Legal
Privacy Policy
1. Who We Are
Banana Digital Pte. Ltd. ("Banana Digital", "we", "us", "our") is a digital marketing and technology agency incorporated in Singapore. We provide digital marketing, advertising management, CRM automation, website services, and AI implementation services to small businesses, primarily in the United States and Australia.
This Privacy Policy applies to personal data collected through our website at bananadigital.co, through our services, and through any direct communications with us.
2. Data Protection Commitment
We comply with the Personal Data Protection Act 2012 of Singapore (PDPA). This means we only collect personal data for purposes that a reasonable person would consider appropriate in the circumstances, and we take reasonable steps to protect data in our care.
Our designated contact for data protection matters is:
Data Contact
Banana Digital Pte. Ltd.
68 Circular Road, #02-01
Singapore 049422
Email: info@bananadigital.co
3. Personal Data We Collect
We may collect the following categories of personal data:
| Category | Examples | How Collected |
|---|---|---|
| Contact Information | Name, email address, phone number, business name | Contact forms, emails, booking calls |
| Business Information | Business name, location, type of services offered, current marketing details | Strategy calls, intake forms, email exchanges |
| Payment Information | Billing name, billing address (payment card details are handled by our payment processor and not stored by us) | Invoicing and payment process |
| Usage Data | IP address, browser type, pages visited, time spent on pages | Automatically via website analytics tools |
| Communications | Emails, messages, call notes | Direct communications with Banana Digital |
| Client-Provided Data | Customer lists, audience data uploaded to Meta for campaign targeting purposes | Provided by the Client during service delivery |
We do not knowingly collect personal data from individuals under 18 years of age.
4. Purposes of Collection and Use
We collect and use personal data for the following purposes:
- Service Delivery: To provide digital marketing services, manage advertising campaigns, communicate with Clients, and deliver reports
- Business Operations: To issue invoices, process payments, and manage our business relationship with Clients
- Communication: To respond to enquiries, schedule calls, and provide updates relevant to your engagement
- Marketing (our own): To send service-related updates and, with your consent, information about our services. You may opt out at any time
- Legal and Compliance: To comply with applicable laws, resolve disputes, and enforce our Terms and Conditions
- Website Improvement: To understand how our website is used and improve user experience
- Commercial Communications: Where we send commercial emails or SMS messages, we comply with Singapore's Spam Control Act (Cap. 311A). Every commercial message includes a clear and functional unsubscribe or opt-out mechanism. You may withdraw consent to receive marketing communications at any time by contacting us at info@bananadigital.co or using the unsubscribe link in any message we send
5. Legal Basis for Processing
Under the PDPA, we rely on the following bases to collect, use, or disclose your personal data:
- Consent: Where you have given us clear consent (e.g., submitting a contact form, agreeing to receive marketing emails)
- Contract: Where processing is necessary to perform a contract with you (i.e., delivering our services)
- Legitimate Interests: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and interests. Our legitimate business interests include: fraud detection and prevention; maintaining the security of our systems and services; service analytics and performance improvement; direct marketing to existing clients about related or similar services; enforcing our contractual rights; internal business administration and financial record-keeping; and protecting Banana Digital against legal claims
- Legal Obligation: Where we are required to process data to comply with a legal obligation
6. Disclosure of Personal Data
We do not sell, rent, or trade your personal data. We may share your data with:
- Service Providers: Third-party tools and platforms used to deliver our services, including Meta Platforms Inc. (Facebook/Instagram), email platforms, project management tools, and cloud storage providers. These providers are engaged on terms that require them to protect your data
- Payment Processors: To process invoices and payments securely
- Professional Advisers: Accountants, lawyers, and other advisers, where necessary and under confidentiality obligations
- Regulatory or Legal Authorities: Where required by Singapore law or a court order
7. Transfer of Data Outside Singapore
Some of our service providers are located outside Singapore (for example, Meta Platforms, Inc. is based in the United States). When we transfer personal data outside Singapore, we ensure that the recipient country or organisation provides a standard of data protection comparable to that under the PDPA, or we implement appropriate contractual safeguards.
8. Retention of Personal Data
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Generally:
- Client data is retained for seven (7) years after the end of the engagement, for accounting and legal compliance purposes
- Enquiry data (where no engagement follows) is retained for up to twelve (12) months
- Website analytics data is retained for up to twenty-four (24) months
After the applicable retention period, personal data is securely deleted or anonymised.
9. Security of Personal Data
We implement reasonable technical and organisational measures to protect personal data from unauthorised access, loss, misuse, or alteration. These measures include password protection, access controls, encrypted communications, and regular review of data practices.
No system is completely secure. If you believe your data has been compromised, please contact us immediately at info@bananadigital.co.
9.1 Mandatory Data Breach Notification
In accordance with the PDPA (Amendment) Act 2020, which took effect on 1 February 2022, Banana Digital is subject to mandatory data breach notification obligations. Specifically:
- Notification to the PDPC: Where a data breach is assessed as being likely to result in significant harm to affected individuals, or involves the personal data of 500 or more individuals, Banana Digital will notify the Personal Data Protection Commission (PDPC) within three (3) business days of becoming aware of the breach
- Notification to affected individuals: Where a breach is likely to result in significant harm to an individual, Banana Digital will notify those individuals as soon as practicable, and in any event no later than three (3) business days after notifying the PDPC
- Assessment of significant harm: Significant harm is assessed by reference to Schedule 1 of the PDPA and includes, among other things: unauthorised disclosure of financial account credentials, health or medical information, national identification numbers, passwords, or information that could be used to commit identity fraud or cause financial loss
- Internal assessment period: Upon becoming aware of a potential breach, Banana Digital will conduct an expedited internal assessment. If the assessment cannot be completed within three (3) business days of first becoming aware of the incident, Banana Digital will notify the PDPC of the breach as soon as possible and update the PDPC once the assessment is complete
If you suspect that personal data you have shared with Banana Digital has been involved in a security incident, please contact us immediately at info@bananadigital.co. We take all reports seriously and will investigate promptly.
10. Your Rights Under the PDPA
Under Singapore's PDPA, you have the following rights:
- Right of Access: You may request access to the personal data we hold about you and information about how we have used or disclosed it in the past year
- Right of Correction: You may request that we correct personal data that is inaccurate or incomplete
- Right to Withdraw Consent: Where our processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal
- Right to Data Portability: In certain circumstances, you may request that we provide your personal data in a portable format
To exercise any of these rights, please contact us at info@bananadigital.co. We will respond within thirty (30) da