Effective Date: 7 January 2021
The purpose of this policy is to inform you how we manage personal data as stipulated by the Personal Data Protection Act (“PDPA”) under the Singapore Law. At Thye Seng Hardware Enterprise Pte Ltd, we respect our customers’ and employees’ privacy and are committed to take reasonable and responsible efforts to ensure personal data will be collected, processed, protected and disposed in a secure manner. We may amend and/or update this Policy from time to time to be consistent with our future developments, industry trends and/or any changes in legal and/or regulatory requirements.
The updated Policy will supersede any previous versions but will not replace any other consents that you may previously to us nor does it affect any legal rights which the Company possess with regards to the collection, use and is closure of your personal data.
The provision of your personal data is strictly voluntary. However, should you decide not to provide your personal data, the Company may not be able to perform the services which you require of us. The Company will only collect personal data from you if the personal data is necessary for its functions and activities.
Depending on the nature and/or scope of your interaction with the Company, the following personal data may be collected from you:
a) Your name, NRIC, passport or any identification number, telephone number(s), mailing address, email address and any other forms of information which you have submitted to us, or in other forms of interaction with you
b) Information with regards to your use of our Website and services, including cookies, IP address, subscription and account details, interaction with other retail technologies and platforms, but only to the extent that we may identify you from such information
c) Payment related information such as credit or debit card information, bank account
information and transaction history
d) Information about your usage and interaction with our website and/or services including computer and connection information, device capability, bandwidth, statistics on page views, and traffic to and from our website.
Collection of personal data
Generally, the Company collects your personal data through the following ways:
a) When you interact with our personnel relating to our products or services
b) When you submit forms relating to our services and products
c) When you use our services or enter into transactions with us (or express interest in doing so)
d) When you visit our website
e) When you register an account with us through our website
f) When you respond to our promotions or subscribe to our mailing list
g) When you contact us or request that we contact you through various communication
channels (e.g. through face-to-face meeting, telephone calls, emails, fax, letter,
messenger platforms and social media platforms)
h) When you use our services
i) When your images are captured via CCTV cameras when you are within our premises
j) When we receive references from business partners and third parties (e.g. where you have been referred by them)
k) When we seek information about you and receive your personal data in connection with your relationship with us (e.g. if you are a customer, investor, shareholder or potential job-seeker)
l) Any other reasons/circumstances which necessitates the collection of personal data from you.
If you provide us with any personal data relating to a third party (e.g. information of your family members and referees etc.), it will be deemed that consent has been obtained from the individual(s) to provide us with their personal data for its respective purposes.
Our website may also contain or involve certain technologies which automate the collection of data, including personal data, such as cookies. If you do not wish to have your data collected on website, you may refrain from using our website.
Purposes for the Collection and Use of Personal Data
Generally, the Company collects and uses your personal data for the following purposes:
a) To process your transactions with us, or to provide products and services to you
b) To manage your relationship with us
c) For purposes related to maintenance of employment relationships with our employees
d) For recruitment and its subsequent evaluative purposes
e) To assist you with your requests, enquiries and feedback
f) To facilitate your use of our platforms
g) For administrative purposes such as accounting, risk management, record keeping,
business research and data
h) To manage our business operations and infrastructure and comply with our internal
policies and procedures
i) To conduct investigations on disputes and complaints (e.g. to establish/verify identity)
j) To conduct credit reference checks and establish creditworthiness, if necessary, when providing you with products and services
k) To share any of your personal data with financial institutions necessary for the purpose of applying credit facilities, if necessary
l) To carry out our legitimate business interests
m) For auditing and reporting purposes
n) To prevent, detect and investigate illegal activities, crime and/or fraudulent activities
o) To manage safety and security of our premises and services
p) Facilities management
q) To comply with applicable laws and regulations
r) For any other purposes related to the above.
You should ensure that all personal data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the services and products that you have requested.
The Company will notify the purpose of data collection/use and your consent to do so. Such consent will be validly obtained. Consent is deemed to be given to us in the event of necessary procedures such as job application and maintenance of security within the Company’s premises.
Consent will be considered as deemed as you provide personal information to us for the necessary conclusion of a transaction (e.g. payment information, mailing and/or billing address, name etc.) or when you voluntarily provide the information to us in order for us to be able to perform any services that you have requested or require from us.
As the purposes for the collection, use and disclosure of your personal data depend on circumstances, some purposes may not appear above. However, we will notify you of such purposes at the time of obtaining your consent, unless permitted by PDPA or any other legislation to process your personal data without your consent.
