1. Introduction
Your personal data is important to us and we are committed to complying with the Personal Data Protection Act 2012 (the “PDPA”). This personal data protection policy (“Policy”) sets out how we collect, use and disclose your personal data and applies to Mary Buffett Business Pte. Ltd. and its subsidiaries.
This Policy supplements but does not supersede nor replace any other consents you may have previously provided to Mary Buffett Business Pte. Ltd. in respect of your personal data, and your consents herein are additional to any rights which Mary Buffett Business Pte. Ltd. may have at law to collect, use or disclose your personal data.
2. Personal Data
The PDPA defines personal data as:
Data, whether true or not, about an individual who can be identified:-
(a) from that data; or
(b) from that data and other information to which the organisation has or is likely to have access.
Personal data may include but not limited to name, NRIC number, passport number, employment pass number, nationality, gender, photograph, video footage, telephone numbers, mailing address, email address, age, date of birth, marital status, signature, job title/profession, medical details/health information, financial information (such as bank account or credit/debit card numbers) and any other information relating to any individuals which you have provided us in any forms you may have submitted to us or via other forms of interaction with you.
3. Collection of Personal Data
The ways in which we may collect your personal data include (but are not limited to) collecting your personal data directly or indirectly from you or your authorised representatives in the course of:
(a) you contacting us with your queries, requests, complaints or feedback;
(b) you completing any of our forms, including but not limited to enrolment form, survey and feedback forms;
(c) you participating in our marketing or promotional events;
(d) you registering for or using any of our services;
(e) you submitting an employment application to us;
(f) you providing us with your contact details;
(g) your images being captured by our close-circuit television cameras while you are within our premises, or via photographs or videos taken by us or our representatives at our premises;
(h) you visiting or browsing our website(s);
(i) you subscribing for email alerts on our website;
(j) our conducting interviews for matters including but not limited to employment;
(k) our conducting market research or surveys;
(l) you interacting with our staff via telephone calls, letters, fax, face-to-face meetings, social media platforms and emails; or
(m) you submitting your personal data to us for any other reason.
We may also collect personal data about you from third parties including (but not limited to):
• your representatives, intermediaries, agents or next-of-kin who may either be disclosing your personal data to us on your behalf, or in connection with their own transactions, agreements or interactions with us;
• your employers or previous employers; or
• our business partners.
If you provide us with any personal data relating to a third party (e.g. information of your next-of-kin, spouse, children, parents, dependants, and/or employees), you represent and warrant to us that you have obtained the necessary consent from the relevant third party to provide us with their personal data for the relevant purpose(s) for which we are collecting their personal data.
4. Use and disclosure of your Personal Data
We use the personal data that we collect from you for the following purposes:
• to administer, manage and execute marketing activities
• to announce in any form of media including but not limited to social media platforms our marketing or promotional events
• to provide and send you marketing, advertising and promotional information and materials relating to products, events and/or services offered by Mary Buffett Business Pte. Ltd. through various avenues including (but not limited to) SMS, voice calls, email, mail and online platforms (such as social media)
• to deal with or facilitate customer service, carry out your instructions, provide services, or deal with or respond to any enquiries, requests, complaints or feedback given by you or on your behalf;
• to manage our administrative and business operations and comply with internal policies and procedures;
• to conduct market research and improve customer service;
• to provide training to our staff;
• to facilitate access to our website;
• to manage the safety and security of our premises;
• for auditing, internal investigations, compliance, risk management, conflict of interest reporting and security processes;
• to comply with applicable laws, regulations, rules, codes of practice, guidelines and other requirements (including but not limited to providing assistance to law enforcement agencies, regulatory authorities and other governmental agencies);
• to prevent, detect and investigate crime;
• to analyse and manage commercial risks;
• for the purposes of legal proceedings;
• to defend or extend any rights of Mary Buffett Business Pte. Ltd.;
• to administer and process your employment application;
• to administer and maintain shareholder relations;
• to verify your identity;
• for any evaluative purpose as defined in the PDPA;
• to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving any of the companies, subsidiaries or business units in Mary Buffett Business Pte. Ltd.;
• for any other purposes that are incidental or ancillary or in furtherance to the above purposes which are not specifically mentioned herein;
• for any other purposes that we have specifically notified you of; or
• for any other purposes that a reasonable person would consider appropriate in the circumstances.
