“Act” refers to the Singapore Personal Data Protection Act 2012 as amended, revised or reenacted from time to time;
“personal data” has the meaning given to it in the Act;
any reference to “you”, “your” and words of similar import refers to any individual who may have provided any personal data to us for any purpose and any online users and visitors to this website; and any reference to “we”, “us” or “our” and words of similar import refers to STPI and its successors and assigns.
“E-newsletter” refers to the STPI E-newsletter that you have subscribed to.
By accessing this website and any of its pages, you consent to the collection, use and disclosure of your personal data to us and agree to be bound by the following terms and conditions of this Policy.
If you are a resident of the European Union (“EU”), please see Appendix A for additional information regarding our use of your personal data.
1. Collection and Use of Personal Data and Other Information
As a general rule, we will collect and use your personal data solely for the purposes notified to you.
Our server automatically recognises information regarding the domain name (or that of the visitor’s access provider) but not the email address or other information that allows users of our website to be identified (unless you choose to interact with us through activities such as subscribing to our mailing list or signing up for an event). We also collect aggregated information regarding user access or visits to our website. Information collected automatically and aggregated information does not identify you personally and will only be used for analytical and statistical purposes, such as determining the countries from which our visitors originate.
2. Withdrawal of Consent
You may withdraw your consent to the collection, use or disclosure of your personal data at any time by giving us reasonable notice. If you withdraw your consent, we will inform you of the expected consequences of your withdrawal.
3. Handling of Personal Data
Only authorised staff have access to your personal data. Our authorised staff are contractually obliged to maintain the confidentiality and privacy of your personal data at all times.
4. Disclosure of Personal Data
We do not sell any personal data in our possession to anyone or any third party for any purpose.
Your personal data will not be published on our website, unless otherwise agreed or self-initiated.
We will only disclose your personal data in circumstances that have been specifically notified to you or otherwise only in limited circumstances such as to government departments, statutory boards, regulatory or law enforcement agencies or in accordance with the applicable laws.
5. Compliance by Third Parties
In the event that we may be required to share your personal data with any third party we will notify you beforehand and obtain your consent.
6. Security Measures in Place to Protect Personal Data
To protect and safeguard the confidentiality of your personal data and to ensure that it is kept safe, secure and private, we adopt the following systems security and monitoring measures:-
Firewalls, anti-virus protection and intrusion detection systems to detect and prevent any forms of illegitimate activities and/or illegal intrusions of our network systems;
Regular security reviews of our systems;
Vigilant monitoring to detect any suspicious online activities at our website server.
We are committed to monitoring our security system constantly for potential situations that could compromise the security or the privacy of our customers, online users, and visitors to our website, and to exploring new technology continually to enhance our security system. Nevertheless, we do not warrant the security of your personal data transmitted to us using our website and Internet and online services. This is because you accept the risks that any of your personal data transmitted to or received by us using our website, and Internet and online services may still be accessed and/or disclosed by unauthorised third parties.
Your responsibility in safeguarding your personal data:
- If you wish to access our website, please enter our website address directly in the browser address bar and not via hyperlinks within emails (unless those emails are sent by us).
- Clear your browser’s cache and history after each session. Default files on a computer, sometimes called “cache” files can retain images of personal data or otherwise sent to or received by us at our website, making them a potential target for a system intruder. Therefore, we strongly advise that you clear your browser’s disk cache and history after each visit to our website.
- Do not use a shared computer or an Internet cafe computer to access our website because such computers may be installed with certain software which could capture your personal data or otherwise without your knowledge.
- If you have installed or downloaded any software which claims to speed up your Internet connection or other software, games, screensavers etc, you should be aware that they may be spyware which has the ability to track your Internet sessions and/or gain access to your personal data and Internet browsing history. We recommend that you uninstall such spywares.
- Do not leave your personal computer unattended during your online session whereby your personal data may be viewed by unauthorised persons.
- Ensure that your personal computer has the latest anti-virus, anti-spyware and firewall software and updates to guard against new viruses. Make sure that your computer’s operating system and browser software are updated with the latest security patches.
- Update us if you change your contact details so that we can contact you in a timely manner on any issues or matters relating to your access to our website.
- Contact us if you notice something suspicious or encounter any issues, difficulties or irregularities in accessing our website.
- Do not open email attachments from strangers, install software or run programs from unknown sources or origins.
- Delete junk or chain emails.
- Email messages sent to us over the Internet containing your personal data cannot be guaranteed to be completely secure and you assume all risks arising or in connection thereto.
It is important that you do your part to ensure that any personal data provided to us via our website, email or any other channels of communication are done in a safe and secure manner. We will not be liable to you for any losses, damages, expenses, costs (including legal costs) and charges (whether direct or indirect, foreseeable or unforeseeable, special or consequential or economic loss) incurred or suffered by you arising out of you sending email messages containing your personal data to us over the Internet or for any error, fraud, forgery, system failure or anything beyond our control or in connection with your failure to adhere to the terms and conditions herein and the terms and conditions of access to our website under and/or your failure to follow the above recommended security measures.
