Last modified: 21 September 2019
“Personal Data” means data, whether true or not, about a person who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. However, Personal Data does not include information that has been made anonymous or aggregated so that it can no longer be used to identify a specific person, whether in combination with other information or otherwise.
- INFORMATION WE COLLECT
You acknowledge and agree that we (or service providers acting on our behalf) may collect certain information from you and any devices you use, including your Personal Data, whenever you access and/or use the Website and/or Service, or interact with us. We may also require you to provide us or our service providers with your Personal Data in order for us to provide our services to you, and/or in order for our service providers to provide their services to us.
We generally do not collect your Personal Data unless:
- it is provided to us voluntarily by you for a purpose, and it is reasonable in the circumstances that you are deemed to have consented to our collection, use and disclosure of that Personal Data for that purpose; or
- collection and use of Personal Data without consent is permitted or required by applicable laws.
Personal Data which we (or service providers acting on our behalf) collect include the following:
Service provider: Auth0, Inc.
Place of storage and/or processing: European Union, United States of America
Terms of Service: https://cdn.auth0.com/blog/website/legal/files/Auth0-SS-TOS.pdf
Service provider: Chargebee, Inc.
Place of storage and/or processing: European Union, United States of America
Communications. If you send us personal correspondence, contact us or communicate with us in any way (e.g. by sending us emails, messages or mail and/or by making phone calls to us), we may collect and maintain records of such communications.
Service provider: Zendesk, Inc.
Place of storage and/or processing: European Economic Area, United States of America
Information relating to your communications will be used by us and/or our service provider to respond to, process and handle your queries, requests, feedback and Submissions and to generally administer and manage our relationship with you.
You acknowledge that links to the terms of service and/or privacy policies of our service providers are provided herein for your convenience only and may not be current or updated. You agree to refer to the respective websites of these service providers for up-to-date information on how they collect, use, disclose, retain and otherwise process your Personal Data.
- HOW WE USE AND SHARE INFORMATION
- How we use your Personal Data. Apart from the purposes described in Section 1 above, we may generally use your Personal Data for the following purposes:
- performing obligations in the course of or in connection with our provision of the services requested by you;
- providing you with personalised services and/or to customise your user experience of the Website and/or Service;
- verifying your identity;
- responding to, handling, and processing queries, requests, applications, complaints, feedback and Submissions from you;
- generally administering and/or managing your relationship with us;
- processing payment or credit transactions;
- maintaining records of your instructions and our interactions with you;
- internal reporting and analysis related to our business operations;
- sending you information on any updates or changes to the Website and/or Service (including notifying you of any planned or unscheduled downtime) and/or Subscription Plans;
- sending you information on any updates or changes to our Terms, Policies and/or other legal or administrative information;
- sending you updates and publications (including our newsletters), or advertising, marketing and promotional communications (including updates on our Promotions), where you have requested or consented to be on our mailing list or to receive such communications respectively;
- any other purposes for which you have provided the information;
- any other incidental business and/or administrative purposes related to or in connection with the above; and/or
- such as we believe to be necessary and/or appropriate to:
- comply with applicable laws, regulations, guidelines and/or codes of conduct (or any request or direction of any public, government or regulatory authorities, including those outside your country of residence);
- comply with legal process (including assisting in law enforcement and investigations conducted by any governmental and/or regulatory authority);
- protect the rights, privacy, safety property and/or operations of any person (including us and any person accessing and/or using the Website and/or Service);
- protect the safety or integrity of the Website and/or Service (including to help prevent spam, abuse, or malicious actors on the Website and/or Service);
- prevent, detect, mitigate and investigate potentially illegal acts, fraud and/or security breaches and to assess and manage risk, including to alert you if fraudulent activities have been detected on your Account(s);
- enforce terms and conditions applicable to the Website and/or Service; and/or
- allow us to pursue available remedies or limit the damages we may sustain,
- transmitting to any unaffiliated third parties including our third party service providers, agents and other organisations we have engaged, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes.
- if you are an End-User, your Company and other End-Users linked to your Company’s Account;
- our related companies such as our subsidiaries and holding company (if any);
- our lawyers, auditors and professional advisors;
- service providers who provide services to us (including marketing, email delivery services, analytics and search engine providers, website hosting, web design, maintenance, database hosting, data analysis, IT services, payment processing, customer service, infrastructure provision, logistics, storage, auditing services and other similar services), or to which we may outsource one or more aspects of our business;
- third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any liquidation or similar proceedings, and/or to an acquirer of our business or assets or any part thereof); and
- our partners and investors or potential partners and investors and other parties with a view to a potential business partnership, collaboration, join venture or otherwise in furtherance of our business.
