PERSONAL DATA PROTECTION PRIVACY POLICY

The purpose of this document (“Data Protection Policy”) is to inform you of how AQUEEN HOTELS PTE LTD (“Company”) manages Personal Data (as defined below) which is subject to the Singapore Personal Data Protection Act 2012 (“PDPA”).

By interacting with us, submitting information to us, signing up for any products and services offered by us, you agree and consent to the Company (including its related companies and affiliates)(collectively, the “Companies”), as well as our representatives and/or agents (collectively referred to herein as “Company”, “us”, “we” or “our”) collecting, using, disclosing or otherwise processing and sharing amongst ourselves your Personal Data, and disclosing such Personal Data to the Companies’ authorised service providers and relevant third parties in the manner set forth in this Data Protection Policy.

This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to the Company in respect of your Personal Data, and your consents herein are in additional to any rights which any of the Companies may have at law to collect, use or disclose your Personal Data.

The Company may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy as updated from time to time on our website. Please check back regularly for updated information on the handling of your Personal Data.

1.      Personal Data

a)      In this Data Protection Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (i) from that data; or (ii) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

b)        Depending on the nature of your interaction with us, the Personal Data which we may collect from you may include but is not limited to your NRIC/FIN/passport number, name, address, gender, race, nationality, telephone number, date of birth/age, email address, occupation, marital status, photographs, social media information, employment information, financial information and information collected through the use of closed circuit television (“CCTV”) systems and other security systems.  If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party by you providing us with their Personal Data for the respective purposes.

c)      Please note that the data protection provisions of the PDPA do not apply to business contact information (“BCI”). BCI is defined in the PDPA as an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes.

2.      Generally, the Company will necessarily need to collect, use, disclose, and/or process your Personal Data about you (if you are an individual), or the Personal Data of an individual in the Company’s possession (whether or not disclosed by yourself) (“Relevant Individual”) in the following ways:

a)      when you submit any form, including but not limited to application and registration forms or other forms relating to any of our property developments, hospitality products or services;

b)      when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our products and services;

c)      when you interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, face-to-face meetings, social media platforms and emails;

d)      when you use our electronic services, or interact with us via our websites, and apps or use services on our websites;

e)      when you request that we contact you or request that you be included in an email or other mailing list;

f)       when you respond to our promotions, initiatives or to any of our request for additional Personal Data;

g)      when you submit an employment application or when you provide documents or information including your resume and/or CVs in connection with any appointment as an officer, director, representative or any other position;

h)      when your images are captured by us via CCTV cameras or face recognition system while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events at our premises;

i)        when you are contacted by, and respond to, our marketing representatives, customer service officers or any of our employees;

j)        when we receive references from business partners and third parties, for example, where you have been referred by them with your consent;

k)      when we seek information from third parties about you and receive your Personal Data from third parties in connection with your relationship with us, including for our products and services or job applications, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities; and/or

l)        when you submit your Personal Data to us for any other reasons.

3.      Where you disclose to the Company any Personal Data of an individual, you hereby represent, undertake and warrant that:

a)      for any Personal Data of individuals that you will be or are disclosing to the Company, you would have prior to disclosing such Personal Data to the Company obtained the appropriate consent from the individuals whose Personal Data are being disclosed, to:

i)                permit you to disclose the individual’s Personal Data to the Company for the Purposes (as hereinafter defined); and/or

ii)              permit the Company and its Companies to collect, use, disclose and/or process the individuals’ Personal Data for the Purposes;

b)      any Personal Data of individuals that you will be or are disclosing to the Company are accurate. Further, you shall give the Company notice in writing as soon as reasonably practicable should you be aware that any such Personal Data has been updated and/or changed after such disclosure;

c)      you shall give the Company notice in writing as soon as reasonably practicable should you be aware that any individual above has withdrawn such consent set out at sub-clause 3(a). Without prejudice to the Company’s other rights under law and/or the agreement(s) between yourselves and the Company, upon receipt by the Company of the said notification, the Company shall have the right to discontinue or not provide any of its services and/or products that are linked to such Personal Data ; and

d)      you shall otherwise assist the Company to comply with the PDPA and all subsidiary legislation related thereto.

