Privacy Policy

1. Introduction

1.1 This Privacy Policy explains how The Face collects, uses, discloses and protects your personal data when you access or use theface.com, any associated sub-domains, mobile applications and digital properties, and The Face magazine in all formats (collectively, the “Site”).

1.2 The Site is operated by Beauvoir Holdings Pte. Ltd. (UEN: 202641111W), a company incorporated in the Republic of Singapore and a wholly-owned subsidiary of C86 Holdings Pte. Ltd., with its registered office at 56 Neil Road, Singapore 088830. In this Privacy Policy, references to “The Face”, “we”, “us” and “our” are to Beauvoir Holdings Pte. Ltd. trading as The Face.

1.3 We are committed to complying with the Personal Data Protection Act 2012 of Singapore (“PDPA”) and, where applicable, the EU General Data Protection Regulation (“GDPR”) and other relevant data protection laws.

1.4 By using the Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Site.

1.5 We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email (if you hold an account) or by prominent notice on the Site. The “Last Updated” date at the top of this policy indicates the most recent revision.

2. Data Controller

2.1 For the purposes of the PDPA and, where applicable, the GDPR, the data controller is Beauvoir Holdings Pte. Ltd., 56 Neil Road, Singapore 088830.

2.2 Our Data Protection Officer can be contacted at dpo@theface.com for any queries regarding this Privacy Policy or our data protection practices.

3. Personal Data We Collect

3.1 We collect and process the following categories of personal data:

Data you provide to us:

Account information: Name, email address. Collected when you create an account.

Authentication data: One-time passcode (OTP) verification records. Collected when you sign in.

Communications: Correspondence content, email address. Collected when you contact us.

User content: Any content you post or submit to the Site. Collected when you submit content.

3.2 We may collect additional categories of personal data in the future as the Site evolves. Where we do so, we will update this Privacy Policy and, where required by applicable law, notify you and obtain your consent.

3.3 We do not collect any special or sensitive categories of personal data (such as data concerning health, racial or ethnic origin, political opinions, religious beliefs, or sexual orientation) unless you voluntarily provide such data, for example in user content you submit to the Site.

4. How We Use Your Personal Data

4.1 We use your personal data for the following purposes:

(a) to create, manage and maintain your account;

(b) to authenticate your identity when you sign in;

(c) to provide, operate and improve the Site and our services;

(d) to communicate with you about your account, respond to enquiries, and provide support;

(e) to send you editorial content and newsletters where you have opted in;

(f) to personalise your experience on the Site;

(g) to conduct analytics and research to improve our products and services;

(h) to enforce our Terms and Conditions and protect the security and integrity of the Site;

(i) to comply with legal obligations, regulatory requirements and lawful requests; and

(j) for any other purpose for which you have given your consent.

4.2 We will not use your personal data for purposes materially different from those described in this Privacy Policy without first notifying you and, where required, obtaining your consent.

5. Legal Bases for Processing (GDPR Users)

5.1 If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal data are as follows:

(a) Contract: processing necessary to perform our contract with you (account creation, authentication, service provision);

(b) Legitimate interests: processing necessary for our legitimate interests (improving the Site, analytics, security), where those interests are not overridden by your rights;

(c) Consent: where you have given your consent to specific processing (newsletters, marketing communications); and

(d) Legal obligation: processing necessary to comply with a legal obligation to which we are subject.

5.2 Where we rely on consent, you may withdraw that consent at any time by contacting dpo@theface.com or using the unsubscribe mechanism in any communication. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

6. Sharing and Disclosure of Personal Data

6.1 We may share your personal data with the following categories of recipients:

Group Companies:

6.2 We may share your personal data with C86 Holdings Pte. Ltd. and its subsidiaries and affiliates (“Group Companies”) for legitimate business purposes, including cross-platform personalisation, analytics, editorial collaboration and the operation and promotion of Group products and services. Where we share data with Group Companies, we ensure that appropriate safeguards are in place and that the data is used in accordance with this Privacy Policy and applicable law.

Service providers:

6.3 We engage third-party service providers to help us operate the Site and deliver our services. These providers process personal data on our behalf and under our instructions. The categories of service providers we use include authentication and database services, hosting and infrastructure providers, and email delivery services.

6.4 We may engage additional service providers from time to time. We require all service providers to enter into data processing agreements that obligate them to protect your personal data to a standard consistent with this Privacy Policy and applicable law.

Other disclosures:

6.5 We may also disclose your personal data where:

(a) required or permitted by law, regulation, legal process or enforceable governmental request;

(b) necessary to protect the rights, property or safety of The Face, our users or the public;

(c) necessary in connection with a merger, acquisition, reorganisation or sale of assets, in which case the acquiring entity will be bound by this Privacy Policy with respect to your personal data; or

(d) you have given your consent to the disclosure.

6.6 We do not sell your personal data to third parties.

7. International Data Transfers

7.1 Your personal data may be stored and processed in the European Union, Singapore and other countries where our service providers and Group Companies operate. As we scale, we may store data in additional regions to improve performance and reliability.

