PRIVACY POLICY
✳︎
PRIVACY POLICY ✳︎
Privacy Notice
BBH Communications (Asia Pacific) Pte. Ltd (“BBH” “we,” “us,” or “our”), is a creative agency incorporated in Singapore that maintains BBH Culture Studio to explore, and create communities and leadership in, the subcultures of today.
This Privacy Notice sets out how we collect, use, share, and protect your personal information that we collect through this website (“Website”), and how you may contact us regarding our privacy practices.
Please note, this Privacy Notice does not apply to the services provided by us on behalf of clients or to data that we process on behalf of our clients.
Introduction
Any personal data (as defined under applicable data protection laws, referred to as “Personal Data”) collected through this Website will only be used for the purposes set out in this Privacy Notice.
We may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. When data is collected on this Website, we are acting as a data controller (or such other cognate term as may be defined under applicable data protection laws).
Please read this Privacy Notice thoroughly. If you disagree with the way personal information will be used, please discontinue your use of this Website.
We may include links to other websites, including social media platforms. This Privacy Notice only covers this Website and does not apply to the data practices of other websites. We encourage you to read the privacy notices available on other websites you visit.
What Personal Data and Sensitive Personal Information do we collect and process through the Website?
The following table describes the categories of Personal Data and Sensitive Information we collect.
Category of Personal Data
Contact Information and Identifiers
Your verbatim communications to us
General Geolocation data
Examples
First name, last name, e-mail address that you provide to us; online identifiers (incl. IP address, Cookie IDs)
Information that you send directly to us to express interest in BBH Culture Studios initiatives
Non-precise location information from your device or IP address
Purpose of data collection and legal basis
The following table provides information about our purposes and legal basis for collecting your Personal Data:
Purpose
Why?
To read and respond to your queries to us, sent using our online query form
Depending on your request, we will rely on our legitimate interest or the performance of pre-contractual measures to respond to individuals’ queries
When you contact us through the data access request form
We rely on our legal obligation to provide you a process to exercise your rights
Legal purposes, such as:
(a) comply with legal process or a regulatory investigation (e.g. regulatory authorities’ investigation, subpoena, or court order); (b) enforce our Terms of Service, this Privacy Notice, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of other parties; and/or (d) protect the rights, property or personal safety of us, our platform, our customers, our agents and affiliates, its users and/or the public. Such disclosure may be for a business purpose, but may also be considered a “sale” under certain state privacy laws.
We rely on our legal obligation or the performance of contract to support such legal purposes.
Operating and maintaining our Website, for example, operating, analyzing, improving, and securing our Website
We rely on your consent / our legitimate interest to improve our services and develop new products
We use analytics services, such as Google Analytics, to help us understand how users access and use the Website.
We rely on your consent / our legitimate interest to support our internal operations
Where we rely on your consent as our basis for processing your Personal Data, you have the right at any time to withdraw such consent, subject to limited exceptions provided in applicable personal data protection laws.
Automated Decision Making and Profiling
When processing your Personal Data, we do not use processes that involve automated decision making or profiling.
How long do we keep your information?
We keep Personal Data for as long as is necessary for the purposes described in this Privacy Notice, complying with legal and regulatory obligations, protecting our or other’s interests, and as otherwise permitted or required by law. When Personal Data is no longer necessary for or compatible with these purposes, it is removed from our systems in accordance with our internal retention policies. The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you and provide the Website or our maintain related communications with you;
Two years from the time of our last communication with you;
Where the Personal Data has been de-identified, anonymized, and/or aggregated, it may be retained indefinitely; and/or
Whether there is a legal obligation to which we are subject.
Your rights and choices regarding your Personal Data
Your rights will depend on the data protection law that applies to your specific context, determined by the country/territory in which you reside.
1. The right of access:
You can access all Personal Data we hold about you and obtain a copy in an understandable format. Upon your request, we may make known to you the purposes for which your Personal Data is processed, the legal basis for such processing, scope and method of processing, processors or recipients of your Personal Data, and retention limits relating to your Personal Data.
You may use your right to access your Personal Data to control the exactness of the data we hold about you by having data rectified or deleted;
2. The right to rectification:
In order to avoid that inaccurate or incomplete Personal Data relating to you is process or shared, you can ask us to rectify, correct, complete or update your Personal Data;
3. The right to erasure:
You may request the erasure or deletion of the Personal Data we hold about you. This is not an absolute right since we may have to keep your Personal Data for legal or legitimate reasons. You may, for example, exercise your right to deletion in the following cases:
(a) if you have withdrawn your consent to the processing (see below);
(b) if you legitimately objected to the processing of your data (see below);
(c) when data is not or is no longer necessary for the purposes for which it was initially collected or processed;
(d) the data is processed unlawfully (e.g., publishing hacked data);
4. The right to object to the processing of your Personal Data:
You may at any time object to our processing of your Personal Data which is not based on your consent, for reasons relating to your personal situation. We may nevertheless, on a case-by-case basis, reject such a request by pointing out legitimate reasons for such exception in accordance with applicable personal data protection laws.
