DTDC Global Express Pte Ltd.
Personal Data Protection Act 2012 (Singapore)
About This Document: This Privacy Policy describes how DTDC Global Express PTE Ltd. (“DTDC”, “we”, “our”, or “us”) collects, uses, discloses, and protects your personal data in accordance with the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore, as amended from time to time (“PDPA”), and the accompanying advisory guidelines issued by the Personal Data Protection Commission (“PDPC”).
By accessing our website, mobile application, engaging our courier and logistics services, or making payments through our platform, you acknowledge that you have read and understood this Privacy Policy. Where you make payments through our platform, your payment data is securely processed by our payment processing partner, Stripe. Stripe processes this data as an independent data controller in accordance with its own privacy and data usage standards. Please refer to Stripe’s Privacy Policy (https://stripe.com/privacy) for full details.
Policy Information
| Policy Title | Website Privacy Policy |
| Issued by | IT Department |
| Policy Owner | DTDC Global Express PTE Ltd. |
| Published Date | Not specified |
| Approver (s) | Not specified |
Revision Control
| Version | Date | Authored By | Verified By | Approved By |
|---|---|---|---|---|
| — | — | — | — | — |
Jump to a section
This Privacy Policy applies to all personal data collected by DTDC Global Express PTE Ltd. through our website at https://www.dtdc.sg/, our mobile application, customer service channels, physical service counters, and all associated services including domestic and international courier and logistics services offered in Singapore.
This policy covers all individuals whose personal data we process, including customers, recipients of deliveries, website visitors, registered account holders, prospective customers, and business partners (collectively “Data Subjects” or “you”).
Note on India-Singapore Operations: Where our business operations involve coordination with our parent company, affiliated entities, or logistics partners based in India, such cross-border transfers are carried out with appropriate contractual safeguards and in compliance with Section 26 of the PDPA. Please refer to Section 9 (International Data Transfers) for full details.
DTDC Global Express PTE Ltd. is a company incorporated in Singapore. We are a courier and express logistics company with roots in India, providing domestic Singapore delivery services, cross-border logistics, particularly between Singapore and India, and international courier solutions. We are the data controller of your personal data for the purposes of this Privacy Policy.
| Entity Detail | Information |
|---|---|
| Company Name | DTDC Global Express PTE Ltd. |
| UEN / Registration No. | 201119645E |
| Registered Address | 101 Kitchener Road, #01-31 Jalan Besar Plaza, Singapore 208511 |
| DPO Email | dpo@dtdc.com |
| Customer Service | +65- 62948098 |
| PDPC Organisation Reference | 201119645E |
We collect only the minimum personal data necessary for the purposes described in this policy. The categories of personal data we may collect include:
Note: Full card numbers, CVV codes, and bank account details are processed exclusively by our payment partner Stripe and are not stored on our servers. See Section 7.
Sensitive Personal Data: We do not intentionally collect sensitive personal data such as race, religion, health, biometric data, or political opinions except where strictly required for customs clearance, regulatory compliance, or security screening of shipments, and only with your explicit consent or where permitted by law.
We collect personal data through the following channels:
Under Section 18 of the PDPA, we must only use personal data for purposes that a reasonable person would consider appropriate. We use your personal data for the following purposes:
| Purpose | Description |
|---|---|
| Service Delivery | Processing, arranging, tracking and delivering courier shipments; communicating delivery status and updates to senders and recipients. |
| Account Management | Creating and maintaining your customer account; verifying your identity; managing your preferences and subscription services. |
| Payment Processing | Processing payments via Stripe; issuing invoices, receipts, and credit notes; managing refunds and disputes. |
| Customs & Regulatory Compliance | Complying with Singapore Customs, MAS regulations, Anti-Money Laundering obligations, trade sanctions screening, and import/export documentation for India-Singapore corridors. |
| Customer Support | Responding to queries, complaints, and claims; investigating lost or damaged shipments; managing returns. |
| Safety & Security | Fraud detection, identity verification, prevention of illegal use of our services, and physical security at our premises. |
| Service Improvement | Analysing usage patterns, conducting research and surveys, improving our platform, website, mobile app, and delivery network. |
| Marketing (Consent Required) | Sending promotional communications, offers, newsletters, and service updates via email, SMS, or push notifications — only with your consent and subject to opt-out at any time. |
| Legal Compliance | Complying with court orders, regulatory requests, or legal obligations under Singapore law or applicable foreign law. |
| Business Operations | Internal audit, risk management, insurance, financial reporting, and corporate governance. |
The PDPA permits us to collect, use, and disclose personal data without consent in certain circumstances (the “deemed consent” and “legitimate interests” exceptions introduced under the 2020 PDPA amendments). Our legal bases for processing are:
Deemed Consent (Section 15A PDPA): In some contexts, consent may be deemed where you have voluntarily provided your personal data, or where it is reasonably expected that you would consent given the circumstances. We exercise this exception responsibly and only where a reasonable person would expect their data to be used in that manner.
We use Stripe, Inc. (“Stripe”) as our payment processing partner. Stripe is a PCI DSS Level 1 certified payment processor. When you make a payment on our platform, your payment card data is transmitted directly and securely to Stripe’s servers using Transport Layer Security (TLS) encryption. We do not store, process, or have access to your full card number, CVV, or expiry date.
We receive from Stripe only a tokenised reference, transaction status, and risk signals. This data is used solely for: completing your transaction, issuing receipts and invoices, processing refunds, investigating payment disputes, and fraud prevention.
Stripe processes your payment data as an independent data controller for its own fraud prevention, compliance, and service improvement purposes, in addition to acting as our data processor. Stripe’s Privacy Policy is available at stripe.com/privacy and governs Stripe’s own use of your data. By making a payment through our platform, you agree to be bound by Stripe’s Privacy Policy in addition to this Privacy Policy.
PCI DSS Compliance: Our payment integration with Stripe is designed to minimise our PCI DSS scope. We do not transmit, store, or process raw payment card data on our own infrastructure. Stripe’s infrastructure holds PCI DSS Level 1 certification, the highest level of certification in the payment card industry.
If you request a refund or raise a chargeback with your bank, we may need to share shipment details, proof of delivery records, and correspondence with Stripe and your issuing bank to process or dispute such claims. This sharing is carried out on the basis of our contractual and legal obligations.
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may disclose your personal data to the following categories of recipients, strictly to the extent necessary for the purposes in Section 5:
| Recipient Category | Purpose / Basis |
|---|---|
| Stripe, Inc. | Payment processing, fraud detection, and financial compliance (see Section 7) |
| Delivery & Logistics Partners | Last-mile delivery, international freight forwarders, and hub partners (India, Singapore, and other jurisdictions) for completing shipment contracts |
| Singapore Customs & Government Agencies | Mandatory reporting, customs declarations, import/export compliance, and regulatory obligations |
| India Customs & Regulatory Bodies | Cross-border shipment compliance, e-way bills, and regulatory notifications for India-bound or India-origin shipments |
| IT Service Providers & Cloud Platforms | Hosting, data storage, analytics, CRM, and technical support services |
| Professional Advisors | Legal counsel, accountants, insurers, and auditors bound by professional secrecy obligations |
| Fraud Prevention & KYC Services | Identity verification and anti-fraud screening in compliance with AML/CFT obligations |
| Marketing Service Providers | Email delivery, push notification, and SMS services — only for communications you have consented to receive |
| Purchasers of Business Assets | In the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections |
| Law Enforcement & Courts | Where required by a court order, subpoena, regulatory demand, or applicable law in Singapore or another jurisdiction |
All third-party service providers acting as data processors on our behalf are bound by contractual obligations, including appropriate data protection clauses, to ensure they handle your personal data only on our instructions and in accordance with applicable law.
As a courier company with operations and business relationships in multiple jurisdictions, including Singapore and India, we may transfer, store, process or disclose your personal data outside Singapore where necessary, to provide our services. This may include transfers to our affiliated entities, parent company, logistics partners, payment processors and certain technology vendors located in countries including, but not limited to, India. We share personal data strictly on a need-to-know basis and take reasonable steps to ensure that recipients are required to protect your personal data and use it only for the purposes for which it was disclosed. Pursuant to Section 26 of the PDPA, we will not transfer your personal data to a country or territory outside Singapore unless we have taken appropriate steps to ensure that the recipient provides a standard of protection comparable to that under the PDPA. These steps include:
Where permitted under the PDPA, some international transfers may be made to comply with a legal obligation, or where you have expressly consented to the transfer, or where the transfer is necessary for the performance of a contract to which you are a party (such as international courier delivery).
