1.1 We are Global DataBank (Singapore) Pte Ltd (UEN 201533450G) (“GDB” or “we” or “our” or “us”). Protecting your privacy is our main priority. GDB aspires to build our services with a set of strong privacy principles in mind.
3.1 As part of our efforts to ensure that we properly manage, protect and process your Personal Data, we will/may be reviewing our policies, procedures and processes from time to time.
- THE INFORMATION WE COLLECT AND HOW WE COLLECT IT
4.1 In providing our GreyApp Services, in your dealings or interactions with us, when you browse our website, when you use our mobile app or our GreyApp Services, we will/may collect, store, use and/or disclose your Personal Data.
4.2 “Personal Data” means data, whether true or not, about an individual who can be identified (i) from that data; or (ii) from that data and other information to which the organisation has or is likely to have access. Personal Data we collect about you may include without limitation the following:
- Personal Data that you make available to us when you open an account or subscribe to our GreyApp Services, such as your name, email address and credit card details; Please take note: we use tokenisation method from certified and trusted payment gateway partner to ensure no customer credit card information is exploited. Metadata that is automatically generated by our systems in the regular course of your use of our GreyApp Services;
- Records of communications that you have made with GDB’s support staff;
- Shared Information; and/or
- Information about communications you have made using our GreyApp Services, such as the people you’ve communicated with and the time of your communications;
(“Shared Information” is information about you or relating to you that is voluntarily shared by you on our GreyApp Services, including feedback that you make on our GreyApp Services and information contained in communications that you send to other users)
- THE PURPOSES FOR WHICH WE COLLECT, USE OR DISCLOSE YOUR PERSONAL DATA
- GDB will / may collect, use, disclose and/or process your Personal Data for one or more of the following purposes :
- administering, facilitating, processing and/or dealing in any matters relating to your use of the GreyApp Services, our GreyApp mobile application and/or our website. This includes but is not limited to software verification or administering software upgrades;
- providing our GreyApp Services to you;
- monitoring, processing and/or tracking your use of the GreyApp Services, our GreyApp mobile application and/or our website in order to provide you with a seamless experience, facilitating or administering your use of the the GreyApp Services, our GreyApp mobile application and/or our website, and/or to assist us in improving your experience in using the GreyApp Services, our GreyApp mobile application and/or our website;
- administering, facilitating, processing and/or dealing in any transactions or activities carried out by you in the GreyApp Services, our GreyApp mobile application and/or our website;
- carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
- contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing your use of the GreyApp Services and/or our GreyApp mobile application. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;
- carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations applicable to us (whether Singapore or another country), the requirements or guidelines of governmental authorities which we determine are applicable to us (whether Singapore or another country), and/or our risk management procedures that may be required by law (whether Singapore or another country) or that may have been put in place by us;
- to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with conflict of interests; or dealing with and/or investigating complaints;
- complying with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us or our affiliates/associated companies, including meeting the requirements to make disclosure under the requirements of any law binding on us or our affiliates/associated companies, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Singapore or another country), with which we or our affiliates/associated companies are expected to comply;
- complying with or as required by any request or direction of any governmental authority (whether Singapore or of another country) which we are expected to comply with; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (whether Singapore or of another country). For the avoidance of doubt, this means that we may/will disclose your personal data to the aforementioned parties upon their request or direction;
- conducting research, analysis and development activities (including but not limited to data analytics, surveys and / or profiling) to improve our services and facilities in order to enhance any continued interaction between yourself and us connected or in relation to the GreyApp Services, our GreyApp mobile application and/or our website, or to improve any of our products or services;
- storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore (or whether within or outside your country of residence);
- facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of GDB or that of its affiliates/related corporations;
- for marketing purpose if you have separately consented to it, and in this regard, we would be providing you by way of postal mail, electronic transmission to your email address(es), voice call, SMS/MMS or fax, depending on the mode of communication you have consented to, with marketing, advertising and promotional information, materials and/or documents relating to products and/or services that GDB (including its affiliates/related corporations) or such third party organisations may be selling, marketing, offering or promoting, whether such products or services exist now or are created in the future; and/or
- dealing with and/or facilitating a business asset transaction or a potential business assert transaction, where such transaction involves GDB as a participant or involves only a related corporation or affiliated company of GDB as a participant or involves GDB and/or any one or more of GDB’s related corporations or affiliated companies as participant(s), and there may be other third party organisations who are participants in such transaction. “business asset transaction” means the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation.
(the purposes set out in this paragraph 5.1 above shall be collectively referred to as the “Purposes”)
5.2 Our service-specific privacy guidelines, if any, may more particularly describe how we use Personal Data within the relevant GreyApp Services.
