Singapore Privacy Notice
Last Updated: December 12, 2023
1. APPLICABILITY OF PDPA PRIVACY NOTICE
This Privacy Notice (“Notice”) applies solely to residents of Singapore and supplements Cy Creek Bank’s Online Privacy Notice. We adopt this Notice to comply with the Personal Data Protection Act (No 26 of 2012) (“PDPA”), including subsidiary legislation and the Personal Data Protection Regulation of 2021 (“PDPR”).
Under the PDPA, “Personal data” refers to all “data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which the organisation has or is likely to have access” (regardless of whether such data is in electronic or another form or degree of sensitivity). The PDPA uses the term “organisation” to cover those entities who are obligated to comply with the PDPA. Organisations broadly covers natural persons, corporate bodies (such as companies) and unincorporated bodies of persons (such as associations), regardless of whether they are formed or recognised under the law of Singapore, or are resident or have an office or place of business in Singapore.
The PDPA, however, does not apply to certain categories of organisations:
- individuals acting in a personal or domestic capacity;
- employees acting in the course of their employment with an organisation;
- public agencies; or
- any other organisation or personal data, or classes of organisations or personal data as may be prescribed.
Moreover, the PDPA also does not apply to certain information, such as information subject to the Banking Act of 1970 or other sector specific national laws. The PDPA also expressly excludes the following categories of personal data from its application:
- 'business contact information', which is defined as 'an individual's name, position name or title, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes', unless expressly referred to in the PDPA;
- personal data that is contained in a record that has been in existence for at least 100 years; and
- personal data about a deceased individual who has been dead for more than ten years.
2. COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
We generally do not collect your Personal Data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorized by you to disclose your Personal Data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your Personal Data for those purposes, or (b) collection and use of Personal Data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional Personal Data and before using your Personal Data for a purpose which has not been notified to you (except where permitted or authorized by law).
3. WITHDRAWING YOUR CONSENT
The consent that you provide for the collection, use and disclosure of Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your Personal Data for any or all purposes listed in this Notice or the Online Notice in writing via email to our Data Protection Officer (“DPO”) at the contact details provided below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we seek to process your request within ten (10) days of receiving it.
Please note that, depending on the nature and scope of your request to withdraw consent, we may not be in a position to continue providing our services to you. We shall, in such circumstances, notify you before completing the processing of your request should that be the case. Should you decide to cancel your withdrawal of consent, kindly inform us in writing via email to our DPO at the contact details provided below.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
4. CATEGORIES OF PERSONAL DATA WE COLLECT
Most of the information we collect is in the context of providing financial products or services to institutional clients with their “employees acting in the course of their employment” and is therefore not subject to the PDPA. We do collect Personal Data relating to Singapore residents in other contexts, including for employment and recruiting purposes, marketing activities and interaction with our website.
In the past 12 months, we may have collected and disclosed to third parties for our business purposes the following categories of Personal Information about you in several ways when you use our services, as described below:
- Identifiers: name, email, and address (e.g., Social Security Number);
- Personal Data, as defined in the PDPA, contact and financial information;
- Commercial Information: products or services purchased and account information;
- Internet or other similar network activity: browser type, pages viewed, and links clicked;
- Biometric Information: video footage and voiceprints;
- Geolocation Data: device location;
- Professional or employment-related information: occupation, job title, employment email or prior employer;
- Sensory Data: audio recordings of customer care calls, electronic, visual or similar information; and
- Inferences are drawn from any of the Personal Information listed above to create a profile about, for example, an Individual’s preference and characteristics.
5. PROTECTION OF PERSONAL DATA
To safeguard your Personal Data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have appropriate administrative, physical and technical measures in place.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your Personal Data and are constantly reviewing and enhancing our information security measures.
6. PERSONAL DATA RETENTION & STORAGE
Cy Creek Bank only keeps or processes Personal Data for as long as necessary to carry out its business and legal purposes. Personal Data is deleted or anonymized when no longer required for the purposes for which it was collected, in accordance with our Record Retention Policy and Media Sanitization Policy. The specific periods for which we keep information about you vary depending on the nature of the information, why we need it, and whether the Personal Data is de-identified. We also consider the minimum necessary retention period prescribed by applicable laws, recommended by industry standards, and stated in contracts and other legal obligations.
- We may be legally required to retain your Personal Data to:
- ~comply with legal obligations;
- ~resolve disputes; and
- ~enforce rights.
Storage: We may use data hosting service providers in Canada. to store information we have about you, and to safeguard your Personal Data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we use administrative, physical and technical measures.
7. PERSONAL DATA SHARED WITH THIRD PARTIES
We share information we have about you with third parties, service providers, and Cy Creek Bank affiliates who assist us with administering our services and advertising on third party platforms. We at times partner with other companies to offer products or services jointly; we may share your Personal Data in order to facilitate that offering.
Any third parties that we share your Personal Data with are limited by law and by contract in their ability to use your Personal Data. Cy Creek Bank requires third party service providers acting on our behalf or with whom we share your information to safeguard your Personal Data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we use administrative, physical and technical measures and industry standards and in compliance with this Policy, their privacy and security obligations, and any other appropriate confidentiality and security measures. However, we are not responsible for the privacy and data security practices of third parties outside of Personal Data we receive from or transfer to them. For additional information, please see our Online Privacy Notice (available on our Cy Creek Bank Privacy Center page).
8. INDIVIDUAL RIGHTS
Cy Creek Bank would like to make sure you are fully aware of all of your data protection rights. Every user in Singapore is entitled to the following:
The right to access and correct Personal Data: You have the right to request copies of your Personal Data from Cy Creek Bank. You have the right to request that Cy Creek Bank corrects any information you believe is inaccurate.
If you wish to make (a) an access request to a copy of the Personal Data which we hold about you or information about the ways we use or disclose your personal data, or (b) a correction request to correct or update any of your Personal Data which we hold about you, you may submit your request in writing via email to our Data Protection Officer (“DPO”) at the contact details provided below.
We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) business days after receiving your request, we will inform you via email of the time by which we will be able to respond to your request. If we are unable to provide you with any of your Personal Data or to make the correction requested by you, we shall inform you of the reasons we are unable to do so (except where we are not required to do so under the PDPA).
The right to accuracy of Personal Data: We need your assistance to ensure that your Personal Data is current, complete and accurate. As such, please inform us of any changes or updates in writing via email to our DPO at the contact details provided below.
9. COOKIES AND OTHER TRACKING TECHNOLOGIES
Cookies are small text files that are stored through the browser on your computer or mobile device. Cookies and other trackers serve a variety of functions; they help you navigate between website pages efficiently and may improve the user experience on a website. Cookies vary in duration (they can be “persistent” or “session-based”), and by whom they are served (“first party” cookies are directly from us; “third party” cookies are from other parties on our behalf).
Cy Creek Bank and our service providers use cookies and similar technologies on our website and mobile application to collect information about your browsing activities over time and across different website pages. At Cy Creek Bank, we use these tools to:
- Administer our services
- Analyze services usage and trends
- Track how you were referred to our website
- Improve the services functionality
- Perform analytics and marketing integration
- Deliver advertisements and other marketing offers
For further information please review Cy Creek Bank’s Cookie Notice (available at Section 4 of the Online Privacy Notice, on our Cy Creek Bank Privacy Center page).
10. DATA TRANSFER
Cy Creek Bank is a company based in the Canada (CA). We use data hosting service providers in Canada. or Singapore to host the information we collect from or about you. When we transfer your Personal Data outside of Singapore, we will do so in accordance with the PDPA by collecting your consent unless otherwise not required by the PDPA. We generally use consent for the transfer to be made and we will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
11. PRIVACY POLICIES OF OTHER WEBSITES
The Cy Creek Bank website and mobile application contain links to other websites. Our privacy notice applies only to our website and mobile application, so if you click on a link to another website, you should review their privacy notice.
12. CHANGES TO THIS NOTICE
We may change or update this Singapore PDPA Notice in the future. When we do, we will post the revised version on our website. This notice was last updated and became effective on the date posted at the top of this page.
13. DATA PROTECTION OFFICER
If you have any questions about this policy or our privacy practices please contact us. You can write to our DPO at privacy@go2cycreek.com.