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by law. Our general retention guidelines are as follows:
| Data Category | Retention Period | Basis |
|---|---|---|
| Customer account data | Duration of account + 5 years after closure | Limitation Act (Singapore); regulatory audits |
| Shipment & delivery records | 7 years from delivery date | Customs Act, Companies Act (Singapore) |
| Payment & invoicing records | 7 years from transaction date | Income Tax Act, GST Act (Singapore) |
| Customer service communications | 3 years from last interaction | Legitimate interests; dispute resolution |
| Marketing consent records | Until consent withdrawal + 3 years | PDPA Do Not Call provisions; DNC Registry |
| Website logs & analytics | 13 months rolling | Legitimate interests; service improvement |
| CCTV footage (if applicable) | 30 days unless required for investigation | Security; legitimate interests |
| KYC & identity verification | 5 years from last transaction | AML/CFT obligations; MAS guidelines |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with recognised industry standards. Anonymised data that cannot be re-identified may be retained indefinitely for statistical purposes.
We implement and maintain reasonable and appropriate technical, organisational, and physical security measures to protect your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or destruction, as required under the PDPA.
In the event of a data breach that is likely to result in significant harm to individuals, we will notify the PDPC within 3 calendar days of becoming aware of the breach, and affected individuals within a reasonable time, in accordance with the mandatory breach notification obligations under Part VIA of the PDPA. We maintain an incident response team and documented breach response procedures to enable rapid containment and notification.
A cookie is a small file that can be placed on your device that allows us to recognise and remember you. It is sent to your browser and stored on your computer’s hard drive or tablet or mobile device.
Cookies help DTDC with the capability to personalize information for certain segments of its customer base. They are also used to allow us the opportunity to associate individual customers with their information profiles. For example, through the use of cookies, the DTDC website username can “remember and autofill” your user ID when user’s login their DTDC website Login username on the DTDC website from their computer.
First-party cookies are placed on your device directly by us. For example, we use first-party cookies to adapt our website to your browser’s language preferences and to better understand your use of our website. Third-party cookies are placed on your device by our partners and service providers. For example, we use third-party cookies to measure user numbers on our website or to enable you to share content with others across social media platforms.
Session cookies are cookies that only last until you close your browser. We use session cookies for a variety of reasons, including to learn more about your use of our website during one single browser session and to help you to use our website more efficiently. Persistent cookies have a longer lifespan and aren’t automatically deleted when you close your browser. These types of cookies are primarily used to help you quickly sign-in to our website again and for analytical purposes.
When you visit our website, some or all of the following types of cookies may be placed on your device:
| Cookie type | Description |
|---|---|
| Necessary cookies | These cookies are strictly necessary to provide you with services available through our website and to use some of its features, such as access to secure areas |
| Functional cookies | These cookies provides enhanced performance for some website resources and services, as well as adopt a higher level of personalization to the user experience in some cases. |
| Performance cookies | These cookies provides quantitative measurements regarding our website and its resources and are used for purposes such as troubleshooting and analytics. |
| Marketing/Targeting cookies | These cookies provides behavioural advertising and re-marketing of analytical data. |
As the cookies and similar tracking technologies we use may change dynamically over time, maintaining a static list in this policy is impractical. For a comprehensive and up-to-date list of the specific cookies used on our website, including their providers, purposes and retention periods, please refer to the Cookie Preference Centre available on our website.
DTDC uses cookies to enhance the user experience in the following ways:
DTDC respects your privacy and offers the ability to customize cookie settings. You can:
http://tools.google.com/dlpage/gaoptout
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. Those cookies are likely to be analytical/performance cookies or targeting cookies.
