fbpx
top

Privacy Policy

The Summerhouse Privacy Notice

1. ABOUT THIS PRIVACY NOTICE

1-Garden Pte Ltd (UEN: 200903063H) (“The Summerhouse”, “we”, “us” or “our”) is dedicated to safeguarding the personal data of our guests, members, business contacts, job candidates and visitors to our websites. This Privacy Notice describes what personal data we gather, how we use and secure it, the parties with whom we share it, and the rights available to you regarding your personal data.

We handle personal data in accordance with the Singapore Personal Data Protection Act 2012 (the “PDPA”), the Spam Control Act 2007, and any other relevant legislation.

Please review this Notice carefully so that you are familiar with our approach to your personal data. By accessing our websites, completing a reservation, enrolling as a 1-Insider member, or otherwise interacting with us, you confirm that you have read this Notice.

2. WHO WE ARE

The Summerhouse functions as a nature-inspired dining and lifestyle destination situated within Seletar Aerospace Park, Singapore. Throughout this Notice, references to “The Summerhouse”, “we”, “us” or “our” encompass 1-Garden Pte Ltd together with the respective operating entities responsible for managing the following brands and venues (collectively referred to as our “Venues”):

  • Botanico: A contemporary farm-to-table restaurant offering modern Asian-European cuisine.
  • Wildseed Café: A casual all-day dining café nestled amid lush greenery.
  • Wildseed Bar: A relaxed garden bar providing cocktails, wines and casual dining experiences.
  • 1-Host: Our dedicated team overseeing weddings, private celebrations, corporate events and venue bookings at The Summerhouse.

This Notice covers all personal data gathered by or on behalf of The Summerhouse through our brands and Venues, our websites (including thesummerhouse.sg and individual Venue pages), mobile applications, the 1-Insider loyalty programme, reservation and event-enquiry channels, marketing communications, and any other engagements with us. We may also process personal data where necessary to fulfil applicable legal and regulatory obligations, respond to subpoenas, search warrants or other lawful requests, uphold the integrity and security of our websites, or protect and enforce our legal interests.

3. OUR DATA PROTECTION OFFICER

In accordance with section 11(3) of the PDPA, we have designated a Data Protection Officer (“DPO”) who is responsible for overseeing our compliance with the PDPA and for addressing queries, requests and complaints relating to your personal data.

You may reach our DPO using the details provided in Section 19 (How to Contact Us).

4. WHO THIS NOTICE APPLIES TO

We collect and manage personal data relating to the following groups of individuals:

  • Guests and customers — including diners, reservation-holders, walk-in patrons, event attendees, wedding and private-hire clients, and voucher recipients.
  • 1-Insider loyalty programme members — current, prospective and former members.
  • Marketing list subscribers — individuals who have signed up to receive our email or SMS marketing communications.
  • Business contacts and suppliers — including current, prospective and former suppliers, partners, agents, contractors, vendors and their personnel.
  • Job applicants and prospective workers — including candidates for full-time, part-time, casual and contractor roles, and applicants referred through recruitment agencies.
  • Website visitors — including visitors to thesummerhouse.sg, our Venue websites, and any The Summerhouse platform or microsite.
  • Individuals captured on CCTV at our Venues, and individuals photographed or filmed at events hosted at our Venues.

5. PERSONAL DATA WE COLLECT

The categories of personal data we gather depend on how you engage with us. They may include:

Identity and contact data

  • Name, salutation, title, date of birth, gender, nationality.
  • Home and/or business address, postal code, country of residence.
  • Email address, mobile and other telephone numbers.
  • Identity-document details where required (for example, NRIC/FIN number, passport details — only where necessary, such as for tax-invoice purposes or guest verification at certain events; we do not gather or retain full NRIC numbers except where required by law).

Reservation, event and visit data

  • Reservation details — date, time, party size, Venue, table preference, special occasion details, and notes provided to the host.
  • Event and wedding enquiry information — guest numbers, budget range, event date, dietary or thematic requirements, vendor preferences.
  • Dietary, allergy and accessibility information you supply so we can serve you safely. By sharing this information, you agree to our using it for that purpose.
  • Purchase, billing and transaction records at our Venues.

Loyalty programme data

  • 1-Insider membership data — tier status, points balance, redemption history, transaction history across Venues, communication preferences, and preferences and feedback noted during visits.

