If you have any questions about this Policy or related matters, please contact our Data Protection Officer at the contact details below.
This Policy will help you understand the following:
- Our obligations to you under the PDPA
- How we collect and use your personal data
- How we share, transfer and disclose your personal data
- How we protect your personal data
- Our data breach notification obligations
- How your personal data moves globally
- How this Policy is updated
- How to contact us
1. Our obligations to you under the PDPA
1.1. The Consent Obligation: TBSPL must obtain your consent before collecting, using or disclosing your personal data (unless exempted). In addition, we must only do so for purposes that a reasonable person would consider appropriate in the circumstances and must notify the purposes to you before collection, use or disclosure.
1.2. The Access and Correction Obligations: TBSPL must, upon request, (i) provide you with your personal data in its possession or under its control and information about the ways in which the personal data may have been used or disclosed during the past year; and (ii) correct an error or omission in an individual’s personal data that is in its possession or under its control.
In this regard, you:
1.2.1 have the right to access your personal data, subject to exceptions provided by laws and regulations;
1.2.2. can manage your account by logging on to the App / Trade Portal;
1.2.3. can manage your transaction password by logging in to the App; and
1.2.4. can view your transactions on the App / Trade Portal.
If you are unable to access the above information, you can contact the customer service - we will respond to your request within 20 working days.
In addition, you can correct or supplement your personal data in the way listed in paragraph 1.2.1 to 1.2.4. If you are unable to manage this personal data in this way, you can contact our customer service at any time. We will respond to your request for access within 20 working days.
1.3. The Accuracy Obligation: TBSPL must make a reasonable effort to ensure that personal data collected by it is accurate and complete if the personal data is likely to be used by TBSPL to make a decision that affects the individual concerned (i.e. you) or disclosed by TBSPL to another organisation.
1.4. The Protection Obligation: TBSPL must protect personal data in its possession or under its control by making reasonable security arrangements to prevent (i) unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks; and (ii) the loss of any storage medium or device on which personal data is stored.
1.5. The Retention Limitation Obligation: TBSPL must cease to retain documents containing personal data, or remove the means by which the personal data can be associated with particular individuals as soon as it is reasonable to assume that (i) the purpose for which the personal data was collected is no longer being served by retention of the personal data; and (ii) retention is no longer necessary for legal or business purposes.
1.6. The Transfer Limitation Obligation: TBSPL must not transfer personal data to a country or territory outside Singapore unless the organisations to which the personal data is transferred provide a comparable standard of protection for the personal data.
1.7. The Data Breach Notification Obligation: TBSPL must assess whether a data breach is notifiable and notify the affected individuals and/or the Personal Data Protection Commission where it is assessed to be notifiable.
1.8. The Accountability Obligation: TBSPL must implement the necessary policies and procedures in order to meet its obligations under the PDPA and shall make information about its policies and procedures publicly
2. How we collect and use your personal data
When you use our products and/or services, your personal data may be collected and used in the following two scenarios:
2.1. To provide you with the basic functions of our products and/or services, you must authorise us to collect and use the necessary personal data. If you refuse to provide such personal data, we will not be able to provide our products and/or services;
2.2. Personal data you have chosen to authorise us to collect and use in order to provide you with additional functionality for our products and/or services. If you refuse to provide such personal data, you will not be able to use the related additional features or achieve the desired results, but it will not affect your normal use of the basic features of our products and/or services.
Please see paragraph 2.5 of this Policy for further information.
You understand and agree that:
2.3. We are committed to developing a diverse range of products and services to meet your needs. We provide you with a large range of products and services and the scope of specific products/services can be chosen to be used by different users. Therefore, the basic/additional functions and the type and scope of personal data collected and used will vary accordingly.
2.4. In order to bring you a better product and service experience, we continue to strive to improve our technology, with which we may launch new or optimised features from time to time, and may need to collect, use, or change the purpose or the way that personal data is used. We shall seek your consent before collecting and using any additional personal data for a purpose which has not been notified to you in the Policy.
In this regard, we will otherwise explain to you the purpose, scope and use of the relevant personal data by updating this Policy. Please see paragraph 8 of this Policy for further information on how this Policy is updated. If you have any questions, comments or suggestions during such process, you may contact our Data Protection Officer at the contact information provided below and we will answer your questions as soon as possible.
