Personal Data Protection Policy
This personal data protection policy (this “Policy”) outlines how CCRManager Pte. Ltd. (“we”, “us”, or “our”) collects, uses, stores, and discloses any personal data and information you may provide to us when you access and use the website, www.ccrmanager.com, and all its associated sub-pages (the “Site”). This policy is an integral part of, and must be read with, our Website Terms and Conditions of Use and all other policies, procedures and rules published on this Site, as may be amended from time to time (the “Policy”). Unless otherwise stated herein, capitalised words, phrases or terms that appear hereinafter shall have the same meanings as they have been defined or described in the Website Terms and Conditions of Use as updated from time to time.
The Policy may be updated from time to time at our sole and absolute discretion and without notification. Changes to this Policy will be effective upon posting to our Site. Your continued access to and use of this Site and any service we offer after such changes have been posted will constitute your acceptance of the amended Policy. If you disagree with any part of the Policy, you must immediately discontinue your access to, or use of, this Site and our Services.
The Policy supplements, but does not supersede or replace, any other consent that you may have previously provided to us in relation to your personal data. It also does not affect any rights that we may have under relevant Singapore law, including the Personal Data Protection Act 2012 and its regulations (collectively, the “PDPA”), in connection with the collection, use, and/or disclosure of your personal data. We may from time to time update the Policy without any prior notice to you, to ensure that the Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, the prevailing terms of the Policy shall apply.
We will take all reasonable measures to ensure the security of your personal data collected, used, stored and disclosed by us.
What is Personal Data?
‘Personal data’ refers to any data or information about you that directly identifies you or is capable of identifying you when combined with other information about you that we have or are likely to have access.
Collection of Personal Data
What Is Collected
Depending on the nature of your relationship with us and the Services you use, the personal data about you that we may collect, use, store, and disclose include, without limitation:
- personal particulars (e.g. name, contact details, residential address, date of birth, identity card/passport details, and/or education details);
- specimen signature(s);
- voice recordings of our conversations with you;
- employment details (e.g. occupation, directorships and other positions held and/or details on any licences needed to constitute an authorised representative of a Member).
We may also collect other information about you. However, such information is regarded as non‑personal information. Such information includes, without limitation, your browser information, internet protocol (IP) address, how you use the Site or any part of it, and aggregated information.
We will, as far as possible, inform you at each collection point as to what information is required and what information is optional. At each stage of data collection, use and disclosure, we implement physical, electronic, administrative and procedural safeguards to protect your personal data against loss, theft, misuse, damage and unauthorized access, modifications or disclosures.
Means of Collection
Generally, we may collect your personal data ourselves or through third parties in various ways, including:
- during our preliminary discussions with you to register as a Member, or to establish any other business relationship;
- when you interact with our employees, affiliates, representatives and/or agents;
- when you communicate with us by email or telephone, as your emails will be retained and we may monitor and/or record your voice calls to us;
- once you access our Site;
- when you respond to our requests for additional personal data; or
- when you submit your personal data to us for any other reason.
You are responsible for ensuring that the personal data you provide to us is true, accurate, complete, and not misleading or false, and that such personal data is kept up to date. You acknowledge that failure on your part to do so may result in our inability to provide you with the products and services you have requested. You may update your personal data through the Site. In the event that you are unable to do so for whatever reason, please email our Business Development Manager at [email protected]
Where you provide us personal data concerning individuals other than yourself, you are responsible for obtaining the consent of those individuals to the disclosure of their personal data to us. You must retain proof of such consent(s) and provide us with such proof when we request for it.
Purposes of Collection
We collect your personal data:
- for the specific purpose for which the personal data was provided;
- for purposes of evaluating your standing, resources, and capabilities to enter or maintain a relationship with you as a client, employee, business partner, or otherwise as appropriate;
- to verify your identity and ensure that you are eligible to access and use the Services provided on the Site;
- to conduct due diligence checks on you in accordance with all applicable laws and our internal ‘know your client’ and any Anti-Money Laundering/Countering the Financing of Terrorism policies and procedures which may apply at any time;
- to enable us to comply with all of our legal and regulatory obligations, as well as requests and directions from governmental authorities;
- for the purposes of ensuring your access to and use of the Services we provide;
- to process and, where necessary, respond to your instruction(s), enquiry(s), feedback, or request(s);
- for addressing or investigating any complaint(s), claim(s) or dispute(s);
- to inform or update you about services that you request from us or that may interest you, where you have consented to be contacted for such purposes;
- to update you on changes to the Site;
- to monitor, improve, and administer the Site and the Services provided through it;
- to conduct statistical or other forms of analysis for purposes of maintaining or improving the Site and the Services in general;
- for purposes of financial reporting, regulatory reporting, management reporting, risk management, audit and record keeping purposes; or
- to comply with all proceedings or inquiries from any state, regulatory, or enforcement agency or any applicable law.
We may also use personal data for purposes set out in any other agreement governing our relationship with you.
If we wish to collect, use, retain, or disclose your personal data for any other purposes, we will adequately seek your consent.