5. The right to restrict processing:
The right to restrict the processing of your Personal Data means that the data processing relating to you and that we are performing becomes limited, such that we may keep the data, but we cannot use it or process it in any other manner. This right applies in specific circumstances, i.e.:
(a) if you challenge the exactness of your Personal Data. The processing is then limited for a period of time so that the agency may verify the exactness of the Personal Data;
(b) if the processing is unlawful and you object to the erasure of your Personal Data and request instead that its use be limited;
(c) if we do not need the Personal Data for the purposes mentioned above anymore, but you still need it to establish, exercise or defend rights before a Court; and
(d) in the cases where you objected to the processing which is based on the legitimate interests of the agency, you may ask to limit the processing for the time necessary for us to verify if we can accept your objection request (i.e., the time necessary to verify whether the legitimate reasons of the agency prevail over yours).
6. Right to object to data processing for direct marketing purpose
You may unsubscribe or object, at any time and without any justification, to the receipt of direct marketing communications. Simply either (i) click on the link in the footer of the communications you receive from us; or (ii) use the hyperlink above; or (iii) send us an email at the email address set out in the “Further Information” section below with the word unsubscribe in the subject field of the email.
7. The right to data portability:
If available in your country or territory of residence (e.g. in mainland China, Indonesia, Japan, Philippines, South Korea and Thailand):
(a) You may request to retrieve the Personal Data you provided us with, in a structured, commonly used, and machine-readable format, for personal use or to share them with a third party of your choice.
(b) This right only applies to Personal Data you provided us with, directly or indirectly, and which was processed through automated means, if this processing is based on your consent or the performance of a contract. Please check the list of our Personal Data processing activities’ legal grounds to know whether our processing is based on the performance of a contract or on consent.
8. The right to withdraw your consent to the processing of your Personal Data at any time:
(a) You may read this Privacy Notice in order to identify the purposes for which the processing of your Personal Data is based on your consent.
(b) If you are unsatisfied with the way we process your Personal Data in reliance on your consent, you may withdraw your consent at any time.
(c) We will respond without undue delay and in accordance with any timelines prescribed by applicable personal data protection laws.
If you are dissatisfied with our response to any request made in exercise of your rights above, including where your request has been rejected by us, you may lodge a formal complaint with your local competent data protection authority.
Data Security
We use a variety of methods, such as firewalls, intrusion detection software and manual security procedures, designed to secure your data against loss or damage and to help protect the accuracy and security of information and to prevent unauthorized access or improper use. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you. If you think that the Website or any Personal Data is not secure or that there has been unauthorized access to the Website or your Personal Data, please contact privacyofficer@publicisgroupe.com immediately.
Data Transfers
Due to the international nature of our business, your Personal Data may be transferred outside of the country / territory in which you reside, and the destination may not be considered to have the same level of data protection as your country / territory. While in those jurisdictions, your Personal Data may be accessible to regulatory authorities in accordance with the laws of those jurisdictions. However, we ensure all data transfers comply with applicable legal requirements, including by executing standard contractual clauses. Should you wish to know more about how your Personal Data is protected or wish to request a copy of the contractual protections please contact privacyofficer@publicisgroupe.com.
Use of Cookies or Other Tracking Technology
Cookie Notice
The purpose of this Cookie Notice is to inform you of how we use cookies on our Website. For further information about this Notice please contact privacyofficer@publicisgroupe.com
We ensure the accuracy of this Cookie Notice by keeping it up-to-date. Any changes to this Cookie Notice will be promptly communicated on this page and you should check back regularly to see whether any adjustments have been made.
By clicking on the “I accept” button on the cookie banner you agree to the use of Cookies on your browser. You may revoke your consent at any time by changing your Cookie preferences as set out below.
What are cookies?
Cookies are small files of information that a web server generates and sends to a web browser. Web browsers store the cookies they receive for a predetermined period or for the length of your session on a website. They attach the relevant cookies to any future requests that you make of the web server. Cookies will never be stored on your device for more than 13 months.
Cookies help inform website owners about you, enabling the owner to personalize your experience. For example, we use performance cookies to enable us to understand which pages on our website have been visited most often, allowing us to create content that is most relevant to visitors.
Depending on the type and settings on your browser, cookies may be accepted by default. You can change the settings on your browser to delete existing cookies or prevent future cookies from being automatically accepted. If you disable cookies certain functions of our Website may not be available.
Cookie data does not typically identify you directly, but it can provide you with a more personalized web experience.
Our website uses the following cookies:
Cookie List
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
Functional and required cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Cookies
_acloggedin
_client_acloggedin
_dd_cookie_test
_dd_site_test
ss_sd
Purpose, type, and duration
Supports login by Acuity Scheduling client if the client has an account
Cookie
January 1, 2025
Supports login by Acuity Scheduling client if the client has an account
Cookie
January 1, 2025
Tests if cookies are supported
Cookie
Expires instantly
_dd_s
Tracks browser errors
Cookie
Four hours
_grecaptcha
Helps reduce spam in Acuity Scheduling
Local storage
No expiry
CART
Tests if cookies are supported
Cookie
Expires instantly
Shows when a visitor adds a product to their cart
Cookie
Two weeks
CHECKOUT_WEBSITE
client_username
Remembers a logged in Acuity Scheduling client's username between visits
Cookie
One year
clientUser
Stores the Acuity Scheduling client's username, OAuth2 Access Token, and OAuth2 Refresh Token. This cookie is required for functionality of logged-in clients
Cookie
30 days
Commerce-checkout-state
Stores state of checkout while the visitor is completing their order in PayPal
sessionstorage
Session
Crumb
hasCart
Tells Squarespace that the visitor has a cart
Cookie
Two weeks
Locked
Prevents the password-protected screen from displaying if a visitor enters the correct site-wide password.