DTDC complies with the PDPA 2012 and it subsidiary legislations ensuring:
Our website and mobile application use cookies and similar tracking technologies to enhance your browsing experience, personalise content, analyse traffic, and enable certain functionality. We provide you with clear information and choice regarding cookies in accordance with PDPC guidelines.
| Cookie Type | Purpose | Consent Required |
|---|---|---|
| Strictly Necessary | Essential for website function, security, and session management. Cannot be disabled. | No (necessary for service) |
| Performance / Analytics | Google Analytics and similar tools to understand website usage and improve performance. | Yes |
| Functional | Remember your preferences, language settings, and login state. | Yes |
| Marketing / Targeting | Deliver relevant advertisements and measure campaign effectiveness. | Yes |
| Stripe Cookies | Stripe uses cookies for fraud prevention and ensuring secure payment sessions on our checkout pages. | No (necessary for payment processing) |
You may manage or withdraw your cookie preferences at any time using our Cookie Preference Centre accessible on our website footer, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our website and services.
The DTDC website may include links to third-party websites. When users navigate to such sites, only the information that they arrived from the DTDC website is shared with the third-party to monitor their web site traffic, but does not provide them with any information about the users of the DTDC website. DTDC is not responsible for the privacy policies of third-party websites, and users are encouraged to review those policies independently.
The PDPA and its 2020 amendments grant you the following rights in relation to your personal data. We will respond to verified requests within 30 calendar days of receipt, or inform you of a longer timeframe if needed.
| Right | Description |
|---|---|
| Right of Access | Request information about the personal data we hold about you and how it has been or may have been used or disclosed in the preceding one year. |
| Right of Correction | Request that we correct any error or omission in your personal data that is in our possession or control. Corrections will be made within 30 days. |
| Right to Withdraw Consent | Withdraw any consent you have previously given to us for collecting, using, or disclosing your personal data, subject to reasonable notice. |
| Right to Data Portability | Under the PDPA’s data portability obligation, request that certain personal data be transmitted to another organisation in a commonly used machine-readable format (once the relevant provision of the PDPA are fully in force). |
| Right re: Automated Decisions | Where we use automated decision-making that produces legal or similarly significant effects, request human review of such decisions. |
| Right to File a Complaint | Lodge a complaint with our DPO or directly with the Personal Data Protection Commission (PDPC) if you believe we have violated the PDPA. |
To exercise any of the above rights, please submit a written request to our Data Protection Officer at dpo@dtdc.com. We may request proof of your identity before processing your request. We will not charge a fee for access requests unless they are manifestly unfounded or excessive.
Exceptions: Please note that certain rights under the PDPA are subject to exceptions — for example, we may decline to provide access where it would reveal personal data of another individual, could interfere with law enforcement investigations, or where legal privilege applies. We will explain any such exceptions when responding to your request.
Singapore’s Do Not Call (DNC) Registry provisions under Part IX of the PDPA regulate the sending of unsolicited telemarketing and promotional messages to Singapore telephone numbers. Where we conduct markting or promotional activities directed at these numbers, we comply with all applicable DNC requirements.
Our services are not directed at children under the age of 18. We do not knowingly collect personal data from individuals under 18 years of age without verifiable parental or guardian consent. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact our DPO immediately at dpo@dtdc.com and we will promptly delete such data.
In the event that a shipment is to be sent on behalf of a minor (e.g., a gift addressed to a child), the personal data of the recipient child is used solely for delivery purposes and is subject to the same protections as adult data under this policy.
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, technology, legal requirements, or business operations. When we make material changes to this policy, we will:
Your continued use of our services after any changes to this policy constitutes your acknowledgement of the modified Privacy Policy. Previous versions of the Privacy Policy are available upon written request to our DPO.
If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal data, we encourage you to contact our Data Protection Officer in the first instance. We take all privacy concerns seriously and will endeavour to resolve complaints promptly and fairly.
Data Protection Officer
DTDC Global Express PTE Ltd. — Singapore
Email (DPO): dpo@dtdc.com
General Support: css.sg@dtdc.com
Postal Address: 101 Kitchener Road, #01-31 Jalan Besar Plaza, Singapore 208511
PDPC: www.pdpc.gov.sg
If your concern is not resolved to your satisfaction, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg. You may also submit a complaint through the PDPC’s online complaints portal.
This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Singapore.
© DTDC Global Express PTE Ltd. All rights reserved.