KC Group Pte Ltd ​Privacy Policy, Terms & Conditions

Updated 26th May 2026

KC GROUP PTE LTD PRIVACY POLICY

Your privacy is important to us. We respect your right to protect your personal data. This Personal Data Protection policy sets out the policies and practices for KC GROUP PTE LTD and its subsidiaries and affiliates (collectively, “KC Group”, “Kskin”, “we”, or “us”), with respect to how Kskin collects, uses, discloses, and otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This notice applies to personal data collected by Kskin  via this website and other websites operated or provided by Kskin , mobile applications provided by Kskin, and by any other means in the course of providing the Products and/or Services, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for Kskin.

PERSONAL DATA COLLECTION

Kskin may collect personal data from you, when you register on our website, subscribe to our newsletter, complete our survey form, fill out any form (via our website or face-to-face), enter into any agreement with us, when you send us queries, requests and feedback to us, when your images are captured by us via in-store cameras while you are using our service or photographs or videos taken by us or our representatives when you attend events, roadshows, contests and promotions hosted by us, when you download or use Kskin’ mobile applications, or when you submit your Personal Data to us for any other reason.

 

Facial Data Collection and AI Skin Analysis

After you provide consent, our app provides AI-powered skin analysis and personalised skincare recommendations using a photo captured through your device’s front facing camera. This section describes what facial data we collect, how it is used, who it is shared with, where it is stored, and how long it is kept. It supplements the rest of this Privacy Policy and prevails over it in the event of any conflict regarding facial data.

1.⁠ ⁠What facial data we collect
When you use the skin analysis feature, we collect:

• A facial image of you, captured through your device camera at the moment you start a scan. Skin analysis data derived from that image, which may include skin type, skin tone, perceived age, condition scores, and identified skin concerns (such as wrinkles, pigmentation, redness, hydration, pores, and similar attributes).
• A scan record linking the image and analysis to your account through an opaque internal identifier.
• We do not collect your name, email, phone number, date of birth, government ID, precise location, payment information, or any other contact or identity data as part of the skin analysis flow itself. Under applicable data protection laws (including the EU/UK GDPR), the facial image may be considered a special category of personal data. We process it only with your explicit consent.

2.⁠ ⁠Who we share facial data with
To perform the skin analysis, we share your facial image with one third party: Haut.AI OÜ (registry code 14494738, Telliskivi 60a/8, 10412 Tallinn, Estonia), a skin-analytics provider that acts as our data processor under a written data processing agreement.

When you run a scan:
Your facial image is transmitted directly from your device to Haut.AI.

The only identifier shared with Haut.AI is an opaque internal account ID used to label the analysis record. We do not share your name, email, phone number, address, or any other contact information with Haut.AI.
Haut.AI’s own privacy notice is available at https://haut.ai/privacy-policy/.

We do not share facial data with any other third party, except where required by law (for example, in response to a valid court order) or to establish, exercise, or defend legal claims. We will not disclose facial data in response to a merger, acquisition, or sale of our business without first notifying you.

3.⁠ ⁠How we use facial data
We use your facial image and the derived skin analysis data only for the following purposes:

• To run the skin analysis and generate a skin report for you.
• To generate personalised skincare product, treatment, and routine recommendations.
• The skin analysis is performed entirely by Haut.AI’s face Skin Analysis 3.0 service. The results are informational and are not a medical diagnosis.

We do not use your facial data for:
• Identity verification, facial recognition, or matching you against any database (any device-level biometric unlock such as Face ID is handled entirely on your device and is unrelated to this feature).
• Advertising, marketing profiling, lookalike targeting, or ad measurement.
• Surveillance, law enforcement, or any purpose other than skin analysis and skincare recommendations.
• Sale or licensing to any third party.

4.⁠ ⁠How Haut.AI uses facial data
Haut.AI may use your facial image in an anonymised format to improve their services, including for AI training and conducting other research and development activities.

