We will first and foremost comply with the PDPA and any applicable Singapore law. With regard to personal data of individuals residing in the UK or Europe (hereinafter referred to as “European Personal Data”), where there is no applicable Singapore law, the European Personal Data will be processed in accordance with the GDPR. Where Singapore law requires a higher level of protection for European Personal Data than is provided for in the GDPR, the higher level of protection will take precedence and be applied to the processing of European Personal Data. We will ensure that complying with the GDPR does not conflict with the PDPA and the applicable Singapore data protection laws.
1 Your Personal Data
1.1 The PDPA defines personal data as any data or information, whether true or not, about you from which you can be identified either (a) from that data; or (b) from that data and other information to which we have or are likely to have access. The GDPR defines personal data as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (henceforth, collectively referred to as “Personal Data”). We may collect, use, store and transfer different kinds of personal data about you which may include (depending on the nature of your interaction with us), but are not limited to:
(a) your name, NRIC*, passport or other identification number, telephone number(s), mailing address, email address, and any other information relating to you which you have provided us in any forms you may have submitted to us, or in other forms of interaction with you;
(b) information about your use of Cortina Holdings website and services, including cookies, Internet Protocol (“IP”) address, account details and membership details, but only to the extent that Cortina Holdings may identify you from such information;
(c) your employment history, education background, and income levels;
(d) your payment related information, such as your bank account or credit card information, and your credit history;
(e) information about your usage of and interaction with our website and/or services including computer and connection information, device capability, bandwidth, statistics on page views, and traffic to and from our website;
(f) your family background and details, race and/or ethnicity; and
(g) your social media handles; purchase details and marketing preferences.
*Please note that NRIC or foregin identification number will only be collected and maintained solely for Employment purposes (Recruitment Process, Employment Records, Key Employment Terms and Pay Slips).
2 Collection of Personal Data
2.1 Cortina Holdings collects your Personal Data in the following ways:
(a) when you submit forms relating to any of our products or services;
(b) when you register for, or use, any of our services on our website or when you register as a member of our website, or use services on our website and leave your personal data, including your IP address assigned to your computer;
(c) when you interact with our customer service officers;
(d) when you use some of our services, e.g. our subscription service;
(e) when you establish any online accounts with us;
(f) when you request that we contact you;
(g) when you are contacted by, and respond to, our representatives and agents;
(h) when you respond to our request for additional Personal Data;
(i) when you ask to be included in an email mailing list or other mailing list;
(j) when you respond to our promotions and other initiatives;
(k) when you submit a job application;
(l) when we receive references from business partners and third parties, for example, where you have been referred by them;
(m) when we record CCTV footage while you are within our premises;
(n) when photographs or videos of you are taken by Cortina Holdings or our representatives during events hosted by us;
(o) when you provide your Personal Data to us for any other reason; or
(p) when we collect information about you from other sources, including commercially available sources, such as public databases (where permitted by law).
2.2 When you browse our website, you generally do so anonymously but please see the section below on cookies.
2.3 If you provide us with any Personal Data relating to a third party (e.g. information of spouse, children, parents, employees and/or authorised representatives), by submitting such information to us, you represent and warrant to us that you have obtained the consent of the third party to you providing us with their Personal Data for the respective purposes.
