DigiSME Personal Data Protection Policy
We at Digisme Pte Ltd take our responsibilities under Singapore's Personal Data Protection Act 2012 (the "PDPA") seriously. We also recognise the importance of the Personal Data (as defined hereafter) you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your Personal Data.
This Personal Data Protection Policy ("Policy") is designed to assist you in understanding how Digisme Pte Ltd , as well as its representatives and/or agents (collectively referred to herein as "DigiSME", "us", "we" or "our") collects, uses, discloses and/or processes the Personal Data you may provide in the course of the use of our website and/or application, and such functionalities, services or features offered in connection thereof (collectively, the "Platform"), or in connection with your dealings with, through, or on the same.
- Personal Data
- Collection of Your Personal Data
- Purposes for Collection, Use, Disclosure and Processing of Personal Data
- Disclosure of Personal Data
- Accuracy of Personal Data
- Request for Access and/or Correction of Personal Data
- Request to Withdraw Consent
- Administration and Management of Personal Data
- Transfers of Personal Data Outside of Singapore
- Data Breach Notification
- Third-Party Sites
- Contacting us - Widthdrawal of Consent, Access and Correction of Your Personal Data
- Updates to this Policy
- Governing Law
1. Personal Data
1.1 In this Policy, "Personal Data" means (a) all data that falls within the definition of personal information, personal data, personally identifiable information or similar language under the PDPA and any applicable law related to the protection, privacy and security, collection, use or disclosure of sensitive or other personally identification information (collectively, "Data Protection Laws"); (b) all personally identifiable information including name, residential or business address, email address, telephone number, photograph, account number, driver's license, passport, social security or government issued identification number; and (c) all other information relating to or associated with such personally identifiable information.
1.2 Examples of such Personal Data which you may provide to us could include (depending on the nature of your interaction with us):
- Your name, addresses, telephone numbers, email addresses, ID or passport number, photographs, video images, contact preferences, date of birth, medical records, biometric information (including fingerprints and facial images) and any other information relating to you which you have provided us in any form you may have submitted to us, or via other forms of interaction with you;
- Information about your use of our Platform, including cookies, information about your domain name, IP addresses, subscription account details and membership details; and
- Your payment related information, such as your bank account or credit card information, and your credit history.
2. Collection of your Personal Data
2.1Generally, we may collect your Personal Data in the following ways, depending on the nature of your interaction with us:
- When you register your details with our company representatives;
- When you enter into any agreement or provide other documentation or information in respect of your interactions with us;
- When you submit your Personal Data to us when you enter our property and/or premises and/or when your images are captured by us via CCTV cameras while you are within our property and/or premises, or via photographs or videos taken by us or our representatives when you attend our events;
- When you complete our sales orders, requests or applications for our products and services (by phone, in person, mail, or electronically);
- When you interact with our staff in relation to our products and services, including customer service officers, for example via telephone calls (which may be recorded), direct mails, fax, face-to-face meetings, social media platforms, emails or any other means;
- When you use and/or subscribe to any of our products and services such as assembly/installation services, training services and/or any of our maintenance and after sales service program;
- When you conduct certain types of transactions such as payments;
- When you interact with us during promotions, competitions, contests, special events, workshops or respond to any request for additional Personal Data;
- When we receive your Personal Data from business partners, public agencies, your ex-employer, referral intermediaries, and any third parties or the relevant authorities, for example where you have been referred by business partners or where we have sought information about you in connection with your relationship with us, including for our products and services or job applications; and/or
- When you submit your Personal Data to us for any other reason.
2.2 Without prejudice to the generality of Clause 2.1, we may collect information about the computer, mobile telephone, smart phone or other device you use to access our Platform.
2.3 When you browse our Platform, you generally do so anonymously but please see Clause 10 below for information on cookies, web beacons and other technologies which we have implemented on our Platform. We do not, at our Platform, automatically collect Personal Data unless you provide such information to us.
2.4 If you provide us with any Personal Data relating to a third party (e.g. referral information from existing customers), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.
2.5Where consent is not obtained, Digisme Pte Ltd may collect, use and disclosed personal data pursuant to an exception under the PDPA or other written law when the use is necessary for the following scenario:
- To respond to an emergency that threatens your life, health and safety or of another individual
- Necessary in the national interest, for any investigations or proceedings
3. Purposes for Collection, Use, Disclosure and Processing of Personal Data
3.1 Subject to the provisions of any applicable law, generally, we may collect, use and disclose your Personal Data for the following purposes depending on the nature of your interaction with us:
- to communicate with you;
- to assess, process and provide products, services and/or facilities to you, including performing obligations in the course of or in connection with our provision of the goods and services requested by you;
- to administer and process any payments related to products, services and/or facilities requested by you or your commercial transactions with us;
- to establish your identity and background;
- to respond to your enquiries, feedback, requests or complaints and/or resolve any issues and disputes which may arise in connection with any dealings with us
- to facilitate your participation in, and our administration of, any events including workshops, promotions, contests or campaigns;
- to maintain and update internal record keeping;
- for internal administrative purposes, or managing and planning the administrative and business operations of Digisme and complying with internal policies and procedures;
- to share any of your Personal Data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
- for detecting, conducting any form of investigation and preventing fraudulent, prohibited or illegal activities and analysing and managing commercial risks, including those relating to disputes, billing, fraud, offences, prosecutions etc;
- for enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
- to transfer or assign our rights, interests and obligations under any agreements entered into with us;
- for meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
- to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws, legislation and regulations;
- for purposes required to operate, maintain and better manage our business and your relationship with us; which we notify you of at the time of obtaining your consent;
- facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales);
- matching any Personal Data held which relates to you for any of the purposes listed herein;
- managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
- monitoring or recording phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes; and/or
- in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations.
