Privacy Policy
Last updated 5 July 2023
Please note that the Privacy Policy has been recently updated as of 5 July 2023.
1. Acceptance of Privacy Policy
1.1. This is the privacy policy (“Privacy Policy”) for Synfindo Singapore Pte. Ltd. (UEN:202225548E), a company incorporated in Singapore with its registered address at 83 Clemenceau Avenue, #02-01, UE Square, Singapore 239920 (“Synfindo”). In this Privacy Policy, “we”, “us” and “our” refers to Synfindo.
1.2. This Privacy Policy describes how we may collect, use, disclose and process your personal data when you: (i) access or use our websites (including synfindo.com or www.apixplatform.com, (including all its sub-domains) “Websites”) and services and applications provided therein; and/or (ii) provide us with your personal data.
1.3. By accessing and using our Services, you agree to be bound by the terms of this Privacy Policy which is subject to our Terms of Use, and consent to our collection, use and disclosure of your personal data in accordance with this Privacy Policy. If you do not agree to the Terms of Use and/or do not consent to such collection, use and disclosure of your personal data, please do not download, access or use our Services.
1.4. By reading and accepting this Privacy Policy you acknowledge that you have been notified of the purposes for which the data is collected and you (or your authorised representative) have provided consent to the collection and usage of your personal data for those purposes, some of which are listed under Section 5 of this Privacy Policy. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where listed in this Privacy Policy, or permitted or authorised by law).
1.5. We will only use your personal data where you have given us your consent or where we have other lawful basis for doing so, and in the manner set out in this Privacy Policy.
1.6. By providing us with personal data, you acknowledge that our collection, use, disclosure and processing of personal data will be in accordance with this Privacy Policy, including, for the avoidance of doubt, the cross-jurisdictional transfer of your data. DO NOT provide any personal data to us if you do not accept this Privacy Policy.
1.7. This Privacy Policy supplements but does not supersede nor replace any consents you may have provided to us, or any other agreements or arrangements that you may have with us, in respect of your personal data.
1.8. If you have any feedback or issues in relation to your personal data, or about this Privacy Policy, or wish to make a complaint to us, you may contact our Data Protection Officer at: Email: legal@synfindo.com When you contact us, we may require that you submit certain forms or provide certain information, including verification of your identity, before we are able to respond.
1.9. Personal Data Protection Act 2012 of Singapore ("PDPA”) shall be the governing law for this Privacy Policy.
2. Changes to Privacy Policy
We reserve the right, at our sole discretion, to modify or update this Privacy Policy at any time and all changes will become immediately effective upon posting. Your continued access to or use of our Services after such changes have been posted shall bind you to such changes and the amended Privacy Policy. It is your sole responsibility to check this Privacy Policy regularly for changes. If you do not agree to the amended Privacy Policy, please do not continue to access or use our Services.
3. Collection of Information
3.1. “Personal data” is data that can be used to identify a natural person. The types of personal data that we may collect and store include, but are not limited to: (a) Identity and Contact Data. This includes your name, NRIC or passport number, address, contact details, telephone numbers, email address, geographic location given to us through our Website or through signing up for our mailers; (b) Profile Data. This includes: (i) unique identifiers such as your username, decentralised identifier, account number or password, and (ii) details of your use of our products and services; (c) Feedback, messages and survey responses. This includes any messaging you send us in a service request, question or concern including via email, telephone or via our Websites. (d) Verifiable Credentials containing personal data which are either issued by you (as Issuer) or to you (as Holder). “Verifiable Credentials” shall refer to tamper-evident data in a machine-readable format (i.e. expressed as structured code) that contains information/ pertains to a certain data point about a natural person or legal entity.
3.2. Personal data collected from cookies and similar technologies. We use commonly used tools to automatically collect information that may contain personal data from your computer or mobile device as you visit our Websites or in general use our services. This includes your internet protocol (IP) addresses, browser and device information, internet service provider (ISP), referring/exit pages, the files viewed on our Websites (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data.
3.3. Voluntary provision of personal data. We may collect personal data (i) that you voluntarily provide to us; or (ii) from third parties; or (iii) through your use of our (or our services provider’s) digital technologies and services. What personal data we collect depends on the purposes for which the personal data is collected and what you have chosen to provide.
3.4. Providing personal data belonging to others. In certain circumstances, you may also provide us with personal data of persons other than yourself (such as your colleagues, family members and friends). If you do so, you represent and warrant that you have brought this Privacy Policy to his/her attention, informed him/her of the purposes for which we are collecting his/her personal data and that he/she has consented to your disclosure of his/her personal data to us for those purposes and accepts this Privacy Policy. You agree to indemnify and hold us harmless from and against any and all claims by such individuals relating to our collection, use and disclosure of such personal data in accordance with the terms of this Privacy Policy.
3.5. Accuracy and completeness of personal data. You are responsible for ensuring that all personal data that you provide to us is true, accurate and complete. You are responsible for informing us of any changes to your personal data.
