Creo.Works Pte. Ltd.
Effective Date: 29/06/2025
Last
Updated: 29/06/2025
Welcome to Creo.farm, operated by Creo.Works Pte. Ltd., a Singapore-incorporated company ("we," "us," "our," or "Creo.Works"). We are committed to protecting your privacy and ensuring the security of your personal data in accordance with Singapore's Personal Data Protection Act 2012 ("PDPA") and international data protection standards.
This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use our website at www.creo.farm, our services, and when you interact with us through Google Sign-In and other authentication methods. By using our services, you consent to the collection and use of your personal data as described in this Privacy Policy.
Creo.Works is a design studio that makes impossible ideas real, specializing in 3D printing services for makers and design consultancy for brands. We create brand experiences and custom products through our platform, connecting designers, manufacturers, and clients in a seamless ecosystem.
Data Controller:
Creo.Works Pte. Ltd.
Pantech Business Hub 192 Pandan Loop #06-03
Singapore
128381
Email: creo.works00@gmail.com
Website: www.creo.farm
Data Protection Officer:
Kang Shiqiang
Email: creo.works00@gmail.com
Phone: +65 9838 6290
In accordance with the Singapore Personal Data Protection Act (PDPA), we have designated a Data Protection Officer who is responsible for overseeing our data protection practices and serving as your primary contact for any data protection inquiries or concerns.
We collect various types of personal data to provide you with our services effectively and to comply with legal requirements. The personal data we collect includes:
Account Registration Data: When you create an account on our platform, we collect your name, email address, phone number, company name (if applicable), and password. This information is necessary to establish and maintain your user account and to provide you with access to our services.
Profile Information: You may choose to provide additional profile information such as your professional title, company description, portfolio links, and profile picture. This information helps us personalize your experience and enables other users to learn more about your background and expertise.
Project and Design Data: When you submit projects, upload design files, or request our services, we collect detailed information about your requirements, specifications, materials preferences, delivery addresses, and any special instructions. This data is essential for us to understand your needs and deliver the appropriate services.
Communication Data: We collect and store communications between you and our team, including emails, chat messages, support tickets, and feedback. This information helps us provide customer support, improve our services, and maintain records of our business interactions.
Payment Information: While we use third-party payment processors, we may collect billing addresses, invoice preferences, and transaction history. We do not store complete credit card information on our servers, as this is handled securely by our payment service providers.
When you choose to sign in using Google Sign-In, we collect specific information from your Google account with your explicit consent:
Basic Profile Information: We access your Google account's basic profile information, including your name, email address, and profile picture. This information is used to create and populate your Creo.farm account, eliminating the need for manual data entry.
Email Address: Your Google email address serves as your primary identifier on our platform and is used for account verification, communication, and password recovery purposes.
Authentication Tokens: We receive authentication tokens from Google that allow us to verify your identity and maintain your logged-in status. These tokens are stored securely and are used solely for authentication purposes.
The specific data we request from Google is limited to what is necessary for account creation and authentication. We do not access your Google Drive files, Gmail messages, or other Google services unless explicitly requested and authorized by you for specific features.
Technical Data: We automatically collect certain technical information when you visit our website, including your IP address, browser type and version, operating system, device information, screen resolution, and referring website. This data helps us optimize our website performance and ensure compatibility across different devices and browsers.
Usage Analytics: We collect information about how you interact with our website and services, including pages visited, time spent on pages, click patterns, search queries, and feature usage. This data helps us understand user behavior and improve our platform's usability and functionality.
Cookies and Tracking Technologies: We use cookies, web beacons, and similar tracking technologies to enhance your browsing experience, remember your preferences, and analyze website traffic. Our cookie policy, detailed in Section 8, explains the types of cookies we use and how you can manage your cookie preferences.
Location Data: We may collect general location information based on your IP address to provide location-relevant services, such as connecting you with nearby manufacturers or providing localized content. We do not collect precise GPS location data unless explicitly requested and authorized by you.
