Privacy Policy

This Privacy Policy ("Policy") explains how Revol Carz Makeover Pte Ltd ("Revol Carz", "we", "us", "our") collects, uses, discloses, and protects your personal data when you visit www.revol.com.sg (the "Site"), contact us, or use our services. We handle personal data in accordance with the Singapore Personal Data Protection Act 2012, as amended by the Personal Data Protection (Amendment) Act 2020 (together, the "PDPA").

01Personal data we collect

Identification and contact data

When you submit an inquiry, request a quotation, book an appointment, send us a WhatsApp, call, or email us, we may collect:

• Your name (first and last)
• Phone or mobile number
• Email address
• Vehicle information (make, model, registration plate, year)
• Service preference and budget
• Photographs, videos, or documents you provide
• Insurance details where the service involves a motor insurance claim

Site usage data

When you browse the Site, we automatically collect:

• IP address (truncated for analytics where possible)
• Device type, browser type, and operating system
• Pages viewed, time on page, click paths, and referrer
• Approximate geographic region (city or country level)
• Cookies and similar identifiers (see Section 6)

Marketing preferences

If you opt in to broadcasts or marketing communications, we record your subscription status and which channels you have consented to (WhatsApp, email, SMS).

02How we collect your personal data

We collect personal data:

• Directly from you, when you contact us, send an inquiry, book a service, or interact with our staff
• Automatically, when you visit the Site (via cookies and analytics tools)
• From third parties only where you have authorised this (for example, an insurance assessor you have approved to share claim details with us)

03Purposes of collection and use

We process personal data for the following purposes:

• Service delivery: providing quotations, booking appointments, performing the agreed work, processing payment, issuing invoices, and following up after delivery
• Customer support: answering questions, handling complaints, and providing aftercare information
• Insurance and claims: communicating with motor insurers and assessors when the work is part of a claim
• Marketing (only with your consent, or under deemed consent by notification): newsletters, promotional offers, service reminders, and updates about products or services that may be of interest
• Site improvement: analysing how visitors use the Site to improve content and performance
• Legal compliance: complying with applicable laws and lawful requests from authorities
• Fraud prevention and security: protecting our customers, our staff, and our systems

04Legal basis under PDPA

We rely on one or more of the following bases under the PDPA:

• Express consent: where you have explicitly given us permission (for example, ticking a marketing opt-in on the inquiry form)
• Deemed consent: where you voluntarily provide personal data for an obvious purpose (for example, providing your phone number so we can call you back about a quotation)
• Deemed consent by notification: where we have notified you of a new purpose for processing data already collected, and you have not opted out within a reasonable period
• Legitimate interests: where processing is necessary for our legitimate business interests, such as fraud prevention or Site security, and does not override your rights or freedoms
• Legal obligation: where processing is required to comply with applicable laws

05Who we share your personal data with

We do not sell your personal data. We may share your personal data with:

• Service providers acting on our instructions: web hosting (Vercel, Cloudflare), analytics (Google Analytics 4), advertising (Google Ads, Meta Ads), customer messaging (WhatsApp Business), email delivery, and similar processors. These providers are contractually required to safeguard your data and use it only for the agreed purpose.
• Insurers and motor claim agents: where the service involves a motor insurance claim
• Professional advisors: our accountants, lawyers, and auditors, where reasonably necessary
• Authorities: where required by Singapore law, a court order, or in response to a lawful request
• Successors: in the event of a merger, acquisition, or sale of business, your data may be transferred to the new owner, who will be bound to honour this Policy or to give you reasonable notice of any change

06Cookies and similar technologies

The Site uses cookies and similar identifiers to provide essential functionality, measure usage, and (with your consent) deliver targeted marketing.

Categories

• Strictly necessary cookies are used to operate the Site and cannot be switched off (for example, your accepted language and cookie preferences).
• Analytics cookies help us understand how visitors use the Site. We use Google Analytics 4 via Google Tag Manager. IP addresses are anonymised before processing where possible.
• Marketing cookies are used by us and our partners (Google, Meta) to deliver relevant advertising. These are set only when you give consent.

How to manage cookies

You can manage cookies through your browser settings, and opt out of specific platforms here:

• Google: adssettings.google.com
• Meta: facebook.com/settings/?tab=ads
• General opt-out portal: optout.aboutads.info

07How long we keep your personal data

We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by Singapore law (for example, accounting records must be kept for at least five years under the Companies Act).

Typical retention periods:

• Inquiries that do not become bookings: up to 24 months
• Service records and invoices: 7 years (financial records retention)
• Marketing subscribers: until you unsubscribe; after that we retain only a suppression record so we do not contact you again
• Website analytics: as set by the analytics tool (typically up to 26 months for GA4)

When personal data is no longer needed, we delete or anonymise it.

08Cross-border transfer

Most processing happens in Singapore. Some processing by our service providers may take place in other jurisdictions (for example, Google Analytics in the United States or European Union). Where personal data is transferred outside Singapore, we take reasonable steps to ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection comparable to that under the PDPA, in line with PDPA Section 26.

09Data security

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• HTTPS encryption for all Site traffic
• Access controls for staff and contractors who handle personal data
• Regular review of vendors and their data-handling practices
• Confidentiality obligations on all staff

No method of transmission over the internet or storage is fully secure. While we use reasonable safeguards, we cannot guarantee absolute security.

10Data breach notification

11Children

The Site is not directed at children under 13, and we do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please contact our DPO and we will delete it.

12Your rights under PDPA

You have the following rights in respect of personal data we hold about you:

• Right to access: you may request a copy of your personal data and information on how it has been used or disclosed in the past year
• Right to correction: you may request correction of inaccurate or incomplete personal data
• Right to withdraw consent: you may withdraw consent for any further collection, use, or disclosure of your personal data, subject to legal or contractual restrictions and reasonable notice
• Right to data portability (when in force under PDPA): you may request transfer of your personal data to another organisation in a structured, commonly used, machine-readable format
• Right to complain: if you believe we have not complied with the PDPA, you may complain to us at the contact details below, and you may also approach the PDPC at pdpc.gov.sg

To exercise any of these rights, please contact our Data Protection Officer (see Section 14). We will respond to your request within 30 days, subject to verification of your identity. A reasonable fee may apply for access requests, in line with PDPA Section 28.

13Marketing and unsubscribe

If you no longer wish to receive marketing communications from us, you may:

• Reply STOP to any WhatsApp broadcast
• Click the unsubscribe link in any marketing email
• Email enquiry@revol.com.sg

We honour all unsubscribe requests within seven business days.

14Data Protection Officer (DPO)

Our Data Protection Officer is responsible for personal data matters and is your point of contact for questions, requests, or complaints under the PDPA.

15Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will publish the updated Policy on this page with a revised "Last updated" date. Where the change is material, we will notify you by email or WhatsApp if we have those contact details on file.

16Governing law

This Privacy Policy is governed by the laws of the Republic of Singapore.

Copyright © 2003-2026 Revol Carz Makeover Pte Ltd. All rights reserved.