5.⁠ ⁠Where facial data is stored
Facial images and skin analysis results are stored by Haut.AI on their servers. An identifier linked to your facial image on Haut.AI and copy of your skin analysis results are also stored on Kskin servers. Your facial image is only stored on Haut.AI.

6.⁠ ⁠How long facial data is retained
Your facial image and skin analysis results are retained by Haut.AI for as long as necessary for the fulfilment of the objectives described above.

The identifier linked to your facial image on Haut.AI and a copy of your skin analysis results are retained on Kskin servers for as long as your Kskin mobile app account remains active.

7.⁠ ⁠Your consent and your choices
We collect your facial image and transmit it to Haut.AI only after you give explicit, opt-in consent within the app at the start of each scan flow.

You can use the rest of the app without ever taking a skin analysis scan.

You may withdraw consent for future scans at any time by stopping use of the feature. You may request deletion of past scans at any time by contacting us at hello@kskinfacial.com or by deleting your skin report through the app.

Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

 

USE AND DISCLOSURE OF PERSONAL DATA

Electronic Commercial Communication

If you have provided us with your email address or mobile phone number, and consented to us sending you promotional and marketing information, we may send you promotional and marketing materials via email, SMS, or MMS. You can choose not to receive such materials by selecting the unsubscribe option which we provide in each email, SMS, or MMS sent to you, or otherwise inform us. If you have installed our mobile application(s) on your mobile device, we may send you promotional and marketing materials via push and pop-up notifications through the application(s). You can choose not to receive such materials by disabling push and/or pop-up notifications in the application(s) or in your mobile device settings. We may collect and use your personal data for any or all of the following purposes:

• To build, conduct and maintain our business relationship with you, including to process transactions and payments;
• To contact you in relation to your transactions and enquiries with us, and to respond to any communications you may have with us;
• To administer events, roadshows, contests, and promotions that you have participated in;
• To make recommendations on the type of Products and/or Services that you should book, based on our knowledge of your last servicing with us;
• To improve our website, Products and Services;
• To better understand our customers;
• To maintain and update our records;
• To train our staff and develop our business and operations;
• Where you have provided consent, to send you periodic emails about promotions, events, Products and Services that you may be interested in;
• To verify or enforce compliance with the policies governing our website or mobile applications, and applicable laws;
• To protect against misuse or unauthorised use of our website or mobile applications;
• For any other purposes for which the personal data was provided to us;
• For any other purposes to which you have consented; and
• For any other purposes permitted or required by law

Withdrawing Your Consent

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below. We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

Disclosure of Personal Data

Personal Data may be exchanged with or among Kskin, any of its existing or future related or associated companies (“Affiliate”) or any third party in order to satisfy the purposes for which the Personal Data have been collected (collectively referred to as “Recipients”). Personal Data will not be shared with a third party without a valid business or legal reason, a data sharing agreement in place, or without your consent. All Recipients who are managing and handling Personal Data supplied by us in accordance with the PDPA will be required to confirm that they will abide by the requirements of the PDPA with regard to the Personal Data supplied by us. Personal Data will only be transferred to Recipients not located in Singapore in accordance with the requirements of the PDPA to ensure that a suitable level of protection of the Personal Data, which is comparable to the protection under the PDPA, is provided. In case the country where the Recipient of Personal Data is located does not provide such comparable data protection standard by law or is taken to have satisfied such standard according to the PDPA, we will bind them either by contract or corporate rules to ensure that the Recipient complies with the material provisions of the PDPA.

Protection of Personal Data

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.

Retention of Personal Data

We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

Access and Correction

Kskin takes reasonable steps to ensure the personal data it holds is accurate and complete. An access or correction request shall be made to the DPO in writing (email or mail). The Data Protection Officer will respond to a written request within 30 days after receiving the request or, if the DPO is unable to respond during that time, he/she shall within that time inform you in writing of the time by which he/she will respond to the request. Please note that in certain circumstances, we are not obliged to accede to your request.

Data Protection Officer

You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner: hello@kskinfacial.com

Amendments of Policy

We may revise this policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this policy was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.