Last modified: 16 November 2023
“Personal Data” means data, whether true or not, about a person who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. However, Personal Data does not include information that has been made anonymous or aggregated so that it can no longer be used to identify a specific person, whether in combination with other information or otherwise.
GDPR Controller Notice: Under this Policy, and unless the circumstances otherwise require, we will be what’s known under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) as “data controller” of the personal data you provide to us. This means that we determine the purposes and means of the processing of personal data we collect from you. Under GDPR, the data subject has a number of rights, including:
For exercising such rights, please contact our Data Protection Officer by emailing [email protected].
1. INFORMATION WE COLLECT
1.1 We (or third party service provider(s) acting on our behalf) may collect certain information from you and any devices you use, including your Personal Data, whenever you access and/or use the Website(s) and/or Service(s), or interact with us. We may also require you to provide us or our third party service provider(s) with your Personal Data in order for us to provide our Service(s) to you, and/or in order for our third party service provider(s) to provide their service(s) to you and/or us.
1.2 We generally do not collect your Personal Data unless:
(b) it is provided to us voluntarily by you for a purpose, and it is reasonable in the circumstances that you are deemed to have consented to our collection, use and disclosure of that Personal Data for that purpose; or
(c) collection and use of Personal Data without consent is permitted or required by applicable laws.
1.3 We may collect your Personal Data whenever you:
(a) access and/or use our Website(s) and/or Service(s);
(b) register for an Account with us;
(c) submit a form or enquiry through the Website(s), Service(s) and/or your Account;
(d) update or add information to your Account;
(e) correspond with us, including by interacting with us or requesting that we contact you;
(f) consent to be included in our email and/or other mailing list; and/or
(g) provide us information, including in response to a request by us, by submitting forms relating to the Service and for any other reason.
1.4 Account Information: When you sign up for an Account with us, we will collect your first and last name, email address, street address, password, and phone number.
1.5 Minors: We do not knowingly collect or solicit Personal Data from those below the Minimum Age, or knowingly allow such persons to register for an Account with us. The Service(s) is not intended for use by persons under the Minimum Age. If you are under the Minimum Age, please do not attempt to register for an Account and/or use the Service(s), or provide us with any of your Personal Data.
2. HOW WE USE AND DISCLOSE PERSONAL DATA
2.1 How we use your Personal Data. Apart from the purposes described in Section 1 above, we may generally use your Personal Data for the following purposes:
(a) performing obligations in the course of or in connection with our provision of the Service(s) requested by you;
(b) providing you with personalised Service(s) and/or to customise your user experience of the Website(s) and/or Service(s);
(c) verifying your identity;
(d) responding to, handling, and processing queries, requests, applications, complaints, feedback and Submissions from you;
(e) generally administering and/or managing your relationship with us;
(f) processing payment or credit transactions;
(g) sending you information on any updates or changes to the Website(s) and/or Service(s) (including notifying you of any planned or unscheduled downtime);
(h) sending you information on any updates or changes to our Terms of Service, Policies and/or other legal or administrative information;
(i) sending you updates and publications (including our newsletters), or advertising, marketing and promotional communications (including updates on our Promotions), where you have requested or consented to be on our mailing list or to receive such communications respectively;
(j) any other purposes for which you have provided the information;
(k) any other incidental business and/or administrative purposes related to or in connection with the above; and/or
(l) such as we believe to be necessary and/or appropriate to:
(i) comply with applicable laws, regulations, guidelines and/or codes of conduct (or any request or direction of any public, government or regulatory authorities, including those outside your country of residence);
(ii) comply with legal process (including assisting in law enforcement and investigations conducted by any governmental and/or regulatory authority);
(iii) protect the rights, privacy, safety property and/or operations of any person (including us and any person accessing and/or using the Website(s) and/or Service(s));
(iv) protect the safety or integrity of the Website(s) and/or Service(s) (including to help prevent spam, abuse, or malicious actors on the Website(s) and/or Service(s));
(v) prevent, detect, mitigate and investigate potentially illegal acts, fraud and/or security breaches and to assess and manage risk, including to alert you if fraudulent activities have been detected on your Account(s);
(vi) enforce terms and conditions applicable to the Website(s) and/or Service(s); and/or
(vii) allow us to pursue available remedies or limit the damages we may sustain.
2.2 Disclosure of Personal Data (General). We may disclose your Personal Data:
(a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the Service (or other goods and services requested by you); or
(b) to any unaffiliated third parties including our third party service providers, agents and other organisations we have engaged, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes.