Financial and payment data

  • Credit and debit card details (processed by our PCI-DSS-compliant payment processors; we do not store full card numbers).
  • Billing addresses, deposit and refund details, and invoicing information.

Marketing preferences and communications data

  • Marketing channel preferences (email, SMS, push notification), opt-in and opt-out history, and language preference.
  • Engagement data relating to our marketing emails, such as open and click rates, where we use tracking technologies for analytics purposes.

Website, device and online behaviour data

  • Technical data such as IP address, device identifier, operating system, browser type and version, time-zone setting, and referring URL.
  • Usage data such as pages visited, links clicked, search terms, time on page, navigation paths, and dates and times of visits.
  • Attribution data — first-touch and last-touch source, medium and campaign details gathered via our marketing attribution cookie (the “_1g_attr” cookie) and stored against your reservation or enquiry where one is made.

CCTV, photography and event imagery

  • CCTV footage recorded at our Venues for security, loss-prevention, health-and-safety and incident-investigation purposes.
  • Photographs and video recordings taken at events, weddings and private functions held at our Venues, including for promotional and editorial purposes where we have a lawful basis to do so.

Job applicant data

  • Name, contact details, date of birth, work-permit status, nationality.
  • CV, cover letter, employment history, qualifications and references.
  • Information provided during interviews, including those conducted by phone, video or in person.
  • Information sourced from publicly available channels such as LinkedIn and from recruitment agencies.
  • Right-to-work, criminal-record and background-check information where lawfully required for the role.

Correspondence and feedback data

  • The content of any messages, emails, calls or chat sessions you conduct with us (including with our reservations team, our concierge, our 1-Insider support, and our event-enquiry team).
  • Reviews, survey responses, complaints and feedback you submit.

We do not knowingly gather personal data from children under 13 through our websites. The 1-Insider programme and our online reservation forms are not intended for children. If you believe we have inadvertently collected personal data from a child, please contact our DPO.

6. HOW WE COLLECT PERSONAL DATA

We gather personal data through the following channels:

  • Directly from you — when you make a reservation, dine or participate in an event at a Venue, enquire about a wedding or private function, subscribe to marketing, join the 1-Insider programme, redeem a voucher, contact us, complete a survey, apply for a position, or otherwise engage with us.
  • Automatically through our websites and apps — via cookies, pixels, scripts, SDKs and similar technologies (see Section 13).
  • From third parties acting on our behalf or on your behalf — including reservation platforms (such as SevenRooms and Tripleseat), event and wedding-enquiry platforms, payment processors, recruitment agencies, loyalty-programme processors (Eber), email and SMS service providers, web-analytics providers, social-media platforms, advertising networks and our authorised vendors.
  • From publicly available sources — such as social media (e.g. LinkedIn for recruitment purposes), professional directories, and public commentary about our Venues that we monitor for service-improvement purposes.
  • From other guests in your party — for example, when a host makes a booking on behalf of a group, when a wedding planner provides guest details, or when a corporate organiser supplies attendee lists for a private function. Where you provide us with personal data about another individual, you confirm that you are authorised to share that information with us for the purposes outlined in this Notice.

7. HOW WE USE PERSONAL DATA

We use personal data for the following purposes:

  • To deliver our services to you — including taking and managing reservations, hosting your visit, preparing food and beverages safely (including in consideration of any dietary, allergy or accessibility information you have provided), facilitating events and private hires, providing concierge and customer-service support, and operating the 1-Insider loyalty programme.
  • To handle transactions — including processing payments, issuing receipts and tax invoices, managing refunds, and resolving billing queries.
  • To correspond with you — including sending reservation confirmations and reminders, event-planning communications, service-related updates, responses to enquiries, and 1-Insider member service communications.
  • To send marketing communications — including newsletters, promotions, event announcements, seasonal offers and member-exclusive benefits, where you have provided your consent or where we are otherwise permitted to do so under the PDPA, the Spam Control Act 2007 and the Do Not Call (“DNC”) provisions.
  • To personalise your experience — including by retaining your preferences (such as table preference, dietary requirements, preferred Venues and past orders) so we may tailor future visits and communications.
  • To operate, maintain and secure our websites and apps — including troubleshooting, analytics, performance monitoring, fraud prevention, misuse detection, and the use of marketing-attribution technology to understand how our marketing channels generate enquiries and reservations.
  • To conduct market research, analytics and reporting — including aggregated and de-identified analysis of guest behaviour, marketing effectiveness, and operational performance across our Venues.
  • To recruit, assess and onboard staff — including for the purposes outlined in Section 16.
  • For health, safety and security at our Venues — including the operation of CCTV systems, incident response, and emergency-services coordination.
  • To fulfil legal and regulatory obligations — including tax and accounting requirements, licensing obligations, public-health duties, and responding to lawful requests from regulators, law-enforcement or other authorities.
  • To protect our legal interests — including establishing, exercising or defending legal claims, and managing disputes.
  • For corporate transactions — including in the event of a merger, acquisition, restructuring, financing, asset sale, or similar transaction involving The Summerhouse or any Venue.

