Last update: June 16, 2026
This Privacy Policy explains how Web Technomatic Pte Ltd (“Web Technomatic,” “we,” “our,” or “us”) collects, uses, discloses, and protects information when you use our website (https://ezrewardcard.com), our application platform (https://app.ezrewardcard.com) (“Website” or "Site"), and our digital loyalty program services (“Platform”), collectively referred to as the “Services.” Our Platform is tailored specifically to provide managed digital loyalty solutions for business merchants operating within the Republic of Singapore.
Web Technomatic acts as a Data Controller with respect to the personal data of our direct business clients (such as merchant account registration information, billing details, and administrative interaction logs). Where a subscribing merchant utilizes our platform to issue reward stamps, manage point balances, or store consumer contact details, Web Technomatic acts strictly as a Data Processor, handling that end-user personal data solely on the documented instructions of the merchant (the Data Controller). To ensure secure processing, our backend infrastructure utilizes enterprise-grade cloud processing environments protected by strict institutional Data Processing Addenda (DPA) that meet or exceed global data protection and security standards.
By accessing or using our Services, you agree you have read and understood this Privacy Policy. We may revise this policy occasionally, in which case you will be notified by the updated “Last Update” date or, for major changes, by explicit notice on our website or via email.
Personal Information Definition
Personal information is any information about an individual which can be used to identify them. This includes information such as names, phone numbers, email addresses, device identifiers, and platform transaction records. In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. This Privacy Policy does not apply to any of your activities after you leave our site.
Information We Collect
Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information.
"Voluntarily provided" information refers to any information you knowingly and actively provide us when creating a business account, subscribing to a managed package, or communicating with our team.
"Automatically collected" information refers to any information automatically sent by your web browser or devices in the course of accessing our platform, including your IP address, browser type, operating system, and system error logs.
Log Data and Device Data
When you visit our website or interact with our services, our servers may automatically log standard diagnostic data provided by your device and web browser. This may include your device type, unique device identifiers, operating system, setting configurations, and system error circumstances. While this technical information may not be personally identifying by itself, it may be combined with other data to identify individual users.
Personal Information Categories
We may ask for corporate or personal contact information when you register a business profile, sign up for a service package, or reach out for technical support, which may include:
Name of business representative
Registered business name
Corporate email address
Mobile phone number
Billing information and payment logs
Collection and Use of Information
We may collect personal information from you when you interact with our content, submit a support ticket, or message us via email or associated digital technologies. We process this information for the following specific purposes:
To provide, operate, and maintain our platform's core loyalty features and setup packages
To contact, coordinate, and communicate with our subscribing business clients
For analytics, market research, and business development to improve our system infrastructure
To send administrative alerts, system updates, and marketing communications (where explicit opt-in consent is obtained)
Security of Your Personal Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss, theft, unauthorized access, disclosure, copying, use, or modification. Although we implement professional security protocols, no method of electronic transmission or cloud storage is 100% secure, and absolute data security cannot be guaranteed. You are entirely responsible for selecting secure passwords and maintaining the confidentiality of your administrative credentials.
How Long We Keep Your Personal Information
We retain personal information only for as long as necessary to fulfill the operational purposes described in this policy, or in accordance with our legal, accounting, or reporting obligations under Singapore law. If your business account is closed or terminated, we will securely delete or permanently anonymize your data within 30 days of account deactivation.
Children’s Privacy
Our platform, software, and corporate setup packages are strictly intended for business entities and individuals who are at least 18 years of age. We do not knowingly target or collect personal information from individuals under the age of 18. If we discover that a minor has provided us with personal account data, we will immediately remove it from our infrastructure.
Disclosure of Personal Information to Third Parties
We may disclose personal data to:
A parent, subsidiary, or affiliate of our company
Third-party infrastructure partners, cloud storage providers, data hosting vendors, and payment gateway operators acting strictly as data processors on our behalf
Courts, tribunals, regulatory authorities, or law enforcement officers as required by the laws of the Republic of Singapore in connection with prospective legal proceedings
For commercial confidentiality and security reasons, we do not publicly list the corporate names of our third-party whitelabel technology providers or backend infrastructure vendors in this public policy. All such providers are contractually bound by strict non-disclosure terms and data processing safeguards.
Singapore — Personal Data Protection Act (PDPA) Provisions
Scope and Contact
We are fully committed to complying with the Singapore Personal Data Protection Act 2012 (PDPA) in respect of personal data collected, used, or disclosed within Singapore. We will acknowledge PDPA inquiries promptly and aim to respond to verified requests within 30 calendar days.
Purposes of Collection, Notification, and Use
We collect, use, and disclose personal data in Singapore only for purposes that a reasonable person would consider appropriate in the circumstances and which we have notified you of at or before the time of collection. We do not use personal data for purposes that are incompatible with those notified to you without obtaining additional consent.
Consent and Withdrawal of Consent
We will collect, use, or disclose personal data only with your consent unless a valid statutory exception under the PDPA applies. You may withdraw your consent at any time by utilizing our built-in platform controls or by emailing our Data Protection Officer directly. Withdrawing consent may affect our ability to deliver certain automated loyalty features or maintain active service contracts.
Access, Correction, and Request Procedures
You may request details of the personal data we hold about you or request corrections to inaccurate or incomplete records. To make a request, contact our Data Protection Officer with sufficient verification details to confirm your identity. Where permitted by law, we reserve the right to charge a reasonable administrative fee for data access requests, which will be disclosed before processing.
Accuracy, Protection, and Retention
We make reasonable efforts to ensure personal data under our control is accurate and complete. We implement strict technical and organizational controls to protect personal data, including role-based access controls, transit encryption, and regular vulnerability testing. In the event of a data breach causing or likely to cause significant harm, we will notify the Personal Data Protection Commission (PDPC) and affected individuals in accordance with mandatory PDPC timelines.
Direct Marketing and Do Not Call (DNC) Registry Rules
We strictly comply with Singapore’s Do Not Call (DNC) requirements and the Spam Control Act. We will not send telemarketing messages, automated calls, or promotional SMS communications to phone numbers registered on the national DNC registry unless explicit, unambiguous consent has been provided by the user. Every marketing email or digital communication issued through our system includes a clear, instant opt-out or unsubscribe mechanism.
Data Protection Roles: Controller vs Processor
When providing our digital loyalty platform to business users, the clear division of data responsibilities is defined as follows:
Controller Role: Where Web Technomatic determines the purposes and means of processing data (such as managing our direct B2B client database, billing logs, and support histories), we act as the data controller.
Processor Role: Where we host loyalty card logs, stamp balances, reward tiers, or retail consumer phone numbers uploaded by a subscribing merchant using our software, we act strictly as a data processor. In these instances, the subscribing merchant remains entirely responsible for notifying their own consumers, managing individual data rights requests, and securing appropriate consent under the PDPA.
Complaints and PDPC Contact
If you are not satisfied with our handling of a data privacy inquiry or believe a breach has occurred, you have the right to escalate the matter to the Personal Data Protection Commission (PDPC) at https://www.pdpc.gov.sg/.
Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights under the Singapore PDPA, please contact our Data Protection Officer:
Web Technomatic Pte Ltd
60 Paya Lebar Road
#06-28 Paya Lebar Square
Singapore 409051
Email: dpo@webtechnomatic.com