We, Rakkar Digital Pte. Ltd., care about the privacy of our customers,
thus, we provide this privacy notice to inform our customers of our
policy in relation to the collection, use and disclosure of personal
data of individual (“you”) in accordance with the Personal Data
Protection Act 2012 of Singapore (“PDPA”), relevant laws and
regulations. This privacy notice informs you of how we collect, use or
disclose your personal data, what and why we collect, use or disclose
your personal data, how long we hold it, who we disclose it to, your
rights, what steps we will take to make sure your personal data stays
private and secure, and how you can contact us.
This privacy notice applies to:
(1) Our customers
- Individual customers: Our past and present customers who are
individual.
- Corporate customers: Directors, shareholders, promoters,
ultimate beneficial owners, employees, guarantors, security providers,
and legal representatives of our past and present corporate customers
and other individuals authorised to act on their behalf. Our corporate
customer shall ensure that the authorised persons and any of relevant
individuals have acknowledged our privacy notice.
(2) Non-customers
These include individuals who have no product or service holding with
us, but we may need to collect, use or disclose your personal data (e.g.
investors, prospect or target companies and their individuals, contact
persons, authorized persons, representatives, persons who were
ultimately given power of attorney to establish business relationship or
conduct occasional transaction, shareholders, directors, agents,
employees, personnel and other persons in similar capacity; anyone that
visits our website or our applications; ultimate beneficial owner;
directors or legal representatives of a company that uses our services
or is or may be our business partner; professional advisors, including
our directors, investors, shareholders and their legal representatives,
and anyone involved in other transactions with us or our customers).
Please note that some of the links on our platform may lead to third
party’s platforms, and if you access these platforms, your personal data
will then be processed under the third party’s policies. Make sure that
you have read those privacy notices when accessing such platforms.
1. How we collect, use or disclose your personal data
We only collect, use or disclose your personal data where it is
necessary or there is a lawful basis for collecting, using or disclosing
it. This includes where we collect, use or disclose your personal data
based on the legitimate grounds of legal obligation, performance of
contract made by you with us, our legitimate interests, performance
under your consent and other lawful basis. Reasons for collecting, using
or disclosing are provided below:
1.1.
Our legal obligation
We are regulated by many laws, rules, regulations, and orders of any
competent governmental, supervisory or regulatory authorities, and
to fulfil our legal and regulatory requirements, it is necessary to
collect, use or disclose your personal data for the following
purposes, which include but not limited to:
a)
Compliance with the PDPA and any amendment thereof;
b)
Compliance with laws (e.g. Anti-Money Laundering Laws, Prevention
and Suppression of Financial Support to Terrorism and the
Proliferation of Weapons of Mass Destruction Laws, and other laws
to which we are subject both in Singapore and in other countries)
), including conducting identity verification, background checks
and credit checks, Know Your Client/Customer Due Diligence
(KYC/CDD) processes, other checks and screenings (including
screening against publicly available government law enforcement
agency and/or official sanctions lists), and ongoing monitoring
that may be required under any applicable law; and/or
c)
Compliance with regulatory obligations and/or orders of authorized
persons (e.g. orders by any court of competent jurisdiction or of
governmental, supervisory or regulatory authorities or authorized
officers).
1.2.
Contract made by you with us
We will collect, use or disclose your personal data in accordance
with the request and/or agreement made by you with us, for the
following purposes, which include but not limited to:
a)
process your request prior to entering into an agreement, consider
for approval in relation to the investment (including conducting
due diligence) or the provision of services, support, deliver our
products and/or services to you, and deal with all matters
relating to the products and/or services including any activities
that if we do not proceed, then our operations or our services may
be affected or may not be able to provide you with fair and
ongoing services;
b)
authenticate when entering into, doing or executing any
transactions;
c)
carry out your instructions (e.g. respond to your enquiries or
feedback, or to resolve your complaints);
d)
provide mobile applications and other online product platforms;
e)
track or record your transactions;
f)
produce reports (e.g. transaction reports requested by you or our
internal reports);
g)
notify you with transaction alerts;
h)
recover the money which you owe (e.g. when you have not paid for
your outstanding fees);
i)
carry out relationship maintenance and operations relating to your
business relationship with us, including without limitation,
processing your applications or requests for services, processing
your transactions, and operating, administering, managing and
terminating your business relationship with us;
j)
carry out or make transactions and/or payments, such as processing
payments or transactions, fulfilling transactions, conducting
settlement, billing and processing activities;
k)
enforce our legal or contractual rights;
l)
provide IT and helpdesk supports, create and maintain code and
profile for you, manage your access to any systems to which we
have granted you access, remove inactive relationship; and/or
m)
incorporate and register a new company with the Accounting and
Corporate Regulatory Authority or other government authorithies.
