DATA PROTECTION NOTICE FOR CUSTOMERS
1 INTRODUCTION
Elite Partners Capital Pte. Ltd. (“EPC”, “we”, “us” or “our”) (a company within the Elite Partners Group) respects the privacy of all our customers and business contacts, and is committed to protecting the personal data you provide to us.
This Data Protection Notice for Customers (“Notice”) aims to help you understand your rights over your personal data as well as learn about how we collect, use, disclose, protect, or otherwise process your personal data in accordance with the Personal Data Protection Act 2012, and Personal Data Protection Regulation 2021
(together, the “PDPA”).
Our Data Protection Officer (“DPO”) oversees the data protection program in within the Elite Partners Group.
2 APPLICATION OF THIS NOTICE
This Notice is based on the Singapore Personal Data Protection Act 2012 and all the associated regulations and guidelines as may from time to time be issued by the Personal Data Protection Commission (“PDPC”) of Singapore. EPC may be subject to different or more restrictive local laws in the jurisdictions outside of Singapore, such as the European Union (“EU”) or the United Kingdom (“UK”) General Data Protection Regulation (“GDPR”).
This Notice applies to all individuals whose personal data is in our possession or under our control, including personal data in the possession of third-party service providers and agents which we have engaged to collect, use, disclose or process personal data for our purposes.
This Notice does not apply to the handling of information that does not relate to a legal entity (e.g., the information about corporations), including business contact information of an individual residing in Singapore and/or outside the EU/UK. This Notice further does not extend or cover any third-party sources which, without our authority, may be linked to EPC or the Elite Partners Group.
By accessing this website and obtaining the facilities, products, or services, and providing your personal data to EPC through this website (or otherwise), by you or through your company or group of companies, you agree to the terms of this Notice and that the Singapore law shall govern such access and the provision of such facilities, products and services and you agree to submit to the exclusive jurisdiction of the Singapore courts. Please review this Notice carefully before providing us with any of your personal data.
3 PERSONAL DATA
As used in this Notice:
“customer” means an individual who (a) has contacted us through any means to find out more about any services we provide, or (b) may, or has entered into a contract with us for the supply of any services or undertaking of any business transactions with us; and “personal data” refers to any data of an individual, whether true or not, who can be identified from that data, or in combination with any other individually identifiable information to which we have or are likely to have access.
EPC do not collect or store information that will individually identify you (such as name, mailing address, email address or phone number) during your visit on this website unless you choose to provide that information to the Company on the “Contact Us” page. If you send such information that will identify you, EPC and its agents will use such information to identify you to address or resolve the matter identified in your message.
For the purposes of carrying on EPC’s business, you may be requested to provide personal data such as, but not limited to, the following, without which it may not be able to satisfy your request:
(a) Full Name;
(b) Personal Mobile Number;
(c) Residential Address;
(d) Personal Email Address;
(e) Passport/NRIC Number or FIN (Foreign Identification Number);
(f) Work Permit;
(g) Employment Information;
(h) Facial Image (e.g., identification documents that bears a clear photograph of you);
(i) Bank Account Number;
(j) Financial Information;
(k) Credit-related Information (e.g., items related to your assets, liabilities and other accounting matters, details of collateral, past payment records, other items used to judge your ability to engage in any business transactions with us, etc.);
(l) Transaction Information (e.g., type of transaction, transaction amount, balance, payment status, etc.);
(m) Date of Birth; or
(n) Information on immediate family.
Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).
4 COLLECTION OF PERSONAL DATA
We generally do not collect your personal data unless:
(a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after –
(i) you (or your authorised representative) have been duly notified of the purposes for which the data is collected; and
(ii) you (or your authorised representative) have provided written consent to the collection, usage, and disclosure of your personal data for the purposes; or
(b) the collection and use of personal data without consent is permitted or required by the PDPA, GDPR or other applicable laws.
We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
The purposes listed above may continue to apply even in situations where your relationship with us (e.g., pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
Where any personal data of a third party (e.g., information of your family members, employees, etc.) is provided by you for any particular purpose, you warrant and represent that the appropriate consent(s) have been obtained to provide us with such personal data.
