top of page

Privacy Policy

Last Updated: 6 June 2026
 

This Privacy Policy explains how ROOTS2 MEDICAL PTE. LTD. collects, uses, discloses, stores, protects and processes personal data in accordance with Singapore’s Personal Data Protection Act 2012.
 

The PDPA applies to private-sector organisations in Singapore and sets out rules for the collection, use and disclosure of personal data. Key obligations include consent, notification, purpose limitation, access and correction, accuracy, protection, retention limitation, transfer limitation and accountability.

This Privacy Policy applies to www.roots2.sg and all related products, services, forms, quizzes, communications and purchases.
 

1. Organisation Details
 

This website is owned and operated by:
 

ROOTS2 MEDICAL PTE. LTD.

UEN: 202612443D

Registered Address: 402A, Lorong 1 Toa Payoh, #19-602, Singapore 311402

 

In this Privacy Policy, “Roots²”, “we”, “us” or “our” refers to ROOTS2 MEDICAL PTE. LTD.
 

2. Personal Data We May Collect
 

We may collect personal data from you, including:
 

Identity Data
 

  • Full name

  • Age range

  • Date of birth, where necessary

  • Gender, where voluntarily provided
     

Contact Data
 

  • Email address

  • Mobile number

  • Billing address

  • Delivery address
     

Order and Transaction Data
 

  • Products purchased

  • Order history

  • Payment status

  • Delivery status

  • Refund or exchange history
     

Hair and Wellness Information
 

Where voluntarily provided, we may collect information relating to:
 

  • Hair concerns

  • Hair fall patterns

  • Hair thinning concerns

  • Stress-related shedding

  • Postpartum shedding

  • Dietary or lifestyle information

  • Product preference

  • Quiz or questionnaire answers
     

This information is used for product guidance only and not for medical diagnosis.
 

Technical Data
 

  • IP address

  • Browser type

  • Device type

  • Operating system

  • Website usage data

  • Cookies

  • Pages viewed

  • Time spent on pages

  • Referral source
     

Marketing and Communication Data
 

  • Newsletter subscription status

  • Marketing preferences

  • Email engagement

  • WhatsApp opt-in status

  • Customer service messages

  • Feedback and reviews
     

3. How We Collect Personal Data
 

We may collect personal data when you:
 

  • Visit our website

  • Create an account

  • Place an order

  • Complete our quiz or questionnaire

  • Subscribe to our mailing list

  • Submit a contact form

  • Contact customer service

  • Communicate with us through WhatsApp, email, phone or social media

  • Participate in promotions or campaigns

  • Leave a review or testimonial

  • Interact with our advertisements
     

We may also collect data automatically through cookies, analytics tools and similar technologies.
 

4. Purposes for Collecting, Using and Disclosing Personal Data
 

We may collect, use and disclose your personal data for the following purposes:
 

Order Fulfilment
 

  • Processing orders

  • Confirming payment

  • Arranging delivery

  • Sending order updates

  • Managing returns, exchanges or refunds
     

Customer Service
 

  • Responding to enquiries

  • Handling complaints

  • Providing product-related support

  • Managing customer relationships
     

Product Recommendations
 

  • Processing quiz or questionnaire responses

  • Providing product guidance

  • Recommending suitable Roots² formulas

  • Improving recommendation logic
     

Marketing
 

Where permitted by law or with your consent, we may use your personal data to send:
 

  • Product updates

  • Promotions

  • Educational content

  • Newsletters

  • Abandoned cart reminders

  • WhatsApp updates

  • Retargeting advertisements
     

Website Improvement and Analytics
 

  • Analysing website traffic

  • Improving website design

  • Improving products and services

  • Understanding customer preferences

  • Measuring marketing effectiveness
     

Legal and Compliance Purposes
 

  • Complying with Singapore laws and regulations

  • Responding to lawful requests from authorities

  • Preventing fraud

  • Enforcing our Terms & Conditions

  • Protecting our rights and interests

  • Keeping business records
     

We will only collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances, in line with the PDPA’s purpose limitation requirement.
 

5. Consent
 

By providing your personal data to us, using our website, submitting forms, completing the quiz, placing an order or communicating with us, you consent to the collection, use and disclosure of your personal data for the purposes stated in this Privacy Policy. You may withdraw your consent at any time by contacting us. However, withdrawing consent may affect our ability to provide products or services to you, including order fulfilment, customer support, account access or product recommendations.
 

6. Notification
 

We will take reasonable steps to notify you of the purposes for which your personal data is collected, used or disclosed before or at the time of collection, where required under the PDPA. This Privacy Policy forms part of that notification.
 

7. Marketing Communications and Do Not Call Compliance
 

If you provide your phone number, email address or messaging contact details, we may use them to contact you for customer service, transactional updates or marketing, where permitted. For marketing messages sent to Singapore telephone numbers, we will comply with Singapore’s Do Not Call provisions under the PDPA where applicable. The DNC Registry allows individuals to reduce unwanted marketing calls, texts and faxes, and organisations generally need to check the DNC Registry before sending such marketing messages unless an exception applies. You may opt out of marketing communications at any time by:
 

  • Clicking the unsubscribe link in our emails

  • Replying “STOP” where applicable

  • Contacting us directly
     

Even after you opt out of marketing, we may still send non-marketing messages relating to orders, delivery, payment, customer service, safety, legal notices or account matters.
 

