Last Updated: October 9, 2025
This Privacy Policy ("Policy") describes how Nongfu Spring Beverages Pte. Ltd. ("we", "our", or "us") collects, uses, and discloses your personal data in accordance with the Singapore Personal Data Protection Act 2012 ("PDPA") when you use our official website (https://www.nongfuspring.com.sg) (the "Site").
By accessing and using our Site, you acknowledge that you have read and understood the practices described in this Policy, and hereby consent to the collection, use and disclosure of your personal data in accordance with this Policy.
Nongfu Spring Beverages Pte. Ltd. (hereinafter referred to as "we", "our", or "us") recognizes the importance of your privacy and is committed to maintaining your trust when you use our Site. This Privacy Policy aims to clearly and comprehensively explain our information handling practices during your browsing of the Site, including what information we collect, why we collect it, how we protect it, and the rights you possess.
The data controller responsible for your personal data is Nongfu Spring Beverages Pte. Ltd., a company incorporated in Singapore.
Please be aware that the Site is hosted on servers located in the People's Republic of China. Consequently, any personal data collected through your use of the Site will be stored and processed in China, constituting a transfer of your personal data outside of Singapore.
We adhere to the principle of "minimal necessity" in collecting information. The Site is designed as an informational platform for our company and products, with the core concept of providing browsing services without involving personal identity.
To analyse aggregate usage patterns and enhance the user experience, we employ analytics services provided by our third-party partner In the context of the PDPA, certain technical information collected through these services may be classified as personal data.
The Site does not feature any interactive functions that require you to submit personal information, including but not limited to user registration, login, online ordering, customer service messages, or news email subscriptions. Therefore, during normal browsing, we do not collect any personal identification information from you, such as your name, phone number, email address, postal address, or identification number.
To enhance our website experience and analyze overall usage patterns, we employ industry-standard analytics tools. These tools collect only anonymous data for statistical purposes (such as browser type or session duration). All information is aggregated and presented as broad trends, and cannot be used to identify any specific individual.
| Category | Examples | Processing Purpose | Classification and Safeguards |
|---|---|---|---|
| Identifier | A pseudonymised unique device identifier (deviced) generated by the Software Development Kit ("SDK"). | To differentiate between devices for accurate analytics, such as calculating unique visitor counts and session frequency. | Aggregated and anonymized data | This identifier is a randomised string. We process it in an aggregated and anonymised format for analytical purposes. While any persistent identifier carries a theoretical risk of indirect identification, we do not combine this identifier with other datasets to identify specific individuals. |
| Browsing Metadata | Page path, referral source, page title, and URL parameters. | To analyse content engagement, user navigation paths, and the performance of various Site pages to inform structural improvements. | Aggregated data | We implement technical measures to filter any potentially identifiable information from URL parameters. This category of data is utilised exclusively in an aggregated manner. |
| Technical Device Information | Screen resolution, preferred language, device category, and time zone. | To ensure the Site is displayed correctly across different devices and to perform regional analysis of traffic sources. | Aggregated analysis | Individually, these data points possess low identifiability. In combination, they may form a device fingerprint with a potential risk of indirect identification. Our use of this data is strictly limited to aggregated analysis. |
| Precise Location Data | Geographic coordinates (latitude and longitude). | For macro-level geographical analysis of Site usage. | No active collection of precise geolocation data | We hereby confirm that the Site currently DOES NOT actively collect or process precise geolocation data. Should this practice change in the future, we will adhere to the principle of "notice and consent," securing your explicit and prior consent as may be needed under applicable law before any collection occurs. |
We do not sell, trade, or rent out your information.
We only share the data described in Section 3.2 with third-party service providers who assist us in achieving the purposes outlined in this Policy, specifically those set out in Section 3.2. These data are shared with our third-party data analytics service providers. We have entered into strict data processing agreements with them, contractually obligating them to provide analytics services solely for us and requiring them to implement security measures commensurate with our own to protect your data.
We may disclose necessary data when required by laws, regulations, litigation, or compulsory requests from government authorities.
The Site does not utilise any cookies for the purposes of tracking user behaviour, personalised marketing, or targeted advertising.
The data collection for analytics is facilitated through a Software Development Kit (SDK), which operates via a different technical mechanism than traditional browser cookies.
Under the PDPA, you have certain rights regarding your personal data. You may exercise these rights by contacting us using the details provided in Section 9.
Subject to applicable law, you have the right to request access to and correction of your personal data in our possession or under our control. We reserve the right not to accede to such requests in accordance with applicable law, such as where the access request is frivolous or vexatious.
Where the collection, use, disclosure or processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. You agree and acknowledge that if you withdraw your consent, we may not be in a position to continue to provide services to you.
You may instruct the Site to cease collecting your browsing data for analytics purposes by enabling the "Do Not Track" ("DNT") setting in your web browser. The Site is configured to recognise and respect the DNT signal. You can also clear your browser cache and local storage data to remove anonymous identifiers.
Please note that we may need to verify your identity before processing your request.
We employ industry-standard physical, administrative, and technical security measures to protect the information we hold from unauthorized access, disclosure, use, alteration, or destruction. We regularly review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized system access. Furthermore, we contractually require all third-party service providers to provide a commensurate level of protection.
We may revise this Policy from time to time based on business development, technological updates, or changes in laws and regulations. Any updated version will be posted on this page, indicated by revising the "Last Updated" date at the top. For material changes, we will provide a prominent notice on the Site's homepage before the revision takes effect. We encourage you to review this Policy periodically for the latest information.
This clause governs all communications relating to this Privacy Policy, including but not limited to queries, feedback, suggestions, complaints, and the exercise of your legal rights under the Singapore Personal Data Protection Act 2012 ("PDPA").
For general non-data specific communications, you may contact our general administrative office. Please note that correspondence through these channels may be redirected to our Data Protection Office. for appropriate action.
Email: enquiries.sg@nfspring.com
Telephone: +65 6359 2232
For matters specifically concerning the processing of your personal data, including the exercise of your rights under the PDPA (such as access, correction, and withdrawal of consent), you should direct your correspondence to our dedicated Data Protection Office, which is managed by our Data Protection Officer("DPO").
Designated DPO Email: DPO_Services@drewdataservices.com
Designated DPO Telephone: +65 6531 3699
To safeguard all personal data, we are obligated to verify the identity of any individual submitting a request. We may require additional information to process your request effectively. Where permitted under the PDPA, a reasonable administrative fee may be levied for handling data access requests. We undertake to address all bona fide concerns in a timely manner and in strict accordance with the provisions of the PDPA.