By using our services and submitting personal data to us, you are accepting and consenting to the practices and uses described in this Notice. This Notice is not a contract, but may be issued as part of a contract or an agreement. We will seek to obtain your additional consent where required by applicable laws.
5 USE OF PERSONAL DATA COLLECTED
EPC either currently uses or may in the future use your personal data for the purposes you have been notified of and consented to or which are not prohibited by applicable laws. This includes the following purposes:
(a) Performing contractual obligations in the course of or in connection with the provision of services or business transactions, including, without limitation, leases, instalment sale, loans, investment, money related and real estate-related business, before as well as after expiration of the agreement, which is necessary to respond to any reference or is required by PDPA, GDPR or by applicable laws;
(b) To carry out an examination or to make appropriate judgment and response when identification of our customer is required, in respect of business transaction (including, but not limited to, financing and loans) or of financial investment transaction involving our customer;
(c) Confirmation of your existing financial status to meet the prescribed accredited investor wealth threshold as defined by the Securities and Futures Act, Chapter 289 of Singapore;
(d) Verification of your identity and the accuracy of your personal details and other information provided, including carrying out due diligence, other screening activities or background checks in accordance with legal or regulatory obligations or risk management procedures (including but not limited to those designed to combat financial crime, “know-your-customer”, anti-money laundering, counter-terrorist financing, sanctioned individuals and entities, suspicious transactions, fraud, predicate offence, serious crimes, anti-bribery and anti-corruption or tax evasion), that may be required by law or that may have been put in place by EPC;
(e) Update our records;
(f) Managing your relationship with us;
(g) Responding to, handling, and processing instructions, queries, requests, applications, complaints, and feedback from you;
(h) Dealing in any matters relating to the services and/or products which you are entitled to with us (including the printing and mailing of correspondence, statements, invoices, confirmations, advice, information, reports or notices to you, which would involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages);
(i) To introduce to or from the Elite Partners Group, including, but not limited to, our customer and the Elite Partners Group, or various services, through direct mails, emails or otherwise;
(j) Processing of billing, invoice, payment, business or financial investment transactions;
(k) The recovery of any and all amounts owed to us;
(l) For the processing of booking arrangements during travels;
(m) Invitation to events or other functions organised by EPC;
(n) To send complimentary corporate gifts (e.g., hampers during festive seasons);
(o) Complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
(p) Transmitting to an affiliated party within the Elite Partners Group or any unaffiliated third parties including our third-party service providers and agents (to the extent necessary to execute a task), auditors, solicitors, professional advisors, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for aforementioned purposes;
(q) Any other incidental business purposes related to or in connection with the above; or
(r) Any other purposes which EPC may inform you of in writing from time to time, but for which EPC will seek your separate consent.
We will not use, disclose or process your personal data for purposes that are not stated above or for which we have not obtained your consent. If we wish to use, disclose or process your personal data for another purpose not covered above, we will seek your prior consent unless such use, disclosure or processing of your personal
data without your consent is permitted by the PDPA, GDPR or by applicable laws.
The purposes listed above may continue to apply even in situations where your relationship with us (e.g., pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).
6 DISCLOSURE OF PERSONAL DATA
All personal data held by us will be kept confidential and only authorised employees will have access to your personal data whereby, they are required to abide by their employment contracts to maintain confidentiality and privacy of your personal data. However, we may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose for which the personal data was collected, provide such personal data to the following parties:
(a) Any person or company who is acting for, jointly or on our behalf, in respect of the purpose or a directly related purpose for which the personal data was provided (i.e., the Elite Partners Group);
(b) Any third-party service providers or agents (e.g., business partners and vendors) we have engaged to perform any of the functions for the purposes as set out in Section 5;
(c) Any financial institutions, credit-rating agencies, credit bureau, or collection agencies necessary to establish and support the confirmation of your accredited investor status as defined by the Securities and Futures Act, Chapter 289 of Singapore, and the payment of any services due or requested;
(d) Any government authority in compliance with any applicable laws, rules and regulations, codes of practices, guidelines, court order, other legal processes or requirements; and
(e) Any other party where such disclosure without your consent is permitted by the PDPA, GDPR or by applicable laws.
