Data Protection Trustmark (DPTM) and APEC Cross Border Privacy Rules (CBPR) System Certification
CrimsonLogic is proud to be the first company in Singapore to be awarded both the Data Protection Trustmark (DPTM) and APEC Cross Border Privacy Rules (CBPR) certifications by Infocomm Media Development Authority (IMDA) of Singapore. This demonstrates our commitment to responsible data protection practices so as to protect our customers’ privacy and personal data transferred among participating APEC economies.
- We, CrimsonLogic Pte. Ltd. (“CrimsonLogic”), are committed to safeguarding your privacy. We treat all personal data provided by you in strict confidence, and will only use your personal data in the manner set out in this Policy. This Policy describes how we may collect, use, disclose, process and manage your personal data and applies to all personal data that you provide to us and the personal data we hold about you.
- By providing us with your personal data, you consent to our collection, use and disclosure (including transfer) of your personal data in accordance with this Policy. Please DO NOT provide any personal data to us if you do not accept this Policy.
- In the course of our business, we may be collecting, using, disclosing and processing personal data, on behalf of third parties. In such situations, we are obligated to abide by their instructions in relation to such personal data and this Policy will not apply.
- What is personal data. “Personal data” is data that can be used to identify a natural person. Examples of personal data include name, address, contact details, identification numbers, telephone numbers, email address and photographs.
- Voluntary provision of personal data. Your provision of personal data to us is voluntary. However, if you choose not to provide us with the personal data we require, it may not be possible for us to contact you or provide you with the products or services that you require from us.
- Providing personal data belonging to others. If you provide the personal data of anyone other than yourself (including your family members), you warrant that you have informed him/her of the purposes for which we are collecting his/her personal data and that he/she has consented to your disclosure of his/her personal data to us for those purposes.
- Accuracy and Completeness or personal data. You must ensure that all personal data that you provide is true, accurate and complete.
Collection of Personal Data
- Generally, we may collect your personal data when you:
- register for any of our products or services;
- use any of our products or services;
- submit any data or document to us for processing;
- perform an online transaction on any of our Platforms;
- report a problem with any of our Platforms;
- fill in our surveys and provide feedback;
- access or request for access to our premises;
- contact us whether through email, fax, telephone, or writing; and/or
- submit your personal data to us for any other reason.
Purposes for Collection, Use or Disclosure of Personal Data
- Service related purposes. Generally, we collect, use or disclose your personal data for the following service related purposes:
- to manage your relationship with us;
- to provide you with the products and services that you have requested, including products and services from third party service providers;
- to assist you with your enquiries;
- to contact you for feedback after the provision of our products and services; and
- to keep you updated on our products and services.
- Business purposes. We may also use your personal data for purposes connected or relevant to our business, such as:
- complying with our legal obligations and requirements;
- enforcing obligations owed to us;
- research into the development of new products and services or improvement of our existing products and services;
- accounting, risk management and record keeping;
- carrying out research, planning and statistical analysis; and
- staff training.
- Marketing purposes. We may use your personal data for the purposes of marketing our products and services and/or the products and services offered by our partners and business associates.
- In using your personal data for marketing purposes, we may send marketing messages to you in various modes including but not limited to electronic mail, direct mailers, facsimile, short messaging service, telephone calls, and other mobile message services. We will only send marketing messages to your Singapore telephone number via SMS, telephone calls and other mobile messaging services, if we have your clear and unambiguous consent to do so or if you have not registered your number with the Do Not Call registry.
- Security purposes. We may use the personal data collected from you for security purposes. For example, your image may be captured by security camera on our premises or your identification documents retained to monitor your access to and exit from our premises.
- Processing purposes. We may collect, use or disclose personal data as a data intermediary on behalf of another organization. In such cases, we will merely be processing the personal data collected from you on behalf of the organization.
- Contacting you. When using your personal data to contact you for the above purposes, we may contact you via post, fax, e-mail, SMS, telephone or any other means.
Disclosure of Information
- We will not sell your personal data to third parties.
- Disclosure to service providers. You agree that we may disclose your personal data to third parties whom we engaged to provide necessary products or services, including but not limited to:
- service providers and data processors working on our behalf and providing services such as human resource management, debt collecting, hosting and maintenance services, delivery services, handling of payment transactions, marketing etc.
- our consultants and professional advisers (such as accountants, lawyers, auditors, managing agents).
- service providers assisting us in the provision of products and services to you.
- Other permitted disclosure. You agree that we may also disclose your personal data as required or permitted by law. We may disclose your personal data to regulatory authorities, statutory bodies or public agencies for the purposes of complying with their respective requirements, policies, directives and contracts.
Protection and Transfer of Personal Data out of Singapore
- Protection of personal data. We will take reasonable measures to safeguard your personal data.
- Transfer outside Singapore. You consent to us transferring your personal data to any location outside of Singapore for the purposes set out above.
- Protection when personal data transferred outside Singapore. If we transfer your personal data to a country or territory outside of Singapore, we will ensure that the recipient of the personal data provides a standard of protection that is comparable to the protection which your personal data enjoys under the laws of Singapore. In this regard, the recipients will be under legally binding obligations to:
- ensure that the collection, use and/or disclosure of your personal data would be for the purpose(s) for which you have given consent;
- take steps to ensure accuracy and completeness of your personal data when your personal data is used to make a decision that affects you, or if it is to be disclosed to third parties;
- make security arrangements to protect your personal data; and
- only retain your personal data if necessary for legal and business purposes.
Retention of personal data
- We will retain personal data for a reasonable period to fulfil the abovementioned purposes and in accordance with our legal and business purposes.
Access to and Correction of personal data
- You may request for correction or access to the personal data we have collected about you. We may levy a charge of S$20 for processing your access request. Please contact us to find out how to request for correction or access.
- We may be prevented by law from complying with your request. We may also decline your request if the law permits us to do so or if our records have been destroyed in accordance with our internal data retention policies.
Withdrawal of consent
- You may withdraw your consent given for any or all purposes set out in this Policy by contacting our Data Protection Officer (see “How to contact us” section below). However, we may not be in a position to continue to provide our products or services to you if you withdraw your consent for purposes that are necessary for the provision of such products or services.
Amendments and Updates
How to contact us
- If you have any questions or concerns regarding any aspect of this policy or the personal data you have provided or wish to make a request or withdraw your consent given for any or all purposes set out in this Policy, please contact: