With effect from 7 January 2021

1. Introduction
   
   1.1 This document (“Privacy Policy”) applies to all personal data collected by, under control and/or in possession of Thye Seng Hardware Enterprise Pte Ltd (collectively referred to as “the Company”) and its data intermediaries. The terms “we” and “our” in this Policy refer to Thye Seng Hardware Enterprise Pte Ltd and/or any affiliated organisation which has adopted this Policy, as appropriate.
   1.2 The purpose of this policy is to inform you how we manage personal data as stipulated by the Personal Data Protection Act (“PDPA”) under the Singapore Law. At Thye Seng Hardware Enterprise Pte Ltd, we respect our customers’ and employees’ privacy and are committed to take reasonable and responsible efforts to ensure personal data will be collected, processed, protected and disposed in a secure manner.
   1.3 We may amend and/or update this Policy from time to time to be consistent with our future developments, industry trends and/or any changes in legal and/or regulatory requirements. The updated Policy will supersede any previous versions but will not replace any other consents that you may previously to us nor does it affect any legal rights which the Company possess with regards to the collection, use and disclosure of your personal data.
   
   
2. Personal Data
   
   2.1 In this Privacy Policy, personal data refers to any data, whether true or not, about an individual who can be identified from that data; or from that data and other information that the Company has or is likely to have access.
   2.2 The provision of your personal data is strictly voluntary. However, should you decide not to provide your personal data, the Company may not be able to perform the services which you require of us. The Company will only collect personal data from you if the personal data is necessary for its functions and activities.
   2.3 Depending on the nature and/or scope of your interaction with the Company, the following personal data may be collected from you :
   a) Your name, NRIC, passport or any identification number, telephone number(s), mailing address, email address and any other forms of information which you have submitted to us, or in other forms of interaction with you.
   b) Information with regards to your use of our Website and services, including cookies, IP address, subscription and account details, interaction with other retail technologies and platforms, but only to the extent that we may identify you from such information.
   c) Payment related information such as credit or debit information, bank account information and transaction history.
   d) Information about your usage and interaction with our website and/or services including computer and connection information, device capability, bandwidth, statistics on page views, and traffic to and from our website.
   
   
3. Collection of Personal Data
   
   3.1 Generally, the Company collects yoru personal data through the following ways :
   a) When you interact with our personnel relating to our prodoucts or services
   b) When you submit forms relating to our services and products
   c) When you use our services or enter into transactions with us (or express interest. indoing so);
   d) when you visit our website
   e) When you register an account with us through our website
   f) When you respond to our promotions or subscribe to our mailing list
   g) When you contact us or request that we contact you through various communication channels, for example, through face-to-face meeting, telephone calls, emails, fax, letter, messenger platforms and social media platforms.
   h) When you use our services
   i) When your images are captured via CCTV cameras when you are within our premises;
   j) When we receive references from business partners and third parties, for example, where you have been referred by them;
   k) When we seek information about you and receive your personal data in connection with your relationship with us for e.g. if you are a customer, investor, shareholder or potential job-seeker
   l) Any other reasons/circumstances which necessitates the collection of personal data from you.
   3.2 If you provide us with any personal data relating to a third party (e.g. information of your family members and referees etc.), it will deemed that consent has been obtained from the individual(s) to provide us with their personal data for its respective purposes.
   3.3 Our website may also contain or involve certain technologies which automate the collection of data, including personal data, such as cookies. If you do not wish to have your data collected on the website, you may refrain from using our website.
   