5.4 You may withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control by emailing us at email@example.com. We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your Personal Data in the manner stated in your request, unless an exception under the law or a provision in the law permits us to. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal, including us being unable to perform the transactions requested by you in the GreyApp Services, our GreyApp mobile application and/or our website, as the case may be.
- COOKIES, WEB BEACONS AND SIMILAR TECHNOLOGIES
6.1 A cookie is a small file containing a string of characters that is placed on your computer, mobile phone or other device when you access a website or other web content. Cookies also enable us to track and target the interests of our users to enhance the user experience on our service or site.
6.3 Our websites also utilise flash cookies to improve the user experience. The mechanics of flash cookies are similar to that of browser cookies, except that they are able to handle more complex data as compared to simple text data. Flash cookies do not have access to your computer and unless information is provided on the website or service in question, flash cookies cannot access or store your Personal Data.
6.4 Some pages on our websites contain “web beacons” (also known as internet tags, pixel tags and clear GIFs). These beacons provide information such as the IP address of a page, its URL, the access time, and the page browser type. We will use log files to store information collected through these web beacons. We also use third party web beacons to help manage our online advertising. This special cookie allows third parties to identify the user’s web browser and hence allow the website to direct users to content that is to their interest. The information thus collected by browser cookies and web beacons are completely anonymous and cannot lead to personal identification. They do not contain your name, address, telephone number or email address.
- SHARING OF YOUR PERSONAL DATA
7.1 GDB may/will need to disclose your Personal Data to third parties, whether located within or outside Singapore, for one or more of the above Purposes, as such third parties would be processing your Personal Data for one or more of the above purposes. In this regard, you hereby acknowledge, agree and consent that we may/are permitted to disclose your Personal Data to such third parties (whether located within or outside Singapore) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process your Personal Data for one or more of the above Purposes. Without limiting the generality of the foregoing or of paragraph 5.1, such third parties include:
- our associated or affiliated organisations or related corporations;
- any of our agents, contractors or third party service providers that process or will be processing your Personal Data on our behalf including but not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centres; and
- third parties to whom disclosure by GDB is for one or more of the Purposes and such third parties would in turn be collecting and processing your Personal Data for one or more of the Purposes.
7.3 You consent to the third party use, sharing and transfer of your Personal Data (both inside and outside of your jurisdiction) as described in this paragraph 7.
- COMMUNICATIONS FROM US
We may from time to time send you service-related announcements when we consider it necessary to do so (such as when we temporarily suspend one of our GreyApp Services for maintenance). You may not opt-out of these service-related announcements, which are not promotional in nature.
- TRANSFER, STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
9.1 We operate and may continue to operate servers in a number of jurisdictions around the world, so the server on which your Personal Data is used and stored may not be in your jurisdiction.
9.3 We use a variety of security technologies and procedures for the purpose of preventing loss, misuse, unauthorised access or disclosure of Information. In some of our GreyApp Services, we will use encryption technology (such as SSL, 2FA) to protect certain Personal Data provided by you to us. Please be aware that despite our efforts, no data security measures can guarantee 100% security at all times. Our systems and the communications networks through which you access our GreyApp Services may be subject to security breaches and failures which are due to circumstances beyond our reasonable control.
- RETENTION OF YOUR PERSONAL DATA
10.1 Subject to applicable laws and regulations, we will only retain your Personal Data for so long as is necessary to fulfill the Purposes as set out under paragraph 5 above or when we continue to have a legal or business purpose to continue retaining the same.
10.2 If applicable laws and regulations give you the following rights, you may have the right to request access to and make any corrections to your Personal Data which we hold, or to request that we delete any of your Personal Data that is under our possession or control. You may direct such request to our Data Protection Officer. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. With respect to your access request, we may charge a fee in order to process it.
10.3 For a request to access Personal Data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant Personal Data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested. Note that the PDPA exempts certain types of Personal Data from being subject to your access request.
10.4 For a request to correct Personal Data, once we have sufficient information from you to deal with the request, we will correct your Personal Data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of Personal Data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request. We will send the corrected Personal Data to every other organisation to which the Personal Data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected Personal Data for any legal or business purpose.
10.5 Should your account be terminated by you or us for any reason, we will take steps to ensure that your Personal Data is no longer stored or used by us within a reasonable period of time (subject to technical limitations) after such account termination.
10.6 However, it is important to note that communications made by you using our GreyApp Services may put your Personal Data in the hands of third parties that we cannot control – for example, if you have communicated or transmitted your Personal Data to another user.
- Complaint Process
- If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.
- Please contact us with your complaint or grievance by emailing us at firstname.lastname@example.org.
- We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
- For the avoidance of doubt, in the event that applicable personal data protection law permits an organisation such as us to collect, use or disclose your Personal Data without your consent, such permission granted by the law shall continue to apply.
Last modified: 23rd Jan 2017