Privacy Policy
28 September 2022
1. We care about your personal data
We care about protecting and respecting your personal data. In order to serve you better, we need to collect some personal data about you. This Privacy Policy will help you understand how we collect and use your personal data, who we disclose your personal data to, and how you can control the way your personal data is collected, used and disclosed by us.
If you access or use this Website, then you shall be deemed to consent to the collection, use and disclosure of your personal data in accordance with this Privacy Policy. If you do not agree to this Privacy Policy, please stop using our Website.
2. How do we collect data? What information do we collect about you?
Personal data we collect about you will be used in line with this Privacy Policy.
We may use online tracking technologies such as cookies, pixel tags, web beacons and other similar technologies to automatically collect information about:
your visits to our Website, such as your browsing history, how long you stay on Website, and the frequency of visits;
your location information as provided by your mobile or other device when you interact with our Website, including your IP address and general geographic location; and
the device that you use to browse our Website (e.g. your device ID, operating system, type of device, browser type and version, mobile application crashes and other system activity, and third party sites you were using before interacting with our Website).
You have the right to disable any of these online tracking technologies.
We also collect some of your personal data whenever we communicate with you (e.g. email content, contact information, etc.), or when you complete any voluntary surveys and questionnaires we may send you from time to time (e.g. your demographic information and feedback.
3. How do we use your information?
We will only use your personal data for the purposes set out below.
(a) Marketing
If you choose to receive direct marketing materials, to provide you with them.
(b) Optimisation and improvements
We may use your personal data to understand and improve our Website or our operations through various means, such as the use of analytics tools, research, surveys and feedback forms.
(c) Legal and administration purposes
We may use your personal data to investigate or handle any incidents, claims or disputes, or as otherwise required by law or requested by any law enforcement or regulatory authorities, courts or other governmental agencies. We may also use your personal data in relation to any legal proceedings concerning you.
4. Who do we share your information with?
To protect your personal data, we will endeavour to only share with third parties, data which has either been aggregated and anonymised or which otherwise does not contain your name or contact details. However, there may be limited circumstances where we will share data (which may include your personal data) with third parties who may or may not be located overseas, as detailed in this section. By using our Website, you agree to allow us to share your personal data with third parties and to the cross-border transfer of your personal data in accordance with this section. Regardless of where we store or process your personal data, we are committed to protecting it and will take reasonable steps to safeguard it in accordance with this Privacy Policy and all applicable laws.
(b) Minden Group
Your personal data may be transferred to any of Minden’s related corporations (Minden and such corporations collectively, “Minden Group”) for any of the purposes we have set out above.
(c) Service providers
Your personal data may be shared with our or any Minden Group members' service providers (including agents and contractors) who process personal data on our behalf to help us administer and operate our Website, to conduct data analytics, to help aggregate and anonymise the personal data, or to carry out any of the purposes set out above. These may include IT vendors, back-office and front-end or ancillary service providers, call centre operators, marketing agencies, data management and analytics service providers, and customer contact services. Our service providers may contact you on our behalf or on behalf of our Minden Group members, for any of the purposes set out above.
We only use trustworthy service providers, who are under an obligation to only use your personal data in accordance with this Privacy Policy.
(d) Professional advisors and assignees
When necessary, we may share your personal data with our professional advisors, including lawyers, accountants, financial advisors and insurers. Your personal data may also be shared with third parties in connection with any merger, acquisition, consolidation, restructuring, sale of assets, financing or any other similar scenarios involving the transfer of some or all of our business assets.
(e) Government and regulatory authorities
This Privacy Policy is governed by the laws of Singapore. We strive to handle your personal data in accordance with any data privacy laws, including the Personal Data Protection Act 2012, that we believe apply to us. Your personal data may be shared with regulatory authorities, courts and other governmental agencies to comply with any legal or regulatory requirements, orders or requests. Any dispute concerning the terms and conditions of this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Singapore.
5. Aggregated and anonymised data
Aggregated or anonymised data that does not include any personally identifiable information, may be used by us for various purposes, including enabling them to better understand customer needs or to improve and adapt their operations, products and services, or for the purposes of industry benchmarking, machine learning, research or analytics.
6. Direct Marketing
If you have opted to receive direct marketing communications from us, we may use your personal data to:
send you direct marketing communications in connection with the latest news, events and updates;
analyse your preferences and online behaviour in order to gain insights, so that we can customise the content and types of news, events, updates, that we present to you; and
in conjunction with any seasonal events or other promotional activities.
We may send you direct marketing communications and market research invitations by email.
Before providing you with direct marketing communications, we will always ask for your consent. You can choose at any time not to receive any direct marketing communications from us.
7. How do we keep your information secure?
We take the confidentiality and security of your information seriously. We take all reasonable steps, including the implementation of technical and physical security measures, to ensure that all your personal data held by us is kept secure and safe from any loss or unauthorised disclosure, use and modification.
8. How long do we keep your data for?
We will keep your personal data only for so long as is necessary to fulfil the purposes outlined in this Privacy Policy, unless required for other legal or business purposes. Once we no longer need your personal data, we will either irreversibly anonymise or securely delete it on our servers.
9. Your rights
(a) Access and correction
You have the right to access and correct your personal data held by us, at any time.
(b) Opt-out of direct marketing
At any time, you can ask us to stop using your personal data to send you direct Marketing Communications. We will stop using your personal data to send you Marketing Communications in accordance with your request.
10. How do we manage updates to this policy?
From time to time, we may update this Privacy Policy to reflect new technologies, regulatory requirements or any other changes that may be necessary.
17. How to contact us
If you have any questions or comments concerning this Privacy Policy, you can contact our Data Protection Officer at dpo@tomoloyalty.com