1. Our Commitment
RestoSuite Private Limited is committed to handling personal data responsibly and in compliance with applicable data protection legislation. As a software provider serving F&B businesses across Southeast Asia, we recognise the importance of protecting the personal data of our customers, their staff, and their end consumers.
We strive to comply with:
- Singapore Personal Data Protection Act 2012 (PDPA) — the primary personal data protection legislation in Singapore, administered by the Personal Data Protection Commission (PDPC).
- Malaysia Personal Data Protection Act 2010 (PDPA 2010) — the legislation governing commercial data processing in Malaysia, administered by the Department of Personal Data Protection (JPDP).
This page outlines our approach to data protection compliance and how you can exercise your rights. For full details on how we collect and use personal data, please refer to our Privacy Policy.
2. Singapore PDPA Compliance
Singapore's PDPA 2012 establishes a baseline standard for the protection of personal data in Singapore. The following describes how RestoSuite endeavours to meet these obligations.
Data Protection Officer (DPO)
We have designated a Data Protection Officer (DPO) responsible for overseeing our PDPA compliance programme. Our DPO can be reached at:
Subject line: Data Protection Enquiry
Purpose Limitation (Collection & Notification)
We aim to collect personal data only for purposes that are clearly identified and communicated at or before the time of collection. We strive to ensure that individuals understand what data is collected and how it will be used before providing their information to us.
Data Accuracy
We endeavour to maintain the accuracy of personal data we hold and rely on. If you believe the data we hold about you is inaccurate or incomplete, you are encouraged to contact us for a correction.
Data Protection Measures
We work to implement reasonable security arrangements to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. Our measures include SSL encryption, access controls, and secure data storage practices.
Access & Correction Rights
Under Singapore's PDPA, you have the right to:
- Request access to personal data we hold about you.
- Request corrections to inaccurate or incomplete personal data.
- Receive information about how your data has been used or disclosed in the previous 12 months.
How to Exercise Your Rights
To make an access or correction request, or to withdraw consent, please send a written request to our DPO at sales_sg@restosuite.ai. We will endeavour to respond within 30 days of receiving your request. In some cases, a longer timeframe may be required; we will notify you accordingly.
3. Malaysia PDPA 2010 Compliance
For customers and users in Malaysia, we strive to comply with the Personal Data Protection Act 2010 (PDPA 2010), which governs the processing of personal data in commercial transactions.
Applicability
Malaysia's PDPA 2010 applies to any person who processes, or authorises the processing of, any personal data in respect of commercial transactions. RestoSuite, as a SaaS provider serving Malaysian F&B businesses, endeavours to process personal data in a manner consistent with the Act.
Seven Data Protection Principles
Malaysia's PDPA 2010 is built around seven core principles that we strive to uphold:
- General Principle: Personal data shall not be processed unless the data subject has given consent, or processing is necessary for the purposes identified.
- Notice & Choice Principle: Data subjects must be informed of the purpose of data collection and given choices about how their data is used.
- Disclosure Principle: Personal data shall not be disclosed without the consent of the data subject except in limited circumstances.
- Security Principle: Practical steps shall be taken to protect personal data from misuse, loss, or unauthorised access.
- Retention Principle: Personal data shall not be kept longer than is necessary for the fulfilment of its purpose.
- Data Integrity Principle: Personal data shall be accurate, complete, not misleading, and kept up-to-date.
- Access Principle: Data subjects shall have the right to access and correct their personal data.
Complaint Channel
If you have concerns about how RestoSuite handles your personal data in relation to Malaysia's PDPA 2010, you may contact us at sales_sg@restosuite.ai. If you remain unsatisfied after contacting us, you may lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia at www.pdp.gov.my.
4. Data Protection Principles We Follow
The table below summarises the key data protection principles that RestoSuite endeavours to apply in its operations:
| Principle | What It Means | Our Approach |
|---|---|---|
| Lawful Collection | Personal data is collected with consent or a lawful basis. | We collect data with user consent or under a legitimate contractual basis, and notify users of the purposes at or before collection. |
| Purpose Limitation | Data is used only for the specific purposes identified. | We use data only for the purposes described in our Privacy Policy. We endeavour not to repurpose data without fresh consent. |
| Retention | Data is not kept longer than necessary. | We retain personal data for the duration of the service and up to 12 months post-termination, then securely delete or anonymise it. |
| Cross-Border Transfer | Data is not transferred to jurisdictions without adequate protection. | We strive to ensure that any transfer of personal data outside Singapore or Malaysia occurs only to countries or parties with comparable data protection standards. |
| Data Accuracy | Data held is accurate and up-to-date. | We encourage users to keep their information updated and provide mechanisms to correct inaccuracies. |
| Access & Correction | Users can view and correct their data. | Users may request access to or correction of their personal data by contacting our DPO at sales_sg@restosuite.ai. |
| Security | Data is protected against unauthorised access or loss. | We implement SSL encryption, access controls, and regular security reviews to protect data in our custody. |
5. Data Breach Response
Despite our best efforts to protect personal data, no system is entirely immune from security incidents. In the event that we become aware of a data breach that may affect your personal data, we are committed to responding promptly and responsibly.
Our data breach response approach includes:
- Detection & Containment: We endeavour to identify and contain security incidents as quickly as possible upon discovery.
- Assessment: We will assess the nature and scope of the breach and the potential impact on affected individuals.
- Notification: Where a breach is likely to result in significant harm to affected individuals, we will endeavour to notify them within a reasonable timeframe — and in any case in accordance with our obligations under applicable law, including mandatory breach notification requirements under Singapore's PDPA (as amended) and Malaysia's PDPA 2010.
- Regulatory Reporting: We will notify the relevant regulatory authority (e.g., Singapore's Personal Data Protection Commission) where required by law.
- Remediation: We will take steps to prevent recurrence and improve our security posture following any incident.
If you believe your data may have been compromised, or if you wish to report a potential security concern, please contact us immediately at sales_sg@restosuite.ai.
6. Contact Our DPO
For any PDPA-related enquiries, access or correction requests, consent withdrawal, or complaints, please contact our Data Protection Officer:
Data Protection Officer
RestoSuite Private Limited
Registration No.: 202334466Z
7 Holland Vlg Wy, #05/03-05 Tower B, Singapore 275748
Please include "Data Protection Enquiry" in the subject line of your email so that we can route your request appropriately. We will endeavour to acknowledge your enquiry within 3 business days and provide a full response within 30 days.
You may also refer to the following regulatory bodies for additional guidance:
- Singapore: Personal Data Protection Commission (PDPC) — www.pdpc.gov.sg
- Malaysia: Department of Personal Data Protection (JPDP) — www.pdp.gov.my