Brightstar Online Privacy Policy


This Privacy Policy sets out the approach which Brightstar (as defined in the Glossary below) (or "we" or "our" or "us") and its related corporations will take in relation to the treatment of your personal data. It includes information on how Brightstar collects, uses, discloses and keeps secure, your personal data. It also covers how Brightstar makes the personal data it holds available to you for access, and correction by you in the event that such information is inaccurate or incomplete.

Brightstar may collect the following types of personal data: the customer’s name, email address, mail address, user name and password and any faxes or mail sent to us and the IMEI numbers of any mobile device used in any Transaction with Brightstar, and other information that clients (or you) may provide in their course of communication with Brightstar.

Personal data can sometimes include identification information to comply with relevant second hand trading legislation and your rights or title to sell goods to Brightstar in addition to financial information pertaining to the financial processing of a transaction.

We may also use 'cookies' which will collect information about you such as your IP address and how you have used our website - this is discussed further below (see 1.6 below).

This policy has been drafted having regard to Brightstar's obligations under Singapore’s Personal Data Protection Act 2012 as updated from time to time (the "PDPA").

Contacting Brightstar

If you require further information regarding Brightstar's Privacy Policy or how we collect, use or disclose your personal data, you can contact our Privacy Officer on:
Address: 78 Shenton Way #11-01, Singapore 079120
Attention: Brightstar Privacy Officer

Note that terms that are capitalised (the first letter of each word is a capital) are defined in the Glossary at the end of this Policy.

The information collected by us by using a cookie is sometimes called "clickstream". We use this information to understand how our users navigate our websites (collectively or individually the "Site"), and to determine common traffic patterns, including what website the user came from. We may use this information to make website navigation and product recommendations, and to help redesign our Site in order to make your experience on our Site more efficient and enjoyable.

We may also use this information to better personalise the content, banner ads, and promotions that you and other users will see on the Site.

You also have choices with respect to cookies. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject all cookies you will be unable to use those services or engage in activities that require the placement of cookies. Certain aspects of the Site may not function properly if you set your browser to reject all cookies.

