Privacy Policy

This Privacy Policy sets out the basis which OTSAW Digital Pte Ltd (“OTSAW”, “we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act 2012 (“PDPA”), and the European Union General Data Protection Regulation (“GDPR”). This Privacy Policy (“Policy”) applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

What personal data we collect and why we collect it

1.     Personal Data

  1. In this Policy, “Personal Data” refers to data or information, whether true or not, about you can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. Examples of personal data which we may collect from you include (depending on the nature of your interaction with us):
    1. your name, NRIC, passport or any other identification number, mailing address, email address or telephone number and any other information relating to you which you have provided us in any form you may have submitted to us, or in other forms of interaction with you;
    2. information on your use of our websites and services such as cookies, IP addresses, subscription account details, computer and connection information, device capability, bandwidth, statistics on page views, and traffic to and from our website;
    3. your professional background information including educational and employment history, and income levels;
    4. financial information such as credit card numbers, debit card numbers or bank account details;
    5. marketing information including your preferences in receiving marketing from us and our third parties and your communication preferences. If you correspond with us by email or messaging through the services, we may retain the content of such messages and our responses.

 

2.    Collection of Personal Data

 

  1. Generally, we collect your personal data in the following ways:
    1. when you submit forms relating to any of our products or services, or submit any online queries;
    2. when you register for or use any of our services on websites owned or operated by us or when you register as a member on any of our websites owned and/or operated by us;
    3. when you interact with our customer service officers or any of our staff, for example, via face-to-face meetings, business interactions in events and exhibitions, telephone calls, letters, online forms (such as any “Contact Us” forms on our websites), online reservation chat, social media platforms and emails;
    4. when you use or purchase our services or products;
    5. when you request that we contact you;
    6. when you respond to our request for additional Personal Data;
    7. when you ask to be included in an email or other mailing list;
    8. when you respond to our promotions or other initiatives;
    9. when you submit a job application or a scholarship application;
    10. when we receive references from business partners and third parties, for example, where you have been referred by them;
    11. when you submit your Personal Data to us for any other reason; and
    12. when you browse our website. Please refer to the Cookie Policy below for more information.
  2. If you provide us with any Personal Data relating to a third party (e.g. information of spouse, children, parents, employees and/or authorised representatives), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with their Personal Data for the respective purposes.
  3. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested.
  4. In the event of our activities in the EU, the definition of Personal Data shall also include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data or biometric data processed for the purpose of uniquely identifying a natural person such as facial images or fingerprints, data concerning health or data concerning a natural person’s sex life or sexual orientation, criminal convictions and offences, and other information defined as personal data under GDPR such as internet protocol addresses and cookie identifiers (insofar as such information is capable of identifying individuals either directly or indirectly).

 

3.    Use and Disclosure of Personal Data

 