   
4. Purposes for the Collection and Use of Personal Data
   
   4.1 Generally, the Company collects and uses your personal data for the following purposes:
   a) To process your transactions with us, or to provide products and services to you;
   b) To manage your relationship with us
   c) For purposes related to maintenance of employment relationships with our employees;
   d) For recruitment and its subsequent evaluative purposes;
   e) To assist you with your requests, enquiries and feedback;
   f) To facilitate your use of our platforms;
   g) For administrative purposes such as accounting, risk management, record keeping, business research and data;
   h) To manage our business operations and infrastructure and comply with our internal policies and procedures;
   i) To conduct investigations on disputes and complaints e.g. to establish/verify identity;
   j) To conduct credit reference checks and establish creditworthness, if necessary, when providing you with products and services;
   k) To share any of your personal data with financial institutions necessary for the purpose of applying credit facilities, if necessary;
   l) to carry out our legitimate business interests;
   m) For auditing and reporting purposes;
   n) To prevent, detect and investigate illegal activities, crime and/or fraudulent activities; 
   o) To manage safety and security of our premises and services;
   p) Facilities management;
   q) To comply with applicable laws and regulations;
   r) For any other purposes related to the above
   4.2 You should ensure that all personal data submitted to us is complete, accurate, true. andcorrect. Failure on your part to do so may result in our inability to provide you with the services and products that you have requested.
   4.3 The Company will notify the purpose of data collection/use and your consent to do so. Such consent will be validly obtained. Consent is deemed to be given to us in the event of necessary procedures such as job application and maintenance of security within the Company’s premises.
   4.4 Consent will be considered as deemed as you provide personal information to us for the necessary conclusion of a transaction e.g. payment information, and/or billing address, name, etc. or when you voluntarily provide the information to us in order for us to be able to perform any services that you have requested or require from us.
   4.5 For the purposes for the collection, use and disclosure of your personal data depend on circumstances, some purposes may not appear above. However, we will notify you of such purposes at the time of obtaining your consent, unless permitted by PDPA or any other legislation to process your personal data without your consent.
   
    
5. Disclosure of Personal Data
   
   5.1 We may access and/or disclose your personal data to the following group of external organizations or third-party data intermediaries for the purposes mentioned above, subjected to the requirements of applicable laws :
   a) Agents, contractors and service providers who provide operational and administrative services and/or support to the Company such as IT assistance, payment and billing, delivery of packages, data analytics, and security and technical services;
   b) Third party sellers in order for them to provide their services to you when you purchase products or enquire about purchasing products from third party sellers;
   c) Companies which provide services related to insurance and consultancy to the Company 
   d) External banks and their respective service providers;
   e) Professional advisors, legal consultants and external auditors;
   f) Relevant government ministries, regulators or law enforcement agencies to comply with any applicable laws and regulations stipulated by any governmental authority.
   5.2 The above-mentioned third-party data intermediaries and external organizations are authorised to access and/or use your personal data only for the service(s) they are contracted to provide. They are required to follow the PDPA requirements and take reasonable efforts to protect your personal data as part of a legally binding contractual agreement with the Company.
   5.3 Access to your personal information is available to only authorised employees in the Company on a need-to-know basis and is kept strictly confidential.
   5.4 These are the following exceptions during which we will disclose your personal data without your consent :
   a) In the event of emergencies which may threaten the safety, health and wellbeing of yourself and/or another individual.
   b) In the event of investigations, in which disclosure is necessary to proceed with the investigation
   c) in the event of crime or potential illegal activities, where disclosure is required for any law enforcement agency or public agency
   d) Under requirements and authority of any governmental agencies and their stipulated laws and regulations
   e) Any other exceptions in accordance to the PDPA
   
   
6. Use of Cookies
   
   6.1 when you interact with our website, we may collect and/or analyze anonymous information such as number of page views, number of users and geolocation tracking that occur as users visit our website (also known as Aggregate Information).
   6.2 We do so via the use of cookies which are small pieces of data stored in text files. They are commonly stored on your devices when websites are loaded in a web browser. They are widely used to remember the information which you have previously entered, enabling us to remember your preferences, and to collect aggregate information. These cookies will not give us any other personal information about you.
   6.3 We may also collect your IP address to diagnose server problems and collect aggregate information for data analytics purposes. Your IP address can be dynamic which changes each time you connect to the Internet, or may be static which is unique to your computer.
   6.4 We may share your information with third parties stated in 5.1 exclusively for the purposes set out in 4.1. Unless otherwise authorized or consented to by the Company, third party sellers must not use any personal information that is accessible from the Company online except to enter and complete transactions conducted via our Company. Third party sellers are prohibited from using the personal data collected for any purpose(s) otherwise stated in 4.1.
   6.5 You may choose to disable the cookies or choose the specific types of cookies you would like to block by clicking on the cookie preferences on our website. If you reject the use of cookies, you will still be able to visit our website but some of the functions may not work correctly. By using our website without deleting or rejecting some or all cookies, you agree that we can place those cookies that you have not deleted or rejected on your device.
   