Business Partners: We may receive information about you from our business partners, such as manufacturers, suppliers, or other service providers, when you engage with them through our platform or when they refer you to our services.
Public Sources: We may collect publicly available information about your business or professional background from sources such as company websites, professional networks, or industry directories to better understand your needs and provide relevant services.
Social Media: If you interact with us on social media platforms or share our content, we may collect information from these interactions, including your social media profile information and engagement data.
We use your personal data for various legitimate business purposes, always in accordance with the PDPA and with appropriate consent where required. Our primary uses of your personal data include:
Account Creation and Maintenance: We use your registration information to create and maintain your user account, verify your identity, and provide you with secure access to our platform. This includes managing your login credentials, account preferences, and profile information.
Service Delivery: Your project data, specifications, and requirements are used to provide our 3D printing services and design consultancy. We analyze your needs to match you with appropriate manufacturers, provide accurate quotes, and ensure timely delivery of your projects.
Customer Support: We use your contact information and communication history to provide technical support, answer your questions, resolve issues, and assist you with using our platform effectively. This includes troubleshooting technical problems, processing refunds or exchanges, and handling complaints.
Platform Functionality: Your usage data helps us provide personalized features, such as project recommendations, saved preferences, order history, and customized dashboard views. We use this information to enhance your user experience and make our platform more intuitive and efficient.
Transactional Communications: We use your contact information to send essential communications related to your account and orders, including order confirmations, shipping notifications, payment receipts, and important account updates. These communications are necessary for the proper functioning of our services.
Marketing Communications: With your consent, we may send you promotional emails, newsletters, and updates about new services, special offers, and industry insights. You can opt out of marketing communications at any time through the unsubscribe links in our emails or by contacting us directly.
Personalized Content: We use your profile information and usage patterns to provide personalized content recommendations, relevant service suggestions, and targeted information that aligns with your interests and business needs.
Analytics and Research: We analyze usage data and user feedback to understand how our platform is used, identify areas for improvement, and develop new features and services. This includes conducting user research, A/B testing, and performance analysis to enhance our offerings.
Quality Assurance: We use project data and customer feedback to monitor the quality of our services, evaluate manufacturer performance, and ensure that our standards are consistently met. This helps us maintain high-quality service delivery and identify areas for improvement.
Business Intelligence: We analyze aggregated and anonymized data to understand market trends, user preferences, and business opportunities. This information helps us make informed decisions about product development, pricing strategies, and business expansion.
Legal Compliance: We use your personal data to comply with applicable laws, regulations, and legal obligations, including tax reporting, anti-money laundering requirements, and regulatory compliance in the jurisdictions where we operate.
Dispute Resolution: In the event of disputes, complaints, or legal proceedings, we may use your personal data to investigate issues, respond to legal requests, and protect our rights and interests as well as those of our users and business partners.
Security and Fraud Prevention: We use your data to detect and prevent fraudulent activities, unauthorized access, and security breaches. This includes monitoring for suspicious behavior, verifying user identities, and implementing security measures to protect our platform and users.
Under the Singapore Personal Data Protection Act (PDPA), we process your personal data based on the following legal grounds:
Explicit Consent: For certain types of data processing, particularly marketing communications and non-essential features, we obtain your explicit consent before collecting or using your personal data. You have the right to withdraw this consent at any time.
Google Sign-In Consent: When you choose to use Google Sign-In, you provide explicit consent for us to access and use the specific information from your Google account as described in this Privacy Policy. This consent is obtained through Google's OAuth consent screen, which clearly explains what data will be shared.
Cookie Consent: We obtain your consent for the use of non-essential cookies and tracking technologies through our cookie banner and consent management system.
Service Provision: Much of our data processing is necessary for the performance of our contract with you, including account management, order processing, service delivery, and customer support. Without this data, we would be unable to provide our services effectively.