We will implement the following functions of this Policy to collect and use your personal data:
2.5. The personal data you offered when using our service
2.5.1. Performance of anti-money laundering obligations and real-name system management in accordance with laws and regulations and regulatory provisions
When you apply for opening an account, you shall provide your identity information as required in accordance with laws, regulations and regulatory provisions, including name, nationality/country of legal residence, type/number of valid identity certificate, mobile phone number, email address, residential address information, date of birth, personal specimen signature, face identification information, tax information, the country of birth; if your permanent address is different from the ID address, you are required to separately provide documents to prove your residential address (for example, water and electricity bill/bank statement/driver license/housing property certificate/household register, etc. which contains address information).
During the account opening process, when you perform face recognition and identity verification, you may need to enable the camera and album (photo album) permissions of the device. We will collect your facial features and valid identity documents and use them strictly within the scope of your authorisation to safeguard the security of your account and transaction. If you do not want to provide the above information or refuse to open the above device permission, you may not be able to complete the account opening process and will not be able to use the corresponding services and functions provided by us.
2.5.2. Perform the "Know Your Client" assessment, client rating and risk rating evaluation in accordance with laws, regulations and regulatory provisions
Singapore law requires us to, at the time of opening your account, assess and rate your investment appropriateness, and provide you with a risk rating assessment. As such, you must provide us with your occupational status, asset information (for example net current assets, net assets, total assets, and net annual income), investment objectives, and investment experience information (for example, trading years and times of different varieties, and investment preferences).
Retirees may be requested to provide information of your previous occupation.
A person who is employed or a business owner will need to provide detailed employment information, including company name, location and address, industry, and position.
A student or homemaker will need to provide information on source of funds.
In addition, if you or your immediate family member is working with a regulator or listed company, you also need to fill in the name of the regulator, the stock code of the listed company and the name of the relevant exchange.
2.5.3. Orders & Transactions
When you buy or sell securities, options or trade futures, or any other product available on our platform, whether on your own or by instructing us, you may need to provide us with the order type, the code, price and quantity, whether to trade through margin or short selling, the percentage of margin trading or short selling (if applicable), and/or time in force, and whether trading during pre-opening session and late trading session.
When you use the reminder function, you may need to enable the calendar permission of your device, and we will read/record the date of the company action you are following into the calendar according to your operation, to provide you with a timely reminder service.
When you open the fingerprint or face transaction verification function, you agree to authorise us to verify your fingerprint or face ID instead of verifying your transaction password for transaction security. You can also open the fingerprint or face verification function before entering the "Trade" page so that you can have a more secure experience.
If you do not wish to provide the above information or refuse to provide the above permissions, you will not be able to use the corresponding services and functions provided by us.
2.5.4. Deposit/Withdrawal of Fund
When you deposit/withdraw funds from your account, based on risk control and anti-money laundering requirements, you need to provide your bank card account number, name of bank card holder (which must be consistent with the name of the securities account) and information about the amount of funds deposited/withdrawn.
2.5.5 Customer Service
To ensure the security of your account and system, you must provide us with the necessary personal data to verify your identity when you contact us or file a dispute or personal account application.
For the convenience of contacting you and to help you resolve the problem as soon as possible or to record solutions and results of related problems, we may maintain records of your correspondence/telephone conversations with us and the relevant content (including account information, order information, other information you provide to substantiate the relevant facts, or contact information you left), and we will use your account information and order information if you make inquiries, complaints or suggestions with respect to a specific order.
We may also use additional information about you, including the information you provided when contacting customer services and the replies you sent to us when you participated in the survey, to provide reasonable service and to improve the quality of service.
2.5.6. To provide you with safety assurance
When you use our products and/or services, we may use or integrate your personal data and operation log information, including account status, login time, browsing history, watchlist, trading markets, trade symbol information, trading funds information, which also includes your IP address, browser type, language used, operating system version, date and time of access, network requests, etc. In this manner, we can comprehensively identify the risks to your account, conduct identity verification, detection and prevent security incidents, and take necessary recording, auditing, analysis and disposal measures according to the law. Such instances of collection and use are also intended to improve the security of your use of our services, protect your personal data and property safety, or other users, or the public from being infringed upon, better prevent phishing sites, fraud, network vulnerabilities, computer viruses, network attacks and intrusions as well as other security risks, and more accurately identify violations of laws and regulations.
2.6. We may collect your personal data in accordance with the PDPA without your consent in certain circumstances, including where:
2.6.1. the collection is necessary to respond to an emergency that threatens your life, health or safety of or another individual;
2.6.2. the personal data is publicly available; and
2.6.3. the collection is necessary for evaluative purposes.