Third parties to whom we may disclose Personal Data as aforesaid include:
(i) if you are a Sub-User, your Company and other Sub-Users linked to your Company’s Account;
(ii) our lawyers, auditors and professional advisors;
(iii) third party service provider(s) who provide service(s) to us (including marketing, email delivery service(s), web hosting, web design, maintenance, database hosting, data analysis, IT service(s), payment processing, customer service(s), infrastructure provision, logistics, storage, auditing service(s) and other similar service(s)), or to which we may outsource one or more aspects of our business;
(iv) third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any liquidation or similar proceedings, and/or to an acquirer of our business or assets or any part thereof); and
(v) our partners and investors or potential partners and investors and other parties with a view to a potential business partnership, collaboration, joint venture or otherwise in furtherance of our business.
We will only share your Personal Data with such third parties to the extent that this is necessary for us to perform our Service(s) for you and/or for them to perform their service(s) for us, or for the purposes permitted hereunder.
2.3 Disclosure of Personal Data (Specific Third Parties): Without prejudice to the generality of Section 2.2, your Personal Data will be disclosed to, and/or collected, processed, used and/or retained by, the third parties listed at https://sitearrow.com/third-party-disclosures/, and you consent to such disclosure, collection, processing, use and retention in the manner as set out therein and in such third parties’ respective privacy policies. You further agree to the transfer of such Personal Data to, and their storage, receipt and processing by such Third Parties in locations that may be outside your country of residence, as specified in their privacy policies.
You acknowledge that links to the terms and conditions and/or privacy policies of third parties herein or on our website are provided by for your convenience only and may not be current or updated. You agree to refer to the respective website(s) of these third parties for up-to-date information on how they collect, use, disclose, retain and otherwise process your Personal Data.
3. DEEMED CONSENT BY NOTIFICATION
3.1 We may collect or use your Personal Data, or disclose existing Personal Data for secondary purposes that differ from the primary purpose for which it had originally been collected pursuant to Section 2 above. If we intend to rely on deemed consent by notification for such secondary purposes, we will notify you of the proposed collection, use or disclosure of such Personal Data through appropriate mode(s) of communication.
3.2 Before relying on deemed consent by notification, we will assess and determine that the collection, use and disclosure of the personal data will not likely have an adverse effect on you.
3.3 You will be given a reasonable period to inform us if you wish to opt-out of the collection, use and disclosure of your Personal Data for such purposes.
3.4 After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your personal data in relation to those purposes.
4. WITHDRAWING CONSENT
4.1 The consent you provide for the collection, use and disclosure of your Personal Data will remain valid until it is withdrawn by you in writing. You may withdraw your consent and request that we stop collecting, using, disclosing, retaining and otherwise processing your Personal Data for any or all of the purposes listed above by submitting a request in writing to our Data Protection Officer at the contact details provided below.
4.2 Cessation of Service. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue to provide access to and/or use of the Website(s) and/or Service(s) to you if you withdraw your consent to us collecting, using, disclosing, retaining or otherwise processing your Personal Data for certain purposes. In such circumstances, we will notify you before completing the processing of your request.
Should you decide to cancel your withdrawal of consent, please inform our Data Protection Officer in writing at the contact details provided below.
4.3 Response time. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within fourteen (14) days of receiving it. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to accede to your request, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under applicable laws).
4.4 Unsubscribe. If you do not wish to receive e-mail, messages or other communications from us, you can unsubscribe from such communications by using the unsubscribe facility that may be provided with such e-mail, message or communication. Please note that if you do opt out of receiving marketing-related communications from us, we may still send you important administrative messages, and that you cannot opt out of receiving such administrative or other important messages.
4.5 Permissible retention. Notwithstanding that you may have withdrawn consent, opted out of communications, or your Account(s) with us have been terminated, you acknowledge we may continue to collect, use, disclose, retain or otherwise process your Personal Data where such collection, use, disclosure, retention or processing is permitted or required under applicable laws.
5. ACCESS TO AND CORRECTION OF PERSONAL DATA
5.1 Accuracy of Personal Data. We generally rely on Personal Data provided by you, or your authorised representative.
5.2 Updating/correcting Personal Data. In order to ensure that your Personal Data is current, complete and accurate, please update us if there are changes to your Personal Data by updating your Personal Data in your Account(s) (if applicable) or submitting your request to our Data Protection Officer.
5.3 Access request. If you wish to make an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data, please submit your request via email to our Data Protection Officer. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request. Please note that under your Account(s), you can already download a copy of some of your Personal Data. Where we are required to do so under the PDPA, you may request for your Personal Data, to be transmitted to a receiving organisation in a commonly used machine-readable format.
5.4 Response time. We will respond to your request for access to or correction of your Personal Data as soon as reasonably possible. In general, our response will be within fourteen (14) days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request.
