Last updated: 10 October 2022
We want you to understand why and how Savvy PlatformPte. Ltd. and (“the Platform”, “we”, “us” and/or “our”) collects, uses, discloses and or/processes your Personal Data (as defined below) under Singapore’s Personal Data Protection Act 2012 (the “PDPA”).
This Policy supplements but does not supersede or replace any previous consent which you may have provided to the Platform, nor does it affect any legal rights that the Platform may have regarding the collection, use, processing and/or disclosure of any Individual’s Personal Data.
The Platform may from time to time update this Policy to ensure that it is consistent with our business needs or to accommodate amendments to applicable legal or regulatory requirements. All updates to this Policy will be published online at https://iamsavvy.com.sg(the “the Platform’s Website”). Notification of any material revisions will also be published on the Platorm’s Website. You shall be deemed to have accepted the Policy as amended by continuing your relationship with the Platform after any amendments have been published on the Platform’s Website.
This Policy forms part of the terms and conditions, if any, governing your specific relationship with the Platform (“Terms and Conditions”) and it should be read in conjunction with the Terms and Conditions. In the event of any conflict or inconsistency between the provisions of this Policy and the Terms and Conditions, the provisions of the Terms and Conditions shall prevail to the fullest extent permissible by law.
For the purpose of this Policy:
- “DPO” shall mean the Data Protection Officer based in Singapore.
You may contact our DPO via email.
The DPO’s email address is email@example.com
Our principles of data protection
Our approach to data protection is built around 3 key principles. They’re at the heart of everything we do relating to personal data.
- User Sovereignty: You have full control over your data and you have the ability to make changes as required.
- Transparency: We take a human approach to how we process personal data by being open, honest and transparent.
- Security: We ensure industry leading approaches to securing the personal data entrusted to us.
1. Definitions: For the purposes of this Policy:
“Customer” means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any services by us;
“Law” means current legislation of the Republic of Singapore;
“Personal Data” means data, whether true or not, about a customer who can be identified:
(a) from that data; or (b) from that data and other information to which we have or are likely to have access.
Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your name and identification information such as your NRIC number, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio-visual information, employment information and financial information such as credit card numbers, debit card numbers or bank account information.
“Personnel” means any Individual engaged under a contract of service with the Platform including permanent or temporary employees as well as trainees and interns engaged by the Platform from time to time; and
“Potential Personnel” means any Individual who has submitted an application to be engaged by the Platform as Personnel.
2. Collection of Personal Data
We may collect and use your personal data for any or all of the following purposes:
(a) performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;
(b) verifying your identity;
(c) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
(d) managing your relationship with us;
(e) processing payment or credit transactions;
(f) sending you marketing information about our goods or services including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions;
(g) complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
(h) any other purposes for which you have provided the information;
i) transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
(j) any other incidental business purposes related to or in connection with the above.
3. Disclosure of Personal Data
We may disclose your personal data:
(a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you; or
(b) to third party service providers, agents and other organisations we have engaged to perform any of the functions for us.
The purposes listed in the clauses 2. and 3. may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
4. Collection of Personal Data General Procedures
Generally, the Platform may collect Personal Data from you in one or more of the following ways or circumstances:
a) Information provided directly: You may be asked to provide Personal Data when you visit or use some parts of our websites and/or services. You do not have to provide us with your Personal Data; however, it could mean that you are not able to access some parts of our website or use our services.
b) Information collected automatically: Some information is collected automatically, such as an IP address and device type, when you visit our website or use our services. This information is useful to us as it provides us with a better understanding of how you are interacting with our website and services so that we can continue to provide you with the best experience possible.
c) Information from third parties: The majority of information that we collect is collected directly from you. Some data may be collected from other sources, such as information that is available in the public domain or trusted third parties in order to conduct background checks as part of your relationship with us. We use this information to supplement the Personal Data that we have collected from you.
Where your Personal Data is collected from third parties, we will only use such Personal Data where you have provided your consent to the third party which would also cover our processing of your Personal Data or where the Platform has a legitimate interest to use the Personal Data in order to evaluate the suitability of your relationship with us.