3.2 In addition, we may collect, use and disclose your Personal Data for the following purposes, depending on the nature of our relationship with you:
- If you have an account with us:
- to process your account and to maintain your account with us;
- administering and processing your requests including creating and maintaining profiles of our users in our system database for administrative purposes (including but not limited to tracking your use of the Platform); and/or
- administering debt recovery and debt management.
- If you are an employee, officer or owner of a vendor, contractor or other external service provider, or prospective vendor, prospective contractor, or other prospective external service provider of Digisme:
- to conduct appropriate due diligence checks;
- to evaluate your organisation's suitability as a vendor, contractor, and external service provider for Digisme and to conduct background checks on you;
- to create and maintain profiles of our vendors, contractors, and external service providers in our system databases;
- to process and facilitate necessary actions and processes for the purposes of the work or engagement of said vendor, contractor, and external service provider;
- to respond to emergencies;
- for facilities management purposes (including but not limited to issuing visitor access passes and facilitating security clearance); and/or
- to communicate with your deployed staff, after award of contract, who are in our properties to carry out work or services, and for any emergency or/and security concerns.
3.3 Furthermore, where permitted under Data Protection Laws, Digisme may also collect, use and disclose your Personal Data for the following "Additional Purposes":
- taking or filming photographs and videos for corporate publicity or marketing purposes, and featuring your photographs and/or testimonials in our articles and publicity materials and/or on our website;
- providing or marketing services and benefits to you, including promotions, service upgrades, loyalty, reward and/or membership programmes (including event invitations, newsletters and marketing and promotional information to you pursuant to such membership programmes);
- organising roadshows, tours, campaigns and promotional or events and administering contests and competitions;
- matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of services;
- sending you details of services, services updates and rewards, either to our customers generally, or which we have identified may be of interest to you;
- aggregating and analysing customer profiles and data to determine patterns and trends, understanding and analysing customer behaviour, location, preferences and demographics for us to offer you other products and services as well as special offers and marketing programmes which may be relevant to your preferences and profile;
- to provide you with information and/or updates on our products, services, upcoming promotions offered by us and/or events and product launch events organised by us and selected third parties which may be of interest to you from time to time;
- for direct marketing purposes via phone call and/or any other appropriate communication channels to you on our services and products, in accordance with your consent; and/or
- to share any of your Personal Data with our business partners to jointly develop products and/or services or launch marketing campaigns.
3.4 You have the rights regarding Digisme collection, use or disclosure of your personal data. If you choose not to provide us the personal data as described in this notice, we may not be able to perform our obligations as stated in clause 3. You have the rights to object to the processing of your personal data and withdraw your consent in the manner described in Clause 6 and 11.
3.5 If you have provided us with your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, Digisme may contact you using such Singapore telephone number(s) (including via voice calls, text, fax or other means) with information about our products and services.
3.6 In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
3.7 Digisme shall undertake to protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks;
4. Disclosure of Personal Data
4.1Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:
- third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the above mentioned purposes;
- amongst Digisme staff in Singapore and overseas to carry out their job obligations with appropriate technical and organizational measures in place; to assist with the resolution of technical support issues relating to the Software, whether via ticketing system, telephone calls or otherwise
- any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any mergers, acquisitions and debt or asset sale);
- relevant government regulators, government ministries, statutory boards, embassies or authorities and/or law enforcement agencies, whether local or overseas, to comply with any directions, laws, rules, guidelines, regulations or schemes issued or administered by any of them; and/or
- any other party to whom you authorise us to disclose your Personal Data.
5. Accuracy of Personal Data
5.1We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up to date, taking into account its intended use. Where possible, we will validate the Personal Data provided by you using generally accepted practices and guidelines. If we are in an ongoing relationship with you, it is important that you update us of any changes to your business contact information.
6. Request for Access and/or Correction of Personal Data
- You have the right, under the PDPA, to make:
- an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data; or
- a correction request to correct or update any of your Personal Data which we hold,
- by submitting your request in writing or via email to our Data Protection Officer ("DPO") at the contact details provided below. Subject to the provisions of Data Protection Laws, we will endeavour to respond to your access and/or correction request within 30 days after receiving such request. If we are unable to respond to your access and/or correction within 30 days after receiving such request, we will inform you in writing within 30 days of the time by which we will be able to respond to the request.
