Facebook Instagram Tiktok

Privacy Policy

Last Updated: October 8, 2025

Yum Cha Restaurant (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website www.yumcha.com.sg (the “Website”), place orders through our online store, or use our services. This policy complies with the Personal Data Protection Act 2012 of Singapore (“PDPA”).

1. Information We Collect

1.1 Personal Information You Provide

Account Information (if you create an account):

  • Username and password
  • Name
  • Email address
  • Phone number
  • Account preferences

Order and Billing Information:

  • Full name
  • Billing address (street address, city, postal code)
  • Delivery address (if different from billing)
  • Email address
  • Phone number
  • Payment information (credit/debit card details, payment method)
  • Order history and transaction details
  • Special instructions or requests

Delivery Information:

  • Recipient name and contact number
  • Delivery address
  • Delivery time preferences
  • Building/unit details and access instructions

Reservation Information:

  • Name
  • Phone number
  • Email address
  • Date and time of reservation
  • Number of guests
  • Special requests or dietary requirements

Catering Inquiries:

  • Contact details (name, phone, email)
  • Event details
  • Delivery address
  • Payment information
  • Guest count and menu preferences

Communication Information:

  • Messages sent through our Website, email, WhatsApp, or phone
  • Customer service inquiries and support tickets
  • Feedback, reviews, or testimonials you provide

1.2 Information Automatically Collected

Technical Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Pages visited and time spent on pages
  • Referring website
  • Date and time of access
  • Shopping cart data
  • Click-through data

WooCommerce and E-commerce Data:

  • Products viewed and added to cart
  • Abandoned cart information
  • Purchase history and order patterns
  • Wishlist items (if applicable)
  • Product reviews and ratings
Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your experience. See Section 6 for more details.

1.3 Information from Third Parties

Payment Processors: We receive transaction confirmation and payment status from payment gateways (e.g., Stripe, PayPal, or other processors we use)

Delivery Partners: If we use third-party delivery services, we may receive delivery status updates and tracking information

Social Media: If you interact with us on social media or use social login features, we may receive information from those platforms

2. How We Use Your Information

We use your personal information for the following purposes:

Order Processing and Fulfilment:

  • Processing and confirming your orders
  • Arranging delivery or pickup
  • Processing payments and issuing receipts/invoices
  • Managing returns, refunds, or exchanges
  • Communicating order status and updates
  • Accommodating special requests and dietary requirements

Account Management:

  • Creating and managing your customer account
  • Remembering your preferences and order history
  • Providing faster checkout for returning customers
  • Managing your subscriptions or recurring orders (if applicable)

Service Delivery:

  • Processing and confirming reservations
  • Managing catering orders and events
  • Communicating with you about your bookings

Business Operations:

  • Improving our services and customer experience
  • Analysing website usage, sales trends, and customer behaviour
  • Managing inventory and supply chain
  • Maintaining and securing our Website and online store
  • Preventing fraud, detecting security issues, and ensuring transaction security
  • Customer service and support

Marketing and Communications:

  • Sending order confirmations and transactional emails
  • Sending promotional materials, newsletters, or special offers (with your consent)
  • Providing personalized product recommendations
  • Conducting surveys or feedback requests
  • Sharing updates about our menu, events, or services
  • Abandoned cart recovery emails
  • Loyalty program communications (if applicable)

Legal Compliance:

  • Complying with legal obligations (tax, accounting, regulatory)
  • Responding to legal requests or government inquiries
  • Enforcing our Terms of Service
  • Protecting our rights and property
  • Resolving disputes

3. Legal Basis for Processing (PDPA Compliance)

Under the PDPA, we process your personal data based on:
  • Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications)
  • Contract: Processing is necessary for performing our contract with you (e.g., fulfilling orders, processing payments)
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention and improving our services, provided these do not override your rights
  • Legal Obligation: Processing is required to comply with Singapore law (e.g., tax records, consumer protection)

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

4.1 Service Providers

Essential Service Providers:

  • Payment Processors: To process your payments securely (e.g., Stripe, PayPal, credit card processors)
  • Delivery Services: To fulfil delivery orders (e.g., Grab, Foodpanda, or in-house delivery partners)
  • Website Hosting: To host and maintain our WooCommerce website
  • Cloud Storage: To securely store data and backups
  • Email Service Providers: To send order confirmations and communications
  • SMS Providers: To send delivery updates and notifications

Analytics and Marketing:

  • Analytics Tools: Google Analytics or similar services to understand website usage
  • Marketing Platforms: Email marketing services (e.g., Mailchimp) for newsletters and promotions
  • Advertising Networks: For retargeting and advertising (with your consent)

Business Tools:

  • Customer Support: Help desk or chat support platforms
  • Accounting Software: For invoicing and financial records
  • Inventory Management: To manage stock and orders
These service providers are contractually obligated to protect your information and use it only for the services they provide to us.