Certain situations in which the disclosure of your personal data to third parties are permitted without your consent would include, without limitation, the following:
(a) Cases in which the disclosure is required or authorised based on the applicable laws;
(b) Cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
(c) Cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
(d) Cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head of director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer; and/or
(e) Cases in which the disclosure is to a public agency and such disclosure is necessary for the public interest.
For more information on the exceptions, you are encouraged to peruse the First and Second Schedules of the PDPA which is publicly available at https://sso.agc.gov.sg/Act/PDPA2012.
The parties above may be located in Singapore or outside Singapore, and are only permitted to use your personal data in connection with the purposes described in Section 5, and not for their own purposes.
Where we disclose your personal data to third parties, we will employ our best efforts to require such third parties to protect your personal data.
We do not sell your personal data to (or buy from) any third party for any purposes, including marketing or commercial purposes.
7 AUTOMATED DECISION MAKING
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
8 WITHDRAWAL OF CONSENT
The consent that you provide for the collection, use, and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing.
If you do not wish for us to collect, use or disclose your personal data for any or all of the above purposes, you may withdraw your consent at any time by contacting our DPO in writing or via email (refer to Section 16).
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences
which may affect your rights and liabilities to us. In general, we shall seek to process and effect your request within thirty (30) days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and extent of your request, we may not be in a position to continue providing our services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in this Section 8.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use, and disclosure without consent is permitted or required under applicable laws.
9 ACCESS TO AND CORRECTION OF PERSONAL DATA
You have the right to access, update, transfer, obtain a copy, and request that we delete or restrict the processing of your personal data without hindrance from us.
If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold, you may submit your request in writing or via email to our DPO.
Please note, however, that your rights may be superseded by the relevant exemptions as set out in the PDPA or GDPR. We may exercise our rights to charge a reasonable fee for your request to access your personal data. If so, we will inform you of the fee before processing your request.
We will respond to your access or correction request as soon as reasonably possible. In general, our response will be within thirty (30) days. Should we not be able to respond to your access or correction request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or GDPR).
We may, if you so consent, send the corrected personal data only to specific organisations to which the personal data was disclosed by us within a year before the date the correction was made. Otherwise, we will send the corrected personal data to every other organisation to which the personal data was disclosed by EPC within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
If you have other questions, comments or concerns about our privacy and data protection practices, please contact our DPO. We shall respond promptly to any such requests in accordance with applicable laws.
10 ACCURACY OF PERSONAL DATA
EPC keeps personal data as accurate, complete and up-to-date as possible, by taking into account its use and the interests of our customers. The data provided will be validated by making references to generally accepted practices and guidelines. This includes the requests to see original documentation and make copies of the original documentation (where permitted by the PDPA, GDPR or by applicable laws) before using your personal data.
In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our DPO in writing or email. We will not be responsible for relying on inaccurate personal data arising from you not updating us of any changes in your personal data that you had previously provided us with.
11 PROTECTION OF PERSONAL DATA
EPC recognises the necessity for all its employees to understand and comply with the laws and regulations concerning the handling of personal data to ensure the protection and safety of personal data, and will put its utmost effort in its promotion.
EPC protects personal data against loss or theft, as well as unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks with appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third-party service providers and agents only on a need-to-know basis.
Please note, however, that while we attempt to safeguard your personal data, no method of transmitting or storing electronic information is ever completely secure, and thus we make no warranty, express, implied, or otherwise, that your personal data will never be accessed, used or released in a manner that is inconsistent with this Notice.
In no event shall we be liable for any damages (whether consequential, direct, incidental, indirect, punitive, special or otherwise) arising out of, or in any way connected with, a third party’s unauthorised access to your personal data, regardless of whether such damages are based on contract, strict liability, and also regardless of whether such damages are based on tort, or other theories of liability, and also regardless of whether we are given actual or constructive notice that damages were possible, except as provided under applicable laws.