Cookie
Session
orderStatusSessionToken
Authenticates a visitor who logs into an order status page.
Cookie
One year
PHPSESSID
Securely authenticates a visitor during their checkout in Acuity Scheduling
Cookie
One month
RecentRedirect
Prevents redirect loops if a site has custom URL redirects. Redirect loops are bad for SEO.
Cookie
30 minutes
remember_client
Remembers Acuity Scheduling client’s login details if they have an account
Cookie
365 days
siteUserCrumb
squarespace-video-player-options
SiteUserInfo
SiteUserSecureAuthToken
Authenticates a visitor who logs into a customer account
Cookie
Three years
squarespace-announcement-bar
squarespace-likes
Shows when you've already "liked" a blog post
localstorage
Persistent
squarespace-popup-overlay
ss_cookieAllowed
Remembers if a visitor agreed to placing analytics cookies on their browser if a site is restricting the placement of cookies
Cookie
30 days
TZ
Remembers video player selected preferences ( volume, playback speed, and quality) for videos uploaded directly to Squarespace
localstorage
Persistent
Ensures that visitors on the Squarespace 5 platform remain authenticated during their sessions
Cookie
Session
Test
Investigates if the browser supports cookies and prevents errors
Cookie
Session
Enables a Acuity Scheduling client’s appointments to display correctly based on their time zone preferences.
localstorage
Persistent
Analytics and performance cookies
We use analytics and performance cookies to collect information on how you interact with our site. Storing these cookies is how we populate the data in Squarespace analytics, such as traffic sources, unique visitors, and cart abandonment.
Cookie Name
Duration
Purpose
ss_cid
ss_cvisit
Two years
ss_cid
Two years
ss_cvt
30 minutes
ss_cvr
Two years
30 minutes
Identifies unique visitors and tracks a visitor’s sessions on a site
Use of social media and social media plug-ins
We have a fan page or a company page on Twitter, Facebook, Instagram, YouTube and LinkedIn that you can use or visit. We act as a joint data controller with the social media platform for the collection of your personal data when you visit our company page on the social media platform. We may collect Personal Data about you in order to understand our followers better and understand the public response to our products and services. We may use this information to engage in social listening to identify and assess what is being said about us publicly to understand industry trends and market sentiment. Any information you provide to us when you engage with our content (such as through our brand page or via Facebook Messenger) is treated in accordance with this Privacy Notice. Also, if you publicly reference us or our Website on social media (such as by using a hashtag associated with us in a tweet or post), we may use your reference on or in connection with our Website.
You can read more regarding our joint controllership with the platforms at the following links:
YouTube: https://business.safety.google/controllerterms/
LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
Facebook: https://www.facebook.com/legal/controller_addendum
Twitter: https://gdpr.twitter.com/en/controller-to-controller-transfers.html
Instagram: https://www.facebook.com/legal/controller_addendum
We provide social media plug-ins on the Website to allow you to easily share content from our Website through social media, and in doing so, we may receive your Personal Data from the social media platform that you have authorized to share with us. When you share content using these buttons, a new page will pop up from the relevant social media platform. If you’re already logged into your account on that social media platform, then you will probably be automatically logged into this pop-up page, so that you don’t have to log in again. If, however, you are not logged in (or if you are not registered with the social media platform), the page will ask you for your information. We are joint data controllers with the social media platforms for the collection of your personal data that is collected by the platforms when you visit our website.
We have no control over how social media platforms use your Personal Data and they may independently collect information about you when you leave our Website. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to read the privacy notices on the various social media platforms you use.
Find out more about how these social media platforms use your Personal Data:
Notification of changes
Any changes to this Privacy Notice will be promptly communicated on this page and you should check back to see whether there are any changes. Continued use of the Website after a change in the Privacy Notice indicates your acknowledgement and acceptance of the use of Personal Data in accordance with the amended Privacy Notice.
Further Information
If you experience any difficulties accessing the information here, please contact us at privacyofficer@publicisgroupe.com.
If you consider that we are not complying with this Privacy Notice, if you have any questions in relation to this Privacy Notice, or have questions about your rights and choices, please contact privacyofficer@publicisgroupe.com. Data subjects in Europe may also lodge a formal complaint with their competent data protection authority.
If you have any questions about our data practices or you wish to exercise your rights or know about the contractual protections in place, please contact the Publicis Chief Data Privacy Officer at privacyofficer@publicisgroupe.com.
Updated: 21 Mar 2024