4.2 Payment Security

Payment card information is collected and processed by our PCI-DSS compliant payment processors. We do not store complete credit card numbers on our servers. Only tokenized or encrypted payment information is retained for authorized transactions.

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or to protect our rights, property, or safety, or that of others.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit permission to do so.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods:

  • Order data: Retained for up to 7 years for tax and accounting purposes as required by Singapore law
  • Customer accounts: Retained until you close your account or request deletion, plus any legally required retention period
  • Payment information: Tokenized payment data retained for 1 year for refund/dispute purposes
  • Delivery information: Retained with order records for up to 2 years
  • Reservation data: Retained for up to 2 years after your last visit
  • Catering orders: Retained for up to 3 years for business and tax purposes
  • Marketing communications: Until you unsubscribe or withdraw consent
  • Website analytics: Typically aggregated and anonymized after 24 months
  • Abandoned carts: Deleted after 90 days of inactivity
After the retention period, we will securely delete or anonymize your personal information.

6. Cookies and Tracking Technologies

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Website. They help us recognize you and remember your preferences.

6.2 Types of Cookies We Use

Strictly Necessary Cookies:

  • Session management and user authentication
  • Shopping cart functionality
  • Security and fraud prevention
  • CSRF protection tokens

WooCommerce Specific Cookies:

  • woocommerce_cart_hash - Helps WooCommerce determine when cart data changes
  • woocommerce_items_in_cart - Helps WooCommerce track cart contents
  • wp_woocommerce_session_ - Contains a unique code for each customer's session
  • woocommerce_recently_viewed - Powers the recent products widget
  • User login and account session cookies

Performance Cookies:

  • Website analytics (Google Analytics)
  • Page load performance monitoring
  • Error tracking and debugging

Functional Cookies:

  • Language preferences
  • Currency selection
  • User preferences and settings
  • Remembering billing/shipping information (if enabled)

Marketing Cookies:

  • Retargeting and remarketing campaigns
  • Social media integration
  • Conversion tracking
  • Abandoned cart tracking (with consent)

6.3 Third-Party Cookies

Our website may use third-party cookies from:
  • Google Analytics (website analytics)
  • Facebook Pixel (advertising and analytics)
  • Payment processors (secure transaction processing)
  • Social media platforms (sharing and integration)

6.4 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect your ability to:
  • Add items to your shopping cart
  • Complete purchases
  • Stay logged into your account
  • Access certain features of our Website
To opt-out of marketing cookies specifically, you can adjust your preferences through our cookie consent banner.

7. Your Rights Under PDPA

Under Singapore’s Personal Data Protection Act, you have the following rights:

7.1 Right to Access

You can request a copy of the personal information we hold about you, including your order history and account data.

7.2 Right to Correction

You can request that we correct any inaccurate or incomplete personal information. You can also update most information directly in your account settings.

7.3 Right to Withdraw Consent

You can withdraw your consent for us to process your personal information for marketing purposes at any time. Note that withdrawal of consent may affect our ability to provide certain services.

7.4 Right to Data Portability

You can request that we provide your personal information in a commonly used, machine-readable format.

7.5 Right to Deletion

You can request deletion of your personal information, subject to our legal obligations to retain certain data (e.g., tax records).

7.6 Right to Object

You can object to our processing of your personal information in certain circumstances, such as marketing purposes.

To exercise any of these rights:

  • Log into your account and use the data management tools
  • Contact us using the information in Section 14
  • For account deletion, email our Data Protection Officer
We will respond to your request within 30 days as required by PDPA.