2.7. Rules for use of personal data
2.7.1. Please understand that the services we provide to you are constantly updated and evolving. If you choose to use other services that are not covered by the above instructions, we will inform you of the scope and purpose of the information collection through page prompts, interaction processes, and agreement, subject to your consent. We will use, store, provide external service and protect your personal data in accordance with this Policy and the corresponding client service agreement; if you choose not to provide the above information, you may be unable to use a certain service or part of the service, but your use of other services shall not be affected.
2.7.2. All personal data you provide when using our products and/or services, unless you have opted out of our collection through your system settings, will be deemed to continue to authorise us to use it during your use of our products and/or services.
2.7.3. We may keep statistics on the use of our products and/or services and may share these statistics with the public or third parties to demonstrate overall usage trends of our products and/or services. These statistics, however, do not contain any identifying information about you.
2.7.4. We may use your account information and transaction information to conduct comprehensive statistics and analysis of your preferences, habits, account status and other information to form a user profile, which may be used to recommend or show you information about products and/or services that may be of interest to you, send you promotional information or display commercial advertisements via SMS, email, etc., or provide you with information consultation services or invite you to participate in customer research related to services, products or features in telephone follow-up. For example, we will use your account opening information, including account opening time, account type, employer information, and send business notifications, user experience research, and provide guidelines, marketing and promotional information through the contact information you have provided (including but not limited to: cell phone number, e-mail, etc.). If you wish to unsubscribe from receiving our marketing communications, please click on the unsubscribe link in the relevant email or message, or alternatively, you may update your preferences directly on our mobile application. While you may opt out of marketing or promotion communications, TBSPL may still send you service related messages (e.g. information on your transactions).
2.8 You may change the scope of our continuous collection of personal data or revoke your authorisation by deleting information, turning off the functions of the device or otherwise. You may also revoke our full authorisation to continue to collect your personal data by cancelling your account.
2.9 You understand that each business function requires some basic personal data to complete. After you withdraw your consent or authorisation, we cannot continue to provide you with the service for which you withdraw your consent or authorisation, and we will no longer collect or use your personal data. However, your decision to withdraw your consent or authorisation will not affect the processing of personal data previously conducted based on your authorisation.
A cookie is a small text file created by a web site server and saved on a user's browser, and when a user visits a web site server, the website can access cookie information. In addition to being used to identify users, cookies can also be used to store user information and track user access behaviour.
You can manage and delete cookies according to your preferences, and most browsers have the ability to disable or delete cookies from your system. Note that blocking cookies can cause some features on our website or system to not work or work effectively, which can affect your experience.
3.2. Cookie homogeneity technology
In addition to cookies, we use Authorization or Web Beacon and other similar technologies on the website. Authorization is an HTTP protocol header that is passed behind the browser and the server of the Internet, instead of cookie use. The Web Beacon can calculate who browses the web or access some cookies. We use Authorization to record your identity and collect information about your web browsing activities through the Web Beacon, such as Internet Protocol (IP) Address, Browser Type, Internet Service Provider (ISP), Visited Pages, Operating System, Date/Time Stamp, Click Data Stream, and so we can learn more about and improve our products and services.
3.3. SDK technology
Our products and services will embed the third-party SDK and collect some information from you to ensure that you can use our services normally. Please refer to the Statement for using third-party SDK for details.
We will conduct strict security monitoring of APIs, SDKs and other SDKs and agree with authorising partners on strict data protection measures to enable them to process personal data in accordance with our delegated purpose, service instructions, this Policy and any other relevant confidentiality and security measures.
4. How we share, transfer and disclose your personal data
4.1.1. Business Assistance
We undertake to keep your personal data strictly confidential. Unless otherwise required or permitted by laws, regulations and regulatory authorities, we will only share your personal data with a third party, including our affiliated companies, cooperative financial institutions and other partners, with your consent.
If we need to share your personal data with a third party in order to provide services to you, we will evaluate the legitimacy and necessity of the third party's collection of personal data. We will require third parties to protect your personal data and strictly comply with the relevant laws, regulations and regulatory requirements.
Certain products or services may be provided by a third party or jointly by us and a third party. Therefore, in certain circumstances we may require to submit your personal data such as your identity information, contact information, professional information, asset information, investment information and order information to third parties (including but not limited to third party service providers, our affiliates, other financial services institutions, external service providers ) in order to provide the products or services that you need.