1.3.
Our legitimate interests
We rely on the basis of legitimate interests by considering our
benefits or third party’s benefits with your fundamental rights in
personal data which we will collect, use or disclose for the
following purposes, which include but not limited to:
a)
conduct our business operation and Rakkar Digital group companies’
business operation (e.g. to audit, to conduct due diligence, risk
analysis and managements, to monitor, prevent, detect and
investigate fraud, money laundering, terrorism, misconduct, or
other crimes, and to identify and analyze the risks associated
with acquisition and/or investment and divestment in any
investment and partnership, which may not be required by any
governmental or regulatory authorities, and authenticate your
identity to prevent such crimes);
b)
conduct our relationship managements (e.g. to serve customers, to
conduct customer survey, to handle complaints);
c)
ensure security (e.g. to maintain CCTV records, to register,
exchange identification card and/or take photo of visitors before
entering into our building);
d)
develop and improve our products and/or services, including
systems to enhance our services standard and/or for the greatest
benefits in fulfilling your needs;
e)
record images and/or voices relating to the meetings, trainings,
seminars, recreations or marketing activities;
f)
in case of our corporate customer, we will collect, use and
disclose personal data of directors, promoters, authorized persons
or attorneys.
g)
ensure business continuity;
h)
handle claims and disputes, including solving disputes,
initiating, exercising or defending legal claims;
i)
contact you prior to your entering into a contract with us;
j)
evaluate suitability and qualifications, issuance of request for
quotation and bidding, and execution of contract with you;
k)
protect against security risks, such as monitoring network
activity logs, detecting security incidents, conducting data
security investigations, and otherwise protecting against
malicious, deceptive, fraudulent, or illegal activity;
l)
comply with foreign laws;
m)
manage our infrastructure, internal control, and business
operations and comply with our policies and procedures including
those relating to risk control, security, audit, finance and
accounting, systems and business continuity;
n)
carry out research, planning and statistical analysis (e.g. on
data analytics, assessments, surveys and reports on our products,
services and your performance);
o)
organize our promotional campaign or events, conferences,
seminars, and company visits;
p)
facilitate financial audits to be performed by an auditor, or
receive legal advisory services from legal counsel appointed by
you or us;
q)
in the event of sale, transfer, merger, reorganization, or similar
event, disclose and transfer your personal data to one or more
third parties as part of that transaction;
r)
maintain and update lists or directories of the customers
(including your personal data), and keep contracts and associated
documents in which you may be referred to; and/or
s)
comply with reasonable business requirements (e.g. management,
training, auditing, reporting, control or risk management,
statistical and trend analysis and planning or other related or
similar activities, implementing business controls to enable our
business to operate, and enabling us to identify and resolve
issues in our IT systems, and keeping our systems secure,
performing our IT systems development, implementation, operation
and maintenance, including improving user experience).
In certain cases, we may ask for your consent to collect, use or
disclose your personal data to maximise your benefits and/or to
enable us to provide services to fulfil your needs for the following
purposes, which include but not limited to:
a)
collect, use and disclose your sensitive personal data as
necessary (e.g. to use your identification card photo and criminal
record) for verification of your identity before continuing the
transaction, Know Your Client (KYC) processes, due diligence and
background check processes);
b)
collect and use your personal data and any other data to conduct
research and analyze for the greatest benefits in developing
products and services to truly fulfil your needs and/or to contact
you for offering products, services and benefits exclusively
suitable to you;
c)
send or transfer your personal data overseas, which may have
inadequate personal data protection standards (unless the PDPA
specifies that we may rely on other legal basis or may proceed
without obtaining consent);
d)
when you are classified as a minor, incompetent or
quasi-incompetent whose consent must be given by their parent,
guardian or curator (as the case may be) (unless the PDPA
specifies that we may proceed without obtaining consent); and/or
disclose your personal data and any other data to Rakkar Digital
group companiesand trusted business partners for the following
purposes: (1) conducting research and analyzing your personal data
and any other data for the greatest benefits in developing
products and services to truly fulfil your needs; and (2)
contacting you for offering products, services and benefits
exclusively suitable to you.