Some of the information we collect may include your personal data, such as your full name, contact information, Copy of NRIC, Copy of passport or other identification, telephone number(s), residential address, email address, biometric data and other personal information required by government agencies, product and service selections, and other data that may identify you. We collect personal data about you at several different points, including but not limited to the following:
- when we correspond with you as a customer or prospective customer;
- when you visit our website or use the Platform;
- when you use our software or services;
- when you register as an end-user of our services and an account is created for you;
- when you opt-in our newsletter program;
- when you decide to participate in a survey;
- When you voluntarily provide us with your information through our landing pages
As part of our onboading process, there is some information which we have to collect from you as part of being regulated by the Accounting and Corporate Regulatory Authority (ACRA) and the Monetary Authority of Singapore (MAS), without which we would not be able to provide you our services. In order to do so, we make use of independent providers to help us carry out identity checks on our behalf. When this happens, you will be redirected outside of thePlatform. The information required might include an image, images of an identity document (e.g a passport or a driver’s license) or a live video. The exact information needed depends on the check that’s being carried out.
5. Processing of Personal Data
Where we collect Personal data, we will only process it:
a) To perform a contract with you, or
b) Where we have a legitimate interest to protect the Personal Data which is not overridden by your rights, or
c) In accordance with a legal obligation, or
d) Where we have your consent.
Please note that if you choose not to provide us with your Personal Data or choose not to consent to our processing of your Personal Data, we may not be able to provide some or all of our Services to you or respond to your other requests; for job applicants, we would not be able to evaluate your suitability against our employment opportunities.
6. Sharing Information Outside the Platform
The Platform shares information with external parties that are performing tasks on our behalf (including data processors and sub-contractors) and with other companies, organisations, government bodies, and individuals outside the Platform where we have a legitimate legal reason for doing so (for example, in connection with any merger or acquisition or to comply with a court order) or where we have been instructed to share the information on behalf of our customers.
Unless otherwise authorised under the PDPA or any other applicable law, the Platform will not collect, use or disclose your Personal Data without your knowledge and consent. The Platform will highlight the Purposes relevant to you, by appropriate means, at the point or time of collection of your Personal Data.
The Platform may obtain your consent by any of the following means:
a) via express provisions in a contract, application form and/or registration form to be signed with or submitted to the Platform;
b) via notifications on the Platform’s website;
In so far as any Purpose(s) are intrinsic to the relationship or provision of services, the Platform reserves the right to decline to engage in the relevant relationship or to provide the relevant services to you if you do not consent to the Platform’s collection, use or disclosure of your Personal Data for such purposes.
- voluntarily provide Personal Data to the Platform for any specified purpose;
- use or access our website(s) or computer network;
- enter our premises or use any of the facilities thereon; and/or
- attend or participate in events or programmes organised by us
When you provide us the Personal Data related to a third party (e.g. information of his/her spouse or children) for any particular purpose, you represent to us that you have obtained the consent of the relevant third party for the Platform to collect, use or disclose such Personal Data for the relevant purpose.
8. Request to Withdraw Consent
You have the right to withdraw your consent to the collection, use and/or disclosure of your Personal Data in our possession by submitting your request to our Data Protection Officer at firstname.lastname@example.org any time.
We shall process your request for the withdrawal of consent within a reasonable period of time from such a request being made. After that time, we will not collect, use and/or disclose your Personal Data in the manner stated in your request.
Your withdrawal of consent could affect the services that we are able to provide to you. Depending on the extent of your withdrawal of consent for us to process your Personal Data, it may mean that we are not able to continue with our existing business relationship.
10. Security of Personal Data.
We make reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks to Personal Data in its possession.
If we transfer Personal Data outside of Singapore, we take reasonable steps to ensure that such Personal Data transferred receive a standard of protection comparable to the protection received under the PDPA and such transfer shall be subject to this Policy.
We ensure that third parties who receive Personal Data from us protect such Personal Data in a manner consistent with this Policy and not use such Personal Data for any purposes other than those specified by us, by incorporating appropriate contractual terms in its written agreements with third parties.
We are not responsible in any way for the security and/or management of Personal Data shared by you with any third party’s websites accessible via links on our website.
In the event of a breach of security in respect of any Customer Data, we shall promptly (but as soon as practical from a security perspective) provide notice of such breach to the Customer and any individuals acting on behalf of such Customer, setting out the extent of the breach, the affected Customer Data and any steps taken by us to remedy and limit the consequences of the breach. Notwithstanding the foregoing, where we determine that the PDPA allows us not to provide notification in respect of a breach, we may choose not to inform the Customer of such breach immediately or at all.
11. Third party websites
Our Website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites.
12. Accuracy of Personal Data
Information voluntarily provided by you to us shall be deemed complete and accurate.
We shall take reasonable steps to verify the accuracy of Personal Data received at the point of collection, but you will remain primarily responsible and liable to ensure that all Personal Data submitted by you to us are complete and accurate.