2.4 You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested.
3 Purposes for the Collection, Use and Disclosure of Your Personal Data
3.1 Cortina Holdings will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, we will only use your Personal Data when the law allows us to. Most commonly, Cortina Holdings collects, uses and discloses your Personal Data for the following purposes (hereinafter, collectively known as the “purposes”):
(a) responding to, processing and handling your queries and requests and responding to complaints;
(b) managing the infrastructure and business operations of Cortina Holdings and complying with internal policies and procedures;
(c) facilitating business asset transactions (which may extend to any merger, acquisition or asset sale;
(d) matching any Personal Data held which relates to you for any of the purposes listed herein;
(e) verifying your identity and processing payments;
(f) preventing, detecting and investigating crime, including fraud and money-laundering, and analyzing and managing other commercial risks;
(g) protecting and enforcing our contractual and legal rights and obligations;
(h) conducting audits, reviews and analysis of our internal processes, action planning and managing commercial risks;
(i) preventing, detecting and investigating crime and managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
(j) compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities in Singapore;
(k) sending you updates, materials and communications regarding the goods and/or rendered by Cortina Holdings;
(l) managing the security of our premises, facilities and technology infrastructure;
(m) carrying out marketing-related activities;
(n) carrying out aggregated and anonymized data analytics in order to develop and improve the product brands’ offerings and client services;
(o) performing the contract we are about to enter into or have entered into with you;
(p) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. These legitimate interests include:
(i) enhancing, modifying, personalising or otherwise improving our products or services for the benefit of our customers;
(ii) developing new products and services;
(iii) better understanding the effectiveness of promotional campaigns and advertising;
(iv) facilitating any transaction for the benefit of our business, including any relating to the acquisition, divestment, securitisation, amalgamation, listing or other corporate transaction relating to any interest in Cortina Holdings, the shares or assets of Cortina Holdings, and any other corporation transaction involving Cortina Holdings;
(q) compliance with legal or regulatory obligations;
(r) where you have given us specific and informed consent; and/or
(s) all other purposes related to our business.
3.2 In addition, Cortina Holdings may collect, use and disclose your Personal Data for the following purposes, depending on the nature of our relationship with you:
(a) If you have an online account with us:
(i) to process your order for the products and/or services sold by us on our website;
(ii) to maintain your account with us;
(iii) to verify and process your personal particulars and payments made using your online account;
(iv) communicating with you to inform you of changes and development to Cortina Holdings policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to products and services offered to you;
(v) resolving complaints and handling requests and enquiries; and
(vi) conducting market research for statistical, profiling and statistical analysis for the improvement of services provided to you.
3.3 In addition, where you have given us your specific and informed consent, Cortina Holdings may also collect, use and disclose your Personal Data for the following purposes:
(a) providing services, products and benefits to you, including promotions, loyalty and reward programmes;
(b) matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of products and services, whether by Cortina Holdings or other third parties;
(c) administering contests, competitions and conducting lucky draws, including, where necessary, in order to announce the results of these contests, competitions and lucky draws and identify and contact the winners, and in order to publicise and conduct marketing strictly related to these contests, competitions and lucky draws;
(d) sending you details of products, services, special offers and rewards, either to our customers generally, or of particular products and services which may be of interest to you; and
(e) conducting market research, understanding and determining customer location, preferences and demographics for us to review, develop and improve our products, services and also develop special offers and marketing programmes.
3.4 If you have provided your telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your telephone number(s), then from time to time, Cortina Holdings may contact you using such telephone number(s) (via voice calls, SMS, fax or other means where you have agreed) with information about our products and services (including discounts and special offers).
3.5 In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, then we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
3.6 If you are seeking employment or any other appointment with Cortina Holdings, we may use the Personal Data that we have collected from you for processing and assessing your application, performing background checks, verifying your credentials and qualifications as well as obtaining employment references and all other purposes related to the process of employment or appointment.
3.7 Cortina Holdings may process and / or transfer such Personal Data to third parties and other members of the Cortina Group, a list of which is disclosed on http://www.cortina.com.sg/ and may be updated from time to time, and / or Cortina Holdings’s brands and/or subcontractors (which may be located in other territories) for the purposes of (i) providing the products and services; (ii) carrying out marketing-related activities; (iii) carrying out aggregated and anonymized data analytics in order to develop and improve the product brands’ offerings and client services, or (iv) providing you with information about Cortina Holdings and/or Cortina Holdings’s range of products and services.
3.8 If there is an instance where the Personal Data collected is to be used for a different purpose and / or shared with a third party, we will seek your consent before using or sharing the Personal Data. It is Cortina Holdings’s policy to avoid collecting excessive and/or irrelevant personal data.
3.9 Cortina Holdings does not collect and / or compile personal data for the purpose of sale to outside parties.
3.10 Please note that we may disclose your personal data to third parties without first obtaining your consent in situations including, but not limited to the following:
(a) Cases in which the disclosure is required or authorized based on the applicable laws and /or regulations;
(b) Cases in which the purpose of such disclosure is clearly in your interests, and your consent cannot be obtained within the limited time;
(c) Cases in which the disclosure is necessary for any investigation or proceedings by government agencies;
(d) Cases in which the disclosure is to public agency and such disclosure is necessary in the public interest; and / or
(e) Where such disclosure without your consent is permitted by the PDPA, GDPR or by other applicable laws;
(f) Where we disclose your Personal Data to third parties with your consent, we will employ our best efforts to require such third parties to protect your Personal Data.
3.12 For European residents, we shall obtain written or electronic confirmation from you on your expressed consent, unless processing of your Personal Data without your consent is permitted by the GDPR.
5 Third-Party Sites
5.1 Our website and/or our Apps may contain links to other websites operated by third parties. We are not responsible for the privacy policies of websites operated by third parties that are linked to our website. We encourage you to read the privacy policies of all such third party websites you visit. Some of these third party websites may be co-branded with the logo or trademark of our products, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable terms, conditions and policies of the third party website to determine how they will handle any information they collect from you.
6 Data security
6.1 We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
6.2 We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7 Data retention
7.1 We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
7.2 To determine the retention period for your Personal Data, we (amongst other things) consider the nature of the Personal Data, the risk of unauthorised use or disclosure of your Personal Data, the purposes for which we process it and the applicable legal requirements.
7.3 Details of retention periods for different aspects of your Personal Data are available on request, by contacting us.
7.4 In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7.5 Should you require your Personal Data to be deleted from our records, please contact us in writing.
8 Withdrawal, Access and Correction of your Personal Data
8.1 You may request to access or correct the personal data currently in our possession by submitting your request in the following Form A or Form B respectively by using online form set out therein. For a request to access Personal Data, we will try to provide you with the relevant personal data within ten (10) working days from such a request being made. Where a request cannot be complied with within the above time frame, we will inform you of the reasonably soonest time in which we will respond. For a request to correct personal data, we will correct your Personal Data as soon as practicable after the request has been made unless we have reasonable grounds not to do so.
8.2 Depending on the scope and nature of the work required to process your access request, we may require to impose a fee to recover our administrative costs involved. This will be assessed on a case-by-case basis by our Data Protection Officer. Where such a fee is to be imposed, we will provide you with a written estimated fee for you to consider. Please note that we will only process your request once you have agreed to the payment of the fee. In certain cases, we may also require a deposit from you before we process the access request. You will be notified if a deposit is required in the written estimate of the fee, if any.
8.3 You may withdraw your consent for the collection, use and / or disclosure of your personal data in our possession or under our control by submitting your request in the following Form C and using the online form set out therein. We will process your request within ten (10) working days from such a request for withdrawal of consent being made, and thereafter not collect, use and / or disclose your personal data in the manner as stated in your request. The collection of your Personal Data by us may be mandatory or voluntary in nature depending on the purposes for which your Personal Data is collected. Where it is obligatory for you to provide us with your Personal Data, and you fail or choose not to provide us with such data, or do not consent to the above or this Policy, we will not be able to provide our services to / or otherwise deal with you.
8.4 If you have any complaint or grievances with regard to how we are handling your personal data or about how we are complying with PDPA, we welcome you to contact us with your complaint or grievance in Form D and using the online form, set out therein.
Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily.
8.5 Under certain circumstances, you have rights under the GDPR in relation to your Personal Data. In particular, you have the following rights which you can exercise free of charge, by contacting us via email at firstname.lastname@example.org or write in to us at 391B Orchard Road, #18-01 Ngee Ann City Tower B, Singapore 238874. The following rights are:
|Access||The right to be provided with a copy of your Personal Data (the right of access)|
|Rectification||The right to require us to correct any mistakes in your Personal Data|
|To be forgotten||The right to require us to delete your Personal Data —in certain situations|
|Restriction of processing||The right to require us to restrict processing of your Personal Data—in certain circumstances, e.g. if you contest the accuracy of the data|
|Data portability||The right to receive the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations|
|To object||The right to object:
—at any time to your Personal Data being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of your Personal Data, e.g. processing carried out for the purpose of our legitimate interests.
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
8.6 You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
8.7 We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.