We will only share your Personal Data with such third parties to the extent that this is necessary for us to perform our services for you and/or for them to perform their services for us.
- ADDITIONAL INFORMATION WE RECEIVE ABOUT YOU
- store user preferences and track user trends (such as how people access and/or use the Website and/or Service and their access and/or usage preferences);
- obtain information on how and when pages in the Website and/or Service are accessed and/or used and by how many people;
- help you complete tasks on the Website and/or Service without having to re‑enter information when browsing from one page to another or when accessing and/or using the Website and/or Service later (e.g. to enable you to enter your Login Codes or billing information less frequently and to help us retrieve your configuration settings between uses from our servers); and
- make the advertisements and content you see more relevant to you.
- Non-Personal Data
When you access and/or use the Website and/or Service, we may collect, use, disclose, retain and otherwise process (or our systems may automatically collect, use, disclose, retain and process) directly or through third party services and applications:
- log data, including your unique user device number, the IP address of your computer or device, information about your computer or mobile internet browser type and version, computer or device operating system, the dates and times of your access to and/or use of the Website and/or Service, the number and frequency of visitors to the Website, the URL that you just came from and the URL you next go to (whether these URLs are on the Website and/or Service or not);
- session and usage data about your access to and/or use of the Website and/or Service, including connection and service-related data such as information relating to the connection request, server communication and data sharing, network measurements, quality of service and date, time and location of usage; and/or
- aggregate information about the access to and/or use of the Website and/or Service (which may contain log data and session and usage data) in respect of a group or category of services or users but which contains no personally identifiable information about the users,
(collectively “Non-Personal Data”).
For the avoidance of doubt, “Non-Personal Data” is information that does not identify you or any other individual and does not include Personal Data.
We may use Non-Personal Data for any purpose, including:
- for our own internal business purposes;
- to measure traffic patterns;
- for the purpose of system administration;
- to enable us to analyse, research and track access to and/or usage of the Website and/or Service (including conducting internal research on user demographics, interests, behaviour and trends among users);
- to provide, improve and modify the Website and/or Service;
- to improve our algorithms, measure Website and/or Service access and/or usage, publish summaries online or offline, develop new features such as recognising popular activity routes, areas and places; and/or
- for promotion and marketing purposes.
- WITHDRAWING CONSENT
The consent you provide for the collection, use and disclosure of your Personal Data will remain valid until it is withdrawn by you in writing. You may withdraw your consent and request that we stop collecting, using, disclosing, retaining and otherwise processing your Personal Data for any or all of the purposes listed above by submitting a request in writing to our Data Protection Officer at the contact details provided below.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue to provide access to and/or use of the Website and/or Service to you if you withdraw your consent to us collecting, using, disclosing, retaining or otherwise processing your Personal Data for certain purposes. In such circumstances, we will notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform our Data Protection Officer in writing at the contact details provided below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within fourteen (14) business days of receiving it. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to accede to your request, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under applicable laws).
Notwithstanding that you may have withdrawn consent, you acknowledge we may continue to collect, use, disclose, retain or otherwise process your Personal Data where such collection, use, disclosure, retention or processing is permitted or required under applicable laws.
- YOUR RIGHTS
You may exercise the following rights, subject to limits, conditions and exceptions under applicable laws. For further information on each of those rights, including the circumstances in which they apply and the limits, conditions and exceptions applicable to the exercise of such rights, please contact our Data Protection Officer.
- Right to access to Personal Data. You have the right to access your Personal Data. You may access and download most of your Personal Data through the Account(s) you have with us. To request for a copy of your Personal Data that is not available on your Account(s), or for information about the ways in which we use or disclose your Personal Data, you may write to our Data Protection Officer.
- Right to rectification and addition to Personal Data. You can correct, delete or modify most of the Personal Data using the tools and settings under your Account(s).
- Right to erasure. You have the right to request for the prompt erasure of your Personal Data if:
- it is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw your consent to the processing of Personal Data and there is no other legal ground for the processing;
- you object to the processing of your Personal Data and/or there are no overriding legitimate grounds for the processing;
- your Personal Data has been processed unlawfully;
- your Personal Data has to be erased for compliance with legal obligations under applicable laws;
subject to certain conditions under applicable laws.
- Right to restrict processing. You have the right to request that we restrict the processing of your Personal Data in certain situations (e.g. if you contest the accuracy of the Personal Data).