Payment Processing: Processing payment information and billing details is necessary to complete transactions and fulfill our contractual obligations to deliver services and handle financial transactions.
Business Operations: We process certain data based on our legitimate business interests, such as improving our services, conducting analytics, ensuring security, and managing our business operations. We always balance these interests against your privacy rights and freedoms.
Security and Fraud Prevention: Protecting our platform, users, and business from security threats and fraudulent activities is a legitimate interest that justifies certain data processing activities.
Direct Marketing: We may process your contact information for direct marketing purposes based on our legitimate interest in promoting our services, provided you have not opted out of such communications.
Compliance Requirements: We process personal data when necessary to comply with legal obligations, such as tax reporting, regulatory compliance, and responding to lawful requests from authorities.
Record Keeping: Maintaining certain records and documentation is required by law and serves as the legal basis for retaining specific types of personal data.
We are committed to protecting your personal data and do not sell, rent, or trade your personal information to third parties for their marketing purposes. However, we may share your personal data in the following circumstances:
Manufacturing Partners: We share relevant project specifications, delivery addresses, and contact information with our network of trusted manufacturers and service providers to fulfill your orders. These partners are contractually bound to protect your data and use it only for the specific purposes of providing services.
Technology Service Providers: We work with various technology service providers, including cloud hosting services, payment processors, email service providers, and analytics platforms. These providers have access to personal data only as necessary to perform their functions and are contractually obligated to maintain data security and confidentiality.
Logistics and Shipping Partners: To deliver your orders, we share necessary information with shipping companies and logistics providers, including your name, delivery address, and contact information. This sharing is limited to what is necessary for successful delivery.
Legal Compliance: We may disclose your personal data when required by law, regulation, or legal process, including responding to court orders, subpoenas, or requests from government authorities.
Law Enforcement: We may share personal data with law enforcement agencies when necessary to investigate suspected illegal activities, protect public safety, or comply with legal obligations.
Regulatory Authorities: We may disclose personal data to regulatory authorities in Singapore or other jurisdictions where we operate to comply with regulatory requirements and oversight obligations.
Mergers and Acquisitions: In the event of a merger, acquisition, sale of assets, or other business transaction, your personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Privacy Policy.
Due Diligence: During business transaction negotiations, we may share aggregated or anonymized data with potential partners or acquirers for due diligence purposes, ensuring that individual privacy is protected.
Safety and Security: We may disclose personal data when we believe it is necessary to protect the safety, rights, or property of Creo.Works, our users, or the public.
Fraud Prevention: We may share information with fraud prevention services and other organizations to detect and prevent fraudulent activities and protect our platform and users.
Third-Party Integrations: With your explicit consent, we may share your data with third-party applications or services that you choose to integrate with our platform.
Marketing Partners: With your consent, we may share your information with selected marketing partners who offer complementary services that may be of interest to you.
We implement comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security practices include:
Encryption: All personal data is encrypted both in transit and at rest using industry-standard encryption protocols. We use SSL/TLS encryption for data transmission and AES encryption for data storage, ensuring that your information remains secure throughout our systems.
Access Controls: We implement strict access controls and authentication mechanisms to ensure that only authorized personnel can access personal data. This includes multi-factor authentication, role-based access controls, and regular access reviews to maintain the principle of least privilege.
Secure Infrastructure: Our platform is hosted on secure cloud infrastructure with robust security features, including firewalls, intrusion detection systems, and regular security monitoring. We work with reputable cloud service providers who maintain high security standards and compliance certifications.
Data Backup and Recovery: We maintain secure backup systems to protect against data loss and ensure business continuity. Our backup procedures include regular testing of recovery processes and secure storage of backup data.
Employee Training: All employees who handle personal data receive regular training on data protection principles, security best practices, and their obligations under the PDPA and other applicable laws.
Confidentiality Agreements: All employees, contractors, and business partners who have access to personal data are bound by confidentiality agreements and are required to maintain the security and confidentiality of personal information.
Security Policies: We maintain comprehensive data security policies and procedures that are regularly reviewed and updated to address emerging threats and evolving best practices.
Incident Response: We have established incident response procedures to quickly identify, contain, and address any security breaches or data incidents. This includes notification procedures to comply with legal requirements and protect affected individuals.
Vendor Assessment: We carefully evaluate the security practices of all third-party service providers and require them to maintain appropriate security measures and comply with our data protection requirements.
Contractual Protections: All third-party agreements include specific data protection clauses, security requirements, and breach notification obligations to ensure that your data remains protected throughout our service ecosystem.
Regular Audits: We conduct regular security audits and assessments of our systems and third-party providers to identify and address potential vulnerabilities.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate business interests.
Account Data: We retain your account information for as long as your account remains active. After account closure, we may retain certain information for up to seven years to comply with legal and regulatory requirements.
Transaction Records: Financial and transaction records are retained for seven years in accordance with Singapore tax and accounting requirements.
Communication Records: Customer support communications and business correspondence are retained for three years to maintain service quality and resolve any ongoing issues.
Usage Analytics: Aggregated and anonymized usage data may be retained indefinitely for business intelligence and service improvement purposes.
Marketing Data: Marketing communication preferences and history are retained until you opt out or request deletion, after which we maintain suppression lists to ensure we do not contact you again.
Automatic Deletion: We have implemented automated systems to delete personal data when retention periods expire, ensuring that data is not kept longer than necessary.
Secure Disposal: When personal data is deleted, we use secure deletion methods to ensure that the data cannot be recovered or reconstructed.
Backup Considerations: Data in backup systems is also subject to our retention policies and is securely deleted when retention periods expire.
As a data subject under Singapore's Personal Data Protection Act, you have several important rights regarding your personal data:
You have the right to request access to your personal data that we hold, including information about how your data is being used, who it has been shared with, and the purposes of processing. We will provide this information within 30 days of receiving your request.
How to Exercise: Submit a written request to our Data Protection Officer at [DPO Email] with sufficient information to verify your identity.
Information Provided: We will provide you with a copy of your personal data, details about how it is used, and information about any third parties who have received your data.
You have the right to request correction of any inaccurate or incomplete personal data we hold about you. We will make the necessary corrections and notify any third parties who have received the incorrect data.
How to Exercise: Contact us through your account settings or email our Data Protection Officer with details of the corrections needed.
Timeline: We will make corrections as soon as practicable, typically within 30 days of receiving your request.
Where we process your personal data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
How to Exercise: You can withdraw consent through your account settings, unsubscribe links in emails, or by contacting our Data Protection Officer.
Effect of Withdrawal: Withdrawing consent may limit our ability to provide certain services or features that depend on the processing of your personal data.
You have the right to request that we transmit your personal data to another organization in a commonly used, machine-readable format.
How to Exercise: Submit a written request to our Data Protection Officer specifying the data you want transferred and the receiving organization.
Scope: This right applies to data you have provided to us and that we process based on consent or contract.
You have the right to object to the processing of your personal data in certain circumstances, particularly for direct marketing purposes or when processing is based on legitimate interests.
Direct Marketing: You can opt out of marketing communications at any time through unsubscribe links or by contacting us directly.
Other Processing: You can object to other types of processing by explaining your specific situation and reasons for objection.
If you believe that we have not handled your personal data in accordance with the PDPA or this Privacy Policy, you have the right to file a complaint with the Personal Data Protection Commission (PDPC) of Singapore.
PDPC Contact Information:
Personal Data Protection Commission Singapore
10 Pasir Panjang Road,
#03-01 Mapletree Business City
Singapore 117438
Email: enquiries@pdpc.gov.sg
Phone: +65 6377 3131
As a global platform connecting users with manufacturers and service providers worldwide, we may transfer your personal data to countries outside of Singapore. We ensure that all international transfers comply with the PDPA and provide adequate protection for your personal data.
Adequacy Decisions: We prioritize transfers to countries that have been deemed by the PDPC to provide adequate protection for personal data.
Contractual Protections: For transfers to countries without adequacy decisions, we implement appropriate contractual safeguards, including standard contractual clauses and binding corporate rules.
Certification and Codes: We may rely on approved certification mechanisms and codes of conduct that provide appropriate safeguards for international transfers.
Google Services: When you use Google Sign-In, your data may be processed by Google in various countries where Google operates. Google provides appropriate safeguards and complies with international data protection standards.
Manufacturing Partners: When we share your project data with international manufacturers, we ensure that appropriate data protection agreements are in place to protect your personal data.
Cloud Services: Our cloud service providers may process data in multiple countries, but they are contractually required to provide adequate protection and comply with applicable data protection laws.
We use cookies and similar tracking technologies to enhance your browsing experience, analyze website usage, and provide personalized content and advertisements.
Essential Cookies: These cookies are necessary for the basic functionality of our website, including user authentication, security features, and core platform operations. These cookies cannot be disabled without affecting the functionality of our services.
Performance Cookies: We use these cookies to collect information about how visitors use our website, including which pages are visited most often and any error messages. This information helps us improve our website performance and user experience.
Functionality Cookies: These cookies allow our website to remember choices you make and provide enhanced, personalized features. They may be set by us or by third-party providers whose services we have added to our pages.
Marketing Cookies: With your consent, we use marketing cookies to deliver relevant advertisements and track the effectiveness of our marketing campaigns. These cookies may be set by us or by third-party advertising partners.
Browser Settings: You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies, though this may affect the functionality of our website.
Consent Management: We provide a cookie consent banner that allows you to choose which types of cookies you accept. You can update your preferences at any time through our cookie settings.
Opt-Out Options: For marketing cookies and third-party tracking, we provide opt-out mechanisms and respect Do Not Track signals where technically feasible.
Analytics Services: We use third-party analytics services, such as Google Analytics, to understand how our website is used and to improve our services. These services may set their own cookies and have their own privacy policies.
Social Media Integration: Our website may include social media features that set cookies to track your interactions with social content. These features are governed by the privacy policies of the respective social media platforms.
Advertising Partners: We may work with third-party advertising partners who use cookies to deliver targeted advertisements. You can opt out of personalized advertising through industry opt-out mechanisms.
Our services are not intended for children under the age of 13, and we do not knowingly collect personal data from children under 13 years of age. In accordance with the Children's Online Privacy Protection Act (COPPA) and Singapore data protection principles:
Minimum Age: Users must be at least 13 years old to create an account and use our services. If you are between 13 and 18 years old, you must have parental or guardian consent to use our services.
Verification: We may implement age verification mechanisms to ensure compliance with age restrictions and protect children's privacy.
Parental Consent: For users under 18, we may require verifiable parental consent before collecting or processing personal data.
No Intentional Collection: We do not intentionally collect personal data from children under 13. If we become aware that we have collected such data, we will take immediate steps to delete it.
Parental Rights: Parents and guardians have the right to review, modify, or delete their child's personal data and to refuse further collection or use of their child's information.
Educational Use: If our services are used in educational settings, we comply with applicable educational privacy laws and obtain appropriate consents from schools and parents.
When you choose to use Google Sign-In to access our services, additional privacy considerations apply:
Limited Scope: We only request access to the minimum Google account information necessary for authentication and account creation, specifically your name, email address, and profile picture.
No Additional Permissions: We do not request access to your Google Drive, Gmail, Calendar, or other Google services unless explicitly needed for specific features and with your additional consent.
Token Security: Google authentication tokens are stored securely and used only for maintaining your authenticated session. We do not use these tokens to access your Google account beyond the initially authorized scope.
Google's Privacy Policy: Your use of Google Sign-In is also governed by Google's Privacy Policy, which you can review at https://policies.google.com/privacy.
