Privacy Policy - TRUSTDOCK - eKYC Solutions for Identity Verifications

PERSONAL DATA PROTECTION POLICY

1. Overview

1.1 We, TRUSTDOCK Pte. Ltd. (“TD”, “we”, “us” or “our”) are committed to ensuring the safety and security of the personal information of all users of our services (“Services”).

1.2 To begin with, we only collect such personal information that is necessary to provide you with the Services, understand your needs and serve you better as a whole.

1.3 The purpose of this document, TD’s Personal Data Protection Policy (“Policy”), is to inform you as to how TD manages, collects, uses and discloses Personal Data (as defined below). In Singapore, such activities are subject to the Personal Data Protection Act (No. 26 of 2012) (the “PDPA”). We conduct our business in compliance with the PDPA and have implemented various measures to ensure that any Personal Data remains safe and secure.

Subject to your rights at law, you agree to be bound by the prevailing terms of the Policy as updated from time to time. For the avoidance of doubt, you shall be deemed to have complied all applicable laws (whether under the PDPA or otherwise) by agreeing be bound by the prevailing terms of the Policy.

2. Personal Data

In this Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

3. Collection of Personal Data

3.1 The Personal Data that TD may collect from users include their respective names, email addresses, contact numbers, dates of birth, and any other Personal Data necessary for TD to provide the Services. For the avoidance of doubt, TD will not collect or retain any user’s payment information which includes but is not limited to a user’s credit or debit card number, bank account details, and/or billing address.

Typically, TD will collect users’ Personal Data when:

(a) users register for the Services;

(b) verifying and/or authenticating each user’s identify;

(d) users access and/or use our Services;

(e) TD receives, responds to, handles, and/or processes queries, requests, applications, complaints and feedback from users;

(f) users contact us with enquiries or requests for assistance; or

(g) any other incidental business purposes related to or in connection with our Services.

Apart from collecting such Personal Data directly from you, TD may also collect Personal Data in other ways (e.g using automated technology such as click-stream data, cookies, flash cookies, web beacons and tracking links) and from third parties (e.g. your use of third party websites and applications that interact with our web-based application) or from publicly available sources.

Please also note that our website, mobile or web-based applications may offer location-enabled services. If users access and/or use our website, mobile or web-based applications, they may receive information about such users’ actual locations (such as GPS signals sent by the relevant user’s mobile device) or information that can be used to approximate a location. Users will always be asked if the location-enabled service may be activated and users may also object or withdraw their consent to such location-enabled service within the respective mobile or web-based application.

3.2 For the avoidance of doubt, in the event that any applicable law permits the collection of any user’s Personal Data without such user’s consent, such permission granted by the laws shall continue to apply.

4. Use of Personal Data

4.1 We may use, disclose, and/or process each user’s Personal Data for one (1) or more of the following purposes:

(a) providing our Services;

(b) to verify and/or authenticate each user’s identity;

(d) internal audits and research;

(e) security and risk management;

(f) legal, regulatory and other compliance requirements (including providing assistance to law enforcement, judicial, regulatory or other government agencies and statutory bodies);

(g) for marketing and advertising, and in this regard, to send each user by various modes of communication marketing and promotional information and materials relating to products and/or services (including, without limitation, products and/or services of third parties) that TD may be marketing or promoting, whether such products or services exist now or are created in the future;

(h) other work and business related requirements; and

(i) any other purposes which we notify you of at the time of obtaining your consent.

(collectively, the “Purposes” and each, a “Purpose”)

4.2 We will not use Personal Data for Purposes which we are not permitted to or required under applicable law and regulations.

4.3 Notwithstanding the above, TD may collect any Personal Data without your consent provided that it is in accordance with any applicable laws, including but not limited to the PDPA.

5. Disclosure of Personal Data

5.1 We may share and disclose Personal Data with:

(a) our customers who engaged us to perform the Services in respect of the relevant users;

(b) our partners, vendors, agents, contractors or third party service providers who provide services to TD including but not limited to the verification and authentication services;

(c) our partners, licensors, vendors, agents, contractors or third party service providers who provide operational services to TD such as courier services, telecommunications, IT, payment, printing, billing, payroll processing, technical services, training, market research, call centre, security or other such services;

(d) our partners, licensees, agents, contractors, or third party service providers who provide operational services for and on behalf of TD;

(e) in the event of an actual or prospective business asset transaction (such as any merger, acquisition or asset sale), any business partner, investor, assignee, or transferee for the purposes of facilitating such a transaction; and

(f) any relevant government regulators, statutory boards or authorities or law enforcement agencies as required by any laws, rules, guidelines and regulations or schemes imposed by any government to bodies and authorities.