8. ACCESS AND CORRECTION OF PERSONAL DATA

Under the PDPA we may only gather, use or disclose personal data with the individual’s consent, unless an exception applies. The bases on which we rely are outlined below.

Consent

Where we request your consent — for example, when you tick a marketing opt-in box, when you enrol in the 1-Insider programme, or when you submit a wedding enquiry — we will use your personal data for the purposes communicated to you at the time of collection.

Deemed consent

In certain circumstances the PDPA considers consent to have been granted. For example, where you voluntarily provide your personal data for an apparent purpose (such as sharing your phone number when booking a table, so we can contact you regarding that reservation), you are regarded as having consented to our using it for that purpose.

We also rely on deemed consent by notification (PDPA s.15A) for certain secondary purposes that are reasonably necessary, where we have notified you of the purpose, provided a reasonable opportunity to opt out, and conducted an assessment confirming that the use would not likely have any adverse effect on you.

Legitimate interests

We rely on the legitimate-interests exception in the PDPA (paragraph 1 of Part 3 of the First Schedule) for certain processing where our legitimate interests in running, securing and improving our business are not outweighed by any adverse effect on you. Examples include fraud prevention, security at our Venues, internal audit, and certain analytics activities.

Business improvement

We rely on the business-improvement exception (paragraph 1 of Part 5 of the First Schedule) for certain internal analyses to enhance our products, services, operations and marketing effectiveness.

Legal obligations and vital interests

We may use personal data without consent where required by law, where it is necessary to address an emergency threatening life, health or safety, or where another exception in the PDPA is applicable.

Withdrawing consent

Where we rely on your consent, you may withdraw it at any time by contacting our DPO. Withdrawing consent does not affect the lawfulness of any processing carried out prior to withdrawal. If you withdraw consent, we may be unable to continue providing certain services to you — for example, we cannot manage your 1-Insider membership if you withdraw consent for the use of your membership data — and we will inform you if that is the case.

9. HOW WE SHARE PERSONAL DATA

We may disclose your personal data with the following categories of recipients:

Within The Summerhouse

We may share personal data among The Summerhouse entities and across our Venues — for example, to ensure a 1-Insider member is recognised at any Venue, and to allow group-level analytics, marketing and customer-experience teams to serve you consistently.

Our service providers and data intermediaries

We engage third-party service providers (“data intermediaries” under the PDPA) to handle personal data on our behalf and subject to contract. Categories include:

  • Reservation and event-management platforms (for example, SevenRooms and Tripleseat).
  • Loyalty-programme platforms (for example, Eber, which provides the 1-Insider technology platform).
  • Payment processors (for example, Stripe and our point-of-sale and merchant-acquiring partners).
  • Cloud and hosting providers (for example, Google Cloud, Amazon Web Services, Vercel, Supabase).
  • Productivity and communications providers (for example, Google Workspace, Slack).
  • Email, SMS and push-notification service providers.
  • Analytics, marketing-attribution and advertising platforms (for example, Google Analytics, Google Ads, Meta, TikTok).
  • Customer-feedback, review-monitoring, survey and CRM tools.
  • Recruitment, background-check and human-resources platforms.
  • Security, CCTV, IT-security and fraud-prevention providers.
  • Professional advisers, including lawyers, accountants, auditors and insurers.

We require our data intermediaries to handle personal data solely in accordance with our instructions, to implement appropriate security safeguards, and to comply with the PDPA.

Other recipients

  • Government agencies, regulators, courts, law-enforcement and other authorities — where required or permitted by law.
  • Prospective or actual buyers, investors or financiers — in connection with any corporate transaction involving The Summerhouse or any Venue, subject to appropriate confidentiality protections.
  • Other third parties — with your consent or at your direction.