- Depending on the scope and nature of the work required to process your access and/or correction request, we may be required to impose a fee to recover our administrative costs. This will be assessed on a case-by-case basis by our DPO. Where such a fee is to be imposed, we will inform you of the fee before processing your request. Please note that we will only process your request once you have agreed to the payment of the fee. In certain cases, we may also require a deposit from you before we process the access request. You will be notified if a deposit is required, if any.
7. Request to Widthdraw Contest
7.1 You have the right, under the PDPA, to withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control for any or all of the purposes listed above by submitting your request in writing or via email to our DPO at the contact details provided below.
7.2 Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. Therefore, you may still receive communication during this period of time.
7.3If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, Digisme may not be in a position to continue to provide its products and services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements with Digisme, and your being in breach of your contractual obligations or undertakings. Digisme's legal rights and remedies in such event are expressly reserved.
7.4Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclose without consent is permitted or required under applicable laws.
8. Administration and Management of Personal Data
8.1We generally rely on you to ensure that any Personal Data provided by you (or your authorised representative) is accurate and complete in all respects. In order to ensure that your Personal Data is current, complete and accurate, please promptly update us if there are changes to your Personal Data by informing our DPO in writing or via email at the contact details provided below. Until you have informed us otherwise, we will treat your Personal Data (as provided by you or your authorised representative) as accurate and complete.
8.2 We may retain your Personal Data for as long as the purpose for which that Personal Data was collected is being served by retention of the Personal Data, retention is necessary for legal or business purposes, or as required or permitted by applicable laws.
9. Transfers of Personal Data outside of Singapore
9.1Where applicable, your Personal Data may be stored in external servers located overseas. In addition, as described above, in the course of our business operation needs, we may be required, from time to time, to transfer your Personal Data with and between our related corporations and/or organisations and their affiliates, and third party service providers, some of which may be located in countries outside of Malaysia. For example, your personal data stored in the Software may be transferred overseas for support functions. The personal data transfer will be in accordance with requirements prescribed under the PDPA or applicable data protection law to ensure that organization provide a standard of protection to personal data. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected. For more information on the security, please refer to the Security White Paper.
10. Data Breach Notification
10.1 In the event of a breach security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we shall promptly assess the impact and once assessed that it is a notifiable data breach, we shall report this breach within 3 calendar days to the Personal Data Protection Commission (PDPC). Digisme will notify the customers without undue delay, within 24 hours after establishing that the data breach is likely to result in significant harm or impact to the individuals to whom the individual relates, or of a significant scale.
11.2The information collected by us or our authorised service providers may recognise a visitor as a unique user and may collect information such as how a visitor arrives at our Platform, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
11.4 Cookies - Small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognise a particular device or browser. There are several types of cookies:
- Session cookies expire at the end of your browser session and allow us to link your actions during that particular browser session.
- Persistent cookies are stored on your device in between browser sessions, allowing us to remember your preferences or actions across multiple sites.
- First-party cookies are set by the site you are visiting
- Third-party cookies are set by a third party site separate from the site you are visiting.
11.5Cookies can be disabled or removed by tools that are available in most commercial browsers. The preferences for each browser you use will need to be set separately and different browsers offer different functionality and options.
11.6 [Web beacons - Small graphic images (also known as "pixel tags" or "clear GIFs") may be included on our Platform. Web beacons typically work in conjunction with cookies to profile each unique user and user behaviour.]
11.7 [Similar technologies - Technologies that store information in your browser or device utilising local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These technologies can operate across all of your browsers.]
11.8 We may use the terms "cookies" or "similar technologies" interchangeably in our policies to refer to all technologies that we may use to collect or store information in your browser or device or that collect information or assist in identifying you as a unique user in the manner described above.
11.9 The Platform and certain site features and services are available only through the use of these technologies. You are always free to block, delete, or disable these technologies if your browser so permits.
11.10 However, if you decline cookies or other similar technologies, you may not be able to take advantage of the Platform and certain site features or services tools. For more information on how you can block, delete, or disable these technologies, please review your browser settings.
12. Third-Party Sites
13. Contacting Us - Widthdrawal of Consent, Access and Correction of your Personal Data
13.1 If you:
- have any questions or feedback relating to your Personal Data or about this Policy;
- would like to withdraw your consent to any use of your Personal Data as set out in this Policy; or
- would like to obtain access and make correction to your Personal Data records, please contact us as follows:
Data Protection Officer
Digisme Pte Ltd
Address:30 Kallang Place #07-22, Singapore 339159
Contact No: +69 6476 11
Email address: email@example.com
13.2Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organization to handle. For example, you could insert the subject header as "PDPA Complaint".
13.3Please note that if your Personal Data has been provided to us by a third party (e.g. your employer), you should contact that organisation or individual to make such queries, complaints, and access and correction requests to Digisme on your behalf.
14. Updates to this Policy
14.1 We may from time to time amend the terms of this Policy, at our absolute discretion, to ensure that this Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time on our Platform at https://www.digi-sme.com/data-protection-policy You are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
15. Governing Law
This Policy shall be governed in all respects by the laws of Singapore