
Privacy Policy
Last Updated: 6 June 2026
This Privacy Policy explains how ROOTS2 MEDICAL PTE. LTD. collects, uses, discloses, stores, protects and processes personal data in accordance with Singapore’s Personal Data Protection Act 2012.
The PDPA applies to private-sector organisations in Singapore and sets out rules for the collection, use and disclosure of personal data. Key obligations include consent, notification, purpose limitation, access and correction, accuracy, protection, retention limitation, transfer limitation and accountability.
This Privacy Policy applies to www.roots2.sg and all related products, services, forms, quizzes, communications and purchases.
1. Organisation Details
This website is owned and operated by:
ROOTS2 MEDICAL PTE. LTD.
UEN: 202612443D
Registered Address: 402A, Lorong 1 Toa Payoh, #19-602, Singapore 311402
In this Privacy Policy, “Roots²”, “we”, “us” or “our” refers to ROOTS2 MEDICAL PTE. LTD.
2. Personal Data We May Collect
We may collect personal data from you, including:
Identity Data
-
Full name
-
Age range
-
Date of birth, where necessary
-
Gender, where voluntarily provided
Contact Data
-
Email address
-
Mobile number
-
Billing address
-
Delivery address
Order and Transaction Data
-
Products purchased
-
Order history
-
Payment status
-
Delivery status
-
Refund or exchange history
Hair and Wellness Information
Where voluntarily provided, we may collect information relating to:
-
Hair concerns
-
Hair fall patterns
-
Hair thinning concerns
-
Stress-related shedding
-
Postpartum shedding
-
Dietary or lifestyle information
-
Product preference
-
Quiz or questionnaire answers
This information is used for product guidance only and not for medical diagnosis.
Technical Data
-
IP address
-
Browser type
-
Device type
-
Operating system
-
Website usage data
-
Cookies
-
Pages viewed
-
Time spent on pages
-
Referral source
Marketing and Communication Data
-
Newsletter subscription status
-
Marketing preferences
-
Email engagement
-
WhatsApp opt-in status
-
Customer service messages
-
Feedback and reviews
3. How We Collect Personal Data
We may collect personal data when you:
-
Visit our website
-
Create an account
-
Place an order
-
Complete our quiz or questionnaire
-
Subscribe to our mailing list
-
Submit a contact form
-
Contact customer service
-
Communicate with us through WhatsApp, email, phone or social media
-
Participate in promotions or campaigns
-
Leave a review or testimonial
-
Interact with our advertisements
We may also collect data automatically through cookies, analytics tools and similar technologies.
4. Purposes for Collecting, Using and Disclosing Personal Data
We may collect, use and disclose your personal data for the following purposes:
Order Fulfilment
-
Processing orders
-
Confirming payment
-
Arranging delivery
-
Sending order updates
-
Managing returns, exchanges or refunds
Customer Service
-
Responding to enquiries
-
Handling complaints
-
Providing product-related support
-
Managing customer relationships
Product Recommendations
-
Processing quiz or questionnaire responses
-
Providing product guidance
-
Recommending suitable Roots² formulas
-
Improving recommendation logic
Marketing
Where permitted by law or with your consent, we may use your personal data to send:
-
Product updates
-
Promotions
-
Educational content
-
Newsletters
-
Abandoned cart reminders
-
WhatsApp updates
-
Retargeting advertisements
Website Improvement and Analytics
-
Analysing website traffic
-
Improving website design
-
Improving products and services
-
Understanding customer preferences
-
Measuring marketing effectiveness
Legal and Compliance Purposes
-
Complying with Singapore laws and regulations
-
Responding to lawful requests from authorities
-
Preventing fraud
-
Enforcing our Terms & Conditions
-
Protecting our rights and interests
-
Keeping business records
We will only collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances, in line with the PDPA’s purpose limitation requirement.
5. Consent
By providing your personal data to us, using our website, submitting forms, completing the quiz, placing an order or communicating with us, you consent to the collection, use and disclosure of your personal data for the purposes stated in this Privacy Policy. You may withdraw your consent at any time by contacting us. However, withdrawing consent may affect our ability to provide products or services to you, including order fulfilment, customer support, account access or product recommendations.
6. Notification
We will take reasonable steps to notify you of the purposes for which your personal data is collected, used or disclosed before or at the time of collection, where required under the PDPA. This Privacy Policy forms part of that notification.
7. Marketing Communications and Do Not Call Compliance
If you provide your phone number, email address or messaging contact details, we may use them to contact you for customer service, transactional updates or marketing, where permitted. For marketing messages sent to Singapore telephone numbers, we will comply with Singapore’s Do Not Call provisions under the PDPA where applicable. The DNC Registry allows individuals to reduce unwanted marketing calls, texts and faxes, and organisations generally need to check the DNC Registry before sending such marketing messages unless an exception applies. You may opt out of marketing communications at any time by:
-
Clicking the unsubscribe link in our emails
-
Replying “STOP” where applicable
-
Contacting us directly
Even after you opt out of marketing, we may still send non-marketing messages relating to orders, delivery, payment, customer service, safety, legal notices or account matters.