Apart from the lawful basis which we mentioned earlier, we may
collect, use or disclose your personal data based on the following
lawful basis:
a)
prepare historical documents or archives for the public interest,
or for purposes relating to research or statistics;
b)
prevent or suppress a danger to a person’s life, body or health;
and/or
c)
necessary to carry out a public task, or for exercising official
authority.
If the personal data we collect from you is required to meet our legal
obligations or to enter into an agreement with you, we may not be able
to provide (or continue to provide) some or all of our products and
services to you if you do not provide your personal data when
requested.
2. What personal data we collect, use or disclose
The type of personal data, namely personal data and sensitive personal
data, which we collect, use or disclose, varies on the scope of
products and/or services that you may have used or had an interest in.
The type of personal data shall include but not limited to:
Category
|
Examples of personal data
|
Personal details
| - Title
- Given name, middle name, surname, hidden name (if any)
- Gender
- Date of birth
- Age
- Educational background
- Marital status
- Nationality
|
Contact details
| - Mailing address
- E-mail address
- Phone number
- Mobile number
- Facsimile Number
-
Name of representatives or authorised persons acting on behalf
of our customers
-
Social media accounts/ID/profile and other electronic
communication ID
- Business address
- Business phone number
|
Identification and authentication details
| - ID card photo
- Identification number
- Passport information
- Driving licence
- Signatures
- Tax identification number
- House registration
|
Employment details
| - Occupation
- Employer’s details
- Position
- Salary or income
- Remuneration
- Job title
- Bonus
- Work place
|
Financial details and information about your relationship with us
| - Products and/or services you use
- Channels you use and ways you interact with us
-
Your customer status, your ability to get and manage credit,
your payment history, transaction records
-
Information about your transactions (e.g. type, number, price
and quantity, conditions (if any), payment transaction
records,financial statements, taxes, revenue, default record
and other information relating to your transactions)
- Credit card and debit card information
- Account number and account type
- Account history
- Current assets
- Income and expenses
- Payment details
- Bank account number
-
Information about your store (e.g. name, product listing,
sales volume)
|
Market research, marketing and sales information
| - Customer survey
-
Information and opinions expressed when participating in
market research e.g. responses to questionnaires, surveys,
requests for feedback, and research activities
- Details of services you receive and your preferences
- Inferences about you based on your interactions with us
-
Communication preferences and details or content of your
communications with us
|
Geographic information, information about your device and your
software, and technical details
| - Your GPS location
- IP address
-
Technical specifications and uniquely identifying data (e.g.
web beacon, log, device ID and type, network, connection
details, access details, single sign-on (SSO) details, login
log, access times, time spent on our page, cookies, login
data, search history, browsing details, browser type and
version, time zone setting and location, language preferences,
browser plug-in types and versions, operating system and
platform, and other technology on devices you use to access
the platform).
|
Investigation data
| -
Due diligence checks, including information related to Know
Your Client (KYC) or Customer Due Diligence (CDD)
-
Anti-Money Laundering and Combating the Financing of Terrorism
(AML/CFT) checks
|
User login, subscription data, and profile details
| -
Login information for using our system and applications.
- Account identifiers
- Username and password
- Interests, preferences and activities
|
Usage details
| -
Information on how you use the websites, platform, products
and services
-
Information on how you use and interact with our advertising
(including content viewed, links clicked, and features used)
|
Information concerning security
| - Visual images
- Personal appearance
- Detection of any suspicious and unusual activity
- CCTV images or recordings
- Video recordings
|
Sensitive personal data
| - Religion as shown in the identification card
- Blood type as shown in the identification card
- Criminal records
|
Other information
| -
Records of correspondence and other communications between you
and us, in whatever manner and form, including but not limited
to phone, email, live chat, instant messages and social media
communications
- Information that you provide to us through any channels
|
3. Sources of your personal data
Normally, we will collect your personal data directly from you (e.g.
through our web applications, mobile applications, your emails to us
and customer support), but sometimes we may get it indirectly from
other sources (e.g. social media, third party’s online platforms, and
other publicly available sources) and through Rakkar Digital group
companies), our affiliates, service providers, business partners,
counterparties, target companies, official authorities, or third
parties (e.g. your representative, employer, sponsor and third parties
that have roles in delivering services to you or someone acting on
their behalf may provide us with information about you), and from our
corporate customers as you are director, promoters, authorised person,
attorney, representative or contact person; in such case we will
ensure the compliance with the PDPA.
4. Your rights
The PDPA aims to give you more control of your personal data. You can
exercise your rights under the PDPA upon the effectiveness if the
provisions in relation to rights of data subjects, details are as
follows:
4.1
Right to access and obtain copy
You have the right to access and obtain copy of your personal data
holding by us, unless we are entitled to reject your request under
the laws or court orders, or if such request will adversely affect
the rights and freedoms of other individuals.
4.2
Right to rectification
You have the right to rectify your inaccurate personal data and to
update your incomplete personal data.
You have the right to request us to delete, destroy or anonymise
your personal data, unless there are certain circumstances where we
have the legal grounds to reject your request.
You have the right to request us to restrict the use of your
personal data under certain circumstances (e.g. when we are pending
examination process in accordance with your request to rectify your
personal data or to object the collection, use or disclosure of your
personal data, or you request to restrict the use of personal data
instead of the deletion or destruction of personal data which is no
longer necessary but you ask us to restrict it instead as you have
necessity to retain it for the purposes of establishment,
compliance, exercise or defense of legal claims).
You have the right to object the collection, use or disclosure of
your personal data in case we proceed with legitimate interests
basis or for the purpose of direct marketing, or for the purpose of
scientific, historical or statistic research, unless we have
legitimate grounds to reject your request (e.g. we have compelling
legitimate ground to collect, use or disclose your personal data, or
the collection, use or disclosure of your personal data is carried
out for the establishment, compliance, or exercise legal claims, or
for the reason of our public interests).
4.6
Right to data portability
You have the right to receive your personal data in case we can
arrange such personal data to be in the format which is readable or
commonly used by ways of automatic tools or equipment, and can be
used or disclosed by automated means. Also, you have the right to
request us to send or transfer your personal data to third party, or
to receive your personal data which we sent or transferred to third
party, unless it is impossible to do so because of the technical
circumstances, or we are entitled to legally reject your request.
4.7
Right to withdraw consent
You have the right to withdraw your consent that has been given to
us at any time pursuant to the methods and means prescribed by us,
unless the nature of consent does not allow such withdrawal. The
withdrawal of consent will not affect the lawfulness of the
collection, use, and disclosure of your personal data based on your
consent before it was withdrawn.
4.8
Right to lodge a complaint
You have the right to make a complaint with the Personal Data
Protection Commission or their office in the event that we do not
comply with the PDPA.
5. How we share your personal data
We may disclose your personal data to the following parties under the
provisions of the PDPA:
a)
Our parent company, Rakkar Digital group companies, business partners,
target companies and/or other persons that we have the legal
relationship, including our directors, executives, employees, staffs,
contractors, representatives, advisors and/or such persons’ directors,
executives, employees, staffs, contractors, representatives, advisors;
b)
governmental authorities and/or supervisory or regulatory authorities
(e.g. the Monetary Authority of Singapore, Accounting and Corporate
Regulatory Authority, Suspicious Transaction Reporting Office,
Personal Data Protection Commission);
c)
suppliers, agents and other entities (e.g. professional associations
to which we are member, external auditors, depositories, document
warehouses, overseas financial institutions and clearing houses, where
the disclosure of your personal data has a specific purpose and under
lawful basis, as well as appropriate security measures);
d)
any relevant persons as a result of activities relating to selling
rights of claims and/or assets, restructuring or acquisition of any of
our entities, where we may transfer their rights to; any persons with
whom we are required to share data for a proposed sale,
reorganisation, transfer, financial arrangement, asset disposal or
other transaction relating to our business and/or assets held by our
business;
e)
other banks, financial institutions and third parties where required
by law to help recover funds that have entered your account due to
misdirected payment(s) by such third parties or trace funds where you
are a victim of suspected financial crime, or where suspect funds have
entered your account as a result of financial crime;
f)
debt collection agencies, lawyers, credit bureau, fraud prevention
agencies, courts, authorities or any persons whom we are required or
permitted by laws, regulations, or orders to share personal data;
g)
third parties providing services to us (e.g. IT service providers,
market analysis and benchmarking, including but not limited to
correspondent banking, agents and subcontractors acting on our
behalf);
h)
social media service providers (in a secure format) or other
third-party advertisers so they can display relevant messages to you
and others on our behalf about our products and/or services.