  1. Our business is to understand and meet your needs and provide you with the products and services that you require. To do this effectively, we need to collect a range of Personal Data about you.
  2. Generally, we use and disclose your personal data for the following purposes:
    1. provide you with the products or services that you have requested;
    2. communicate with you and respond to your queries, requests and complaints;
    3. provide ongoing information about our products and services which may be of interest to you;
    4. handle disputes and conduct and facilitate investigations and proceedings;
    5. protect and enforce our contractual and legal rights and obligations;
    6. prevent, detect and investigate crime, including fraud and money-laundering, and analyse and manage other commercial risks;
    7. manage our infrastructure and business operations and comply with internal policies and procedures;
    8. facilitate business asset transactions (which may extend to any merger, acquisition or asset sale); and
    9. comply with any applicable rules, laws and regulations, codes of practice or guidelines or assist in law enforcement and investigations by relevant authorities.
  3. Generally, we process your Personal Data for one or more of the specific purposes identified in this Policy based on your consent obtained. Where GDPR applies, the legal basis for our processing of your Personal Data could also be that it is necessary for the legitimate interests pursued by us, or a third party which is described in paragraph 3.8 of this Policy. These legitimate interests include providing services to you where you are our client, managing the relationship between OTSAW and you and facilitating internal business purposes and administrative purposes. In some cases, the provision and processing of your Personal Data may be a statutory and/or contractual requirement, or may be necessary in order to perform any contract you have agreed with us or perform services that you have requested.
  4. In addition, we may use and disclose your Personal Data for the following purposes, depending on the nature of our relationship with you:
    1. If you download or use any of our marketing collaterals
    2. If you are a reseller/distributor;
    3. If you are a shareholder of our shares;
    4. If you are a vendor, a prospective vendor or a contractor;
    5. if you choose to participate (for example, by “liking” OTSAW’s profile on our social media, posting a message, or answering a poll), we will have access to the information you divulge which may include Personal Information, depending on your SNS privacy settings;
    6. If you submit an application to us as a candidate for employment;
    7. If you are an existing employee, OTSAW’s Employee Personal Data Protection Policy would also apply to you.
  5. The above purposes are not exhaustive, and depending on the nature of your relationship with us (for example, if you are a customer or a reseller), we may collect, use and disclose your Personal Data for additional purposes which you will be notified of, in accordance with applicable terms and conditions.
  6. In addition, where permitted under the PDPA and GDPR, OTSAW may also collect, use and disclose your Personal Data for the following purposes (which we may describe in our documents and agreements as “Additional Purposes” for the handling of Personal Data):
    1. providing services, products and benefits to you, including promotions;
    2. matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of products and services, whether by OTSAW or other third parties;
    3. administering contests, competitions and conducting lucky draws, including, where necessary, in order to announce the results of these contests, competitions and lucky draws and identify and contact the winners, and in order to publicise and conduct marketing strictly related to these contests, competitions and lucky draws;
    4. sending you details of products, services, special offers and rewards, either to our customers generally, or of particular products and services which may be of interest to you; and
    5. conducting market research, understanding and determining customer location, preferences and demographics for us to review, develop and improve our products, services and also develop special offers and marketing programmes.
  7. In relation to particular products or services or in your interactions with us, we may also notify or have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes.
  8. Your Personal Data will be protected and kept confidential, but subject to the provisions of any applicable law, your Personal Data may, depending on the products or services concerned, be disclosed to third parties set out below. Such disclosure may be subject to additional legal requirements under applicable law, depending on the nature of such transfer to third parties. Your Personal Data will, in each case, only be disclosed to the extent necessary and proportionate.

    The third parties are:

    1. our resellers/distributors;
    2. our joint venture/partners;
    3. our agents, contractors, third party service providers and specialist advisers who have been contracted to provide us with administrative, financial, research, operational or other services such as telecommunications, information technology, payment, payroll, training, market research, storage and archival;
    4. any third party business partners who offer goods and services or sponsor contests or other promotional programmes, whether in conjunction with us or not, and where permitted by applicable laws;
    5. insurers or insurance investigators and credit providers;
    6. the Credit Bureau, or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
    7. any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
    8. our professional advisors such as our auditors and lawyers;
    9. relevant government regulators or authority or law enforcement agency to comply with any laws or rules and regulations imposed by any governmental authority;
    10. anyone to whom we transfer or may transfer our rights and obligations, including, for example, where we obtain the services of a third party organisation to handle any aspect of the processing of your Personal Data for the purposes notified to you in accordance with this Policy;
    11. banks, credit card companies and their respective service providers; and
    12. any other party as may be consented to by you, as specified by you or as may be notified to you by us in subsequent notices.

      In the event that your Personal Data is shared with a third party that acts with a joint controllers under GDPR, we will, to the extent required by law, provide you with additional information on the responsibilities of each joint controller, any particular means by which you can enforce your rights and the primary contact person for such requests in relation to your rights.

  9. We require that organisations outside OTSAW which handle or obtain Personal Data as service providers to us acknowledge the confidentiality of this data, undertake to respect any individual’s right to privacy and comply with the PDPA, the GDPR and any other applicable data protection laws. As a requirement under these laws, we may be required to have specific agreements in place with such third parties to regulate and safeguard your data protection rights. We also require that these organisations use this information only for our purposes and follow our directions with respect to this information.