12 DATA SHARING WITH EXTERNAL PARTIES
We have taken steps to ensure that appropriate levels of protection necessary to maintain the security and integrity of your personal data are in place. EPC may outsource parts of its operations so as to provide better service. As such, personal data may be shared with external parties in Singapore and outside Singapore, where applicable. EPC has established criteria to carefully evaluate and select third-party service providers and agents to determine whether they have appropriate measures in place for handling personal data, maintaining confidentiality, limiting further outsourcing (e.g., sub-contracting) and preventing the divulgence of your personal data. This may include us entering into an appropriate contract with the external parties to govern the relationships, obligations, responsibilities, rights, and expectations in relation to the protection, transfer, and retention of your personal data.
13 TRANSFERS OF PERSONAL DATA OUTSIDE SINGAPORE
We generally do not transfer your personal data to countries outside of Singapore, except to an affiliated company within the Elite Partners Group for the purposes set out in Section 5. However, if we do so, we will obtain your consent for the transfer to be made and will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
14 RETENTION OF PERSONAL DATA
EPC will retain your personal data for as long as the purposes for which the data is collected or used (as notified to you) continues, or where necessary for our legal, business purposes or internal retention guidelines. Thereafter, EPC will delete, destroy or anonymise the personal data, or restrict access to data so that you can no longer be identified from it.
15 DO-NOT-CALL PRIVACY STATEMENT
Currently, we do not make unsolicited calls to offer personal loans or investment products to individuals. When you receive any marketing or promotional calls, SMS, MMS and facsimile messages of a commercial nature from someone representing us, the intent of our call and message is solely for the purposes of your business relations with us and not, for you as an individual for personal purposes. However, if you received a call in your personal capacity for any such calls or messages, please inform us by contacting our DPO.
16 CONTACT US
Any report on receiving marketing calls or messages in your personal capacity or queries, concerns or complaints relating to the collection, use or disclosure of your personal data shall be directed to our DPO during our working hours from 09:00 to 18:00 (GMT +8) Mondays to Fridays. The contact details of our DPO are as follows:
If you have further questions about this Notice or wish to contact us urgently regarding this Notice, please do not hesitate to contact our DPO at +65 6955 9989 or [email protected]. We are committed to attending to your enquiries, concerns or complaints as expeditiously as possible.
17 CONTACTING THIRD PARTY
If your personal data has been provided to us by your authorised representative or a third party, you should contact your authorised representative or that third party to make such enquiries, concerns or complaints, and access and correction requests to us on your behalf.
18 EUROPEAN ECONOMIC AREA (“EEA”) ADDENDUM
This section of the Notice applies only if you are located in the EEA and supplements the information in this Notice.
We are the controller of personal data only when we collect it and determine the purposes and means of processing that personal data.
Our business may require us to transfer your personal data to countries outside of the EEA, including countries that may not provide the same level of data protection as your home country. We take appropriate steps to ensure that recipients of your personal data are bound to duties of confidentiality and we will employ our best efforts to implement measures such as standard contractual clauses for international transfers issued by the European Commission.
19 COOKIES
Your visit to our website may be recorded for analysis on the number of visitors to the site and general usage patterns. Some of this information will be gathered using “cookies”. Cookies are small bits of information that are automatically stored on a person’s web browser in their computer that can be retrieved by our website. We may engage web analytic consultants to research certain usage and activities on parts on our website. Cookies can make our website more useful by storing information about your preferences, thus enabling us to provide a more personalised service to you. Should you wish to disable these cookies, you may do so by changing the setting on your browser. However, you may be unable to enter certain part(s) of our website.
20 EFFECT OF NOTICE AND CHANGES TO NOTICE
This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use, and disclosure of your personal data by us.
We will establish a compliance program, including items related to handling personal data, etc., that is regularly reviewed for the purpose of continual improvement.
We reserve the right to modify or change this Notice at any time without prior notice to you. Should there be any amendments, the revised statement will be posted on this website and shall only apply to data collected after the effective date of the revised statement. If we make material changes to this Notice that affect the way we collect, use, disclose and/or protect your personal data, our DPO will provide you with an updated Notice.
The Effective Date, as stated at the end of this Notice, indicates the last time this Notice was materially revised.
Please contact our DPO for any changes and updates to our Notice regarding our handling of your personal data. Your continued use of our services constitutes your acknowledgment and acceptance of such changes.
Approved and adopted by:
Effective from 20 June 2023.