- Right to portability of Personal Data. You have the right to obtain your Personal Data in a structured, commonly used, and machine-readable format and the right to provide such data to another controller, provided that processing is carried out by automated means and based on the performance of an agreement between us or on your consent. Please note that under your Account(s), you can download a copy of some of your Personal Data.
- Automated individual decision making. You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
- Right to file complaint with supervisory authority. You have the right to file a complaint with the relevant supervisory authority, i.e. the Office for Personal Data Protection in the European Union.
- Right to object. You have the right to object at any time to the processing of your Personal Data for direct marketing purposes and in certain other situations to our continued processing of your Personal Data. You can opt out of receiving or unsubscribe from any SMS, email or other marketing communications from us by using the unsubscribe facility that is provided with such SMS, email or other communication, or by writing in to our Data Protection Officer with your request. Please note that if you do opt out of receiving marketing-related communications from us, we may still send you important legal or administrative messages, and that you cannot opt out of receiving such messages.
If you would like to exercise any of the above rights, please:
- inform our Data Protection Officer in writing at the contact details provided below; and
- provide our Data Protection Officer with enough information to identify you (e.g. your full name, email address, residential address, contact number, address and customer reference number);
- provide our Data Protection officer with proof of your identity (e.g. a copy of your driving licence, passport or recent utility or credit card bill); and
- let our Data Protection Officer know what right you want to exercise and the information to which your request relates.
We will respond to your request as soon as reasonably possible. In general, we shall seek to process your request within fourteen (14) business days of receiving it. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under applicable laws).
Please note that a reasonable fee may be charged for requests that you make in connection with the above rights, where permitted under applicable laws. If so, we will inform you of the fee before processing your request.
We use commercially reasonable security measures to protect your Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We generally rely on Personal Data provided by you (or your authorised representative). In order to ensure that your Personal Data is current, complete and accurate, please update us if there are changes to your Personal Data by informing our Data Protection Officer or contacting us at the contact details provided below.
- RETENTION OF YOUR PERSONAL DATA
We will retain your Personal Data (including Personal Data from closed Accounts) for as long as is necessary to fulfil the purpose(s) for which it was collected, as required or permitted by applicable laws (including to satisfy legal, regulatory, accounting or other regulatory requirements) or as we deem necessary and relevant to protect our legitimate interests.
When it is reasonable for us to assume that retention of your Personal Data no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal, regulatory, accounting or business purposes, we will cease to retain your Personal Data, or remove the means by which the Personal Data can be associated with you.
We may use any aggregated data derived from or incorporating your Personal Data after you terminate your Account(s), but not in a manner that would identify you personally unless permitted by law.
- WHERE YOUR INFORMATION IS HELD
- Your Personal Data may be stored at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above. Some of these third parties may be based outside your country of residence.
- Cross-border transfers. To deliver services to you, it is sometimes necessary for us to transfer your Personal Data out of your country of residence e.g.:
- to our offices outside your country of residence;
- to our service providers located outside your country of residence;
- if you are based outside the country where we are located; and/or
- where there is an international dimension to the services we are providing to you.
- Where we transfer your Personal Data to countries outside of your country of residence, we will do so in accordance with applicable laws, including (where transfers are made outside of Singapore), to take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the Singapore Personal Data Protection Act 2012 (No. 26 of 2012).
- You acknowledge and specifically consent to your Personal Data being transferred to and stored in our offices in Singapore and the United States of America, and the locations where our service providers store and process your Personal Data, as identified under Section 1
- MINIMUM AGE
We do not knowingly collect or solicit Personal Data from those below the Minimum Age, or knowingly allow such persons to register for an Account with us. The Service is not intended for use by persons under the Minimum Age. If you are under the Minimum Age, please do not attempt to register for an Account and/or use the Service, or provide us with any of your Personal Data.
- displaying the new terms on-screen when you next access and/or use the Service;
- sending you notice in accordance with the Terms; and/or
- any combination of the foregoing.
- CONTACTING US
Details of the data controller are as follows:
Data Controller: Piston Vault Pte. Ltd.
Address (in Singapore): 55 Mohamed Sultan Road, 01-04 Sultan Link, 238995, Singapore
Data Protection Officer: Federico Lo Conte
Address: 55 Mohamed Sultan Road, 01-04 Sultan Link, 238995, Singapore
Notwithstanding that you may have opted out of communications, or your Account(s) with us have been terminated, and/or you have removed your billing information from your Account(s), you acknowledge that certain Personal Data may be retained by us for the purpose of complying with relevant laws.
Effective date: 21 September 2019
Last updated: 21 September 2019