 

4.    Use of Cookies

 

  1. We use cookies when you use our website. For this purpose, we may collect or analyse anonymised information from which individuals cannot be identified (“Aggregate Information”), such as number of users and their frequency of use, the number of page views (or page impressions) that occur on the website and common entry and exit points into website.
  2. We use “cookies”, where a small data file is sent to your browser to store and track Aggregate Information about you when you enter our websites. The cookie is used to track information such as the number of users and their frequency of use, profiles of users and their preferred sites.
  3. We may use an independent company (the “Third Party Market Research Company”) to measure and analyse the Internet usage across OTSAW website. OTSAW uses the Third Party Market Research Company’s services to collect the following core information on the usage of our website, including:
    1. The number of page views (or page impressions) that occur on our website;
    2. The number of unique visitors to our web sites;
    3. How long these unique visitors (on average) spend on our website when they do visit; and
    4. Common entry and exit points into our website.
  4. We may use Google Analytics, an analysing service provided by Google LLC, ( Mountain View, CA, USA) (“Google”). This means that when you visit our Website or use any mobile or web-based applications, a cookie will be stored on your computer or mobile device, except when your browser settings do not allow for such cookies.
    1. This further means that when you visit our Website or use any mobile or web-based applications, the personal data, the data from “web beacons and tracking links” and information stored in Google Analytics’ cookies will be sent to Google Analytics for analysis for and on behalf of us. Please note that if you have created an online profile at our website or mobile or web-based application and if you are logged on in this profile, a unique number identifying this profile will also be sent to Google Analytics in order to be able to match the web analytics data to this profile;
    2. Google Analytics acts as our agent, which means that we solely determine the purposes for which the data is being used. You can find out more about the relationships between Google Analytics and us in the Google Analytics’ privacy policy, and;
    3. If you do not wish information about your behaviour at our website or any mobile or web-based applications being collected and assessed by Google Analytics, you can install the Google Analytics opt-out browser add-on. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) to not send your site visit information to Google Analytics. The browser add-on is available for most modern browsers. The Google Analytics opt-out browser add-on does not prevent information from being sent to the website itself or in other ways to web analytics services.
  5. For more information about on our use of cookies, please see our Cookie Policy for more details.

5.     Withdrawing your Consent

  1. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer (DPO) at the contact details provided below.
  2. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
  3. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 5.1 above.
  4. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

6.     Access to and Correction of Personal Data

  1. You may submit a request in writing or via email to our DPO at the contact details provided below, if you wish to make:
    1. an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data, or;
    2. a correction request to correct or update any of your Personal Data which we hold about you;
    3. in certain circumstances, you can request to have your Personal Data deleted or restrict the processing of it.

7.     Accuracy of Personal Data

  1. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your Personal Data is current, complete and accurate, please update us if there are changes to your personal data by informing our DPO in writing or via email at the contact details provided below.

 

8.     Retention of Personal Data

  1. We may retain your Personal Data for as long as it is necessary for the purposes it has been collected, and (i) in most cases, up to 7 years; or (ii) in respect of our activities in the EU, up to 10 years, unless otherwise permitted by applicable law or in order to defend legal claims.
  2. We will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

9.     Transfers of Personal Data Outside of Singapore

We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA and GDPR.

10.     Rights of Personal Data in EU

 

  1. If you are a data subject in the EU, you may contact us if you wish to exercise the following further rights:
    1. Request for the removal of your Personal Data;
    2. Request for the restriction of processing your Personal Data
    3. Object to the processing of your Personal Data, and or;
    4. Request to transfer your Personal Data to you or third party.
  2. We may ask to verify your identity and claim before proceeding with your request.
  3. In the event that the GDPR applies, you also have the right to lodge a complaint with our DPO if we have contravened any applicable laws or regulations.
  4. All requests made to us in exercising the rights above will be processed within a reasonable time except where we refuse such requests in accordance with any applicable laws or regulations.

 

11.     Data Protection Officer

If you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, please write to us at the address below, referencing ‘Privacy Policy’:

Data Protection Officer

OTSAW Digital Pte Ltd

12 Kaki Bukit View

Singapore 415948

Or email azim@otsaw.com referencing ‘Privacy Policy’.

12.     Governing Law

This Policy and your use of this website shall be governed in all respects by the laws of Singapore.  For the avoidance of doubt, the applicable data protection laws will apply to the processing of your Personal Data.

 

13.     Review of this Policy

We may review and update this Policy from time to time, taking into account of new laws and technology, changes to our operations and practices and the changing business environment. If you are unsure whether you are reading the most current version, please contact us.

(As at 2 October 2020)