PRIVACY POLICY

iShopAt Privacy Policy

Personal Data Protection Policy

PRIVACY POLICY

1. INFORMATION COLLECTION AND USE

iShopAt Pte Ltd (“iShopAt”) collects information on its users when you sign up for an account, when using the mobile applications and when you visit pages on www.ishopat.com.sg, including but not limited to your name, identification card number, birth certificate number, passport number, nationality, address, telephone number, fax number, bank details, credit card details, race, gender, date of birth, marital status, resident status, education background, financial background, personal interests, email address, your occupation, , any information about you which you have provided to iShopAt or its affliates in registration forms, application forms or any other similar forms and/or any information about you that has been or may be collected, stored, used and processed by iShopAt or its affiliates from time to time and includes sensitive personal data such as data relating to health, religious or other similar beliefs.

Once you register with us, you are not anonymous to us. Page visits or mobile application usage may also store information about your computer or mobile phone configuration such as your IP address, location, where you have executed transactions stored within the application, screens viewed within the mobile application, cookie information and the pages you requested. iShopAt may use this information to help make changes to the service to better serve you and our users. We also use the information to customise content on the site or in the mobile application and to match offers to you that will be displayed to you. iShopAt will never sell or disclose your information to third parties without your explicit permission.

The completion of a cashback submission via the iShopAt Cashback Programme is considered an action by you to opt into and consent to the sharing of such information to the merchant and iShopAt. This information may be shared with the merchant and iShopAt and may be used to match offers and services to your profile. The information shared with the merchant may be used at the merchant’s discretion and iShopAt does not assume liability or responsibility of how the information is used by the merchant. iShopAt will never sell or disclose your information to third parties without your explicit permission.

2. INFORMATION SHARING AND DISCLOSURE

iShopAt will never distribute or sell personal information from our users to any third party unaffiliated with iShopAt except to provide products or services that you have requested, when we have your permission, or under the following circumstances:

a) To respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;

b) to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of iShopAt’s terms of use, or as otherwise required by law.

We will transfer information about your account to another company if iShopAt is acquired by, merged or is subject to an injection of investment. In this event, iShopAt will notify you before information about you is transferred and becomes subject to a different privacy policy.

We may from time to time make user information available on at aggregated level to participating merchants or advertisers using the platform in the form of reports. This information does not contain personally identifiable information.

3. LOCATION

When using the mobile service and website, we may use and store your location data if it has been explicitly granted to the application or website by you, to verify transactions as well as to improve the user experience through localised content. The website or mobile application may use technologies available through the devices including GPS, WiFi, IP address and cell towers to generate your location.

4. COOKIES

iShopAt may set and access iShopAt cookies on your computer or mobile device. iShopAt cookies will not store any personal information about you. We use cookies only to recognize you as a user.

5. ACCOUNT INFORMATION

a) You can change your notification options at any time by contacting iShopAt.

b) You can choose to opt-out and not receive any newsletters or promotional emails by clicking on the “unsubscribe” link which is embedded in every non-administrative or service notification emails sent by iShopAt.

c) We reserve the right to send you certain communications relating to the iShopAt service, such as service announcements, administrative messages and service notifications, that are considered part of your iShopAt account, without offering you the opportunity to opt-out of receiving them.

d) You can delete your iShopAt account by e-mailing support@ishopat.com.sg and requesting that we delete your account. You will not be able to recover any transaction records or redeem any cashback sums once your account has been deleted.

e) Any information that may have been collected during your visits to www.ishopat.com.sg or use of the mobile application may remain after your account has been permanently deleted for aggregated reporting and analysis, but this information may not be used to uniquely identify you.

6. SECURITY

We care about your private information, so we make every effort to protect it including:

a) Encrypting data through HTTPS

b) Storing private data encoded

c) Restricting access to personal information to only employees that require the information to process it

7. CHANGES TO THIS POLICY

iShopAt may update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the email address specified in your iShopAt account or by placing a prominent notice on our site.