3.6. Minors. Our Websites and/or services are not intended to be accessed or used by children, minors or persons who have not attained the age of 18 years and therefore not able to give consent to the collection, use or disclosure of personal data (relying on the Civil Law Act and PDPC Advisory Guidelines). If you are a parent or guardian and you have reason to believe your child or ward has provided us with their personal data without your consent, please contact us.
3.7. Verifiable Credentials. You acknowledge and consent to the collection, use, disclosure, processing, transfer and storage of your personal data by us and/or third party service providers that facilitate the transactions and activities between you and other users or third parties on or through our Websites, for the purposes of generating, creating, providing, storing, processing, facilitating, transferring, transmitting and managing Verifiable Credentials. You acknowledge and consent for us (or our service providers) to disclose your data and information (including Verifiable Credentials) to third parties at your instruction and/or direction.
3.8. When our collection is based on consent, you can choose not to provide us with personal data. You also have the right to withdraw your consent for us to continue collecting, using, disclosing and processing your personal data, by contacting us. However, if you do so, it may not be possible for us to fulfil the purposes for which we require the personal data, including processing your transactions or providing you with the products and services that you require.
4. How We Collect Personal Data
4.1. Personal data you provide. We collect personal data that is relevant to our relationship with you. We may collect your personal data directly or indirectly through various channels, such as when: (a) you access, download or use our Websites and services; (b) you authorise us to obtain your personal data from a third party; (c) you enter into agreements with us; (d) you transact with us, contact us or request that we contact you through various communication channels, for example, through social media platforms, messenger platforms, face-to-face meetings, telephone calls, emails, fax and letters; (e) you request to be included in an e-mail or our mailing list; (f) we seek information about you and receive your personal data in connection with your relationship with us; (g) and when you submit your personal data to us for any other reason.
4.2. Personal data provided by others. Depending on your relationship with us, we may also collect your personal data from third party sources, for example, from:
(a) any third parties whom you have authorised us to obtain your personal data from; and/or (b) your family members or friends who provide your personal data to us on your behalf.
5. Use of Personal Data
We may use your personal data for purposes in connection with our services including, without limitation, any of the following purposes:
5.1. processing your registration for our services e.g. opening of an account, including sending a SMS to the mobile number provided by you for verification purposes, which you consent to receive, to send you information, notices, updates or to otherwise contact you when necessary;
5.2. to help us provide, maintain, develop, test, enhance and personalize our services to you, to diagnose and resolve any problems with our services;
5.3. to detect or investigate any prohibited, illegal, unauthorized or fraudulent activities, to monitor and analyze user activities and demographic data including trends and usage of our services;
5.4. carrying out your transactions with us, taking steps as may be directed by you, or to provide our products and/or services to you;
5.5. facilitating your use of our Websites, including verifying and establishing your identity;
5.6. facilitating business asset transactions;
5.7. communicating with you, and assisting you with your queries, requests, Websites, complaints, and feedback;
5.8. resolving any disputes, investigating any complaint, claim or dispute or any actual or suspected illegal or unlawful conduct;
5.9. administrative purposes, including finance, IT and HR purposes, quality assurance and staff training, and compliance with internal policies and procedures, including audit, accounting, risk management and record keeping;
5.10. carrying out research and statistical analysis, including development of new products and services or evaluation and improvement of our existing products and services;
5.11. security purposes e.g. protecting our Websites from unauthorised access or usage and to monitor for security threats;
5.12. compliance with any legal or regulatory obligations, applicable laws, regulations, codes of practices, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
5.13. performing data analytics and related technologies on data, to enable us to deliver relevant content and information to you, and to improve our Websites and digital platforms;
5.14. managing and engaging third parties or data processors that provide services to us, e.g. IT services, technological services, delivery services, and other professional services;
5.15. carrying out our legitimate business interests (including managing our business and relationship with you; providing services to our customers; carrying out corporate restructuring plans; complying with internal policies, and procedures; protecting our rights and interests, and those of our customers; enforcing our terms and conditions, and obligations owed to us, or protecting ourselves from legal liability; managing our investor and shareholder relations; and processing or sharing your personal data to facilitate acquisitions, mergers, or transfers of our business);
5.16. marketing products, events and services which are of specific interest and relevance to you, including from third party partners;
5.17. use permitted under applicable laws. We may also collect, use, disclose and process your personal data for other purposes, without your knowledge or consent, where this is required or permitted by law. Your personal data may be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved; and
5.18. such purposes that may be informed to you when your personal data is collected; and/or any other reasonable purposes related to the aforesaid.
5.19. Any or all of the above uses may be applicable even after the relationship you have with us has ended, for a reasonable period thereafter.
6. Choice, Change, Update of And Access to Your Personal Data
6.1. You can choose to limit the processing of your data, access to and amend/correct the data that you have given to us by contacting us as described above.
6.2. When you request to unsubscribe from marketing emails, you will be removed from marketing lists no later than two (2) working days from the receipt of the unsubscribe request. Your personal data will be automatically deleted within six (6) months if you remain unsubscribed.
