accordance with PDPA procedures.

EU (GDPR) — where applicable

You may have the right to access, rectify, erase, restrict processing, object to processing, request portability, and lodge a complaint with a supervisory authority. Requests from EU residents will be processed in accordance with GDPR.

California (CCPA/CPRA) — where applicable

If you are a California resident, you may request disclosure of categories of personal information collected, categories of sources, the purpose, categories of third parties, and the specific pieces of personal information we hold. You may request deletion of personal information and opt out of sale/sharing as defined by law. We will verify requests and respond consistent with California law.

To exercise any rights: email [DPO email] or use the online request form at [link]. We may need to verify your identity and the request may be subject to exemptions permitted by law.

11. Data retention

We retain personal data only as long as necessary for the purposes described (for example, transaction records for tax/GST and warranty support, marketing until unsubscribed) and to meet legal, accounting or regulatory obligations. When personal data is no longer necessary we will securely delete or anonymise it.

12. Security

We implement reasonable and appropriate technical and organisational measures to protect your data against unauthorised access, disclosure, alteration and loss. These include encryption of data in transit (TLS/HTTPS), strong access controls internally, secure storage, and regular security reviews. However, no internet transmission is 100% secure; we cannot guarantee absolute security of data.

13. Disclaimer & Limitation of Liability

To the maximum extent permitted by law:

  • We are not liable for indirect or consequential losses arising from your access to or use of the Site (including loss of profits, data, business or goodwill).
  • We do not warrant that the Site will be completely error-free, uninterrupted, or totally free from viruses, malware or hacking.
  • If you link to third-party websites from our Site, we are not responsible for the privacy or content practices of those external sites.
  • Our liability for any claim arising out of or in connection with misuse of personal data is limited to the remedies mandated by applicable law; any other damages to the maximum extent permitted by applicable law are excluded or limited.

14. Changes to this Policy

We may update this Privacy Policy from time to time (for example, due to regulatory changes, new services, or improvements). When we do, we will post the updated version on this Site at www.incognito.com.sg/privacy-policy (or similar) and indicate the effective date. If changes materially affect how we process your personal data, we will provide additional notice (e.g. via email or prominent banner).

15. Miscellaneous

This Policy is governed by the laws of Singapore. Any dispute arising under this Policy or in connection with our Site or with personal data will be subject to the jurisdiction of the courts of Singapore, except where otherwise required by local law in jurisdictions of our customers.

If any provision of this Policy is found to be invalid or unenforceable under applicable law, that provision will be severed and the rest of the Policy remains in effect.