7. Access to Personal Data
Under the Act, you have the right of access to your personal data in our possession or under our control or information which may have been used or disclosed by us within a year before the date of your request. Your request for access must be made to us in writing and is subject to the payment of any fees that we may prescribe.
8. Correction of Personal Data
If you have any reason to believe that any personal data which you have provided to us is inaccurate, incorrect, incomplete or not updated, you may write to us. We will, after using reasonable efforts to verify the authenticity of the request, promptly update your records accordingly within seven (7) working days from the date of receipt of your request.
9. Retention of Personal Data
Your personal data will be retained by us for as long as the original purposes or the legal or business purposes for which your personal data was collected continue. If retention is no longer necessary, we will use reasonable efforts to delete, destroy or de-identify your personal data unless retention of the same is required to satisfy legal or regulatory requirements or to protect our interests or in accordance with our policies.
10. Ways in which Personal Data may be collected
1. Personal data may be collected from you through our website in a variety of ways, including but not limited to the following:
when you subscribe to our E-newsletter;
when you order products from our online store;
when you make a donation to us;
when you like, comment or share content on our website with other parties.
2. Use of Personal Data collected through this website:
to respond to your requests and queries;
to verify and process your personal particulars;
to process your subscription to the E-newsletter and for purposes related to your subscription;
to process any online purchases or donations made by you, including effecting payment;
to communicate with you;
for marketing research, user profile and statistical analysis;
to send you information, promotions, updates and marketing and advertising materials in relation to our products and services and those of third party organisations;
complying with applicable laws and regulations, the requests of law enforcement and regulatory officials, or orders of court; and
for any other purpose including the disclosure of such information to third parties for commercial/business reasons.
11. Customer Service and Enquiries
If you have any queries, concerns or complaints relating to the collection, use or disclosure of your personal data, please call us at (+65) 63363663 between 10:00am to 7:00pm, on Mondays to Fridays, between 9:00am to 6:00pm on Saturdays, or email us at [email protected]. We will attend to your queries, concerns or complaints as soon as possible.
12. Amendments to the Policy
We may amend this Policy from time to time and will make available the updated Policy on our website. By continuing to access our website you agree to be bound by the terms and conditions of the Policy, as amended from time to time.
13. Governing Law and Submission to Jurisdiction
This Policy is governed by Singapore law and you agree to irrevocably submit to the exclusive jurisdiction of the Singapore Courts.
Additional Provisions Applicable to Processing of Personal Data of EU residents*
These provisions apply to you if you are a resident of the EU.
1. Rights of Individuals
Access, Correction and Erasure Requests
You have the right to:
• ask us to confirm whether we are processing your personal data
• receive information on how your personal data is being processed
• obtain a copy of your personal data
• request that we update or correct your personal data
• request that we delete personal data in certain circumstances
Right to Object to Processing
You have the right to request us to cease processing your personal data:
• for marketing activities, including profiling
• for statistical purposes
• where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal data to establish, exercise or defend a legal claim.
Right to Restrict Processing
You have the right to request that we limit the processing of your personal data:
• while we are evaluating or in the process of responding to a request by you to update or correct your personal data
• where such processing is unlawful but you do not want us to delete your personal data and would like us simply to store your personal data instead
• where we no longer require such data, but you want us to retain the personal data to establish, exercise or defend a legal claim
• where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request
Data Portability Requests
You have the right to request that we provide you or a third party that you designate with certain of your personal data in a commonly used, machine-readable format. Please note that data portability rights only apply to personal data that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.
We will only release personal data to your designated third party where it is technically feasible and you agree that we are not responsible for the security of such personal data or its processing once released to such third party.
You may submit your requests as provided for under Clause 11 (Customer Service and Enquiries) of the main Policy. We will endeavour to respond to all such requests within one month of receiving your request but may require up to two months to respond where there are extenuating circumstances. Please note, however, that certain personal data may be exempt from such rights pursuant to applicable local laws. We will verify your identity before responding to your request and may also charge you a reasonable fee for copies of personal data that you request.
Right to Withdraw Consent
You may withdraw your consent to (i) any processing that we conduct solely based on your consent (such as sending direct marketing materials to your personal email account); or (ii) marketing activities by following the instructions on any marketing emails or contacting us in the manner provided for under Clause 9 (Customer Service and Enquiries) of the main Policy.
2. Segmentation (also known as profiling) and Automated Decision Making
We may from time to time use personal data to segment our visitors and customers based on share characteristics such as geography, behaviour or demographics. With your consent, we make from time to time make automated decisions based on such segmentation or your specific personal data to offer you certain benefits based on your characteristics. You may withdraw your consent to such automated decision-making at any time following the withdrawal of consent procedure described above.If there is any conflict between the provisions of this Appendix and the provisions of the main body of the Policy, the provisions of this Appendix will prevail.
*Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (commonly referred to as the “General Data Protection Regulation” (“GDPR”)
For any enquiries, please contact the STPI Data Protection Officer (DPO).