Effective: 28 March, 2023
We are committed to respecting the privacy of every individual and adhering to the Personal Data Protection Act (PDPA) of Singapore, and the requirements of the APEC Privacy Recognition for Processors (PRP) and Data Controller’s instructions (where it applies) when conducting our activities related to personal data.
We have data protection policies and processes in place to ensure our compliance with the PDPA and communicate these to all our employees and other relevant stakeholders. These policies and processes also cover measures to comply with the requirements of APEC PRP System and Data Controller’s instructions, if we are a Data Intermediary related to the activities of personal data processing.
It is also our Company policy to ensure that all our employees and our own data intermediaries maintain the confidentiality and protect personal data under our responsibility, and that they are trained on the policies and processes, and related Data Controller’s instructions (where it applies).
Information Collection, Use and Disclosure
For a better experience while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, and email address. The information that we collect will be used to contact or identify you for any of the following purposes.
(a) performing obligations in the course of or in connection with our provision of the goods and/or services to you;
(b) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you; and
(c) managing your relationship with us.
The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
We may collect, use or disclose your personal information pursuant to an exception under the Singapore Personal Data Protection Act (PDPA) or other written law. In general, subject to the applicable exceptions permitted in the PDPA, before we collect personal information from you, we will notify you of the purposes for which your personal information may be collected, used and/or disclosed, as well as obtain your consent for the intended purpose. If you choose not to provide with the personal information, we may not be able to fulfil our Services to you.
If we are a Data Intermediary, we will ensure the limited processing of personal data to the purposes specified by the Data Controller.
We want to inform you that whenever you visit our Service, we collect information that your browser sends to us that is called Log Data. This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
Cookies are files with small amount of data that is commonly used an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer’s hard drive.
Our website uses these “cookies” to collection information and to improve our Service. You have the option to either accept or refuse these cookies, and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.
We may employ third-party companies and individuals due to the following reasons:
To facilitate our Service;
To provide the Service on our behalf;
To perform Service-related services; or
To assist us in analyzing how our Service is used.
We want to inform our Service users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose. We will do due diligence assessment prior to engagement of these service providers. If we are a Data Intermediary, we will comply with the requirements of APEC Privacy Recognition for Processors (PRP) and Data Controller’s instructions in engaging any sub-processors.
Links to Other Sites
Withdrawing your consent
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including our inability to fulfil our Services to you and any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it. Should we require more time to give effect to a withdrawal notice, we will inform you of the time frame by which the withdrawal of consent will take effect. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal information where such collection, use and disclose without consent is permitted or required under applicable laws.
Access and Correction
If you wish to make (a) an access request for access to a copy of the personal information which we hold about you or information about the ways in which we use or disclose your personal information, or (b) a correction request to correct or update any of your personal information which we hold about you, you may submit your request to our Data Protection Officer (DPO) at the contact details provided in this Policy.
We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) calendar days after receiving your request, we will inform you in writing within 30 calendar days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal information or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or other written law). An administration fee may be charged for the handling and processing of your request to access your personal information. If so, we will inform you of the fee beforehand.
We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it through appropriate administrative, physical and technical measures such as TLS/SSL, up-to-date antivirus protection, access restrictions and authentications, boundary protection, intrusion detection and prevention, testing and audit logging among others to secure all storage and transmission of personal information by us, and disclosing personal information both internally and to our authorised third party service providers and agents only on a need-to-know basis. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
We generally rely on personal information provided by you (or your authorised representative). In order to ensure that your personal information is current, complete and accurate, please update us if there are changes to your personal information by informing our DPO at the contact details provided in this Policy. We will take reasonable steps to ensure that the personal information we collect about you is accurate, complete, not misleading and kept up-to-date, taking into account its intended use. Where possible, we will validate the information provided by you using generally accepted practices and guidelines.
We may retain your personal information for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your information, or remove the means by which the information can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal information was collected, and is no longer necessary for any legal or business purposes. Similarly, if we are the Data Intermediary, we will securely dispose personal data upon termination of relationship with the Data Controller or upon their instruction, and require the same for any sub-processors we have engaged consistent with the agreement with the Data Controller.
Transfer Outside of Singapore
We generally do not transfer your personal information to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal information continues to receive a standard of protection that is at least comparable to that provided under the PDPA, and where applicable, to that of the requirements of APEC PRP System and Data Controller’s instructions.
Data Breach Notification
In the event a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information, if we are the Data Controller, we shall promptly assess the impact and if appropriate report this breach within 3 calendar days to Singapore Personal Data Protection Commission (PDPC). We will notify you when the data breach is likely to result in significant harm to you after our notification to PDPC. We may also notify other relevant regulatory agencies, where required. If we are the Data Intermediary (Processor), we shall inform our customer immediately so they can promptly assess the impact and comply with their data breach notification obligation.
Our Services do not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.
Unsolicited Personal Information
Any unsolicited personal information received by us by email or through this website will be deleted immediately. If received by telephone this will not be recorded.