4.      Your Personal Data or Personal Data of the Relevant Individual will be collected, used, disclosed and/or processed by the Company for one or more of the following purposes:

a)      transacting with you and providing our products and services;

b)      processing payment or credit transactions;

c)      responding to, handling, and processing your queries, feedback, applications, complaints and requests;

d)      managing the administrative and business operations of the Company and complying with internal policies, reporting requirements and procedures;

e)      facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the Companies;

f)       requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our products, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our products and services;

g)      monitoring or recording phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes;

h)      matching any Personal Data held which relates to you for any of the purposes listed herein;

i)        preventing, detecting and investigating crime and analysing and managing commercial risks;

j)        managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);

k)      hosting, storing or backing-up your Personal Data, which may be on third party servers or data clouds;

l)        legal purposes in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;

m)   our legitimate and/or lawful interests pursued by us or third parties appointed by us. When we rely on such a legitimate and/or lawful interest as a basis, we will conduct an assessment and such interests include (but are not limited to) providing products or services that you have contracted with us for or have requested from us in, responding to queries that you may have of us, managing or administering the business relationship between you and us;

n)      conducting investigations relating to disputes, billing or fraud;

o)      meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal, statutory or regulatory bodies which are binding on the Company (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies, disclosures required in the public interest or emergencies and conducting audit checks, due diligence and investigations which may be carried out by statutory authorities);

p)      purposes which are reasonably related to the aforesaid;

q)      transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the abovementioned purposes; and/or

r)       any other purposes for which you have provided the Personal Data.

(collectively, the “Purposes”).

5.      In addition, the Company may also collect, use and disclose your Personal Data for the following purposes:

a)      If you are a shopper, visitor, customer or an employee of an organisation which is a customer of the Company (for products and services relating to, without limitation, hotels and resorts, restaurants, meetings, and events):

i)                providing customer service and support (including but not limited to customer relationship management, service operations and delivery, administering rewards and benefits, and attending to your requests for any other goods and services whether or not offered by the Company); and/or

ii)              purposes which are reasonably related to the aforesaid.

b)      if you are a tenant, or an employee, business partner, director or representative of an organisation that is a tenant of any of our properties, whether existing or prospective or if you are an owner to any properties managed by us, whether existing or prospective:

i)                facilitating and administrating the sale or lease of our properties (including but not limited to customer relationship management which may include the setting up and administration of any online portals for such customer relationship management, processing and confirming your purchase or tenancy, providing you with services, facilities and administrative support, and administering rewards and benefits);

ii)              maintaining our property developments and remedying defects;

iii)            managing referrals; and/or

iv)            purposes which are reasonably related to the aforesaid.

c)      if you are a visitor to our properties or office premises:

i)                facilities management (including but not limited to issuing visitor access passes, and recording entries to and exits from our premises);

ii)              providing services and facilities; and/or

iii)            purposes which are reasonably related to the aforesaid.

d)      if you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by the Company:

i)                assessing your suitability as an external service provider or vendor for the Company;

ii)              managing project tenders and quotations, processing orders or managing the supply of goods and services;

iii)            managing business operations and product development; and/or

iv)            purposes which are reasonably related to the aforesaid.

e)      if you submit an application to us as a candidate for an employment:

i)                conducting interviews;

ii)              processing your application (including but not limited to pre-recruitment checks involving your qualifications and facilitating interviews);

iii)            providing or obtaining references and for background screening;

iv)            assessing your suitability for the position applied for;

v)              onboarding successful candidates and facilitating human resource planning and management; and/or

vi)            purposes which are reasonably related to the aforesaid.

6.      We may disclose your Personal Data:

a)      where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you;

b)      to third party service providers, agents and other parties we have engaged to perform any functions with reference to the Purposes; and/or

c)      to statutory boards, regulatory bodies or relevant authorities in connection with any application or submission required for the Purposes or for compliance and reporting purposes.

7.      Please note that the disclosures referred to above may be subject to additional legal requirements under applicable law, if we do disclose your Personal Data, we will only do so to the extent necessary, proportionate and legally permitted.