8. PERSONAL DATA COLLECTION

The terms of this Privacy Policy is to be read with the Personal Data Protection Policy below. By registering as a user, you hereby consent to the collection of your personal data by iShopAt or its affiliates.

9. QUESTIONS AND SUGGESTIONS

If you have questions or suggestions, please contact us: support@ishopat.com.sg

PERSONAL DATA PROTECTION POLICY

1. OBJECTIVES

2. PERSONAL DATA PROTECTION ACT 2012 (“PDPA”)

3. CONSENT OBLIGATION

4. PURPOSE LIMITATION OBLIGATION

5. ACCESS AND CORRECTION OBLIGATION

6. ACCURACY OBLIGATION

7. PROTECTION OBLIGATION

8. RETENTION LIMITATION

9. TRANSFER LIMITATION OBLIGATION

10. DO NOT CALL PROVISIONS

11. COMPLAINT HANDLING PROCEDURE

12. COMPLIANCE WITH THIS POLICY

13. REVIEW OF THE iShopAt DATA PROTECTION POLICY

14. DATA PROTECTION OFFICER (“DPO”)

iShopAt Pte Ltd Personal Data Protection Policy

iShopAt Pte Ltd (“iShopAt”) is committed to the protection of your personal data. iShopAt collects, uses, discloses and retains your personal data in accordance with the Personal Data Protection Act 2012, Cap (“PDPA”) and our own policies and procedures.

The purpose of this Data Protection Policy (“Policy”) is to inform you how iShopAt collects, uses, discloses and retains personal data. This Policy as part of our on-going commitment to the protection of your personal data. In this Policy, personal data refers to data, whether true or not, about an individual who can be identified: a) from that data; or b) from that data and other information to which the organisation has or is likely to have access.

1. OBJECTIVES

The objectives of this Policy are to:

1.1. provide a set of privacy and personal data protection standards that govern our procedures and protect the privacy of your personal data;

1.2. demonstrate our on-going commitment to protecting your privacy and addressing any privacy concerns that you might have;

1.3. describe the ways in which we collect, use, disclose and retain your data;

1.4. ensure that we comply with the PDPA; and

1.5. facilitate our compliance with any further developments in the protection of personal data.

2. PERSONAL DATA PROTECTION ACT 2012 (“PDPA”)

Contained in this document is guidance as to how we collect, use, disclose and retain your personal data in accordance with the PDPA and how we administer this Policy.

3. CONSENT OBLIGATION

3.1. Consent Required

3.1.1. iShopAt shall not collect, use, or disclose your personal data unless:

(a) you give, or are deemed to give, consent to the collection, use or disclosure of your personal data; or

(b) the collection, use, or disclosure of your personal data without your consent is required or authorised under the PDPA or written law.

3.2. Provision of Consent

3.2.1. iShopAt shall not, as a condition of providing a product or service to you, require you to consent to the collection, use or disclosure of your personal data beyond what is reasonable to provide the product or service to you.

3.2.2. iShopAt shall not obtain or attempt to obtain your consent for collecting, using or disclosing personal data by providing false or misleading information with respect to the collection, use or disclosure of your personal data, or use deceptive or misleading practices.

3.3. Deemed Consent

3.3.1. You are deemed to consent to the collection, use or disclosure of your personal data for a purpose if:

(a) you voluntarily provide your personal information to iShopAt for that purpose, albeit without actually expressly providing your consent; and

(b) it is reasonable that you would voluntarily provide the data; or

(c) you create an account with us and use our loyalty system.

3.3.2. iShopAt collects information about you when you sign up for an account, when using the mobile application, and when you visit pages on our websites. iShopAt may also collect information about you from other public web sites or social networks. When you register with us, you are not anonymous to us. Page visits or mobile application usage may also store information about your computer or mobile phone configuration. This may include, for example, your IP address, location, the screens you have viewed, cookie information, and page requests.

3.3.3. You are deemed to consent to share your information with merchants listed on the iShopAt system or any new merchant that may subscribe to iShopAt subsequent to your use.

3.3.4. You are deemed to consent to share your information if:

(a) We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;

(b) We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threads to the physical safety of any person, violations of iShopAt Terms of Service, or as otherwise required by law; and

(c) iShopAt is acquired by or merged with another entity or is subject to an injection of investment.

3.3.5. iShopAt reserves the right to send you certain communications relating to the iShopAt service such as announcements, administrative messages, and service notifications.

3.3.6. You consent to the placement of cookies on your computer or mobile device created as a result of your use of our mobile application or websites.

3.4. Withdrawal of Consent

On providing reasonable notice to iShopAt, you may at any time withdraw any consent given, or deemed to be given, in respect of the collection, use or disclosure of your personal data by iShopAt for any purpose.

3.4.1. You may submit the withdrawal of consent via mail, email, or by selecting the provided options in our application.

3.4.2. On receipt of such notice, iShopAt shall inform you of the likely consequences of withdrawing your consent.

3.4.3. Please allow up to 30 days for iShopAt to process and update your request if delivered by mail or email. You may continue to receive marketing messages and other product information from iShopAt within these 30 days.

3.4.4. iShopAt shall not prohibit you from withdrawing your consent to the collection, use or disclosure of your personal data.

3.4.5. If you withdraw your consent, then iShopAt shall cease collecting, using or disclosing your personal data unless otherwise required under the PDPA or other written law.

3.4.6. Although you may have withdrawn consent for the collection, use or disclosure of your personal data, iShopAt may retain your personal data in accordance with iShopAt Records and Retention Policy.

4. PURPOSE LIMITATION OBLIGATION

4.1. Limitation of Purpose

4.1.1. iShopAt shall collect, use or disclose your personal data only for purposes:

(a) that a reasonable person would consider appropriate in the circumstances; and

(b) where you have been informed in accordance with this Policy, to the extent applicable.

4.1.2. iShopAt may use your personal information to help make changes to the service to better serve you and our users. We also use the information to customise content on the site or in the mobile application to match offers to you to provide you better service.

4.2. Notification of Purpose

4.2.1. iShopAt shall provide you with the following information whenever we seek to obtain your consent to the collection, use or disclosure of your personal data, except under circumstances where your consent is deemed or is not required:

(a) the iShopAt Terms and Conditions of Use on sign-up or before collecting your personal data;

(b) any other purpose(s) for the use of your personal data of which you have not been informed under this Policy, before the use or disclosure of your personal data for that purpose; and

(c) on request by you, the contact details of the iShopAt Data Protection Officer (“DPO”) who can answer your questions about collection, use or disclosure of your personal data.

4.3. Personal Data and Business Partners

4.3.1. iShopAt does not receive from or provide to its business partners any form of personal data (as defined in the PDPA) in the course of iShopAt’s business.

4.3.2. In accordance with this Policy, information may be shared with merchants. iShopAt does not assume liability or responsibility of how the information is used by the merchant.

5. ACCESS AND CORRECTION OBLIGATION

5.1. Access to Your Personal Data

5.1.1. On your request, and subject to the restrictions set forth in the PDPA, iShopAt shall, as soon as reasonably possible, provide you with:

(a) your personal data that is in retained by or controlled by iShopAt; and

(b) information about the ways in which your personal data has or may have been used or disclosed by iShopAt within a year before the request.

5.2. Correction of Your Personal Data

5.2.1. You may request iShopAt correct an error or omission in your personal data that is under control or possession by iShopAt. Unless iShopAt is satisfied on reasonable grounds that a correction should not be made or the law states otherwise, iShopAt shall:

(a) correct your personal data as soon as practicable; and

(b) send your corrected personal data to every organisation to which your personal data was disclosed by iShopAt within a year before the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.

5.2.2. iShopAt is not required to correct or alter an opinion, including professional or an expert opinion.

6. ACCURACY OBLIGATION

You, the user of iShopAt applications, are solely responsible to ensure that your personal data is accurate and complete. iShopAt provides mechanisms in its software allowing you to update or change your personal information retained by iShopAt.

7. PROTECTION OBLIGATION

iShopAt shall protect personal data in its possession or control by making reasonable security arrangements such as encryption to prevent unauthorised access, collection, use, disclosing, copying, modification, disposal or any other similar risks.