Weshall also take reasonable steps to verify the Personal Data in our possession on a regular basis, taking into account the scope of our operations. However, you remain responsible for notifying us, from time to time, of any applicable changes to your Personal Data. You can amend your Persona Data on the Platform’s website or you may notify our team of any changes to your Personal Data by email at email@example.com, or you may contact the Data Protection Officer by email at firstname.lastname@example.org any time.
We shall not be held liable for any inability on our part to provide services to you if you fail to ensure that your Personal Data submitted to us are complete and accurate.
13. Access to and correction of Personal Data
In general, the rights afforded to individuals are:
a) Right to Access
The right to be informed of and request access to the Personal Data that we process about you. This will enable you to check what Personal Data we are processing and whether the processing is lawful.
We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within 30 days after receiving your access request, we will inform you in writing via email within 30 days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or under any other applicable laws).
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
b) Right of Correction/Rectification
The right to request that we amend or update your Personal Data where it is inaccurate or incomplete. Kindly note that while we shall make a reasonable effort to ensure that the Personal Data we collect is accurate and complete, you are responsible for ensuring the accuracy of the Personal Data that you provide to us directly.
We shall respond to your correction request as soon as reasonably possible. Should we not be able to perform the correction request within 30 days after receiving your request, we shall inform you in writing via email on the time by which we will be able to perform your correction request. If we are unable to perform a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or under any other applicable laws).
c) Right to Withdraw Consent
You have a right to withdraw your consent at any time, where consent is the legal basis of the processing of your Personal Data. Kindly note that depending on the nature and scope of your request, we may not be in a position to continue performing our obligations in the course of or in connection with the Event to you.
The right to not be subject to a decision based solely on automated decision-making where the decision would have a legal effect on you or produce a similarly significant effect.
If we send you electronic marketing messages (i.e newsletters) based on your consent or as otherwise permitted by applicable law, you may, at any time, respectively withdraw such consent or declare your objection at no cost. The electronic marketing messages you receive from us will also include an “unsubscribe” option within the message itself to enable you to manage your Personal Data. Please note that if you opt-out of receiving direct marketing materials, we may still send you non-promotional messages, such as receipts or information about the Services we are providing to you.
Additionally, you have the right at any time to lodge a complaint with your local Data Protection Authority if you are unhappy with the way in which we are using your Personal Data.
In order to enable you to exercise these rights with ease and to record your preferences in relation to how we use your Personal Data, you may email us email@example.com
14. Retention of Data
The length of time that we keep your Personal Data depends on what it is and whether we have an ongoing business need to retain it.
We will only retain your data for as long as we have a business relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, or where we are required by law to retain it.
Upon the expiry of time relating to any business needs or legal requirements to retain your Personal Data we will ensure that your Personal Data is deleted or anonymised.
For more information about our retention policies, kindly email your request tothe following email address: firstname.lastname@example.org
15. Overseas Transfer
We generally do not transfer your personal data to countries outside of Singapore.
However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
In all such instances, we shall ensure that the transfer of your Personal Data is carried out in accordance with any applicable laws and that appropriate safeguards (e.g. contractual, technical and organizational measures) are put in place before such transfer takes place.
16. Making a complaint
You are welcome to contact us if you have any complaint or grievance about how we are handling any Personal Data in our control or possession.
To make a complaint you can:
a) Contact our Data Protection Officer via email at email@example.com
b)Contact us by telephone during our office hours (9:00am to 6:00 pm) at +65 9711 8886;
c) Visit us in person at our Singapore office during our office hours (9:00am to 6:00pm).
If any provision of this Policy shall be held to be illegal, void, invalid or unenforceable under the laws of any jurisdiction, the legality, validity and enforceability of the remainder of this Policy in that jurisdiction shall not be affected, and the legality, validity and enforceability of the whole of this Policy in any other jurisdiction shall not be affected.
Nothing in this Policy shall be construed as the Platform providing an indemnity to any Customer in relation to any Customer Data or use thereof. The Platform expressly exclude liability or any losses which the Customer may suffer on account of the Platform’s collection, storage or use of Customer Data in accordance with this Policy. In any event, the Platform expressly excludes any liability to the Customer which are in the nature of indirect or consequential losses, special losses, loss of profits, loss of contracts, loss of reputation or goodwill, or other tangential or intangible losses that a Customer may suffer on account of a breach of this Policy by the Platform or any of its agents or service providers.