(each an “affiliated organisation”). The terms “we”, and “our” in this Policy refer to NTUC Enterprise, and/or any affiliated organisation which has adopted this Policy, as appropriate.
2. Personal Data2.1 What personal data we collect.
The Personal data we collect depends on the purposes for which we require the personal data and what you have chosen to provide. This may include your name, address, contact information (e.g. telephone number and email address), identification number, photograph, video image and any other information that may identify you or is personal to you.
- you use our services or enter into transactions with us (or express interest in doing so);
- you apply to be a member of any of our loyalty programs, respond to our promotions, or subscribe to our mailing lists;
- you visit our websites, download or use our mobile applications;
- you register an account with us through our websites or applications;
- you transact with us, contact us or request that we contact you through various communication channels, for example, through social media platforms, messenger platforms, face-to-face meetings, telephone calls, emails, fax and letters;
- your images are captured via photographs or videos taken by us or our representatives when you are within our premises or attend events organised by us;
- you participate in events and programs, competitions, contests or games organised by us;
- we seek information about you and receive your personal data in connection with your relationship with us, for example, if you are a customer, investor or shareholder; or
- you submit your personal data to us for any other reason.
- from other organisations and social enterprises which are part of NTUC Social Enterprise (see http://ntucsocialenterprises.sg/) (collectively “NTUC Social Enterprise Group”);
- from your family members or friends who provide your personal data to us on your behalf; and
- from public agencies or other public sources.
3. Purposes3.1 We collect, use and disclose your personal data where:
- you have given us consent;
- necessary to comply with our legal or regulatory obligations;
- necessary for our legitimate business interests, provided that this does not override your interests or rights; and/or
- necessary to perform a contract or transaction you have entered into with us, or provide a service that you have requested or require from us.
- processing your transactions with us, or to provide products and services to you;
- managing your relationship with us;
- facilitating your use of our platforms and services;
- assisting you with your requests, enquiries and feedback;
- administrative purposes, e.g. accounting, risk management and record keeping, business research, data, planning and statistical analysis, and staff training;
- security and safety purposes, e.g. protecting our platforms from unauthorised access or usage and to monitor for security threats, and your image may be captured by security cameras;
- carrying out research, data and statistical analysis;
- compliance with laws and regulations, internal policies and procedures, e.g. audit, accounting, risk management and record keeping;
- enforcing legal obligations owed to us, or responding to complaints, litigation or investigations concerning us;
- managing and engaging third parties or data processors that provide services to us, e.g. IT services, data analytics, marketing, and other professional services;
- such purposes that may be informed to you when your personal data is collected;
- carrying out our legitimate business interests (listed below); and/or
- any other reasonable purposes related to the aforesaid
- Managing and/or administering your request to receive news (including events and product launches), promotions and marketing information from us (and/or our affiliates or related entities) and on our group products;
- Analyzing and/or profiling your purchases, transactions and/or likes or dislikes so as to be better able to send you relevant or targeted news (including events and product launches), promotion and marketing information from us (and/or our affiliates or related entities) and on our group products; and/or
- Sending you news (including events and product launches) and promotions from us (and/or our affiliates or related entities) as well as marketing information from us (and/or our affiliates or related entities) and on our group products.
- managing our business and relationship with you, and providing services to our users and customers;
- protecting our rights and interests and those of our users and customers;
- preventing and investigating possible misuse of our websites, applications and services;
- understanding and responding to inquiries and feedback;
- understanding how our users use our websites, applications and services;
- identifying what our users want and improving our websites, applications, services and offerings;
- enforcing obligations owed to us, or protecting ourselves from legal liability; and
- sharing data in connection with acquisitions and transfers of our business.
- faciliating the provision of centralised administrative and mangement services;
- faciliating use of centralised resources e.g. shared information technology resources and systems;
- faciliating internal audits, reporting and management of our operations; and/or
- facilitaing the conduct of centralised business activities and functions e.g. data analytics.
4. Disclosure of Personal Data4.1 Disclosure to NTUC Social Enterprise Group.
We may disclose or share your personal data with the NTUC Social Enterprise Group for the purposes described in paragraph 3.2, 3.3, 3.4 and 3.5. We do not disclose children’s data that can be used to identify any person (including data concerning children’s development, academic performance and health records) with the NTUC Social Enterprise Group.
- third parties who are appointed to provide services to us, e.g. IT vendors, marketing companies and event organisers;
- third parties that we conduct joint marketing and cross promotions with; and/or
- regulatory authorities and public agencies.
5. Cross Jurisdiction Transfers of Personal Data5.1 Safeguards.
We may transfer your personal data out of Singapore for the purposes set out in paragraph 3 above. When transferring personal data outside Singapore, we will require recipients of the personal data to protect personal data at a standard comparable to that under the laws of Singapore. For example, we may enter into legally enforceable agreements with the recipients to ensure that they protect your personal data. You may obtain details of these safeguards by contacting us.
6. Protection of Personal Data6.1 Period of retention.
We keep your personal data only for so long as we need the data to fulfil the purposes we collected it for, and to satisfy our business and legal purposes, including audit, accounting or reporting requirements. How long we keep your personal data depends on the nature of the data, e.g. we keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings. Certain information may also be retained for longer, e.g. where we are required to do so by law. Typically, our data retention period is from 6 years upwards, depending on the limitation period.
7. Your Rights7.1 You enjoy certain rights at law in relation to your personal data that we hold or control. These rights include:
- Withdrawal of consent: you may withdraw consent for our use of your personal data.
- Correction. you may request that any incomplete or inaccurate data that we hold or control be corrected.
- Access. you may ask if we hold or control your personal data and if we are, you can request access or a copy of such data.