1. The Purposes For Which We Collect, Use And Disclose Your Personal Data

  1. Brightstar will only collect personal data (see glossary for the full definition) where the information is necessary for Brightstar to perform one or more of the functions, Purposes or activities set out in this Privacy Policy or in the particular consent we may ask you to give when your personal data is collected. In this context, "collect" and "collected" means gather, acquire or obtain personal data. In some instances, we may collect or be provided with, your personal data from or through a third party. This Privacy Policy will still apply to your personal data as a minimum but in some instances, your personal data will be governed by the consent you gave to that third party and the third party's privacy policy depending on whether or not we are obligated to treat your personal data in accordance with the third party's privacy policy or not (see below). In any case, our collection, use or disclosure of your personal data by us will be in compliance with the PDPA.
  2. Brightstar will/may collect, use, disclose and/or process your personal data for one or more of the following purposes:
    1. administering, processing and/or dealing with any Transactions between you and Brightstar and/or any of its related corporations. This includes but is not limited to identity verification during device collection and/or return where personal data such as your name, NRIC/Passport/FIN number, address, contact Number, email, IMEI, may be processed by us;
    2. administering, facilitating, processing and/or dealing in any matters relating to your use of the the Site, or any Transactions or activities carried out by you on or through the Site;
    3. monitoring, processing and/or tracking your use of the Site in order to provide you with a seamless experience, facilitating or administering your use of the Site, and/or to assist us in improving your experience in using the Site;
    4. carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
    5. contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing your use of the Site or any Transactions you have with us. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;
    6. carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations applicable to us (whether Singapore or foreign), the requirements or guidelines of governmental authorities which we determine are applicable to us (whether Singapore or foreign), and/or our risk management procedures that may be required by law (whether Singapore or foreign) or that may have been put in place by us;
    7. to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with conflict of interests; or dealing with and/or investigating complaints;
    8. creating reports with respect to our Transactions with you, and/or producing statistics and research of such Transactions for internal and/or statutory reporting and/or record-keeping requirements;
    9. complying with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us or our related corporations, including meeting the requirements to make disclosure under the requirements of any law binding on us or our related corporations, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Singapore or elsewhere), with which we or our related corporations are expected to comply;
    10. complying with or as required by any request or direction of any governmental authority (whether Singapore or foreign) which we are expected to comply with; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (including but not limited to the Monetary Authority of Singapore, the police). For the avoidance of doubt, this means that we may/will disclose your personal data to the aforementioned parties upon their request or direction;
    11. conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our products or services, and/or to enhance any continued interaction between yourself and us connected to or in relation to the Site;
    12. storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
    13. facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of Brightstar and/or its related corporations;
    14. for marketing, if you have separately indicated that you consent to such purpose. If so, we may/will send you by email, postal mail or other modes of communication marketing and promotional information and materials relating to products and/or services (including products and/or services of third party merchants whom Brightstar or its related corporations may collaborate or tie up with) that Brightstar or its related corporations may be selling, marketing or promoting, whether such products or services exist now or are created in the future. Further, third party merchants whom Brightstar or its related corporations may collaborate or tie up with may/will send you by email, postal mail or other modes of communication marketing and promotional information and materials relating to products and/or services of such third party merchants, whether such products or services exist now or are created in the future. In the case of the sending of marketing and promotional information and materials to you by voice call, SMS/MMS or fax to your Singapore telephone number, we will not do so unless we have complied with the requirements of Singapore's Personal Data Protection Act in relation to use of the latter modes of communication to send you such marketing information or materials or where you have expressly consented to such mode of communication
    (the purposes set out above shall be collectively referred to as the "Purposes").
  3. Brightstar may/will need to disclose your personal data to third parties, whether located within or outside Singapore, for one or more of the above Purposes, as such third parties, would be processing your personal data for one or more of the above Purposes. In this regard, you hereby acknowledge, agree and consent that we may/are permitted to disclose your personal data to such third parties (whether located within or outside Singapore) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process your personal data for one or more of the above Purposes. Without limiting the generality of the foregoing or of paragraph 1.2, such third parties include:
    1. our associated or affiliated organisations or related corporations;
    2. any of our agents, contractors or third party service providers that process or will be processing your personal data on our behalf including but not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centres; and
    3. third parties to whom disclosure by Brightstar is for one or more of the Purposes and such third parties would in turn be collecting and processing your personal data for one or more of the Purposes.
  4. Your consent pursuant to this Policy is additional to and does not supercede any other consents that you had provided to Brightstar with regard to processing of your personal data.
  5. Brightstar will not use personal data without taking reasonable steps to ensure that the information is accurate, complete and up to date.
  6. When you come to a Brightstar website, our server attaches a small text file to your hard drive — a cookie. A “cookie” assigns you a unique identifier so that we can recognise you each time you re-enter the website, so we can recall where you’ve previously been on our site, and which keeps track of the pages you view on the website. Cookies help us deliver a better website experience to our users.
  7. As mentioned above, we also use service providers to help us maximise the quality and efficiency of our services and our business operations. This means individuals and organisations outside of Brightstar, such as mail houses, information technology service providers, website hosts and back-up service providers, will sometimes have access to personal data held by Brightstar and may use it on behalf of Brightstar. We ensure that our contracts with our service providers require them to adhere to strict privacy guidelines and to only process your personal data for one or more of the Purposes we have authorised.

2. Request to Withdraw Consent

  1. You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by submitting your request to our Privacy Officer at the contact details set out at the start of this Privacy Policy.
  2. We will process your request within a reasonable time from such a request for withdrawal of consent being made.
  3. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue with your existing relationship with us.
  4. Do note that in certain situations, the PDPA does permit an organisation to continue to process your personal data despite your withdrawal of consent.

3. Data security

  1. Brightstar will review, on an ongoing basis, its collection and storage practices to ascertain how improvements to security and protection of personal data can be achieved.
  2. Your personal data is protected when it comes into our possession regardless of whether it is in electronic or hard copy format, in accordance with the PDPA and industry accepted security standards which are implemented and updated in accordance with the manufacturer's or licensor's recommendations. This includes physical security at our premises and storage electronically on a server which is situated in protected and controlled facilities. Certain information you provide such as financial information, bank account or credit card information, is encrypted via SSL and remains securely encrypted while in Brightstar's possession, until the moment when it is used to make payment and is then re-encrypted and held securely until it is no longer required for internal or regulatory purposes when it will be destroyed.
  3. You should note that, except in the case of personal data entered via SSL, personal data you transmit across public internet or other facilities may not be secure and Brightstar will not be responsible for or liable for any loss you suffer during transmission. Once the personal data you have transmitted to us has passed through our firewall or otherwise into our control, it is then our responsibility to ensure that it is treated in the manner required under this Privacy Policy. If we transfer your personal data to another entity, we will only do so in accordance with this Privacy Policy and in a manner that is secure as between Brightstar and that other entity.
  4. Brightstar will, to the extent technically practicable, destroy or de-identify personal data once the purposes for which that personal data was collected is/are no longer relevant and retention is no longer necessary for legal or business purposes, unless the law requires otherwise.
  5. Brightstar will only allow our employees and contractors access to your personal data in order to perform their duties and obligations and we will take all reasonable steps to ensure that those employees and contractors handle your personal data in a manner that is consistent with this Privacy Policy and Brightstar's legal responsibilities in relation to privacy.
  6. You should note that whilst our website may link to other websites, those other websites are not under our control and we are not responsible for the conduct of the operator of those websites including how they handle and protect your personal data. Before accessing those websites, we recommend you review the terms and conditions of or access to such websites including the relevant privacy policy or provisions.

