Privacy Policy
This Privacy Policy outlines how SECRET FURNISHING PTE. LTD. (hereinafter referred to as “we” or “our”) collects, uses, processes, and protects personal data in the course of operating the Cushlino brand website.
SECRET FURNISHING PTE. LTD. acts as the Data Controller for all personal data collected through our official website, checkout systems, and related customer support interactions.
- Data Controller Information
Company: SECRET FURNISHING PTE. LTD.
Registration No.: 201910468R
Address: 1 Tampines North Drive 1, #01-27, T-Space, Singapore 528559
Telephone: +65 65114894
Email: throw@cushlino.com
- Categories of Personal Data We Collect
We collect and process only those categories of personal data necessary to conduct standard retail business activities:
- Identity and Contact Information: Full name, primary email address, phone number, billing address, and physical delivery address.
- Transaction and Order Details: Information regarding purchased items, total order value, purchase date, and transaction reference numbers.
- Customer Communication Records: Complete records of correspondence, inquiries, or support requests submitted to our team.
- Legal Basis and Purposes of Data Processing
In accordance with applicable regulatory frameworks (including Singapore’s PDPA and the EU’s GDPR), we process your personal data based on the following legal grounds:
- Performance of a Contract: Processing, verifying, fulfilling, packing, and shipping your orders; and providing necessary order status updates.
- Legal and Regulatory Compliance: Maintaining accurate accounting records, fulfilling standard tax obligations, and complying with corporate financial regulations.
- Legitimate Interests: Preventing fraudulent financial activity, ensuring the security of website infrastructure, and maintaining the continuity of customer service operations.
- Secure Payment Processing (Stripe)
All financial transactions conducted on our platform are managed by Stripe, an industry-leading and secure third-party payment service provider.
When you make a purchase, your payment credential data is transmitted directly and securely to Stripe. We do not store or process full credit card numbers or sensitive payment verification codes on our internal servers. Stripe handles all payment-related data in strict accordance with its international privacy agreements, standard contractual clauses, and global PCI-DSS compliance requirements.
- Data Sharing and Disclosure
We do not sell, rent, or trade customer personal data to third parties. We share limited personal data with trusted service providers only when necessary for business operations:
- Payment Gateways: Used to securely verify, authorize, and settle your financial transactions (e.g., Stripe).
- Logistics and Fulfillment Partners: Including courier companies, postal services, and warehousing/fulfillment providers responsible for delivering physical products to your designated address.
- Technical Infrastructure Providers: Partners that provide secure cloud hosting, data storage, and IT support services to maintain the platform’s operations.
All third-party partners are contractually obligated to handle your information with a level of security equivalent to our own privacy standards.
- International Data Transfers
As an e-commerce enterprise headquartered in Singapore serving global consumers, the personal data we collect may be securely transferred to—and stored and processed in—regions outside your country of residence (including Singapore and locations where our server clusters are hosted).
We employ robust technical safeguards, strict access controls, and applicable regulatory frameworks to ensure your data remains fully protected, regardless of where it is located.
- Data Retention Periods
We retain your personal data only for as long as is necessary to fulfill the operational purposes described in this policy.
- Financial and Order Records: To comply with relevant Singaporean corporate laws and European tax frameworks, transaction, billing, and order history records are retained for up to 7 years to meet formal audit, accounting, and legal record-keeping requirements.
- Customer Inquiries: Records of general support communications are archived for a reasonable period to ensure service continuity.
Once the retention period expires, the relevant data will be securely and permanently deleted or anonymized.
- Your Data Protection Rights (EU/EEA and Global)
Depending on your jurisdiction (and particularly under the European GDPR framework), you possess extensive statutory rights regarding your personal data, including:
- Right of Access: To request a copy of the personal data we hold about you.
- Right to Rectification: To request the correction of inaccurate or incomplete data.
- Right to Erasure (“Right to be Forgotten”): To request the deletion of your personal data when retention is no longer legally required.
- Right to Restrict or Object to Processing: To restrict or object to specific processing of your data under certain conditions.
- Right to Data Portability: To request the transfer of your data to another service provider.
To exercise any of the consumer rights mentioned above, please contact our data compliance representative via the dedicated channels provided below. 9. Contact Us
If you have any questions regarding this Privacy Policy, your consumer rights, or our data processing practices, please contact our support team:
Phone: +65 65114894
Email: throw@cushlino.com
- Policy Updates
We reserve the right to update this Privacy Policy periodically to reflect operational adjustments or changes in international regulatory requirements. The latest version published on this page will apply to all data processing activities.