1. Who we are

Zeme Earth (“we,” “us,” or “our”) is a wellness and home-fragrance brand offering handcrafted candles, essential oils, incense, and related products. Our website address is: https://zemeearth.com. We operate this site using WordPress and WooCommerce in Singapore.

2. What Personal Data We Collect and Why

2.1 Orders and Checkout

  • Data: Name, billing and shipping addresses, email, phone, order details, payment method, IP address, device/browser info.
  • Purpose: Process and fulfill orders, provide invoices, prevent fraud, comply with legal obligations, and support customer service.
  • Legal basis: Contract performance, legitimate interests (fraud prevention, store operations), and consent where applicable.

2.2 Payments HitPay

  • We process payments via HitPay. Payment details (such as card or wallet information) are collected and processed directly by HitPay and/or its acquiring partners. We do not store full card numbers or CVV.
  • Data we receive from HitPay: Payment confirmation, transaction ID, last 4 digits (if applicable), payment status, and timestamps—used to reconcile orders, prevent fraud, and support after-sales service.
  • See HitPay’s privacy policy for details on their processing. You may be required to complete additional verification (e.g., OTP, 3-D Secure) per your bank’s requirements.

2.3 Account Registration

  • Data: Name, email, password (hashed), order history, preferences.
  • Purpose: Provide account access, order tracking, faster checkout, and personalized experience.

2.4 Cookies and Analytics

  • Cookies: Functional (cart/session), preference, and (if enabled) analytics/marketing cookies.
  • Analytics: Google Analytics to understand site usage and improve performance.
  • Consent: We use a cookie banner to obtain consent for non-essential cookies.

2.5 Marketing Communications

  • Data: Name, email, phone (if provided), preferences.
  • Purpose: Send updates, offers, product launches, and content.
  • Consent: Opt-in required; you can withdraw consent anytime via unsubscribe links or by contacting us.

2.6 Contact Forms and Support

  • Data: Name, email, phone (optional), message content, attachments.
  • Purpose: Respond to inquiries, provide support, and improve services.

2.7 Reviews, Comments, and UGC

  • Data: Display name, review content, rating, optional media.
  • Purpose: Publish reviews, prevent spam/abuse, and build community trust.

2.8 Automated Spam and Security

  • Services (e.g., reCAPTCHA/Akismet/firewall): May capture IP address, user agent, and behavioral data strictly to prevent abuse and ensure security.

3. WooCommerce-Specific Details

WooCommerce stores:

  • Products you’ve viewed (recently viewed items)
  • Cart contents and session ID (remember your cart)
  • Address details (estimate shipping/taxes)
  • Order/account data in our database
    Store administrators can access order details, shipping/billing info, and customer service messages to fulfill orders and provide support.

4. Cookies We Use (Examples)

  • woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_: Store cart/session info
  • wp-settings-, wp-settings-time-: Save user preferences
  • _ga, _gid, _gat (if GA enabled): Analytics identifiers
  • cookieConsent: Records your cookie preferences
  • Exact cookies may vary based on active plugins and your consent choices.

5. How Long We Retain Your Data

  • Orders: 3–5 years (tax/accounting requirements; set per jurisdiction)
  • Accounts: As long as the account is active or until you request deletion
  • Marketing data: Until you withdraw consent or after 12 months of inactivity
  • Support inquiries: 12 months
  • Analytics data: 14 months (per your analytics retention settings)
  • Spam/abuse logs: As necessary for security and legal purposes

6. Sharing Your Data

  • We share data with trusted service providers solely to operate our store:
  • Payment processing: HitPay and its acquiring partners
  • Email and marketing: Mailchimp
  • Analytics/anti-spam: Google Analytics
  • Shipping and logistics: Courier names
  • Professional services: Accounting, legal, tax advisors
  • All providers are bound by appropriate contractual safeguards. We do not sell personal data.

7. International Data Transfers

Some providers may process data outside Singapore. Where this occurs, we ensure comparable protection to the Personal Data Protection Act 2012 (PDPA), including through contractual clauses and other safeguards.

8. Your Rights (PDPA – Singapore)

You have the right to:

  • Request access to and correction of your personal data in our possession or control
  • Withdraw consent for the collection, use, or disclosure of your personal data (this may affect our ability to provide certain services)
  • Request information on how your data has been used or disclosed in the past year
  • To exercise these rights, contact us at [zemeearth@gmail.com]. We may require reasonable verification. Reasonable fees may apply for access requests as permitted by PDPA.

9. How We Protect Your Data

HTTPS/TLS encryption

  • Secure hosting and regular updates to WordPress, WooCommerce, and plugins
  • Role-based access control and least-privilege principles
  • PCI-DSS-aligned processing via HitPay and its partners
  • Regular backups and security monitoring

10. Children’s Privacy

Our site is not intended for children under 13. We do not knowingly collect data from children. If you believe a child provided personal data, contact us to remove it.

11. Third-Party Links

We may link to third-party sites. Their privacy practices are their responsibility. Review their policies before sharing personal data.

12. Data Breaches and Incident Response

We will assess, contain, and remediate incidents. Where required, we will notify affected individuals and, if applicable, the Personal Data Protection Commission (PDPC) in accordance with PDPA.

13. Contact Us

  • Email: zemeearth@gmail.com
  • Phone: 65 8189 9796

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted here with an updated “Last updated” date. Material changes may be notified via email or on-site notices.