   
7. Request for Access and Correction of Personal Data
   
   7.1 Individuals may request to access and/or correct their personal data currently in the Company’s possession by submitting a completed request form to the DPO of the Company via mail or email.
   7.2 The Company will process and provide/correct the relevant information within thirty (30) days from the reception of the request or as soon as practicable, whichever is faster. However, if the request cannot be complied within the above-mentioned time frame, we will inform you of the reasonable soonest time in which we will respond.
   7.3 Please refer to the PDPA (https://www.pdpc.gov.sg) for any exceptions. If the Company is unable to accede to your request(s), we will notify you of the reasons explicitly in a reasonable soonest time.
   7.4 We may, with your consent, send the corrected information only to specific organizations to which the personal data was disclosed by us within a year before the date the correction was made.
   7.5 The Company may impose a reasonable administrative fee depending on the scope and nature of your request. In such circumstances, a written estimate of the cost will be sent to you. The Company will only proceed with processing the request only when you are agreeable to the cost.
   
   
8. Accuracy of Personal Data
   
   8.1 We will make reasonable efforts to ensure that personal data collected by or on behalf of the Company is accurate and complete.
   8.2 Reciprocally, please also ensure that the personal data provided to us is complete and accurate. The Company is not responsible for using and/or disclosing inaccurate or incomplete personal data that arise from the lack of updates in any changes in the personal data or personal data which you did not initially provide us with.
   
   
9. Data Protection and Retention
   
   9.1 The Company will take reasonable efforts and security measures to ensure that personal data which are under our possession and/or control are adequately protected to prevent unauthorized access, collection, use, disclosure, copying, modification, leakage, loss and alteration.
   9.2 However, we are unable to completely guarantee the security of the personal data that we have collected from or about you, or of any illegal activities which will jeopardize our site such as cybercrime or hacking.
   9.3 We will also undertake reasonable measures to ensure proper disposal and/or anonymization of your personal data under the following circumstances:
   a) When retention is no longer necessary for any legal or business purposes
   b) When the purpose for which personal data was collected is no longer served by the retention of such personal data
   
   
10. Withdrawal of Consent
    
    10.1 According to the PDPA, individuals may at any time withdraw his/her consent for the Company to collect, use or disclose his/her personal data.
    10.2 If you wish to withdraw your consent to any use or disclosure of your personal data as stated in this Policy, you may contact the DPO of the Company via mail or email. The Company requires a notice period of at least ten business days in order to process the withdrawal request.
    10.3 Please note that if you withdraw your consent to collect, use and/or disclose of any or all of your personal data, depending on the nature and scope of your request, we may not be able to provide the necessary services for you. We will notify you of the consequences for your consideration before we withdraw your consent in a reasonable period.
    
    
11. Governing Law
    
    11.1 This Personal Data Protection Policy shall be governed in all respects by the laws of Singapore.
    11.2 The Company reserves the right to modify or amend this policy at any time and for any reason.
    
    
12. Contact Us
    
    12.1 If you have any concerns, queries and complaints relating to this Personal Data Protection Policy, or would like to withdraw your consent to any use and/or disclosure of your personal data, please contact our data protection officer(s) through the following channels:
    
    By Email to : dpo@thyeseng.com or by mail to : Thye Seng Hardware Enterprise Pte Ltd, 122 Sims Ave, Singapore 387445