Disclosure of Personal Data
We may access and/or disclose your personal data to the following group of external
organizations or third-party data intermediaries for the purposes mentioned above, subjected to the requirements of applicable laws:
a) Agents, contractors and service providers who provide operational and administrative services and/or support to the Company such as IT assistance, payment and billing, delivery of packages, data analytics, and security and technical services
b) Third party sellers in order for them to provide their services to you when you purchase products or enquire about purchasing products from third party sellers
c) Companies which provide services related to insurance and consultancy to the Company
d) External banks and their respective service providers
e) Professional advisors, legal consultants and external auditors
f) Relevant government ministries, regulators or law enforcement agencies to comply with any applicable laws and regulations stipulated by any governmental authority.
The above-mentioned third-party data intermediaries and external organizations are
authorized to access and/or use your personal data only for the service(s) they are contracted to provide. They are required to follow the PDPA requirements and take reasonable efforts to protect your personal data as part of a legally binding contractual agreement with the Company.
Access to your personal information is available to only authorized employees in the
Company on a need-to-know basis and is kept strictly confidential.
These are the following exceptions during which we will disclose your personal data without your consent:
a) In the event of emergencies which may threaten the safety, health and wellbeing of
yourself and/or another individual
b) In the event of investigations, in which disclosure is necessary to proceed with the
c) In the event of crime or potential illegal activities, where disclosure is required for any
law enforcement agency or public agency
d) Under requirements and authority of any governmental agencies and their stipulated laws and regulations
e) Any other exceptions in accordance to the PDPA.
When you interact with our website, we may collect and/or analyze anonymous information such as number of page views, number of users and geolocation tracking that occur as users visit our website (also known as Aggregate Information).
We may also collect your IP address to diagnose server problems and collect aggregate
information for data analytics purposes. Your IP address can be dynamic which changes each time you connect to the Internet, or may be static which is unique to your computer.
We may share your information with third parties stated in 5.1 exclusively for the purposes set out in 4.1. Unless otherwise authorized or consented to by the Company, third party sellers must not use any personal information that is accessible from the Company online except to enter and complete transactions conducted via our Company. Third party sellers are prohibited from using the personal data collected for any purpose(s) otherwise stated in 4.1.
Request for Access and Correction of Personal Data
Individuals may request to access and/or correct their personal data currently in the
Company’s possession by submitting a completed request form to the DPO of the Company via mail or email.
The Company will process and provide/correct the relevant information within thirty (30)days from the reception of the request or as soon as practicable, whichever is faster. However, if the request cannot be complied within the above-mentioned time frame, we will inform you of the reasonable soonest time in which we will respond.
Please refer to the PDPA (https://www.pdpc.gov.sg) for any exceptions. If the Company is unable to accede to your request(s), we will notify you of the reasons explicitly in a
reasonable soonest time.
We may, with your consent, send the corrected information only to specific organizations to which the personal data was disclosed by us within a year before the date the correction was made.
The Company may impose a reasonable administrative fee depending on the scope and nature of your request. In such circumstances, a written estimate of the cost will be sent to you. The Company will only proceed with processing the request only when you are agreeable to the cost.
Accuracy of Personal Data
We will make reasonable efforts to ensure that personal data collected by or on behalf of the Company is accurate and complete.
Reciprocally, please also ensure that the personal data provided to us is complete and accurate. The Company is not responsible for using and/or disclosing inaccurate or incomplete personal data that arise from the lack of updates in any changes in the personal data or personal data which you did not initially provide us with.
Data Protection and Retention
The Company will take reasonable efforts and security measures to ensure that personal data which are under our possession and/or control are adequately protected to prevent unauthorized access, collection, use, disclosure, copying, modification, leakage, loss and alteration.
However, we are unable to completely guarantee the security of the personal data that we have collected from or about you, or of any illegal activities which will jeopardize our site such as cybercrime or hacking.
We will also undertake reasonable measures to ensure proper disposal and/or anonymization of your personal data under the following circumstances:
a) When retention is no longer necessary for any legal or business purposes
b) When the purpose for which personal data was collected is no longer served by the retention of such personal data.
Withdrawal of Consent
According to the PDPA, individuals may at any time withdraw his/her consent for the
Company to collect, use or disclose his/her personal data.
If you wish to withdraw your consent to any use or disclosure of your personal data as stated in this Policy, you may contact the DPO of the Company via mail or email. The Company requires a notice period of at least ten business days in order to process the withdrawal request.
Please note that if you withdraw your consent to collect, use and/or disclose of any or all of your personal data, depending on the nature and scope of your request, we may not be able to provide the necessary services for you. We will notify you of the consequences for your consideration before we withdraw your consent in a reasonable period.
This Personal Data Protection Policy shall be governed in all respects by the laws of Singapore.
The Company reserves the right to modify or amend this policy at any time and for any reason.
If you have any concerns, queries and complaints relating to this Personal Data Protection Policy, or would like to withdraw your consent to any use and/or disclosure of your personal data, please contact our data protection officer(s) through the following channels:
By Email to: firstname.lastname@example.org
By Mail to:
Thye Seng Hardware Enterprise Pte Ltd
122 Sims Avenue