7. Disclosure Of Personal Data
7.1. Disclosure to related parties. We may disclose or share your personal data with our related parties in order to provide our services to you, for management and compliance purposes, and to utilise shared group IT functions.
7.2. Authorisation to Access: Any disclosure of personal data both internally and to third party service providers and agents is only on a need-to-know basis. All such disclosures are authorised by appropriate authority.
7.3. Disclosure to third parties. We may also disclose your personal data to third parties in connection with purposes described in Section 5, including without limitation the following circumstances: (a) disclosing your personal data to Financial Institutions and other companies that require such information as is reasonably necessary to help us provide Services to you including vendors, advertisers, consultants and advisers of Synfindo and the Websites. (b) disclosing your personal data to third parties who provide services to us (including, but not limited to, data providers, technology providers, insurance providers, and other professional services (including accountants, lawyers and auditors)); (c) disclosing your personal data to other users or third parties for the purposes of any transaction; (d) disclosing your personal data to third parties in order to fulfil such third party products and/or services as may be requested or directed by you; (e) disclosing your personal data to authorities, governments, law enforcement agencies or public agencies if required by applicable laws to do so; (f) if we are discussing, selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality; (g) if we are reorganised or sold, information may be transferred to a buyer who can continue to provide continued relationship with you; and (h) if we are defending a legal claim your information may be transferred as required in connection with defending such claim.
7.4. When disclosing personal data to third parties, we will (where appropriate and permissible) enter into contracts with these third parties to protect your personal data in a manner that is consistent with all applicable laws and/or ensure that they only process your personal data in accordance with our instructions. Notwithstanding the foregoing, we do not control and shall not be responsible or liable in any way for the collection, use and protection of your personal information by any third party.
8. Transfer Of Personal Data to Other Countries
8.1. Transfers. We may transfer your personal data to different jurisdictions in connection with the purposes described in Section 5: (a) from the jurisdiction where it is collected (or where you are located) to any other jurisdictions that we operate in; and (b) and to third parties in other jurisdictions.
8.2. Safeguards. Where we transfer your personal data across jurisdictions, we will ensure that your personal data is protected in accordance with this Privacy Policy and applicable laws regardless of the jurisdictions they are transferred to, but in any event to a level that is no less stringent than the jurisdiction from which the personal data is transferred. We will take appropriate steps before your personal data is disclosed to an overseas recipient, to ensure that the overseas recipient provides a standard of protection of personal data so transferred that is comparable to the protection under the Personal Data Protection Act 2012.
9. Security And Retention of Data
9.1. Secure Storage & transmission: To safeguard the personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, there is appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data. Transmission of data will be done via encrypted channel with password protection, and protocol for sending encrypted files separate from the password shall be followed at all times.
9.2. Unauthorised access. While we take reasonable precautions to safeguard your personal data in our possession or under our control, you agree not to hold us liable or responsible for any loss or damage resulting from unauthorised or unintended access that is beyond our control, such as hacking or cybercrimes.
9.3. Vulnerabilities. We do not make any warranty, guarantee, or representation that your use of our systems or Websites is safe and protected from malware, and other vulnerabilities. We also do not guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.
9.4. Period of retention. We retain your personal data only for as long as is necessary to fulfil the purposes we collected it for, and to satisfy our business and/or legal purposes, including data analytics, audit, accounting or reporting purposes. How long we keep your personal data depends on the nature of the data, e.g. we keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings. Some information may also be retained for longer, e.g. where we are required to do so by law.
9.5. Anonymised data. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we are entitled to retain and use such data without restriction.
10. Third Party Services
You may be directed to links to other services of third parties featured on our services. We do not control and shall not be responsible or liable in any way for the privacy policy of such third parties and their practices. Your access to or use of such third party services is at your own risk and it shall be your sole responsibility to read the privacy policy of such third parties before providing any personal data to them.
11. Your Rights
11.1. Rights you may enjoy. Depending on the jurisdiction that you are in or where we operate, you may enjoy certain rights under applicable law in relation to our collection, use, disclosure and processing of your personal data. Such rights may include: (a) Access: you may ask us if we hold your personal data and, if we are, you can request access to your personal data. This enables you to receive a copy of and information on the personal data we hold about you. (b) Correction: you may request that any incomplete or inaccurate personal data we hold about you is corrected. (c) Erasure: you may ask us to delete or remove personal data that we hold about you in certain circumstances. (d) Restriction: you may withdraw consent for our use of your personal data, or ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy. (e) Portability: you may request the transfer of certain of your personal data to another party under certain conditions. (f) Objection: where we are processing your personal data based on a legitimate interest (or those of a third party) you may object to processing on this ground.
11.2. If you wish to exercise any of your rights, you may contact us in accordance with Clause 1.8. We may require that you submit certain forms or provide certain information to process your request. Where permitted by law, we may also charge you a fee to process your request.
11.3. We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).