Data Protection Policy
DATA PROTECTION POLICY
- We respect your privacy and are committed to protect your personal data in accordance with the Personal Data Protection Act 2012 (“PDPA”).
- Our data protection policy (“Data Protection Policy”) sets out the manner and the purpose for which we collect, use, and disclose your personal data.
- The term ‘our’, ‘we’, ‘us’ or ‘ZYM Mobile’ herein refer to Handphoneshop Pte Ltd (UEN: 200403899K). The term ‘you’ or “your” refers to the “Customer” (defined below).
- This Data Protection Policy does not supersede or replace any other consents you may have previously or separately provided to us in respect of your Personal Data, and your consent to this Data Protection Policy is in addition to any other rights which we may have in applicable laws to collect, use, process or disclose your Personal Data.
- Headings are for ease of reference only and shall not affect the interpretation of this Data Protection Policy.
- As used in this Data Protection Policy:
- “CCTV” means closed circuit television;
- “Customer” means an individual who (a) has contacted us through any means to find out more about any products and/or services we provide, or (b) may, or has, entered into a contract with us for the supply of any products and/or services by us;
- “Individual” means a natural person, whether living or deceased and “Individuals” shall be construed accordingly;
- “Personal Data” means data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access; and
- “Related Corporations” has the same meaning as in the Companies Act (Cap. 50).
Other terms used in this Data Protection Policy shall have the meanings given to them in the PDPA (where the context so permits).
3. Types of Data Collection
- We collect your Personal Data and preferences, at the time of registration of your user account on www.ZYM.sg (“ZYM Website”), during purchase transactions, any customer service matter, subscription for newsletters, participation in surveys, lucky draws, or contests. Examples of such personal data, include, but are not limited to the following:
- personal information (for example, name, gender, identification details, date of birth, nationality, validity dates of immigration passes (if applicable), email, phone number and address);
- financial information such as credit/debit card number or bank account information;
- Information on your use of our services – For example, the phone numbers you call or send text messages to, *the content of the SMSes you receive and vice versa, as well as the date, time and duration of your calls through our network and the approximate location of your mobile device.
- Information from other organisations – These organisations include fraud-prevention agencies, business directories, credit reference agencies, *our partners and other marketing service providers, or individuals we believe you have authorised to provide your personal details on your behalf.
- photographs and videos, including CCTV recordings;
- personal opinions made known to us (e.g. feedbacks or responses to surveys, or correspondences);
- network usage data and other information, including IP address;
- other personal information which you may provide to us, from time to time, in the course of your dealings with us.
4. Purpose, Use and Disclosure of Personal Data
- We will handle your Personal Data in compliance with the PDPA. We generally do not collect your Personal Data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Data to us (your “Authorised Representative”) after (i) you (or your Authorised Representative) have been notified of the purposes for which the data is collected, and (ii) you (or your Authorised Representative) have provided written consent to the collection and usage of your Personal Data for those purposes, or (b) collection and use of Personal Data without consent is permitted or required by the PDPA or applicable laws. We shall seek your consent before collecting any additional Personal Data and before using your Personal Data for a purpose which has not been notified to you (except where permitted or authorised by PDPA and/or applicable laws).
- We may collect and use your Personal Data for any or all of the following purposes:
- to contact and serve you in connection with the sale, purchase, delivery, billing, and aftermarket service of products and services and managing your relationship with us;
- verifying your identity for Know Your Customer (KYC) purposes;
- processing payment or credit transactions, conducting investigations relating to disputes, billing, or fraud;
- for assessing, processing, investigating, resolving and following up with your queries, instructions, requests, feedbacks, claims or complaints;
- in connection with our business plans, infrastructure, operations, rights, and remedies;
- managing the administrative and business operations of ZYM Mobile’s website;
- to meet or comply with our internal policies, procedures, and guidelines;
- to communicate with you in relation to our products and services, including marketing events, initiatives, lucky draws, contests, privileges, promotions, advertisements, membership programmes and updates;
- monitoring or recording phone calls and customer interactions for identity verification, quality assurance, employees training and performance evaluation purposes;
- to carry out research, planning and statistical analysis in connection with developing or improving our products, services, security, service quality, and advertising strategies;
- to manage and operate our operations and businesses;
- to comply with applicable laws, regulations, codes of practice, guidelines, or rules, legal or audit requirements, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
- any other purposes for which you have provided the data;
- any other purpose for which your consent has been sought and obtained;
- transmitting to our third party service providers and agents, and relevant governmental and/or regulatory authorities, for the aforementioned purposes; and
- any other purpose ancillary to or expedient in connection with any of the above.
- We may disclose your Personal Data:
- where such disclosure is required for performing obligations in the course of or in connection with our provision of the products and/or services requested by you; or
- to our Related Corporations, third party service providers, agents and other organisations we have engaged to perform any of the functions listed in clause 4.2 above for us.
- The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for such period as permitted or required under applicable laws (including, where applicable, a period to enable us to enforce our rights under any contract with you).
5. Withdrawing your Consent
- The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer (“DPO”) at the contact details provided below.
- Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
- Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our products and/or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 5.1 above.
- Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclosure without consent is permitted or required under applicable laws.
6. Access to and Correction of Personal Data
- You represent that the Personal Data provided by you to us is true and accurate and we shall rely on such data in offering our products and/or services to you. It is your responsibility to notify us of any changes in your Personal Data.
- If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our DPO at the contact details provided below.
- Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
- We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
7. Protection of Personal Data
- To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption to secure storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
- You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. We recommend that you change your passwords periodically, and use other security means, like using a secure browser.
8. Accuracy of Personal Data
- We generally rely on personal data provided by you (or your Authorised Representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our DPO in writing or via email at the contact details provided below.
9. Retention of Personal Data
- We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
- We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
10. DNC Registry
- We comply with the PDPA’s screening requirements in relation to the Do Not Call Registry (“DNC Registry”). In the event that you have registered on the DNC Registry, we will not send specified messages (as defined in PDPA) to you, unless you have given us your consent for receipt of such messages.
**You may configure your browser setting to disable all cookies and mobile advertising IDs, including cookies and mobile advertising IDs associated with our services. However, it is important to remember that some of our services may not function properly if your cookies and/or mobile advertising IDs are disabled.
11. Spam Control
- We also comply with the requirements under the Spam Control Act (Cap. 311A, Singapore Statutes) on sending of commercial electronic message (as defined in Spam Control Act), and you may opt-out from our mailing list through the unsubscribe option.
- We review our Data Protection Policy periodically and as such our Data Protection Policy may change from time to time. This Data Protection Policy applies in conjunction with any other notice, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your Personal Data by us. We may revise this Data Protection Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this policy was last updated. Your continued use of our products and/or services constitutes your acknowledgement and acceptance of such changes.
- You may contact our DPO if you have any enquiries or feedback in relation to our Data Protection Policy, or for any access, update or corrections to your personal data, or any other queries in relation to how we may manage, protect and/or process your personal data at:
14. Ways we collect your personal information
- We may collect your personal information when you:
- Subscribe to our services
- Use our network
- Register for interest (e.g. registering your interest to on a mobile plan / device)
- Sign up for alerts or newsletters
- Contact us with a question or request for assistance
- Participate in a competition, lucky draw or survey
- Visit our retail outlets, events and premises
15. Market research, network & service enhancement
- Conduct market research and customer satisfaction surveys to improve our customer service; develop new products, as well as personalise the services we offer you
- Improve the network leased by our Service Provider, for example by looking at usage and mobility patterns
- *Perform market analysis
- Improve your user experience based on your usage behaviour on our websites and applications
(*Upon request from private and public organisations, we may provide information collected as described above for their planning purposes. The information included within any reports to these organisations is always aggregated and anonymised such that no particular individual is identifiable.)
16. Security and risk management
- Inform you of service and security issues
- Prevent and detect fraud or other crimes, *which may include scanning content collected to identify and block malicious content (e.g. scam SMSes), and recover debts
- Conduct internal audits and determine creditworthiness
- Ensure the safety and security of our properties and systems
- Conduct checks against money laundering, terrorism financing and related risks
17. Sharing your information
- We may share your information with:
- Companies in the m-DR Group
- Business partners and vendors we work with to deliver services you have subscribed to *or to provide fraud or crime detection and prevention services to us
- Industry regulators and other government organisations, as required by local laws and regulations
- Financial institutions for purposes such as facilitating recurring payments
- Research institutions for market analysis purposes
- Credit reference bureaus for the purpose of preparing credit reports or evaluation of creditworthiness
Data Protection Officer
Handphoneshop Pte Ltd
53 Ubi Crescent,
[Effective: 27 October 2022]