We may also disclose your personal data to professional firms engaged by us to match your personal data against government records.
With your prior consent, we will disclose your personal data with a third party to the extent permitted by laws and regulations.
4.1.2. Information Validation
As required by laws and regulations, in order to effectively identify you, we will provide your name, date of birth, gender and ID number information to the third-party authentication provider during the account opening process, so that we can identify you as a legitimate and valid customer, complete the account opening for you and provide follow-up services.
4.1.3. Regulatory and Supervisory Review
Relevant regulatory bodies, self-regulatory associations or competent organisations (including but not limited to various exchanges and governmental authorities) may request that we provide your personal data (such as your account and transaction information) for purposes of supervision and inspection to confirm whether we have complied with our legal obligations. We may also be required to provide your personal data to a court of competent jurisdiction.
4.1.4. Complaint Handling
If you make a complaint against us or another person or are complained against, in order to protect your and such other person’s legitimate rights and interests, we may keep your name, contact information and information relevant to the complaint in the customer service system provided by a third party supplier and may provide the same to the consumer rights and interests protection department and regulatory authorities so that we may resolve complaints and disputes in a timely manner, except where such provision is expressly prohibited by laws and regulations.
We will not transfer your personal data to any company, organisation or individual except where we have obtained your consent in advance, or where such consent has not been obtained, such transfer is in accordance with the relevant laws, regulations, mandatory administrative or judicial requirements.
In the event that there is a transfer of assets, acquisition, merger, reorganisation or bankruptcy liquidation in relation to TBSPL such that a transfer of your personal data is involved, we will inform you of the relevant situation, and require the new companies and organisations that hold your personal data to continue to be bound by this Policy. If the purpose for the use of the personal data has changed, we will request the relevant company or organisation to obtain your consent prior to such use.
4.3. Disclosure to the public
We do not disclose your personal data in principle except in the case of announcing prize winners, where only a desensitised display of the winner's mobile phone number or user nickname will be disclosed. If any public disclosure is required, we will notify you of the purpose of such public disclosure, the type of information to be disclosed and any sensitive information that may be involved and obtain your prior consent before such disclosure.
4.4. We may disclose your personal data in accordance with the PDPA without your consent in certain circumstances, including where:
4.4.1. the disclosure is necessary to respond to an emergency that threatens the life, health or safety of you or another individual;
4.4.2. the personal data is publicly available; and
4.4.3. the disclosure is for the purpose of contacting the next-of-kin or a friend of any injured, ill or deceased individual.
- How we protect your personal data
5.1. We have taken reasonable and practical security measures in line with industry standards to protect your personal data against unauthorised access, public disclosure, use, modification, destruction or loss of data. We will take all reasonable and feasible measures to protect your personal data. We take physical, technical and administrative security measures to mitigate the risks of loss, misuse, unauthorised access, disclosure and alteration, including, but not limited to, transport-level data encryption, firewall and encrypted storage, physical access controls, and information access authorisation We have set up a security program to protect your information from unauthorised access. For example, you can communicate with all of our network communications and we ensure encryption is protected with encryption (SSL). Your personal data is encrypted and stored on our server with high strength encryption. We will use a trustworthy protection mechanism to prevent malicious attacks on personal data; we will deploy strict data access authority control and multiple identity authentication technologies to protect personal data and avoid illegal access and use of data. In the use of personal data, such as personal data presentation, personal data correlation calculation, we will use a variety of data desensitisation techniques including content replacement, SHA256 to enhance personal data security. We strengthen the audit of personal data security by adopting automatic code security check and data access log analysis technology.
5.2. We have an advanced data management system, which focuses on data life cycles, to improve the security of the whole system from organisation construction, system design, personnel management, product technology and so on. For example, we have established data classification systems, data security management rules and security development rules to regulate the storage and use of personal data. We require all employees to sign a confidentiality agreement. We hold training courses on security and privacy, to strengthen employees' understanding of the importance of protecting personal data so that they conduct operations in strict accordance with data protection requirements. To further enhance security certification and services, we have passed the ISO27001 certification.
5.3. We have implemented procedures such that access to your non-public personal data by TBSPL's directors, employees, contractors, agents, partners and other parties working on behalf of it, is on a need-to-know basis to perform our obligations to you.