We use commercially reasonable security measures to protect your Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. These measures include minimised collection of Personal Data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), encryption of data, data anonymisation, up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, web security measures against risks, usage of one time password(OTP)/2 factor authentication (2FA)/multi-factor authentication (MFA) to secure access, and security review.
You should note however that no method of transmission of information over the Internet or method of electronic storage is completely secure.
7. RETENTION OF YOUR PERSONAL DATA
7.1 We will retain your Personal Data (including Personal Data from closed Accounts) for as long as is necessary to fulfil the purpose(s) for which it was collected, as required or permitted by applicable laws (including to satisfy legal, regulatory, accounting or other regulatory requirements) or as we deem necessary and relevant to protect our legitimate interests.
7.2 Please note that the purposes listed in this Policy for which Personal Data may be collected, used and disclose, may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
7.3 When it is reasonable for us to assume that retention of your Personal Data no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal, regulatory, accounting or business purposes, we will cease to retain your Personal Data, or remove the means by which the Personal Data can be associated with you.
7.4 Typically, our legitimate business purposes do not require us to retain your Personal Data for more than 366 days following the termination of your Account. However, we may retain your personal data for longer periods for legal purposes, or if otherwise required or permitted by applicable laws.
8. WHERE YOUR INFORMATION IS HELD
8.1 Cross-border transfers. In order to provide you with the use of the Service and related services and functions (including customer support, back office functions, etc.) we may need to allow our staff or third party service providers (who may be located or whose servers and resources may be located in a location other than your country of residence) access to your Personal Data. Such transfers of your Personal Data are necessary for us to provide the Service as intended. For example, it is sometimes necessary for us to transfer your Personal Data out of your country of residence:
(a) to our offices outside your country of residence;
(b) to our service provider(s) located outside your country of residence;
(c) if you are based outside the country where we are located; and/or
(d) where there is an international dimension to the Service(s) we are providing to you.
8.2 To the extent that we may need to transfer your Personal Data outside of Singapore, we shall do so in accordance with the PDPA to ensure that we provide a standard of protection to personal data so transferred that is comparable to the protection under the PDPA, including by ensuring that the recipient is either in a jurisdiction which has comparable data protection laws, or is contractually bound to protect your Personal Data.
8.3 You acknowledge and specifically consent to your Personal Data being transferred to and stored in Singapore, and the locations where our third party agents, representatives, and service provider(s) store and process your Personal Data, which may be outside your country of residence.
9. NON-PERSONAL DATA
9.1 When you access and/or use the Service, we may collect, use, disclose, retain and/or process (or our systems may automatically collect, use, disclose, retain and/or process), directly or through third party applications, data that cannot be used to identify any particular individual and/or data that has been anonymised so that it cannot be used to identify any particular individual, including the following:
(a) log data, including your unique device number, the IP address of your computer or device, information about your computer or mobile internet browser type and operating system, the dates and times of your access to and/or use of the Website(s) and/or Service(s), the number and frequency of visitors to and/or users thereof, common entry and exit points into and from the Website(s) and/or Service(s), the number of page views or page impressions that occur on the Website(s) and/or Service(s), the number of unique visitors to and average times spent by these visitors on the Website(s) and/or Service(s);
(b) session and usage data about your use of the Website(s) and/or Service(s), including connection and service-related data such as information relating to the connection request, server communication and data sharing, network measurements, quality of service and date, time and location of usage; and/or
(c) aggregate information about access to and/or use of the Website(s) and/or Service(s), (which may contain log data and session and usage data) in respect of a group or category of services or users but which contains no personally identifiable information about the users.
(collectively “Non-Personal Data”).
9.2 We may appoint third parties to aggregate or otherwise anonymise data that is collected from you.
9.3 We may use Non-Personal Data for any purpose, including:
(a) for our own internal business purposes;
(b) to enable us and/or third parties appointed by us to analyse, research and track access to and/or usage of the Website(s) and/or Service(s), including to conduct internal research on user demographics, interests, behaviour and trends;
(c) to provide, improve and modify the Website(s) and/or Service(s); and
(d) to disclose to third party media and/or research organisations for the purpose of conducting industry comparisons with other Internet portals.
10.2 Our cookies cannot be used to get data from your device, to get your email address or any other data that can be traced to you personally.
10.3 Most web browsers and devices can be set to notify you when you receive a cookie or to prevent cookies from being sent. However, if you use these features, you may limit the functionality we can provide you when you access and/or use the Website(s) and/or Service(s).
(b) displaying the new terms on-screen when you next access and/or use the Service(s);
(c) sending you notice in accordance with the Terms of Service; and/or
(d) any combination of the foregoing.
12. CONTACTING US
Data Protection Officer: Andy Prakash
Address: c/- Site Arrow Pte. Ltd., 160 Robinson Road, #14-04, Singapore 068914.
E-mail: [email protected]