8.      Use of Cookies

a)      When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).

b)      Cookies are small text files stored in your computing or other electronic devices which allow us to remember you. The cookies placed by our server are readable only by us. Cookies are not programs and therefore cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.

c)      Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, by doing so you may not be able to use certain services or enter certain part(s) of our website.

9.      If you have provided us with your Singapore telephone number(s) and have indicated that you consent to receiving marketing or other promotional information via your Singapore telephone number(s), or where we are permitted to do so under the PDPA, then from time to time, we may contact you using such Singapore telephone number(s) (including via voice calls, text, fax or other means) with information about our products, services and other marketing or promotional materials/communication even if these telephone number(s) are registered with the DNC Registry.

10.  The Company will take reasonable efforts to protect Personal Data in our possession or our control by making reasonable security arrangements to prevent unauthorised access, collection, disclosure, copying, modification, disposal or similar risks. However, we cannot completely guarantee the security of any Personal Data we may have collected from or about you, or that for example no harmful code will enter our website (for example viruses, bugs, trojan horses, spyware or adware). You should be aware of the risks associated with using websites.

11.  While we strive to protect your Personal Data, we cannot ensure the security of the information you transmit to us via the Internet or through the use of our services and we urge you to take every precaution to protect your Personal Data when you are on the internet or use such platforms.

12.  You should keep your username and password secure and confidential and should not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place. We shall not be liable for any failure or negligence on your part nor liable for any loss or damage that you may suffer resulting from any security breaches, unauthorised and/or fraudulent use of your username and password.

13.  If any transfer of your Personal Data is outside your country of residence , we will take reasonable steps to ensure that your Personal Data that is transmitted remains adequately protected to a standard similar to that afforded by the PDPA. In addition, we will ensure that such transfers comply with the requirements of the applicable data protection laws.

14.  All Personal Data is retained for as long as it is necessary for the purposes that it has been collected in accordance with our data retention policy. Any third parties  engaged by us to manage or store our data are also required to ensure that the Personal Data is retained or disposed in accordance to the retention period as may be agreed or stipulated in their respective engagement contract(s).

15.  The consent that you provide for collection, use and disclosure of your Personal Data or the Relevant Individual’s Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your Personal Data or the Relevant Individual’s Personal Data for any or all of the Purposes listed above by submitting your request in writing or via email at the contact details provided below. We require thirty (30) days to process your withdrawal request. Please note that depending on the circumstances and the nature/extent of the withdrawal, such withdrawal of consent may result in the Company’s inability to provide you or the Relevant Individual with the services and products and hence may result in the termination of the relationship between yourself or the Relevant Individual and the Company or other consequences of a legal nature which may arise by virtue of the legal relationship between yourself or the Relevant Individual with the Company.

16.  Please note that if your Personal Data is provided to us by a third party (e.g. a referrer, or your company), you should contact that third party or organisation or individual if you have any queries, complaints, access or correction requests that you wish to make to the Company.

17.  Our Companies’ websites may contain links to other third-party operated websites operated by third parties which we have no control over. We are not responsible for the privacy and/or data protection practices of such third-party operated websites that are linked to our websites. Once you leave our website by clicking the relevant link to the third-party operated website, your access and use of that third-party website will be governed by the privacy or data protection policy of that website.

18.  For the avoidance of doubt, in the event that Singapore personal data protection law permits an organization such as the Company to collect, use or disclose your personal data or the personal data of the Relevant Individual without either of your consent, such permission granted by the law shall automatically apply to your Personal Data and that of the Relevant Individual.

19.  You agree that where your written permission is required by law or otherwise for any disclosure of your Personal Data by the Company, the signing of the Company’s application form(s), personal data content form and/or other methods of consent notification, as well as in any other manner permitted by law shall constitute and be deemed to be sufficient written permission for such disclosure.

20.  To the extent that the applicable law allows, you or a Relevant Individual may request access to, and correction of, each of your personal data respectively. Each of you acknowledge that some personal data may be exempt from such access and correction rights in accordance with local personal data protection laws. You may wish to contact the Company at dpo@tenpage.com should either of you wish to request such access to, and/or correction of, your personal data. Kindly note that we may also be charging each of you a reasonable fee for the handling and processing of your requests to access your personal data.

This Policy is governed by and shall be construed in accordance with the laws of Singapore.