5.4. We will take all reasonable and practical measures to avoid collecting unrelated personal data and will retain your personal data only for such periods of time as is necessary to achieve the purposes described in this Policy, unless an extension of the retention period is required or is permitted by law.
5.5. Please understand that the Internet is not an absolutely secure environment. We strongly recommend that you use our products and services in a secure, sophisticated and reliable manner to help us secure your account. If you find that your personal data is leaked, especially if your account information or password is leaked, please contact us immediately according to the contact information provided in this Policy so that we can take appropriate measures.
5.6. You can protect your personal data by using a complex password without revealing your logon password or account information to anyone. Once you reveal your account number and password, it may have adverse consequences for you. If you find that your account and password have been leaked or will be leaked for any reason, please contact our customer service immediately so that we can take appropriate measures. But we are not responsible for this until we are aware of it and act within a reasonable period of time.
We will not be liable for any loss or third-party access to your personal data due to your failure to protect the confidentiality of your personal data. If you discover any unauthorised use or other security breaches, you must notify us immediately. Your assistance will help us to protect your personal data better.
5.7. In some business functions, we may make decisions based solely on non-human automatic decision-making mechanisms such as information systems, algorithms, etc. If these decisions significantly affect your legitimate rights and interests, you have the right to request us to explain, we will also provide information without prejudice to our trade secrets or other rights and interests of users, social public interests.
5.8. For security, you may be required to provide a written request or otherwise certify your identity. We may ask you to verify your identity before we process your request. We will give an answer within 20 working days. If you are not satisfied, you can also make a complaint through our customer service. For your reasonable request, we do not charge fees in principle, but for repeated, beyond the reasonable limit of the request, we may refuse or as appropriate charge a certain cost. In particular, we have the right to reject requests for information that is not directly related to your identity, information that is repetitive for no reason, or requests for which too much technical means are needed (for example, requests necessary to develop a new system or fundamentally change existing practices), which result in risks to the legitimate rights and interests of others or which are impractical. We shall have the right to reject your request in accordance with relevant laws and regulations in certain circumstances, including where:
5.8.1. the request is related to national security or national defence security;
5.8.2. the request is related to public security, public health and major public interests;
5.8.3. the request is related to criminal investigations, prosecutions, trials and enforcement of judgments;
5.8.4. the request involves trade secrets;
5.8.5. there is sufficient evidence to prove that who has malicious intention or abuses his or her right; and
5.8.6. a response to your request will seriously impair the legitimate rights and interests of you or other individuals or organisations.
- Our data breach notification obligations
We are subject to data breach notification requirements where the breach is reportable (if it causes significant harm to the individual or affects more than 500 individuals). The timeline for reporting is set out below:
To the extent that we have determined that the breach is a notifiable data breach, we will notify the affected individuals and/or the Personal Data Protection Commission where it is assessed to be notifiable.
Parallel reporting may also be necessary to the Monetary Authority of Singapore if we have determined this to be necessary.
- How your personal data moves globally
The personal data collected from you will be stored in Singapore. We generally do not transfer your personal data to any other entities in the countries outside of Singapore. However, if we do so, typically in cases where provision of the products and/or services requested by you requires us to do so, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
- How this Policy is updated
Our Policy may be updated and adjusted from time to time and published on our website(s). Material changes may be notified to you via, for example, email notification or pop-up tips. Without your consent, we will not limit your rights under this Policy.
Material changes referred to in this Policy include but are not limited to:
8.1. Significant changes in our service model. For example, the purpose of processing personal data, the type of personal data processed, the methods that we collect, use or disclose personal data, etc.;
8.2. we have a significant change in control and other aspects, such as mergers and acquisitions caused by the personal data controller change;
8.3. changes to the main objects of sharing, transfer or public disclosure of personal data;
8.4. there are significant changes in your right to participate in personal data processing and the way in which you exercise such right;
8.5. changes in the department, contact information and complaint channel responsible for handling personal data and personal data security;
8.6. our personal data security impact assessment report shows that there is a high risk of security breach.
- How to contact us
You may contact our Data Protection Officer if you have any enquiries or feedback on this Policy or your personal data or where you believe that there has been a privacy breach, or if you wish to make any request, at:
Data Protection Officer
Email address: firstname.lastname@example.org
Contact number: (65) 6950 0591
We, Tiger Brokers (Singapore) Pte. Ltd. ("TBSPL"), understand that your privacy is important, and we endeavour to protect your personal data. This Privacy Supplement describes how TBSPL uses your personal data.
