Privacy policy

Last updated on 14th April 2026.

This privacy policy (Privacy Policy) sets out the manner in which MUSTAFA’S PTE. LTD. (UEN: 198000780C), with its registered address at 145 Syed Alwi Rd, Mustafa Centre, Singapore 207704, and its related company, MOHAMED MUSTAFA & SAMSUDDIN CO. PTE LTD (UEN: 198900680Z), with its registered address at 668 Chander Road, #02-18, Singapore 210668, (collectively, Mustafa, we, our, us) both being Singapore incorporated private limited companies, may collect, use, disclose or otherwise process the data, whether true or not, about an individual who can be identified either (a) from that data; or (b) from that data and other information to which we have or are likely to have access (Personal Data) in accordance with the Personal Data Protection Act (PDPA) 2012 of Singapore, as may be amended from time to time. This Privacy Policy applies to all users of our Mustafa Rewards Application (App).

Collection of information

In order for us to provide our rewards services through the App, we collect and use certain Personal Data identified below.

While the specific types of Personal Data you submit through our App may vary depending on your access of the App and whether you maintain an account with us, there are various broad categories of Personal Data which are collected by us:-

  • Full Name. In accordance with the PDPA Advisory Guidelines, we do not collect your NRIC, passport, or other national identification numbers unless required by law or necessary to accurately establish or verify your identity to a high degree of fidelity.
  • Identity Data, which includes your country of residence, job title, age, marital status and/or gender.
  • Contact Data, which includes your address, e-mail address, fax and/or telephone and/or mobile number.
  • Membership and Activity Data, Transaction history, points earned/redeemed, voucher redemptions, Mustafa Rewards Lucky Draw entries.
  • Transaction Data, which includes your billing address, your mailing address or the mailing address of the intended recipient of your order, payments and orders to and from you, and other details of products and services that you have supplied to or purchased from us.
  • Usage Data, which includes information about how you use our App (including the time you visit our App, the duration of your Visit, the types of products and/or services you are searching for and/or how you are searching for such products and/or services) logins, reward selections and settings.
  • Marketing and Communications Data, which includes your interests, feedback, survey responses, preferences in receiving marketing materials from us and your communication preferences, as well as your preferences for particular products or services.
  • Technical Data, which includes your Internet Protocol (IP) address, the internet device identity or media access control address of your device, information regarding the manufacturer, model or operating system of the device that you use and/or information about the web browser that you use to access our App.
  • Any other types of Personal Data that we may collect from time to time, subject to notification and your consent where required by the PDPA.

How we collect your Personal Data

We collect your Personal Data:

  • Directly from you. You may give us your Identity, Contact, Profile and Transaction Data when you do any of the following (whether on your own behalf or on behalf of your organisation):
    • use our App;
    • register or create an account on our App;
    • enter into a contract with us or purchase our products;
    • make purchases and scan your member ID;
    • apply for or enquire about our App or products;
    • interact or engage with the App through cookies or tracking tools embedded in the App;
    • redeem points or vouchers, participate in a promotion campaign, lucky spins, lucky draw, points exchange, survey, event or other marketing campaign organised by us;
    • subscribe to our newsletters or alerts;
    • request marketing materials to be sent to you; or
    • contact us for customer support — for example, if you get in touch to give us some feedback.
  • From your authorised representatives. We may also collect your Identity, Contact, Profile and Transaction Data from your authorised representatives. These include persons whom you have authorised and persons who have been validly identified as acting on your behalf pursuant to our security procedures.
  • When you interact with our App. As you interact with our App, we may automatically collect your Technical Data. We may collect such personal data by using App cookies or other forms of technology.
  • Third parties or publicly available sources. We may receive your Personal Data from third parties which are located in various countries. These include:
    • Technical Data from analytics providers such as Google, advertising networks and social media platforms such as LinkedIn, X and Facebook; and
    • Contact and Transaction Data from providers of technical, payment and delivery services.

Purposes for processing your Personal Data

  • To register you as a new customer.
  • To verify your identity.
  • To notify and deliver any rewards or participation in any lucky draws to winners.
  • To manage your membership account.
  • To manage our relationship with you.
  • To administer, operate, provide, maintain and protect our business and our App (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, as well as ensuring that unauthorised users do not access the information on our App).
  • To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve you.
  • To make suggestions and recommendations to you about products or services that may be of interest to you.
  • To send you relevant information about our events, news announcements or promotions.
  • To enable you to complete a survey or participate in a promotion, survey, event or other marketing campaign organised by us.
  • To comply with any applicable laws, regulations, codes of practice, guidelines or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority.
  • To personalise your experience of the App.
  • Any other purposes for which you have provided the information.
  • Any other incidental business purposes related to or in connection with the above.
  • To facilitate secure access to the App, including verifying your identity via 2-Factor Authentication (2FA) and one-time passwords (OTP).
  • To contact you in relation to all of the above.

The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

Representations and Warranties

You and/or each Participant represents, warrants, and covenants that they are and shall remain in full compliance with all applicable laws, rules, regulations, and ordinances of Singapore and any other relevant jurisdiction. Each Participant shall indemnify, defend, and hold harmless Mustafa, its affiliates, officers, directors, employees, and agents from and against any and all claims, losses, damages, liabilities, costs, and expenses (including reasonable legal fees) arising out of or in connection with any breach of this representation, warranty, or covenant. Mustafa shall have no liability whatsoever for any breach by any Participant of this clause, and each Participant acknowledges that Mustafa is entitled to rely absolutely on these representations and warranties.