We do not sell your personal data, and we do not lease our marketing or membership lists to third parties for their own marketing activities.

10. TRANSFERS OF PERSONAL DATA OUTSIDE SINGAPORE

Some of our service providers — including cloud-hosting, payment, marketing-technology, reservation and loyalty-programme providers — are based outside Singapore or utilise infrastructure outside Singapore. As a result, your personal data may be transferred to, and processed in, jurisdictions including the United States, the European Union, the United Kingdom, Australia, India, Hong Kong and other countries.

In accordance with section 26 of the PDPA, prior to transferring personal data outside Singapore we take steps to ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection comparable to the PDPA. These steps include establishing contractual protections (such as data-processing addenda and standard contractual clauses) with our service providers, and relying on other transfer mechanisms recognised under Singapore law.

You may request further information about our cross-border transfer arrangements by contacting our DPO.

11. HOW LONG WE KEEP PERSONAL DATA

We retain personal data only for as long as is reasonably necessary to fulfil the purposes for which it was gathered, including for the purposes of satisfying any legal, accounting, regulatory or contractual requirements.

When determining retention periods we consider:

  • The nature, volume and sensitivity of the personal data.
  • The purposes for which we process the personal data.
  • Whether those purposes can be achieved through other means.
  • Our legal, tax, accounting and licensing obligations.
  • The potential risk of harm from unauthorised use or disclosure.

As examples:

  • Reservation data is generally retained for the duration of the guest relationship and for a reasonable period thereafter to support customer service and to defend against claims.
  • 1-Insider member data is retained for the duration of your membership and for a reasonable period following dormancy or termination.
  • Job-applicant data for unsuccessful candidates is generally retained for up to 12 months following the recruitment decision, unless you request that we retain it longer in case suitable future roles become available.
  • Financial and transaction records are retained in accordance with the Companies Act 1967, the Income Tax Act 1947, and the Goods and Services Tax Act 1993.
  • CCTV footage is generally retained for a brief period (typically up to 30 days) unless required for a specific incident investigation.

When personal data is no longer needed, we will either delete it, anonymise it (so it can no longer be associated with you), or return it to you, in accordance with the PDPA.

12. HOW WE PROTECT PERSONAL DATA

We have put in place physical, technical and organisational security measures designed to safeguard personal data against accidental or unlawful loss, alteration, disclosure or access. These include access controls, encryption in transit and (where appropriate) at rest, contractual safeguards with our service providers, staff training, and incident-response procedures.

No system can be entirely secure. If we become aware of a data breach that is likely to cause significant harm or affects a substantial number of individuals, we will notify the Personal Data Protection Commission (“PDPC”) and (where required) affected individuals in accordance with the PDPA’s Data Breach Notification Obligation.

13. COOKIES, ANALYTICS AND MARKETING ATTRIBUTION

We use cookies and similar technologies (including pixels, scripts and SDKs) on our websites and in our marketing emails. These technologies allow us to identify your device, retain your preferences, understand how you navigate our websites, assess marketing performance, and detect fraud.

Types of cookies we use

  • Strictly necessary cookies — required for the website to operate (for example, session management and form submission).
  • Performance and analytics cookies — to understand how visitors use our websites (for example, Google Analytics).
  • Marketing and advertising cookies — to display relevant advertising and measure advertising effectiveness (for example, cookies placed by Google Ads and Meta).
  • Attribution cookies — including our first-party “_1g_attr” cookie, which records the source, medium and campaign that directed you to our website and links them to any reservation or enquiry you subsequently submit. This information is stored against your booking record so we can evaluate which of our marketing channels are performing effectively.

You can manage the use of cookies through your browser settings and, where available, through our on-site cookie-preference tools. Disabling certain cookies may impact website functionality.

For further information about the use of cookies, see our separate Cookie Notice (where published) or contact our DPO.

14. MARKETING COMMUNICATIONS, THE DNC REGISTRY AND THE SPAM CONTROL ACT

We send marketing communications only where we have a lawful basis to do so.

Email marketing

Marketing emails are sent in compliance with the Spam Control Act 2007. Every marketing email includes an accurate sender identity, a clear subject line, and a functioning unsubscribe mechanism. You can unsubscribe at any time by clicking the unsubscribe link in any email or by contacting our DPO.

