Privacy Policy for Haven & Bloom Wellness Studio

Effective Date: 6 May 2026

1. Introduction and Company Information

This Privacy Policy explains how Haven & Bloom Wellness Studio (“we”, “us”, “our”) collects, uses, discloses, stores, and protects personal data in connection with our wellness-studio services, website, bookings, communications, and related operations in Singapore.

We are committed to handling personal data in accordance with the Personal Data Protection Act 2012 of Singapore (“PDPA”) and other applicable laws and regulations.

Data Controller / Organisation: Haven & Bloom Wellness Studio
Address: Haven & Bloom Wellness Studio, 78 Tanjong Pagar Road, #03-14, Singapore 088499
Email: [email protected]
Phone: +65 6734 8291

2. Data Collection and Processing

We may collect and process personal data directly from you, automatically through our website or digital tools, and from third parties where permitted by law. Depending on your interactions with us, the personal data we collect may include:

• Identification details such as your name, gender, date of birth, and NRIC/FIN only where necessary and lawful;
• Contact details such as email address, mobile number, billing address, and emergency contact information;
• Appointment and service information such as booking history, class attendance, treatment preferences, and wellness goals;
• Health and wellness information that you voluntarily provide and that is relevant to our services, including allergies, injuries, contraindications, pregnancy status, medical conditions, and other information necessary to safely provide wellness services;
• Payment and transaction information such as payment method, transaction records, and invoice details;
• Communication records such as enquiries, feedback, complaints, and correspondence with us;
• Technical data such as IP address, browser type, device identifiers, and website usage information collected through cookies or similar technologies;
• Marketing preferences and consent records.

Where we collect health-related information, we do so only to the extent necessary for the safe and appropriate provision of our wellness-studio services and in accordance with applicable law.

3. Purpose of Data Processing

We process personal data for the following purposes:

• To provide wellness-studio services, including consultations, classes, treatments, and related customer support;
• To manage bookings, appointments, memberships, packages, and attendance;
• To assess suitability for services and to help ensure safety, including identifying contraindications or special requirements;
• To communicate with you regarding enquiries, confirmations, reminders, service updates, and administrative matters;
• To process payments, refunds, invoices, and other financial transactions;
• To maintain internal records, business administration, and service quality;
• To send marketing communications, promotions, and wellness updates where permitted by law and, where required, with your consent;
• To improve our services, website, customer experience, and operational efficiency;
• To comply with legal, regulatory, accounting, tax, and reporting obligations;
• To detect, prevent, and investigate fraud, misuse, security incidents, or other unlawful activity;
• To establish, exercise, or defend legal claims.

4. Legal Basis for Processing

We process personal data on one or more of the following bases, as permitted under the PDPA and applicable law:

• Consent: where you have given consent for a specific purpose, including marketing communications and the collection/use of certain wellness-related information where required;
• Contractual necessity: where processing is necessary to provide services you have requested or to take steps at your request before entering into a contract;
• Legitimate interests: where processing is necessary for our legitimate business interests, provided such interests are not overridden by your rights and interests, including service administration, security, fraud prevention, and business improvement;
• Legal obligation: where processing is necessary to comply with applicable laws, regulations, court orders, or lawful requests from authorities;
• Vital interests or safety: where processing is necessary to protect your health or safety or that of others, particularly in the context of wellness services.

5. Data Sharing and Third Parties

We may disclose personal data to third parties only where necessary and lawful, including:

• Service providers assisting with booking systems, payment processing, cloud hosting, email delivery, customer relationship management, analytics, and IT support;
• Professional advisers such as lawyers, auditors, accountants, and insurers;
• Government authorities, regulators, law enforcement agencies, or courts where required by law or to protect legal rights;
• Third parties involved in a corporate transaction such as a merger, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality and legal safeguards;
• Any other third party with your consent or at your direction.

We require third-party service providers to protect personal data and to use it only for the purposes for which it was disclosed.

6. Data Transfer to Third Countries

Some of our service providers or systems may be located outside Singapore. Where personal data is transferred outside Singapore, we will take reasonable steps to ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection comparable to that under the PDPA, including through contractual safeguards, data protection clauses, or other lawful transfer mechanisms.

By using our services, you acknowledge that cross-border transfers may occur where necessary for the operation of our business and service providers.

7. Storage Duration

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by law. The retention period depends on the type of data and the purpose of processing.

• Booking, service, and transaction records are generally retained for as long as needed for business, accounting, tax, and legal purposes;
• Health or wellness information is retained only for as long as necessary to provide services safely and to manage any follow-up, disputes, or legal obligations;
• Marketing data is retained until you withdraw consent, unsubscribe, or object where applicable;
• When personal data is no longer required, we will delete, anonymise, or securely destroy it in accordance with our retention practices and legal obligations.

8. User Rights

Subject to the PDPA and applicable exceptions, you may have the following rights in relation to your personal data:

• Access: to request access to the personal data we hold about you and information about how it has been used or disclosed;
• Rectification: to request correction of inaccurate or incomplete personal data;
• Erasure: to request deletion of personal data in certain circumstances, subject to legal and operational retention requirements;
• Restriction: to request that we limit certain processing in specific situations;
• Data portability: where applicable and technically feasible, to request a copy of certain personal data in a structured format;
• Objection: to object to certain processing, including direct marketing where applicable.

To protect your privacy, we may need to verify your identity before responding to your request. We may also decline requests where permitted or required by law.

9. Withdrawal of Consent

Where we rely on your consent to process personal data, you may withdraw that consent at any time by contacting us using the details below. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

Please note that if you withdraw consent for certain data processing, we may be unable to provide some services or communications, particularly where the data is necessary for safety, administration, or legal compliance.

10. Right to Complain

If you have concerns about how we handle your personal data, you may contact us first so that we can address your concern promptly. You also have the right to lodge a complaint with the Personal Data Protection Commission (“PDPC”) in Singapore if you believe your rights under the PDPA have been infringed.

We encourage you to contact us before escalating a complaint so that we may attempt to resolve the matter directly.

11. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. These measures may include:

• Access controls and role-based permissions;
• Encryption or secure transmission methods where appropriate;
• Secure storage and backup procedures;
• Staff confidentiality obligations and privacy training;
• Monitoring for security incidents and suspicious activity;
• Regular review of security practices and vendor safeguards.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

12. Contact Information

If you have any questions, requests, or concerns regarding this Privacy Policy or our handling of personal data, please contact:

Haven & Bloom Wellness Studio
78 Tanjong Pagar Road, #03-14, Singapore 088499
Email: [email protected]
Phone: +65 6734 8291

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any updated version will be posted on our website or otherwise made available to you, and the revised policy will take effect from the stated effective date unless otherwise indicated.

We encourage you to review this Privacy Policy periodically to stay informed about how Haven & Bloom Wellness Studio protects your personal data.