Disclosure of Personal Data
We will not sell or rent your personal data to third parties. However, there are some circumstances under which we will need to disclose your personal data to a third party. Such circumstances include cases where:
- you have expressly or implicitly consented to such disclosure, or may be deemed to have consented to such disclosure;
- such disclosure is necessary to provide you with the products and/or services you have requested for, or to respond to your queries;
- such disclosure is necessary for the operation of the Site or our internal processes;
- we are required to make such disclosure by any government, statutory, or regulatory authority, or comply with any applicable law, court order, directive, or proceeding of such authority requiring such disclosure, including without limitation, the PDPA;
- we believe, in good faith, that making such disclosure is appropriate or necessary for us to investigate and defend against any third party claims or allegations, or prevent or stop any illegal activity, security breaches, or harm to the Site, our interests, or any employee of ours;
- we become the target of a takeover and your personal information forms part of our assets to be transferred to the acquiring entity; or
- you disclose such information to third parties in the course of participating in any promotional programmes on the Site.
Third parties to whom such disclosure may be made include:
- entities and corporations (and their employees or representatives) who are related to CCRManager Pte. Ltd.;
- entities that provide to us insurance-related services, as well as insurance associations;
- our outsourced service providers;
- our professional advisers, including our compliance advisers, auditors and lawyers; and
- regulators and other governmental authorities.
We may also collect your Internet Protocol (“IP”) address. Your internet service provider allocates an IP address to your computer in order for it to access the Internet. The IP address is non-personal data. It may change each time you connect to the Internet or remain the same. We collect your IP address in order to facilitate our administration and improvement of the Site, and will use the information derived from your IP address to diagnose server problems, report aggregate information, and determine the fastest route from your computer to the Site.
Transfer, Storage, and Retention of Personal Data
Sometimes, the personal data we collect in accordance with this Policy may be transferred, stored, or processed outside Singapore. We will comply with our obligations under the PDPA in relation to such transfer, storage, and processing for as long as the data remains within our possession or control. To the extent allowed by the PDPA, you are deemed to have consented to such transfer and processing of information in countries outside of Singapore.
We will take measures that are reasonably within our means to ensure that the recipient(s) of your personal data located outside Singapore will provide to your personal data a level of protection that is comparable to that required by the PDPA. However, if data needs to be transferred to, stored, or processed in countries that have less stringent personal data protection laws than Singapore in order to provide you with the services you request, you are deemed to consent to such transfer, storage, or processing in providing your personal data to us during your use of the Site. You may at any time inform us that you wish to withdraw your consent to such transfer, storage, or processing of your personal data. This may affect or remove our ability to provide you with certain or all the Services.
We shall store your personal data for as long as necessary to fulfil the purposes for which such data was collected, our business purposes, our internal and legal needs or as is otherwise legally required by any applicable law.
While we have put in place reasonable security measures as required by applicable law, to protect the security of your personal data, no transfer, storage or retention of your personal data can be guaranteed to be fully secure or error free. We therefore urge that you take steps in ensuring the security of any information sent to or from us.
Communications and Notifications
We may send you email notifications from time to time. You may not opt out of receiving certain Service-related notifications that are:
- necessary elements of your activity on the Site and use of any Services;
- are required for legal or security purposes; or
- meant to inform you of changes to our policies, operations or the Services.
You may, through written notice to us, opt out of other service-related notifications at any time, including:
- information updates we issue from time to time;
- user surveys or other requests for user feedback; or
- marketing offers from us.
- have queries about our data protection processes and practices;
- wish to request access to and/or make corrections to your personal data in our possession or under our control; or
- wish to withdraw your consent to our collection, use or disclosure of your personal data for marketing or other purposes;
please submit a written request (with supporting documents, if any) to our Business Development Manager at:
22 Malacca Street
#07-01B, RB Capital Building
Our Business Development Manager will respond to you as soon as reasonably possible, and in any event within 30 days of your submission.
You have the right to ask us not to process your personal data for marketing purposes. Please note that if you withdraw your consent to any or all collection, use, or disclosure of your personal data, we may not, depending on the nature of your request, be in a position to continue to provide our Services to you or administer any contractual relationship in place. Such withdrawal may also result in the termination of any agreement you may have with us. Our legal rights and remedies are expressly reserved in such event.
Suggestions, materials or other intellectual property sent or transmitted to us via our Sites, including all feedback regarding the Sites, are governed by the separate terms applicable to such materials identified at the time of submission (if any). If no such terms are identified, all rights, title and interest to all such materials and information shall belong to CCRManager. All such items shall be deemed to be non-confidential, and therefore we shall have no obligation of any kind to ensure the confidentiality with respect to such items and we shall be free to use and distribute them to others without limitation, including, but not limited to developing and marketing products incorporating them.
We are committed to protecting your personal data. If, however, you should be dissatisfied with our handling of your personal data, please submit a written complaint containing details of your dissatisfaction to our Business Development Manager.
Our Business Development Manager shall acknowledge in writing the receipt of your complaint within five business days. Within ten business days, our Business Development Manager shall contact you to provide you with an estimated timeframe for our investigations and resolution of your complaint. If your complaint requires more time beyond such estimation to resolve due to its complexity, our Business Development Manager shall inform you accordingly on or before the expiry of the original estimated timeframe.
In the event that the Business Development Manager’s investigations conclude with a solution that is dissatisfactory to you, you may wish to contact our Data Protection Officer (”DPO”) as follows:
DPO | Email: [email protected]
Our DPO will acknowledge your complaint within five business days and strive to provide a satisfactory solution to you within ten business days. In the unlikely event that we cannot reach an agreement with you, you may wish to refer your complaint to the Personal Data Protection Commission or consider resolving the complaint or any related disputes by way of mediation.
Last updated: 15/02/2017