5.2 Personal Data is disclosed to the above only for the Purposes or to protect the individual’s interests.

5.3 In exceptional circumstances, TD may also be required to disclose Personal Data, where there are grounds to believe that disclosure is necessary to prevent a threat to life or health, or for law enforcement purposes.

5.4 In some cases, we shall encrypt, anonymize, and aggregate the information before sharing it. Anonymizing means stripping the information of personally identifiable features. Aggregating means presenting the information in groups or segments e.g. age groups.

5.5 We will also ensure that overseas organisations we work with observe strict confidentiality and data protection obligations.

6. Accuracy and Updating of Personal Data

6.1 TD will strive to keep Personal Data accurate.

6.2 Each user should ensure that all Personal Data submitted to us is complete, accurate, true and correct.

6.3 Further, when each user provides us with any Personal Data relating to a third party (including that user’s spouse, children, parents and/or employees), that user represents to us that user has obtained the consent of the third party to provide us with their Personal Data unless otherwise provided in the PDPA.

6.4 If there is any Personal Data relating to a user and that user is unable to update or wishes to make corrections to such Personal Data, that user may contact our Data Protection Officer (whose contact is set out below) and we will be happy to help you as best as we can.

7. Access to Personal Data and Respecting Individual’s Consent

If you wish to access the Personal Data that we have relating to you, inquire about the way in which Personal Data relating to you has been used or disclosed by TD in the past year, or wish to withdraw your consent to our use of such Personal Data, you may contact our Data Protection Officer (whose contact is set out below) and we will seek to attend to your request as best as we reasonably can. Please note that:

(a) in order for us to provide any Personal Data we will need to verify your identity and may request further information about your request;

(b) we may refuse access to your Personal Data if it would affect the privacy rights of other persons or if it breaches any confidentiality that attaches to that information;

(d) you should be aware that we may take a reasonable time to process your application for access as we may need to retrieve information from storage and review the information in order to determine what information may be provided; and

(e) we may have to charge you a reasonable administrative fee for retrieving Personal Data relating to you.

For the avoidance of doubt, if we refuse to grant you access to your Personal Data, we shall preserve a complete and accurate copy of the Personal Data for a period of 30 days after the date which we notify you of our refusal to do so.

8. Protection of Personal Data

8.1 To safeguard your personal data from unauthorised access, collection, use, disclosure, loss, copying, alteration, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as minimised collection of personal data, authentication and access controls (e.g. good password practices, need-to-basis for data disclosure, etc.), encryption of data, data anonymisation, up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, web security measures against risks, usage of one time password(otp)/2 factor authentication (2fa)/multi-factor authentication (mfa) to secure access, and security review and testing performed regularly.

8.2 While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. Accordingly, please note that we will not be held liable or responsible for any loss, misuse or alteration of Personal Data that may be caused by third parties.

9. Retention of personal information

9.1 We will only retain Personal Data for only as long as:

(a) the retention of the Personal Data continues to serve any Purpose; and

(b) there is a business or legal need.

9.2 In the event that retention of Personal Data is no longer necessary for any business or legal purposes or when the purpose for which the Personal Data was collected is no longer being served by the retention of the Personal Data, TD will remove, destroy or anonymise the Personal Data.

10. Transfer of Personal Data Outside Singapore

10.1 Users’ Personal Data may be transferred to, stored or processed outside of Singapore.

10.2 TD will only transfer users’ Personal Data outside of Singapore in accordance with applicable data protection legislation and will ensure that overseas organisations we work with observe strict confidentiality and data protection obligations.

10.3 TD will ensure that the overseas organisations we transfer users’ Personal Data to provide a standard of protection comparable to the protection under the PDPA.

11. Breach of Personal Data

In the event of a data breach of the users’ Personal Data (“Breach”), we will promptly conduct an assessment of whether the Breach is notifiable to the Personal Data Protection Commission (“PDPC”) in accordance with the PDPA. If the Breach is notifiable to the PDPC, we will also notify the relevant parties of the occurrence of the Breach in accordance with the PDPA.

12. Disclosure of personal information policy and procedure of making a complaint

12.1 If you believe that we have breached this Policy, or any other applicable privacy or data protection laws or regulations which may apply to TD, you should make a complaint to TD in the first instance. You should address your complaint in writing to our Data Protection Officer (whose contact is set out below), and you should include as much detail as you can about the Personal Data affected, and the circumstances that you believe amount to a breach of this Policy or the applicable privacy or data protection law or regulation.

12.2 If you have any questions about our Policy or concerns about our commitment to your privacy, please feel free to email or write to the Data Protection Officer (whose contact is set out below).

13. Data Protection Officer

Please feel free to contact our Data Protection Officer at dpo@trustdock.io

14. Changes to the Policy

TD reserves the right to modify and update this Policy at any time to ensure it is consistent with industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time on our website.

Effective date : 29/09/2022
Last updated : 29/09/2022