Promotional offers and marketing

By providing your Contact Data and explicit consent, you may receive periodic communications from us through various channels (including mail, telephone, email, SMS, and fax) containing information about our products, services, and events. Such marketing communications will only be sent in accordance with your expressed preferences and the requirements of the PDPA. We will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your Personal Data to any third party for such marketing.

If you no longer wish to receive such mailings, faxes, messages, e-mails or calls, you may withdraw your consent by logging into our App and updating your preferences under “My Account”.

Cookies

We use cookies, SDKs, or other technology to collect data to provide visitors with a personalised experience on our App and get information on app performance, usage, and user preferences. Cookies are pieces of information that an App transfers to the memory or hard drive of a visitor’s computer for record-keeping purposes. We use cookies to allow access without re-entering the visitor’s User ID, to make improvements, and to better tailor our App to our visitors’ needs. We also use this information to verify that visitors meet the criteria required to process their requests.

Most browsers and applications used by visitors have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. However, if you disable or refuse cookies, please note that some parts of our App may become inaccessible or not function properly. In addition, you can delete our cookies from your browser program at any time.

Change of purpose

We will only process your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If there is any change to the purposes for which we collect or use your Personal Data, we will inform you of such change by way of email or through the App before or during the collection or use of your Personal Data. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at mustafarewards.app. If we need to use your Personal Data for a new purpose, we will notify you before such use and will explain the legal basis which allows us to do so as well as obtain your consent to the use of your Personal Data for such purpose where we are required to do so by law.

Disclosure of information

We may share and disclose your Personal Data to our Affiliates and third parties in limited circumstances as set out below:

  • We may share your Personal Data with our suppliers, agents or contractors in connection with services they perform for us or pursuant to agreements with our suppliers.
  • We may share your Personal Data with third parties to comply with a legal obligation, when we believe in good faith that an applicable law requires it, at the request of government authorities conducting an investigation, to verify or enforce our contractual rights or other applicable policies, to detect and protect against fraud or any technical or security vulnerabilities, to respond to an emergency, or otherwise to protect the rights, property, safety or security of third parties and visitors to our App or the public.
  • As we continue to develop our business, we may sell or purchase assets. If another entity acquires or merges with us, your Personal Data will be disclosed to such entity.
  • Also, if any bankruptcy or reorganisation proceeding is brought by or against us, all such information will be considered an asset of ours and as such it is possible they will be sold or transferred to third parties.

We do not disclose your Personal Data to unaffiliated third parties for their independent use unless we have obtained your consent to do so and pursuant to executing confidentiality agreements with such unaffiliated third parties. We also require all third parties to respect the security of your Personal Data and to treat it in accordance with the applicable law.

Retention of information

We only retain your Personal Data for as long as is necessary for us to process your Personal Data as described above. However, please be advised that we may retain some of your Personal Data after you cease to use our services, for instance, if the data is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.

In some circumstances, we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

We will deactivate your account and anonymise your Personal Data after twenty-four (24) months of inactivity on the App, except where: (i) retention is required by applicable Singapore laws and regulations; (ii) retention is necessary for our legitimate business purposes as permitted under the PDPA; or (iii) you have provided explicit consent for continued retention. We will inform you before such deactivation via your registered contact details.

International transfers of information

We may transfer your Personal Data to countries outside of Singapore and if we do so, we will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. For example, we will always ensure that there is a proper legal agreement that covers the data transfer.

Security

Our management and teams implement appropriate technical and organisational security measures, in accordance with the PDPA and its associated regulations, to protect all information obtained from our online visitors against unauthorised access (eg, data breach), collection, use, disclosure, copying, modification, or disposal, or similar risks, and we periodically review our security measures. Although there is no way that any company can absolutely guarantee the security of your Personal Data, we are committed to employing reasonable security measures, regularly reviewing our security practices (security risk assessments/audits), and taking legally appropriate steps. You are responsible for keeping your login information and passwords confidential. We use reasonable security tools and/or certificates for our App security certificates. Please be aware that these protection tools do not protect information that is not collected through our App, such as information provided to us by e-mail.

However, no digital transmission is completely secure. You are encouraged to keep your login credentials private.

Collection of information from children

We do not knowingly collect Personal Data from children under the age of 18. If you are under the age of 18, please do not use this App without a parent or guardian, nor provide Personal Data to us of any kind whatsoever.

Where appropriate, a parent or guardian may register a child under the age of 18 and provide verifiable consent to collect and use such Personal Data for limited purposes as specified in this Privacy Policy. We will obtain specific parental consent before collecting any additional Personal Data or using collected Personal Data for purposes beyond those specifically consented to.

Making changes to your Personal Data

Under the PDPA, you have the right to:

  • Access and request a copy of your personal data
  • Correct or update inaccurate data
  • Withdraw consent for specific uses
  • Request deletion of your data (subject to limitations)

You can access, correct, and edit any of the personal data that you have provided by logging into our App and updating your preferences under “My Account”.

Links to other sites

Our App may contain links to other sites. These sites are not covered by this Privacy Policy, and we are not responsible for the privacy practices or the content of these sites.

Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy and related business practices at any time by posting updated text on this page or sending you notice of such changes where appropriate. Please check this page periodically for updates. Your continued use of our App and Services constitutes your acknowledgement and acceptance of such changes.

Contact us

If you have any comments, questions or complaints about our Privacy Policy, please contact us through MustafaRewards.app