We may transfer or share your personal data with:
• our agents, contractors, sub-contractors, service providers or data processors who have been contracted to provide administrative, financial, legal, accounting, information technology, research, operational, marketing, telecommunications, transportation, payment, analytical, training, storage, printing, security or other services;
• our consultants and professional advisers (such as accountants, lawyers, auditors);
• our business partners and affiliates;
• external banks and their respective service providers;
• courts, tribunals, law enforcement agencies, regulatory authorities and other governmental agencies as required or authorised by law;
• any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving any of the companies, subsidiaries or business units in Mary Buffett Business Pte. Ltd.; or
• any other party to whom you authorise us to disclose your personal data to.
Notwithstanding the above, we may process your personal data without your consent if it is permitted under the PDPA.
5. Security and storage of personal data
We will take reasonable efforts to protect your personal data in our possession or control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks (“Risks”). However, we shall not be held responsible for Risks occurring in relation to your personal data that are beyond our control, such as Risks resulting from cyber-attacks.
Security arrangements which we undertake to protect your personal data may include the following:
• training our employees who handle your personal data to respect the confidentiality of such personal data and your privacy;
• restricting access of your personal data to employees who require it for their job functions; or
• storing personal data in a combination of secure computer storage facilities and physical storage facilities under lock-and-key.
While we strive to protect your personal data, we cannot ensure the security of the information you transmit to us via the Internet or through the use of our electronic services, and we urge you to take every precaution to protect your personal data when you use such platforms. If applicable, you undertake to use a combination of uppercase and lowercase letters, numbers and symbols for your password, change your password often, use a secure browser when accessing our website(s), keep your username and password secure and confidential and not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place.
6. Retention of personal data
We will cease to retain your personal data when we no longer require such personal data for any of the purposes for which it was collected or for any business or legal needs.
7. Accuracy of personal data
We will take reasonable efforts to ensure that your personal data in our records is accurate and complete, if your personal data is likely to be used by us to make a decision that affects you, or disclosed to another organisation. However, you must also update us of any changes in your personal data that you have initially provided us with. We will not be responsible for relying on inaccurate or incomplete personal data arising from you not updating us of any changes in your personal data that you have initially provided us with.
You must also ensure that all personal data submitted by you to us is complete, accurate, true and correct.
8. Accessing and Making Correction to Your Personal Data
You may write in to us, based on reasonable grounds, to find out how we have been using or disclosing your personal data. We are obligated under the PDPA to allow you access to your personal data of the past one year, and to make any correction if there is any error or omission. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will try to respond to your request within 30 days. By which time we will give you an estimate of how long it is going to take to retrieve all the relevant data, and how much we will charge you for processing the request.
9. Transfer of Personal Data
If there is a need for us to transfer your personal data to another country, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.
10. Do-Not-Call (DNC) Provisions
Before we make any ‘cold calls’ in telemarketing activities, we will check the DNC Registry and our internal blacklist before we make the phone call, send SMSes or send faxes to the individual, unless that individual has given his/her clear and unambiguous consent. The blacklist refers to phone numbers belonging to those individuals who have withdrawn their consent.
11. Cookies
When you interact with us on our website(s), we automatically receive and record information (such as your server address, domain name, the date and time of visit and the pages viewed) on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
Cookies are small text files placed in your computer hard drive or mobile devices when you visit our website(s) and allow us to remember you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on a computer. Should you wish to disable the cookies associated with these technologies, you may do so by changing your browser settings accordingly. However, you may not be able to enter certain part(s) of our website(s), and some of the functions and services may not be able to function without cookies. This may also impact your user experience while on our website(s).
12. Third-party sites
Our website may contain links to other websites operated by third parties, such as our business partners. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. We encourage you to learn about the privacy policies of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left your website, you should check the applicable privacy policy of the third party website to determine how they will handle any information they collect from you.
13. Contacting us
If you:
(a) have any questions, feedback or complaints relating to the collection, use or disclosure of your personal data or this Privacy Policy;
(b) would like to withdraw your consent to any collection, use or disclosure of your personal data as set out in this Privacy Policy; or
(c) would like to exercise your statutory rights under the PDPA in relation to access or correction of your personal data in our control or possession, please do not hesitate to contact Mary Buffett Business Pte. Ltd. office via snail mail at the following address:
Mary Buffett Business Pte Ltd
10 Anson Road International Plaza #18-13 Singapore 079903
We will endeavour to respond within a reasonable timeframe.
If you make a request to obtain access to your personal data records with us, we may charge a reasonable fee for verifying the authenticity of the request and locating, retrieving and copying any material requested.
If a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received.
Please note that if your personal data had been provided to us by a third party, you should contact that organisation or individual to make such queries, complaints, and access and correction requests to us on your behalf. Please also note that we are not required, under the PDPA, to provide access and correction to your personal data in certain exempted situations as set out in the PDPA.