8. RETENTION LIMITATION

iShopAt shall cease to retain your personal data, or remove the means by which your personal data can be associated with you, as soon as it is reasonable to assume that:

8.1. the purpose for which your personal data was collected is no longer being served by retention of your personal data; and

8.2. retention is no longer necessary for legal or business purpose.

9. TRANSFER LIMITATION OBLIGATION

iShopAt shall not transfer your personal data outside of Singapore except in accordance with the requirements of the PDPA.

10. DO NOT CALL PROVISIONS

10.1. iShopAt shall not, and shall ensure that its agents shall not, send a specified message to a Singapore telephone number without first checking with the Do Not Call Registry established by the Personal Data Protection Commission (“PDPC”) and receiving confirmation from the PDPC that such Singapore telephone number is not listed on the Do Not Call Registers.

10.2. iShopAt shall not, and ensure that its agents shall not, send a specified message to a Singapore telephone number, unless the specified message includes clear and accurate information identifying the person sending the specified message and/or iShopAt, and such person’s and/or contact information retained by iShopAt.

10.3. The prescribed duration within which iShopAt must check with the Do Not Call Registry before sending a specified message to a Singapore telephone number will be:

(a) 60 days, for messages sent before 1 August 2014; and

(b) 30 days, for messages send after 1 August 2015.

10.4. You may continue to receive marketing messages and other product information from iShopAt within the prescribed validity period.

10.5. iShopAt shall not make, cause or authorise a voice call addressed to Singapore telephone number that conceals or withholds, or that has the effect of concealing or withholding, the calling line from the recipient.

10.6. iShopAt shall not require a subscriber or user of a Singapore telephone number to consent to the sending of a specified message beyond what is reasonable for iShopAt to provide its goods and services. iShopAt shall not obtain or attempt to obtain such consent by:

(a) providing false or misleading information; and

(b) using deceptive or misleading practices.

10.7. If a subscriber or user of a Singapore telephone number gives notice withdrawing consent for the sending of a specified message to that number, then iShopAt shall cease (and cause its agents to cease) sending specified messages to that number.

11. COMPLAINT HANDLING PROCEDURE

11.1. Should you be unhappy with our treatment of your personal data or you believe there has been a breach of this Policy, please contact the iShopAt Data Protection Officer and clearly set out the nature of your concern.

11.2. Complaints may be initially made orally, or in writing. Where a complaint is made orally, you must confirm the complaint in writing as soon as possible. If you require assistance in lodging your complaint, please contact us.

11.3. Your complaint will be reviewed and you will be provided with a written response within fourteen (14) working days.

12. COMPLIANCE WITH THIS POLICY

12.1. iShopAt implements this Policy through the use of proper procedures and staff training to ensure compliance with this Policy.

12.2. We ensure that our employees and any representatives who deal with personal data are aware of the standards of this Policy.

12.3. iShopAt requires that all of its employees and representatives with access to personal data maintain confidentiality concerning that personal data. We implement that requirement through appropriate contractual terms and internal policies.

12.4. Our procedures for handling personal data are developed to implement the standards of this Policy. iShopAt trains its employees in the proper conduct of those procedures that are relevant to their duties.

13. REVIEW OF THE iShopAt DATA PROTECTION POLICY

13.1. iShopAt ensures that this Policy remains current and continues to fulfil its objectives. This is achieved through periodical reviews, having regards to:

(a) the need to actively consider privacy and data protection issues as new products and services are developed or offered;

(b) any guidance issued in relation to PDPA; and

(c) any changes to PDPA.

13.2. iShopAt will provide a notification on our web site when this policy has been updated or changed.

14. DATA PROTECTION OFFICER (“DPO”)

For further information about this Policy or to access our complaint handling procedures, please address your correspondence to:

iShopAt Data Protection Officer

Address: 60 Paya Lebar Road, #11-47A, Paya Lebar Square, Singapore 409051
E-mail: dhaslie@ishopat.com.sg

Last updated on 12 Dec 2017