SMS, telephone calls and fax — DNC compliance

Before sending marketing SMS or placing marketing calls to a Singapore telephone number, we either check the relevant DNC Registers maintained by the PDPC, or we rely on a clear and unambiguous written or recorded consent to receive such marketing, or we rely on the “ongoing relationship” exception where applicable.

You can opt out of marketing SMS at any time by replying STOP to the message or by contacting our DPO. You may also register your number on the DNC Register at www.dnc.gov.sg.

Service-related communications

Communications that are not marketing in nature — for example, reservation confirmations, event-planning correspondence, 1-Insider account updates, and operational notices — are necessary for the delivery of our services to you. You may not be able to opt out of these while continuing to use the relevant service.

15. CCTV AT OUR VENUES

Our Venues use CCTV for the purposes of security, loss prevention, health and safety, incident investigation and the protection of guests, staff and property. Notices are displayed at our Venues to inform visitors of CCTV operation. CCTV footage is retained for a limited period and is accessed only by authorised personnel for the purposes outlined above, unless required to be retained for a specific investigation or legal proceeding.

16. PHOTOGRAPHY & VIDEOGRAPHY AT EVENTS

We may take photographs and video recordings at our Venues, including at events, weddings, openings and other functions. Where we intend to use any such imagery for marketing, social-media or editorial purposes, we will rely on the basis appropriate to the context — for example, your consent (such as a release in your event contract for weddings and private hires), the deemed-consent provisions of the PDPA, or another applicable basis.

If you do not wish to appear in marketing imagery, please inform our event team or our DPO.

17. JOB APPLICANTS

When you apply for a role with The Summerhouse, we use your personal data to evaluate your suitability, conduct interviews, carry out reference and background checks where relevant, communicate with you during the recruitment process, and (if successful) onboard you as an employee or contractor.

Where your application is unsuccessful, we will generally retain your details for a reasonable period (typically up to 12 months) so that we may consider you for other suitable roles, unless you request us to delete your details sooner.

We do not use solely automated decision-making to reach significant decisions regarding your application.

18. YOUR RIGHTS UNDER THE PDPA

Subject to the requirements and exceptions in the PDPA, you have the following rights in relation to your personal data:

  • The right to access your personal data — to request information about the personal data we hold about you and how it has been used or disclosed in the year preceding your request (PDPA s.21).
  • The right to correct your personal data — to request that we rectify any error or omission in personal data we hold about you (PDPA s.22).
  • The right to withdraw consent — to withdraw any consent you have provided for our collection, use or disclosure of your personal data (PDPA s.16).
  • The right to be informed of the purposes for which we use your personal data.
  • The right to data portability — once the relevant provisions of the PDPA come into force (PDPA sections 26F to 26J), to request that we transmit your personal data in a structured, commonly used and machine-readable format to another organisation.

We will respond to access and correction requests within 30 days, or notify you if additional time is needed. We may charge a reasonable fee for access requests, in accordance with the PDPA.

To exercise any of these rights, please contact our DPO using the details in Section 19. We may need to verify your identity before responding.

19. HOW TO CONTACT US

Questions, comments, requests and complaints relating to this Privacy Notice, or to the manner in which we handle your personal data, should be directed to our DPO:

Data Protection Officer

Immelia Izalena

1-Garden Pte Ltd

211 Henderson Road, #04-03, Singapore 159552

Email: marketing@1-group.com.sg

20. COMPLAINTS TO THE PDPC

If you are not satisfied with how we have handled a privacy-related concern, you have the right to submit a complaint to the Personal Data Protection Commission, Singapore:

Website: www.pdpc.gov.sg

Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438

We would, however, welcome the opportunity to address your concern first — please contact our DPO before approaching the PDPC.

21. UPDATES TO THIS PRIVACY NOTICE

We may revise this Privacy Notice from time to time to reflect changes in our practices, our services, or applicable law. When we make material changes, we will indicate this by updating the “Last updated” date at the top of this Notice and, where appropriate, by providing you with additional notice (for example, by email or via a banner on our website).

Please review this Notice periodically to remain informed about how we manage your personal data.

22. GOVERNING LAW

This Privacy Notice and our handling of your personal data are governed by the laws of Singapore.

23. CONTACT US

If you have questions about this Privacy Policy, please reach us by email at marketing@1-group.com.sg