4. Complaints or questions

  1. Individuals wishing to make an inquiry or complaint regarding privacy should do so by contacting the Brightstar Privacy Officer, whose contact details appear at the beginning of this document. If you make a complaint or if we become aware of any concern or problems concerning our privacy practices, we will contact you about the issue, investigate the issue, and take all reasonable steps to work with you to resolve that issue.
  2. Brightstar websites will contain a prominently displayed privacy statement and will include a copy of this Brightstar Privacy Policy.

5. Access and correction

  1. You have the right to access and correct records containing your personal data in accordance with the PDPA. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. Any request for such personal data should be through the Brightstar Privacy Officer whose contact details are set out at the beginning of this Privacy Policy.
  2. A reasonable fee may be charged for providing access however we will advise you of the likely cost in advance and will aim to supply the information within 30 days or such timeline prescribed by the PDPA. Note that the PDPA exempts certain types of personal data from being subject to your access request.
  3. If your personal data is inaccurate, out of date, incomplete, irrelevant or misleading, you may contact us by e-mail and we will correct our records containing your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request.

6. Client Information

  1. Brightstar may from time to time have lawful access to personal data belonging to customers of one of its clients.
  2. Notwithstanding anything else in this policy, Brightstar shall deal with such personal data in accordance with the privacy policy of the relevant client ("Client Privacy Policy") and to the extent that there is any inconsistency between the Client Privacy Policy and this policy the Client Privacy Policy shall prevail.
  3. Brightstar acknowledges that to the extent that Brightstar is aware that any Client Privacy Policy is inconsistent with the PDPA that it will seek to address such inconsistency with the client immediately and if such inconsistency is not addressed in a timely manner Brightstar shall cease to have access to the relevant personal data for that particular client.

7. Transferring information overseas

  1. Brightstar will take reasonable steps to limit the amount of personal data it sends to unrelated parties overseas but may need to disclose your personal data outside of Singapore to our Related Body Corporates and to third party service providers as noted in 1.3 above.
  2. If personal data must be sent by Brightstar outside of Singapore, Brightstar will require the overseas organisation receiving the information to provide a binding obligation that it will handle that information in accordance with the PDPA and this Privacy Policy, including as part of a services contract.

8. Updates on privacy policy

  1. As part of our efforts to ensure that we properly manage, protect and process your personal data, we will/may be reviewing our policies, procedures and processes from time to time.
  2. We reserve the right to amend the terms of this Privacy Policy at our absolute discretion. Any amended Privacy Policy will be posted on our website and can be viewed at (from 10 March 2018).
  3. You are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.


Brightstar means Brightstar Logistics Pte. Ltd. (Company Registration No. 200502127E).

Disclosure generally means the release of information outside Brightstar, including under a contract to carry out an "outsourced function".

"Personal Data" or "personal data" means data, whether true or not, about an individual who can be identified from (i) that data, or (ii) from that data and other information to which an organisation has or is likely to have access.

Primary Purpose is the dominant or fundamental reason for personal data being collected in a particular transaction.

Reasonable Expectation means a reasonable individual's expectation that their personal data might be Used or Disclosed for a particular purpose.

Related Body Corporate means that where a body corporate is:

  1. a holding company of another body corporate;
  2. a subsidiary of another body corporate; or
  3. a subsidiary of a holding company of another body corporate,

the first mentioned body corporate and the other body corporate are deemed to be related to each other.

Related Corporation "Related corporation" has the meaning ascribed to it in Section 6 of the Companies Act, Chapter 50 of Singapore (and "related corporations" shall be construed accordingly).

Transactions means Brightstar's buyback and trade-in program for mobile or electronic devices including Samsung products, and/or any other transactions that Brightstar may permit on the Site whether now or in the future.

Use means the handling of personal data within Brightstar.