8. Disclosure of Personal Data to Third Parties
We may disclose personal data to third parties where necessary for business, operational, legal or service purposes. These third parties may include:
-
Payment processors
-
Banks and financial institutions
-
Courier and logistics providers
-
Website hosting providers
-
Wix and website service providers
-
IT vendors
-
Email marketing providers
-
SMS or WhatsApp service providers
-
Customer relationship management providers
-
Analytics providers
-
Advertising platforms
-
Professional advisers
-
Auditors
-
Insurers
-
Legal advisers
-
Government authorities, regulators or law enforcement agencies where required by law
We will take reasonable steps to ensure that third parties process personal data only for authorised purposes and protect personal data appropriately.
9. International Transfers of Personal Data
Some of our service providers may store or process personal data outside Singapore. Where personal data is transferred outside Singapore, we will take reasonable steps to ensure that the transferred personal data receives a standard of protection comparable to the protection required under the PDPA. This may include contractual protections or other legally appropriate safeguards.
10. Accuracy of Personal Data
You should ensure that all personal data submitted to us is accurate, complete and up to date.
We may rely on the personal data you provide. If your personal data changes, please notify us as soon as possible.
11. Protection of Personal Data
We will take reasonable security measures to protect personal data in our possession or control against unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. These measures may include:
-
Access controls
-
Password protection
-
Secure third-party platforms
-
Encryption where appropriate
-
Limited access to personal data
-
Internal confidentiality controls
-
Security monitoring
-
Staff or vendor access restrictions
However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
12. Retention of Personal Data
We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required for legal, accounting, business or compliance purposes. When personal data is no longer required, we will take reasonable steps to delete, anonymise or securely dispose of it.
13. Access and Correction Rights
You may request access to personal data that we hold about you. You may also request correction of inaccurate or incomplete personal data. To make a request, please contact our Data Protection Officer. We may need to verify your identity before processing your request. Where permitted by law, we may charge a reasonable fee for processing an access request. We may also refuse requests where permitted under the PDPA or other applicable laws.
14. Withdrawal of Consent
You may withdraw your consent for the collection, use or disclosure of your personal data by contacting us. After receiving your withdrawal request, we may require reasonable time to process it. Please note that withdrawal of consent may affect our ability to:
-
Process orders
-
Deliver products
-
Provide customer service
-
Maintain your account
-
Provide quiz results
-
Send product recommendations
15. Cookies and Tracking Technologies
We may use cookies, pixels, tags and similar technologies to:
-
Operate the website
-
Remember your preferences
-
Improve user experience
-
Analyse website performance
-
Understand customer behaviour
-
Measure advertising effectiveness
-
Conduct retargeting or remarketing
You may disable cookies through your browser settings. However, some website features may not function properly if cookies are disabled. Third-party platforms such as analytics providers, advertising platforms and social media platforms may also use cookies in accordance with their own privacy policies.
16. Children’s Personal Data
Our products and services are generally intended for adults. We do not knowingly collect personal data from children below 13 years old without appropriate consent. If we become aware that personal data from a child has been collected without appropriate consent, we may delete the data or take other appropriate steps. Parents or guardians may contact us if they believe a child has submitted personal data to us.
17. Sensitive or Health-Related Information
Some information you voluntarily provide through our quiz or forms may relate to hair concerns, wellness concerns, pregnancy, postpartum status or lifestyle factors. We collect this information only for product guidance and customer support. We do not use this information to provide medical diagnosis or treatment. Please do not submit detailed medical records, test results or sensitive medical information unless specifically requested by us for a legitimate purpose.
18. Testimonials, Reviews and User Content
If you submit a review, testimonial, photograph, message or feedback, we may use it for customer service, business improvement, marketing or promotional purposes, subject to applicable law and your consent where required.
We may publish testimonials using your first name, initials or anonymised details unless otherwise agreed. You may contact us to request removal of your testimonial, although removal from already-published materials may not always be immediately possible.
19. Data Breach Notification
If a data breach occurs, we will assess the situation and take appropriate steps in accordance with the PDPA.
Where required by law, we will notify the Personal Data Protection Commission and affected individuals.
20. Third-Party Websites
Our website may contain links to third-party websites or platforms. We are not responsible for the privacy practices, content or security of third-party websites. You should review their privacy policies before providing personal data to them.
21. Business Transfers
If ROOTS2 MEDICAL PTE. LTD. is involved in a merger, acquisition, restructuring, sale of assets, investment, financing or business transfer, your personal data may be disclosed or transferred as part of that transaction, subject to applicable law.
22. Data Protection Officer
For any questions, requests, complaints or feedback relating to personal data, please contact:
Data Protection Officer
ROOTS2 MEDICAL PTE. LTD.
402A, Lorong 1 Toa Payoh, #19-602
Singapore 311402
Email: support@roots2.sg
23. Complaints
If you have a concern about how we handle your personal data, please contact our Data Protection Officer first.
We will review your complaint and respond within a reasonable time. If you are not satisfied with our response, you may contact the Personal Data Protection Commission of Singapore.
24. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be posted on this website with the “Last Updated” date. Your continued use of the website after the updated Privacy Policy is posted means you acknowledge the updated terms.
.png)