Privacy Policy

This privacy policy sets out how Jenny Bakery Singapore (“we”, “our”, or “us”) uses and protects any information that you give us while using this website (jennybakery.sg). We are committed to complying with the Personal Data Protection Act 2012 (“PDPA”) of Singapore and ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement and the PDPA. Jenny Bakery Singapore may change this policy from time to time by updating this page. Where material changes are made, we will take reasonable steps to notify you (e.g. via email or a notice on our website). You should check this page from time to time to ensure that you are happy with any changes.

Governing Law

This policy is governed by and compliant with the Personal Data Protection Act 2012 (PDPA) of Singapore, including the Personal Data Protection (Amendment) Act 2020 which came into effect on 1 February 2021. The PDPA is administered and enforced by the Personal Data Protection Commission (PDPC).

What We Collect

We collect the following personal data from you during online ordering and account registration:

  • Name
  • Mobile number
  • Email address
  • Delivery contact information (recipient name, address, contact number)
  • Billing address (if different from delivery)
  • Order history and transaction records
  • Payment reference numbers (we do not store full credit card details)

Purpose of Collection, Use and Disclosure

We collect, use and disclose your personal data for the following purposes:

  • Processing and fulfilling your orders, including delivery to your shipping address
  • Generating invoice and transaction records
  • Communicating with you regarding order status, delivery updates, and customer service enquiries
  • Sending promotional emails about new products, special offers, or other information which we think you may find interesting (only with your consent)
  • Complying with applicable laws, regulations, and legal processes
  • Improving our website, products, and customer service

Consent

By placing an order or creating an account on our website, you consent to the collection, use and disclosure of your personal data as described in this policy.

For marketing communications, we will seek your explicit consent (opt-in) before sending promotional emails. You may unsubscribe at any time by using the unsubscribe link in any marketing email or by contacting us.

You may withdraw your consent at any time by contacting our Data Protection Officer. Please note that withdrawing consent may affect our ability to process your orders or provide certain services. We will inform you of the likely consequences of withdrawing consent upon your request.

Disclosure to Third Parties

We do not sell, rent or distribute your personal data to any third parties.

Your personal data may only be disclosed to the following parties, strictly for the purposes stated:

  • Logistics/delivery companies – when Jenny Bakery Singapore cannot fulfil delivery internally, your delivery information (name, address, contact number) will be shared with our logistics partner solely for the purpose of delivering your order.
  • HitPay Payment Gateway – your payment is processed through HitPay, a payment gateway regulated by the Monetary Authority of Singapore (MAS). We do not receive or store your full credit card details.

No personal data is exported to or stored on any third-party cloud services. All customer data is maintained on our own systems and our hosting provider’s infrastructure.

Data Retention and Deletion

In accordance with the Retention Limitation Obligation under the PDPA, we will not retain your personal data longer than is necessary for the purposes for which it was collected, or for legal and business requirements.

Our data retention practices:

  • Order records: We periodically delete completed order records from our WooCommerce system once they are no longer needed for operational, accounting, or legal purposes.
  • Customer accounts: Account data is retained while your account remains active. Upon request for deletion, we will remove your personal data within 30 days, subject to any overriding legal or business requirements.
  • Marketing data: If you withdraw consent for marketing, your contact details will be removed from our marketing list promptly.

When personal data is no longer required, it will be securely deleted or anonymised so that it can no longer be associated with you.

Accuracy of Personal Data

We take reasonable steps to ensure that the personal data we collect is accurate and complete. If you believe that any information we hold about you is incorrect or incomplete, please contact us as soon as possible and we will promptly correct any errors.

Protection of Personal Data

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

Our security measures include:

  • SSL/TLS encryption for data transmitted through our website
  • Restricted access to personal data on a need-to-know basis
  • Hosting infrastructure with appropriate security safeguards
  • No storage of personal data on third-party cloud services

During payment processing, you will be directed to the external “HitPay Payment Gateway“. They are regulated by Singapore MAS.

Data Breach Notification

In the event of a data breach that is likely to result in significant harm to you, or that affects 500 or more individuals, we will:

  • Notify the Personal Data Protection Commission (PDPC) as soon as practicable, and no later than 3 calendar days after determining that the breach is notifiable
  • Notify affected individuals as soon as practicable
  • Take immediate steps to contain the breach and mitigate any potential harm

How We Use Cookies

Jenny Bakery Singapore does not purposely build or use any cookies to track you or your shopping behaviour.

Any cookies being utilised are used by the WooCommerce ordering system to manage the ordering process. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Do Not Call (DNC) Registry

We comply with Singapore’s Do Not Call (DNC) Registry provisions under the PDPA. We will not send marketing messages to Singapore telephone numbers registered with the DNC Registry unless we have obtained your clear and unambiguous consent to do so.

Transfer of Personal Data Outside Singapore

We do not transfer your personal data outside of Singapore. All personal data is processed and stored within Singapore. In the event that a transfer outside Singapore becomes necessary in the future, we will ensure that the recipient provides a standard of protection comparable to the PDPA, in accordance with the Transfer Limitation Obligation.

Links to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Your Rights Under the PDPA

Under the PDPA, you have the following rights:

  • Right of Access – You may request access to your personal data that we hold, and information about how it has been used or disclosed within the past year. We will respond to your request as soon as reasonably possible.
  • Right of Correction – You may request that we correct any personal data that is inaccurate or incomplete. We will send the corrected data to any organisation to which we had disclosed the data within the past year, where applicable.
  • Right to Withdraw Consent – You may withdraw consent for us to collect, use or disclose your personal data at any time by giving reasonable notice. We will inform you of the likely consequences of withdrawal.
  • Right to Deletion – You may request that your personal data be deleted from our systems. Please email us at [email protected] to make this request.

We may charge a reasonable fee for processing access requests, as permitted under the PDPA.

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.

Data Protection Officer

In accordance with the Accountability Obligation under the PDPA, we have designated a Data Protection Officer (DPO) to oversee our compliance with the PDPA.

For any enquiries, requests for access or correction, withdrawal of consent, or complaints relating to your personal data, please contact:

Data Protection Officer
Jenny Bakery Singapore
Email: [email protected]

Updated: 19/Mar/2026