Last Updated: 19 October 2021
90 Seconds Private Limited (“90 Seconds”, “our”, “we” or “us”) takes its responsibilities under Singapore’s Personal Data Protection Act 2012 (“PDPA”) seriously. We also recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data, and we are committed to protect the privacy of your personal data.
Please read this policy to understand what personal data is collected or processed by us, and for what purposes it is used for.
This Data Protection Policy covers the following topics
- Definition of Data Protection Terms
- What personal data does 90 Seconds collect?
- How does 90 Seconds use your personal data?
- Sharing your personal data
- Using products or services
- Protecting your personal data
- Personal Data breach reporting
- Accessing your personal data
- Request to erase your personal data
- Cross-border transfer of personal information
- Cookies and other tracking technologies
- Changes to our Data Protection Policy
This policy is provided for your information and doesn’t limit or exclude your rights under the Personal Data Protection Act 2012 (“PDPA”).
1. Definition of Data Protection Terms
- Data is recorded information whether stored electronically, on a computer, or in certain paper-based filing systems.
- Data processors include any person who processes personal data on behalf of a data controller. Employees of data controllers are excluded from this definition but it could include suppliers which handle personal data on behalf of 90 Seconds.
- Personal data means any data relating to a living individual who can be identified from that data. Personal data can be factual (such as a name, address or date of birth) or it can be an opinion (such as a performance appraisal). It can even include a simple e-mail address. It is important that the information has the data subject as its focus and affects the individual’s privacy in some way.
- Processing is any activity that involves use of data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organisation, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
2. What personal data does 90 Seconds Private Limited collect?
We collect personal data about you when you use our website and/or IT portal and/or mobile application and/or other channels and throughout other interactions, communications and services you have with us. We will collect your personal data in accordance with the PDPA.
Personal data which we may collect include but are not limited to:
- your personal information such as your name, NRIC/FIN/Passport number, date of birth, marital status, gender;
- your contact information such as postal addresses, email addresses, telephone, mobile phone and fax numbers;
- your past and present employment information such as organisation name, organisation type, industry sector, job function and responsibilities, designation, business telephone and fax numbers, business email addresses;
- your billing and payment information, including name of the credit/debit cardholder, credit/debit card number, security code and expiry date;
- information on how you use our products and services (such as the type, date, time, location, comments and messages, how much you spend;
- internet protocol (“IP”) address used to connect your computer or device to the Internet, connection information such as browser type and version, your operating system and platform, a unique reference number linked to the data you enter on our system, login details, the full URL clickstream to, through and from the website and/or IT portal and/or mobile application (including date and time), cookie identifier, your activity on our website and/or IT portal and/or mobile application, including the pages you visited, the searches you made and, if relevant, the services you purchase; and
- lifestyle information and any other information collected in relation to your use of our products and services.
We may receive information about you from third parties if you use any websites or social media platforms operated by third parties (e.g. Facebook, Instagram, Twitter etc.) and, if such functionality is available, you have chosen to link your profile on our website and/or IT portal and/or mobile application with your profile on those other websites or social media platforms.
3. How does 90 Seconds Private Limited use your personal data?
The personal data that we collect from you may be used by us for a number of purposes connected with our business such as:
- Processing and evidencing your orders or applications;
- Carrying out credit checking and scoring (unless we have agreed otherwise);
- Providing you with products and/or services you have requested or administering your account;
- Billing you (unless you pay by another agreed method) and collecting any debt owed to us by you;
- Settling accounts with those who provide related services to us;
- Dealing with your requests, enquiries or complaints and other customer care related activities;
- Carrying out market and product analysis, improvements to our products and services and marketing our and our group companies’ products and services generally;
- Contacting you about our and our group companies’ products and services (unless you ask us in writing not to). Where such contact is via electronic means, our terms and conditions record our agreement with you that the electronic marketing messages don’t need to include an unsubscribe facility;
- Carrying out any activity in connection with a legal, governmental or regulatory requirement on us or in connection with legal proceedings, crime or fraud prevention, detection or prosecution;
- Carrying out activities connected with the running of our business such as personnel training, quality control, network monitoring, testing and maintenance of computer and other systems and in connection with the transfer of any part of our business in respect of which you are a customer or a potential customer;
- Providing aggregated user information to third parties (without at any time disclosing personal information about an identifiable individual;
- Generally customising your experience on our sites;
- For general administrative and business purposes.
(collectively, the “Purposes”)
In order to conduct our business operations more smoothly, we may also be disclosing the personal data you provide to us to our third party service providers, agents and/or affiliates or related corporations, and/or other third parties, who may be situated in or outside of Singapore, for one or more of the above-stated Purposes.
4. Sharing your information
There may be times when we need to disclose your personal information to third parties. If we do this, we will only disclose your information to:
- Our group entities who may use and disclose your information for the same purposes as us;
- Those who provide to us or our group entities products or services that support the services that we provide, such as our freelancers, suppliers & customers;
- Credit reference agencies (unless we have agreed otherwise), who may share your information with other organisations and who may keep a record of the searches we make against your name;
- Anyone we transfer our business to in respect of which you are a customer or a potential customer;
- Anyone who assists us in protecting the operation of the 90 Seconds Private Limited networks and systems, including the use of monitoring and detection in order to identify potential threats, such as hacking and virus dissemination and other security vulnerabilities;
- Anyone who hosts or maintains data centres, service platforms and other infrastructure and systems on behalf of us and our group entities, where your information is processed;
- Persons to whom we may be required to pass your information by reason of legal, governmental or regulatory authority including law enforcement agencies and emergency services;
- Aggregated user statistics and other information that does not personally identify you, to third parties such as our advertisers, customers, potential customers and partners;
- Any person or organization as authorised by the PDPA including with your prior authorisation which we will usually obtain at the time of collecting the information from you.
- If you would like to opt-out of receiving 90 Seconds Private Limited marketing materials, please contact firstname.lastname@example.org.
5. Using products or services outside of Singapore
When using our products or services abroad, your personal data may be transferred outside Singapore to that country. Our websites and systems and those of our group entities are based on servers often located outside of Singapore. Please note that the data protection and other laws of countries outside Singapore may differ.
6. Protecting your personal data
We will take reasonable steps to ensure that the personal data we collect, use or disclose is accurate, complete, up-to-date and stored in a secure environment protected from unauthorised access, modification or disclosure.
7. Personal Data breach reporting
We will notify you if we determine that personally identifiable information about you held by us has been subject to unauthorised access or disclosure, such as an information security breach. Where required to do so, we will provide your information to relevant authorities as part of any mandatory data or privacy breach reporting regime.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on this Site in the most expedient time possible and without unreasonable delay, insofar as consistent with
(i) the legitimate needs of law enforcement or
(ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
8. Access and updating your personal data
You have the right to access personal data we hold about you if we hold that personal data in a way that it can be readily retrieved, subject to some exceptions provided at law.
You may request access to the personal data we hold about you by sending an email to email@example.com. Please quote your name and email address. We would be grateful if you could also provide brief details of what information you want a copy (this helps us to more readily locate your data).
In some cases, there may be a charge associated with providing copies of your personal data to you. If so, we will advise you of this prior to sending your personal data to you. Additional rights may also apply under applicable laws.
We will not be able to provide you personal data if we do not know or don’t have reasonable grounds to believe it is personal data about you or if disclosing the personal data would involve the unwarranted disclosure of the affairs of another individual.
You can request correction or amendment of the information held by us at any time and as often as necessary by sending us an e-mail to contacting us and specifying the information that you require changed. If it is reasonable in the circumstances for us to do so, we will make the requested change or correction, otherwise we’ll take reasonable steps to mark that information as having been subject to a change or correction request.
For further information about the PDPA and how it protects the personal information of individuals in Singapore, see https://sso.agc.gov.sg/Act/PDPA2012.
Some of our services are password-protected so that only you have access to your personal information. You should not reveal your password to other people and you should change it regularly. 90 Seconds Private Limited will never ask you for your password in an unsolicited phone call or in an unsolicited e-mail. Also, if you are using the internet, remember to sign out of your 90 Seconds Private Limited account and close your browser window when you have finished. This is to ensure that others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place.
9. Request to erase your personal data
You have the right to request 90 Seconds to erase your personal data.
If you would like to be removed from all marketing communications and delete your user profile with 90 Seconds, please contact us at firstname.lastname@example.org. Removal of personal data means the deleting of user identifiable data. 90 Seconds retains the right to anonymised transactional data for financial/audit purposes.
If you would like to be removed from all marketing communications but retain your user profile, please use either of the following options:
- Click on the unsubscribe link at the bottom of the most recent email/newsletter sent to you.
- Contact us at email@example.com and request to be removed specifically from all marketing communications.
Upon receiving your request, the process to remove your personal data will take up to 5 business days. If you would like to understand or track the data deletion process, please contact us at firstname.lastname@example.org.
10. Cross-border transfer of personal data
Your personal data may be transferred to other countries for processing, support, storage and other necessary activities and by using our Services. You consent to the transfer of information to countries outside of your country of residence, which may have different personal data protection rules than in your country. For example, we may make available personal information to our related companies in Australia, Japan, US and UK in order to provide Services to you. If we transfer your information outside of Singapore in this way, we will take steps to ensure that your privacy continues to be protected in a manner which is consistent with Singapore privacy law.
11. Cookies and other tracking technologies
- Understand what you like and use about our website;
- Understand what you do not like and do not use on our website;
- Provide a more enjoyable, customised service and experience,
- Enable you to use certain services on our website; and
- Help us develop and deliver better products and services tailored to our customers’ interests and needs.
We also collect IP addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. We collect and manage IP addresses as part of the service of providing internet session management and for security purposes.
We may use a persistent cookie to record details such as a unique user identity and general registration details on your PC. This helps us recognise you on subsequent visits to this website so that you don’t have to re-enter your registration details each time you visit us and allows us to carry out the activities mentioned above.
It may be possible to disable cookies through your device or browser settings. The method for disabling cookies may vary by device and browser, but can usually be found in preferences or security settings.
12. Changes to our Data Protection Policy