7.2 Where we transfer personal data outside Singapore, we comply with the PDPA’s data transfer provisions and ensure that the recipient provides a standard of protection comparable to that under the PDPA.

7.3 Where we transfer personal data outside the European Economic Area or the United Kingdom, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other lawful bases under the GDPR.

7.4 You may contact our Data Protection Officer at dpo@theface.com to obtain further information about the safeguards we have put in place for international data transfers.

8. Data Retention

8.1 We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable law.

8.2 The retention period for each category of personal data is determined by reference to the purpose for which it was collected, any applicable legal or regulatory requirement to retain it, and our legitimate business needs. In general, account information is retained for the duration of your account, and other personal data is retained for no longer than is reasonably necessary for the relevant purpose.

8.3 Upon account closure or deletion, we will delete or anonymise your personal data within a reasonable period, unless we are required by law to retain it or it has been published as part of the Site’s editorial content under the licence granted in our Terms and Conditions.

8.4 Where your account is inactive for a prolonged period, we may notify you and, absent a response, close and delete the account and associated personal data.

8.5 When personal data is no longer required, we will securely delete or anonymise it in accordance with our internal data retention practices.

9. Cookies

9.1 The Site uses strictly necessary cookies for the purposes of user authentication and session management. These cookies are essential to the operation of the Site and cannot be disabled without affecting core functionality.

9.2 We do not use cookies for advertising, tracking or analytics purposes.

9.3 If we introduce non-essential cookies in the future, we will update this Privacy Policy, publish a separate Cookie Policy, and where required by applicable law, obtain your consent before placing such cookies on your device.

10. Your Rights

10.1 Under the PDPA, you have the right to:

(a) request access to your personal data held by us;

(b) request correction of any inaccurate or incomplete personal data;

(c) withdraw your consent to the collection, use or disclosure of your personal data, subject to legal or contractual restrictions; and

(d) request information about the ways in which your personal data has been or may have been used or disclosed by us in the preceding year.

10.2 If you are located in the European Economic Area or the United Kingdom, you also have the right under the GDPR to:

(a) request erasure of your personal data (“right to be forgotten”);

(b) request restriction of processing of your personal data;

(c) object to processing of your personal data based on legitimate interests;

(d) request portability of your personal data in a structured, commonly used and machine-readable format; and

(e) lodge a complaint with your local data protection supervisory authority.

10.3 We are building self-service account management features that will allow you to access, correct and delete your personal data directly. In the meantime, you may exercise any of the rights described above by contacting us at support@theface.com or our Data Protection Officer at dpo@theface.com.

10.4 We will respond to your request within 30 days of receipt, or within the timeframe required by applicable law. We may need to verify your identity before processing your request. Where we are unable to comply with your request (for example, due to legal obligations), we will inform you of the reasons.

10.5 There is no charge for exercising your rights. However, if your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request, in accordance with applicable law.

11. Data Security

11.1 We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction, commensurate with the nature and sensitivity of the data we hold.

11.2 While we take reasonable precautions to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

12. Data Breach Notification

12.1 Our data breach notification obligations and procedures are set out in our Terms and Conditions. In the event of a notifiable breach, we will comply with all applicable requirements under the PDPA and, where applicable, the GDPR.

13. Children

13.1 The Site is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. If you are under 13, please do not create an account or submit any personal data to the Site.

13.2 If you are between 13 and 18 years of age, you must have the consent of a parent or legal guardian to use the Site and to submit personal data.

13.3 If we become aware that we have collected personal data from a child under 13 without appropriate consent, we will take steps to delete that data as soon as practicable. If you believe we may have inadvertently collected such data, please contact us at dpo@theface.com.

14. Third-Party Links

14.1 The Site may contain links to third-party websites and services. This Privacy Policy does not apply to those third-party websites. We are not responsible for the privacy practices of third parties and encourage you to read their privacy policies before providing them with any personal data.

15. Changes to This Privacy Policy

15.1 We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements or business operations. Where changes are material, we will notify you by email (if you hold an account) or by prominent notice on the Site at least 14 days before the changes take effect.

15.2 Your continued use of the Site after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

15.3 We encourage you to review this Privacy Policy periodically.

16. Governing Law

16.1 This Privacy Policy is governed by the laws of the Republic of Singapore. Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Singapore, without prejudice to any mandatory consumer protection rights you may have in your jurisdiction of residence.

17. Contact Us

17.1 If you have any questions about this Privacy Policy, wish to exercise your rights, or wish to make a complaint about our handling of your personal data, please contact us at:

The Face

Operated by Beauvoir Holdings Pte. Ltd.

56 Neil Road, Singapore 088830

General enquiries: support@theface.com

Data Protection Officer: dpo@theface.com

17.2 If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission of Singapore (www.pdpc.gov.sg) or, if you are located in the EEA or UK, with your local data protection supervisory authority.

© 2026 The Face. All rights reserved.