Data Sharing with Google: When you use Google Sign-In, Google may collect information about your use of our services in accordance with their privacy policy and terms of service.
Revocation: You can revoke our access to your Google account information at any time through your Google Account settings at https://myaccount.google.com/permissions.
Optional Service: Google Sign-In is an optional convenience feature. You can always create an account using your email address and password without using Google Sign-In.
Data Portability: If you initially sign up with Google Sign-In and later wish to use email authentication, we can help you transition your account while maintaining your data and preferences.
In the unlikely event of a data breach that may result in significant harm to individuals, we are committed to transparent and timely communication:
Immediate Assessment: We will immediately assess the scope and impact of any data breach and take steps to contain and mitigate the incident.
Investigation: We will conduct a thorough investigation to determine the cause of the breach, the data affected, and the potential risks to individuals.
Remediation: We will implement immediate remediation measures to prevent further unauthorized access and strengthen our security measures.
PDPC Notification: In accordance with PDPA requirements, we will notify the Personal Data Protection Commission of Singapore within the required timeframe if the breach meets the notification threshold.
Documentation: We will maintain detailed documentation of the breach, our response actions, and the measures taken to prevent similar incidents.
Risk Assessment: We will assess whether the breach is likely to result in significant harm to affected individuals and notify them accordingly.
Clear Communication: If notification is required, we will provide clear, understandable information about the breach, the data affected, and the steps individuals can take to protect themselves.
Support: We will provide appropriate support and assistance to affected individuals, including credit monitoring services if financial information is involved.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations:
Advance Notice: We will provide reasonable advance notice of any material changes to this Privacy Policy through email notifications to registered users and prominent notices on our website.
Effective Date: Changes will become effective on the date specified in the updated Privacy Policy, which will be clearly indicated at the top of the document.
Continued Use: Your continued use of our services after the effective date of changes constitutes your acceptance of the updated Privacy Policy.
Consent Requirements: For material changes that affect how we use your personal data, we may seek your explicit consent before implementing the changes.
Opt-Out Options: If you do not agree with material changes, you may have the option to opt out of certain data processing activities or close your account.
Version History: We maintain a history of previous versions of our Privacy Policy for reference and transparency.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:
Primary Contact:
Data Protection Officer
Kang Shiqiang
Creo.Works Pte. Ltd.
Email:
creo.works00@gmail.com
Phone: +65 9838 6290
Address: Pantech Business Hub 192 Pandan Loop #06-03, Singapore
128381
Customer Support:
Email: creo.works00@gmail.com
Website: www.creo.farm
Response Time: We
aim to respond to all privacy-related inquiries within 5 business days.
Personal Data Protection Commission Singapore:
Website: https://www.pdpc.gov.sg
Email: enquiries@pdpc.gov.sg
Phone: +65 6377
3131
Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438
This Privacy Policy is governed by the laws of Singapore, and any disputes arising from or relating to this Privacy Policy will be subject to the exclusive jurisdiction of the Singapore courts.
Primary Legislation: This Privacy Policy is designed to comply with Singapore's Personal Data Protection Act 2012 and its regulations.
International Standards: We also consider international data protection standards and best practices in our privacy program.
Sector-Specific Requirements: We comply with any additional privacy requirements applicable to our industry and business activities.
Preferred Resolution: We encourage users to contact us directly to resolve any privacy-related concerns before pursuing formal legal action.
Mediation: We are open to mediation and alternative dispute resolution methods for privacy-related disputes.
Legal Proceedings: Any legal proceedings related to this Privacy Policy must be brought in the appropriate courts of Singapore.
Document Information:
Acknowledgment: By using Creo.farm and our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not use our services.
This Privacy Policy is designed to be comprehensive and compliant with Singapore's Personal Data Protection Act (PDPA) and Google's OAuth requirements. It should be reviewed by legal counsel before implementation and updated regularly to reflect changes in laws, regulations, and business practices.