8. Disclosure of Personal Data to Third Parties
 

We may disclose personal data to third parties where necessary for business, operational, legal or service purposes. These third parties may include:
 

  • Payment processors

  • Banks and financial institutions

  • Courier and logistics providers

  • Website hosting providers

  • Wix and website service providers

  • IT vendors

  • Email marketing providers

  • SMS or WhatsApp service providers

  • Customer relationship management providers

  • Analytics providers

  • Advertising platforms

  • Professional advisers

  • Auditors

  • Insurers

  • Legal advisers

  • Government authorities, regulators or law enforcement agencies where required by law
     

We will take reasonable steps to ensure that third parties process personal data only for authorised purposes and protect personal data appropriately.
 

9. International Transfers of Personal Data
 

Some of our service providers may store or process personal data outside Singapore. Where personal data is transferred outside Singapore, we will take reasonable steps to ensure that the transferred personal data receives a standard of protection comparable to the protection required under the PDPA. This may include contractual protections or other legally appropriate safeguards.
 

10. Accuracy of Personal Data
 

You should ensure that all personal data submitted to us is accurate, complete and up to date.

We may rely on the personal data you provide. If your personal data changes, please notify us as soon as possible.
 

11. Protection of Personal Data
 

We will take reasonable security measures to protect personal data in our possession or control against unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. These measures may include:
 

  • Access controls

  • Password protection

  • Secure third-party platforms

  • Encryption where appropriate

  • Limited access to personal data

  • Internal confidentiality controls

  • Security monitoring

  • Staff or vendor access restrictions
     

However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
 

12. Retention of Personal Data
 

We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required for legal, accounting, business or compliance purposes. When personal data is no longer required, we will take reasonable steps to delete, anonymise or securely dispose of it.
 

13. Access and Correction Rights
 

You may request access to personal data that we hold about you. You may also request correction of inaccurate or incomplete personal data. To make a request, please contact our Data Protection Officer. We may need to verify your identity before processing your request. Where permitted by law, we may charge a reasonable fee for processing an access request. We may also refuse requests where permitted under the PDPA or other applicable laws.
 

14. Withdrawal of Consent
 

You may withdraw your consent for the collection, use or disclosure of your personal data by contacting us. After receiving your withdrawal request, we may require reasonable time to process it. Please note that withdrawal of consent may affect our ability to:
 

  • Process orders

  • Deliver products

  • Provide customer service

  • Maintain your account

  • Provide quiz results

  • Send product recommendations
     

15. Cookies and Tracking Technologies
 

We may use cookies, pixels, tags and similar technologies to:
 

  • Operate the website

  • Remember your preferences

  • Improve user experience

  • Analyse website performance

  • Understand customer behaviour

  • Measure advertising effectiveness

  • Conduct retargeting or remarketing
     

You may disable cookies through your browser settings. However, some website features may not function properly if cookies are disabled. Third-party platforms such as analytics providers, advertising platforms and social media platforms may also use cookies in accordance with their own privacy policies.
 

16. Children’s Personal Data
 

Our products and services are generally intended for adults. We do not knowingly collect personal data from children below 13 years old without appropriate consent. If we become aware that personal data from a child has been collected without appropriate consent, we may delete the data or take other appropriate steps. Parents or guardians may contact us if they believe a child has submitted personal data to us.
 

17. Sensitive or Health-Related Information
 

Some information you voluntarily provide through our quiz or forms may relate to hair concerns, wellness concerns, pregnancy, postpartum status or lifestyle factors. We collect this information only for product guidance and customer support. We do not use this information to provide medical diagnosis or treatment. Please do not submit detailed medical records, test results or sensitive medical information unless specifically requested by us for a legitimate purpose.
 

18. Testimonials, Reviews and User Content
 

If you submit a review, testimonial, photograph, message or feedback, we may use it for customer service, business improvement, marketing or promotional purposes, subject to applicable law and your consent where required.

We may publish testimonials using your first name, initials or anonymised details unless otherwise agreed. You may contact us to request removal of your testimonial, although removal from already-published materials may not always be immediately possible.
 

19. Data Breach Notification
 

If a data breach occurs, we will assess the situation and take appropriate steps in accordance with the PDPA.

Where required by law, we will notify the Personal Data Protection Commission and affected individuals.
 

20. Third-Party Websites
 

Our website may contain links to third-party websites or platforms. We are not responsible for the privacy practices, content or security of third-party websites. You should review their privacy policies before providing personal data to them.
 

21. Business Transfers
 

If ROOTS2 MEDICAL PTE. LTD. is involved in a merger, acquisition, restructuring, sale of assets, investment, financing or business transfer, your personal data may be disclosed or transferred as part of that transaction, subject to applicable law.
 

22. Data Protection Officer
 

For any questions, requests, complaints or feedback relating to personal data, please contact:
 

Data Protection Officer
ROOTS2 MEDICAL PTE. LTD.
402A, Lorong 1 Toa Payoh, #19-602
Singapore 311402

Email: support@roots2.sg

 

23. Complaints
 

If you have a concern about how we handle your personal data, please contact our Data Protection Officer first.

We will review your complaint and respond within a reasonable time. If you are not satisfied with our response, you may contact the Personal Data Protection Commission of Singapore.
 

24. Changes to This Privacy Policy
 

We may update this Privacy Policy from time to time. The updated version will be posted on this website with the “Last Updated” date. Your continued use of the website after the updated Privacy Policy is posted means you acknowledge the updated terms.

bottom of page