Third-party advertisers may also use information about your previous
online activities to tailor adverts to you;
i)
third-party security providers;
j)
other persons that provide you with benefits or services associated
with your products or services;
k)
other customers so they can provide or deliver products and/or
services to you;
l)
our corporate customers as you are director, promoter, authorised
person, attorney, representative or contact person; and/or
m)
your attorney, sub-attorney, authorized persons or legal
representatives who have lawfully authorized power.
6. International transfer of personal data
The nature of the modern business is global and under certain
circumstances it is necessary for us to send or transfer your personal
data internationally. When sending or transferring your personal data,
we will always exercise our best effort to have your personal data
transferred to our reliable business partners, service providers or
other recipients by the safest method in order to maintain and protect
the security of your personal data, which includes the following
circumstances:
a)
comply with a legal obligation;
b)
inform you the inadequate personal data protection standards of the
destination country and obtain your consent;
c)
perform the agreement made by you with us or your request before
entering into an agreement;
d)
comply with an agreement between us and other parties for your own
interest;
e)
prevent or suppress a danger to your or other persons’ life, body or
health and you are incapable of giving consent at such time; or
f)
carry out activities relating to the substantial public interest.
7. Retention period of personal data
We will maintain and keep your personal data while you are our
customer and once you has ended the relationship with us (e.g. after
you closed your account with us, or following a transaction with us,
or in case of your application to use our services is disapproved, or
you terminated the services provided by us), we will only keep your
personal data for a period of time that is appropriate and necessary
for each type of personal data and for the purposes as specified by
the PDPA.
The period we keep your personal data will be linked to the
prescription period or the period under the relevant laws and
regulations (e.g. Anti-Money Laundering Laws, Prevention and
Suppression of Financial Support to Terrorism and the Proliferation of
Weapons of Mass Destruction Laws, Accounting Law, Tax Laws, Labour
Laws and other laws to which we are subject both in Singapore and in
other countries. In addition, we may need to retain records of CCTV
surveillance in our office and/or voice records from our customer
support activities to prevent fraud and to ensure security, including
investigating suspicious transactions which you or related persons may
inform us).
8. Use of Cookies
We may collect and use cookies and similar technologies when you use
our products and/or services. This includes when you use our websites
and application.
The collection of such cookies and similar technologies helps us
recognise you, remember your preferences and customise how we provide
our products and/or services to you. We may use cookies for a number
of purposes (e.g. enabling and operating basic functions, helping us
understand how you interact with our websites or emails, or enabling
us to improve your online experiences or our communications with you,
particularly, to ensure that online adverts displayed to you will be
more relevant to you and of your interests).
9. Security
We endeavour to ensure the security of your personal data through our
internal security measures and strict policy enforcement. We also
require our staff and third-party contractors to follow our applicable
privacy standards and policies and to exercise due care and measures
when using, sending or transferring your personal data.
10. How to contact us
If you have any questions or would like more details about our privacy
notice or would like to exercise your rights, please contact our Data
Protection Officer by writing to E-mail:
DPO@rakkardigital.com
or contact our Thailand office located at No. 2525, One FYI Center
Building, Office zone, 3rd floor, Rama 4 Road, Klongtoei, Klongtoei,
Bangkok 10110
11. Changes to this privacy notice
We may change or update this privacy notice from time to time and we
will inform the updated privacy notice at our website
www.rakkardigital.com.
Last updated: August 2022