8. WooCommerce Data Processing

8.1 Order Processing

When you place an order, we process your personal and payment information to complete the transaction. This includes:
  • Verifying payment information
  • Preparing your order
  • Arranging delivery or notifying you for pickup
  • Sending order confirmation and updates

8.2 Checkout Process

During checkout, your information is encrypted using SSL/TLS technology. Payment card details are sent directly to our payment processor and are not stored on our servers (except in tokenized form for authorized future transactions).

8.3 Guest Checkout

If you check out as a guest, we collect only the information necessary to process your order. Your data is retained according to our retention policy but is not used to create a customer account unless you explicitly choose to do so.

8.4 Customer Accounts

If you create an account:
  • Your order history is saved for your convenience
  • You can track orders and view past purchases
  • Checkout is faster with saved addresses
  • You receive account-specific promotions (if you opt-in)
  • You can manage your preferences and subscriptions

9. Marketing Communications

9.1 Types of Marketing

With your consent, we may send you:
  • Promotional emails about special offers and new menu items
  • Newsletters and updates
  • Personalized product recommendations based on your order history
  • Abandoned cart reminders
  • Birthday or anniversary offers (if you provide this information)
  • Loyalty program updates

9.2 Opting Out

You can opt-out at any time by:
  • Clicking the "unsubscribe" link in our marketing emails
  • Adjusting your email preferences in your account settings
  • Contacting us directly
  • Replying "STOP" to SMS marketing messages
Even if you opt-out of marketing, we will still send:
  • Order confirmations and receipts
  • Delivery updates and notifications
  • Account-related communications
  • Customer service responses
  • Legal or security notices

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Technical Measures:

  • SSL/TLS encryption for all data transmission
  • Secure servers with firewalls
  • PCI-DSS compliant payment processing
  • Regular security updates and patches
  • Encrypted database storage
  • Secure password hashing
  • Two-factor authentication (where available)

Organizational Measures:

  • Access controls and authentication
  • Employee training on data protection
  • Regular security audits and assessments
  • Data breach response procedures
  • Vendor security assessments
However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. We encourage you to use strong passwords and keep your login credentials confidential.

11. International Data Transfers

Your personal information is primarily stored and processed in Singapore. However, some of our service providers may process data outside Singapore (e.g., cloud hosting services, payment processors, email services).

When we transfer data internationally, we ensure:

  • Adequate data protection safeguards are in place
  • Compliance with PDPA requirements
  • Service providers are contractually bound to protect your data
  • Data transfer mechanisms comply with Singapore law

12. Children's Privacy

Our Website and services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

13. Third-Party Links and Services

Our Website may contain links to third-party websites, social media platforms, or services that are not operated by us. This includes:
  • Payment processor websites
  • Social media platforms
  • Review sites
  • Partner businesses
We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Yum Cha Restaurant
Data Protection Officer
20 Trengganu Street (Off Temple Street) #02-01 Singapore 058479

For data protection inquiries specifically:
DPO Email: dpo@yumcha.com.sg

For order-related inquiries:
Customer Service: enquiry@yumcha.com.sg

15. Data Breach Notification

In the unlikely event of a data breach that poses a significant risk to your rights and freedoms, we will:
  • Notify affected individuals within 72 hours of becoming aware of the breach
  • Notify the Personal Data Protection Commission (PDPC) as required by law
  • Take immediate steps to mitigate the breach
  • Provide guidance on protective measures you can take

16. Complaints

If you believe we have not handled your personal information in accordance with the PDPA, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore:

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
  • Posting the updated policy on our Website with a new "Last Updated" date
  • Displaying a prominent notice on our Website
  • Sending you an email notification (if we have your email address)
  • Requesting your consent for significant changes that affect your rights
Your continued use of our Website after any changes indicates your acceptance of the updated Privacy Policy.

18. Language

This Privacy Policy is written in English. In the event of any inconsistency between the English version and any translation, the English version shall prevail.

Consent:

By using our Website, creating an account, or placing an order, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with this policy, please do not use our Website or provide us with your personal information.

During checkout and account creation, you will be asked to provide explicit consent for:

  • Processing your personal data for order fulfillment
  • Receiving marketing communications (optional)
  • Cookie usage beyond strictly necessary cookies (optional)
You can withdraw your consent at any time by contacting us or adjusting your account settings.