1. Purpose of Privacy Supplement
This Privacy Supplement provides an overview of our practices in relation to our collection, management and protection of your personal data, and should be reviewed in conjunction with the Policy. To the extent of any conflict or inconsistency between this Privacy Supplement and the Policy, the Policy shall prevail.
2. What is personal data? What personal data do we collect?
"personal data" means data, whether true or not, about an individual who can be identified from that data or from that data and other information to which TBSPL has or is likely to have access. The personal data we collect include an individual’s name, NRIC, passport or other identification number, telephone numbers, address, email address and any other information relating to the individual.
We generally do not collect your personal data unless:
(a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided your consent to the collection and usage of your personal data for those purposes; or
(b) collection, use or disclosure of personal data without consent is permitted or required by the PDPA or other laws.
TBSPL shall seek your consent before collecting and using any additional personal data for a purpose which has not been notified to you in the Policy or this Privacy Supplement (except where permitted or authorised by law).
3. What do we use your personal data for?
We may use your personal data for any or all of the following purposes:
(a) registering you for an account with us;
(b) performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;
(c) verifying your identity;
(d) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you, including informing you of any steps that we have taken to resolve user support issues;
(e) monitoring and improving our user support responses;
(f) managing your relationship with us;
(g) processing payment or credit transactions;
(h) sending you marketing information about our goods or services including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions, if you have opted in to receive such marketing information;
(i) complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
(j) any other purposes for which you have provided the information; and
(k) any other business purposes related to or in connection with the above.
The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
If you wish to unsubscribe to receiving our marketing communications, please click on the unsubscribe link in the relevant email or message, or alternatively, you may withdraw consent by submitting your request via email to our Data Protection Officer at the contact details provided below. While you may opt out of marketing or promotion communications, TBSPL may still send you service related messages (e.g. information on your transactions).
4. Will your personal data be disclosed to any third parties?
We may disclose your personal data:
(a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you;
(b) to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in the purposes above for us;
(c) to affiliates within the Tiger Group;
(d) to other financial services institutions or similar entities that we deal with as a result of the nature of our business or in relation to the products and services that you utilise (e.g. including third-party services or information providers accessible through our websites, sub-custodians or other third party brokers);
(e) to external services providers including consulting, legal, accounting or audit firms;
(f) to regulatory and government bodies in Singapore and in other countries;
(g) to professional firms engaged by us to match your personal data against government records; or
(h) to other third parties as required by a court of competent jurisdiction.
Please see Section 4 of the Policy for further information on how we may share, transfer and disclose your personal data.
5. Will you be able to withdraw your consent which you provided to us earlier?
Yes. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data by submitting your request directly on our mobile application or via email to our Data Protection Officer at the contact details provided below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities in relation to us. In general, we respond to your request within thirty (30) calendar days of receiving it.
Please note that depending on the nature and scope of your request, we may not be able to continue providing our products or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described above.
6. Can you access, update or correct your personal data which we hold about you?
Yes. If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request via email to our Data Protection Officer at the contact details provided below. We will respond to your request as soon as reasonably practicable. In general, we respond to your request within thirty (30) calendar days of receiving it. Please note that an administrative fee may be charged for an access request. If so, TBSPL will inform you of the fee before processing your request.
7. How do we protect your personal data?
As we outlined in the Policy, to safeguard your personal data, we have introduced appropriate administrative, physical and technical measures to secure all storage and transmission of personal data by us, and disclose personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
8. How long do we retain your personal data?
We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
9. What else should you know about data protection?
In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer via email at the contact details provided below.
10. Transfers of personal data outside of Singapore
We generally do not transfer your personal data to any other entities in the countries outside of Singapore. However, if we do so, typically in cases where provision of the products and/or services requested by you requires us to do so, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
11. Who to contact?
You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, at:
Data Protection Officer
Email address: email@example.com
Contact number: (65) 6950 0591
12. Effect of Policy and Privacy Supplement and changes that may be made to Policy and Privacy Supplement
We may update the Policy and/or this Privacy Supplement from time to time to reflect our current practice and ensure compliance with applicable laws. When we make changes to the Policy and/or this Privacy Supplement, we will revise the “Last Updated” date at the top of the relevant document. Material changes may be notified to you via, for example, email notification or pop-up tips. We recommend that you check this page from time to time to inform yourself of any changes.