Personal Data Protection Policy
Published on January 20, 2020

Application of This Policy
This Personal Data Protection Policy (“Policy”) sets out the basis upon which we may collect, use, disclose or otherwise process personal data in accordance with the Personal Data Protection Act (“PDPA”). This Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

Personal Data
As used in this Policy, “personal data” means data about an individual, who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.

Examples of such personal data which an individual may provide to us include (depending on the nature of the individual’s interaction with us):

(a) name, telephone number(s), mailing address, email address and any other information relating to the individual which the individual have provide using any form the individual may have submitted to us, or in other forms of interactions with the individual;
(b) information about the individual’s use of our websites and services, including cookies, information about the individual domain name, IP addresses, subscription account details and membership details and

Collection, Use and Disclosure of Personal Data
Generally, we collect an individual’s personal data in the following ways:

(a) when the individual submits forms (online or otherwise);
(b) when the individual enters into any agreement or provide other documentation or information in respect of the individual’s interactions with us;
(c) when the individual interacts with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and emails;
(d) when the individual request that we contact the individual or request that the individual be included in an email or other mailing list;
(e) when the individual responds to our promotions, initiatives or to any request for additional personal data;
(f) when we receive references from business partners and third parties, for example, where the individual has been referred by them;
(g) when the individual’s images are captured by us via CCTV cameras while the individual is within our buses, property and/or premises, or via photographs or videos taken by us or our representatives when the individual attend our events;
(h) when the individual is contacted by, and respond to, our marketing representatives and customer service officers;
(i) when we seek information about the individual and receive the individual’s personal data in connection with the individual’s relationship with us, including for our services or job applications, for example, from business partners, public agencies, the individual’s ex-employer, referral intermediaries and the relevant authorities; and/or
(j) when the individual submit the individual’s personal data to us for any other reason.

If the individual provides us with any personal data relating to a third party (e.g. information of the individual’s dependent, spouse, children and/or parents), by submitting such information to us, the individual represents and warrants that the collection, use and disclosure of that personal data to us, as well as the further processing of that personal data by us for the purposes set out below, is lawful, and the individual had obtained the consent of the third party to provide us with their personal data for the respective purposes.

We may collect, use and disclose personal data for any or all of the following purposes:

(a) performing obligations in the course of or in connection with our provision of the goods and/or services requested;
(b) verifying identity;
(c) responding to, handling, and processing queries, requests, applications, complaints, and feedback;
(d) to handle disputes and conduct and facilitate investigations and proceedings;
(e) to protect and enforce our contractual and legal rights and obligations;
(f) to prevent, detect and investigate crime, including fraud and money-laundering, and to analyse and manage other commercial risks;
(g) to manage the safety and security of our buses, premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
(h) to manage our infrastructure operations, administrative operations and business operations and to comply with internal policies and procedures;
(i) to organise, facilitate, and administer roadshows, tours, promotional events, contests and/or competitions;
(j) to comply with any contractual terms and conditions to which we are bound by;
(k) to commence, respond to, or act in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution);
(l) to monitor or record phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes;
(m) to match any personal data held which relates to the individual for any of the purposes listed herein;
(n) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sales); and/or
(o) to comply with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities.

Furthermore, where permitted under applicable data protection laws, we may also collect, use and disclose the individual’s personal data for the following “Additional Purposes”:

(a) taking or filming photographs and videos for corporate publicity or marketing purposes, and featuring the individual’s photographs and/or testimonials in our articles and publicity materials;
(b) providing or marketing services and benefits to the individual, including promotions, service upgrades, loyalty, reward and/or membership programmes (including event invitations, newsletters and marketing and promotional information to the individual pursuant to such membership programmes);
(c) organising roadshows, tours, campaigns and promotional or events and administering contests and competitions;
(d) matching personal data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of services;
(e) sending the individual details of services, services updates and rewards, either to our customers generally, or which we have identified may be of interest to the individual; and/or
(f) conducting market research, aggregating and analysing customer profiles and data to determine health-related patterns and trends, understanding and analysing customer behaviour, location, preferences and demographics for us to offer the individual other products and services as well as special offers and marketing programmes which may be relevant to the individual’s preferences and profile.

In relation to particular services or in the individual’s interactions with us, we may also have specifically notified the individual of other purposes for which we collect, use or disclose the individual’s personal data. If so, we will collect, use and disclose the individual’s personal data for these additional purposes as well, unless we have specifically notified the individual otherwise.

Subject to the provisions of any applicable law, the individual’s personal data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:

(a) amongst us and our related corporations or affiliates (including their respective staff);
(b) companies providing services relating to insurance or other service providers to us;
(c) agents, contractors, sub-contractors or third party service providers who provide operational services to us, such as courier services, telecommunications, information technology, payment, printing, billing, debt recovery, processing, technical services, transportation, training, market research, call centre, security, or other services to us;
(d) vendors or third party service providers and our marketing and business partners in connection with marketing promotions, products and services;
(e) our corporate clients;
(f) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
(g) external banks, credit card companies, other financial institutions and their respective service providers;
(h) our professional advisers such as consultants, auditors and lawyers;
(i) relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority; and/or
(j) any other party to whom the individual authorise us to disclose the individual’s personal data to.

Withdrawing Consent
The consent provided for the collection, use and disclosure of personal data will remain valid until such time it is being withdrawn by an individual in writing. An individual may withdraw consent and request us to stop using and/or disclosing his/her personal data for any or all of the purposes listed above by completing Withdrawal Consent Form or submitting request in writing or via email to our Data Protection Officer at the contact details provided below.

Upon receipt of written request to withdraw consent, we may not be in a position to administer any contractual relationship in place, which may also result in the termination of any agreements with the individual and the individual being in breach of his or her contractual obligations or undertakings. Our legal rights and remedies in such event are expressly reserved.

Withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

Keeping the Individual’s Personal Data Accurate and Up-to-Date
We encourage the individual to contact us as soon as possible to enable us to update any personal data we have about the individual. Incomplete or outdated personal data may result in our inability to provide, or delays in providing the individual with products and services the individual had requested, or processing any requests and applications the individual may have made to us.

Access To and Collection of Personal Data
If an individual wishes to make:

(a) an access request for access to a copy of the (a) personal data about him/her which is in our possession or under our control or (b) information about the ways in which we use or disclose their personal data, or
(b) a correction request to correct or update any of the personal data which is in our possession or under our control.

The individual may complete Access Request Form / personal data Correction Request Form or submit request in writing or via email to our Data Protection Officer at the contact details provided below.

Protection of Personal Data
To safeguard personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced reasonable administrative, physical and technical measures such as up-to-date antivirus protection, encryption or password-protect personal data and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised stakeholders only on a need-to-know basis.

No method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of information and are constantly reviewing and enhancing our information security measures.

Retention of Personal Data
We will cease to retain personal data, or remove the means by which the data can be associated with the individual, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected, and are no longer necessary for legal or business purposes.

Transfers of Personal Data Outside of Singapore
We generally do not transfer personal data to countries outside of Singapore. However, if we do so, we will take steps to ensure that personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

Use of Cookies
We use both first party and third party cookies. Third parties cookies are cookies operated by providers of external services like web traffic analysis services. These cookies are placed by the relevant third party and we have no control over these cookies other than allowing them to be served.

To the extent that any personal data is collected through our use of cookies, Personal Data Protection Policy will apply to processing of the data.

Reporting Channels on Personal Data Protection Issues
Any enquiries or feedback on personal data protection policies and procedures; or if an individual wish to make any request or report on personal data protection issues, they can be directed to Data Protection Officer in the following manner: