Sections 3 to 15 of this Policy describe how we process your personal data, wherever you reside. In particular, this Policy outlines the practices which we adopt in relation to the protection of your personal data, in connection with the operation of our website(s) and mobile application(s), and/or the provision of services by us to you, or the organisation that you represent.
In addition, if you are a resident of the EU or the UK, there is a section of this Policy titled 'Additional information for EU/UK residents' that also applies to our processing of your personal data. In the event of any of inconsistency between Sections 3 to 15 of this Policy and this additional section, the additional section shall prevail.
2. Definitions. For the purposes of this Policy, the following capitalised terms, unless elsewhere defined in this Policy, shall have the following meanings:
“Group” means Keppel Corporation Limited, Keppel Land Limited and/or their respective subsidiaries (including those entities set out in Section 15 (Relevant Group Entities) below); and
“personal data” means any data, whether true or not, about an individual who can be identified or is identifiable (a) from such data; or (b) from such data and other information to which we have or are likely to have. This may include, for example, a person’s name, date of birth, gender, NRIC, passport number, photos, mailing addresses, telephone numbers, email addresses and network data.
3. What Personal Data We Collect: We may collect information from you, which may include the following:
- Personal information such as name, date of birth, gender, national registration identification or passport number, photos, video or voice recordings
- Contact details such as mailing addresses, email addresses, telephone numbers
- Membership details and preferences
- Payment related details and information
- Other information provided via forms, face-to-face communication, phone, email, online, use of our website or app, or otherwise;
4. Methods of Collection. Personal data may be collected from you in the following ways:
- when you disclose personal data to us or submit forms, including by way of registering for an account, on our website(s), mobile application(s), an online portal, email, physical collection or other methods;
- when you (or any person authorised by you) correspond(s) with our employees, sub-contractors (including any delivery personnel), customer service or marketing representatives via telephone, letter, email, face-to-face meeting etc.;
- when you subscribe to our mailing lists or otherwise register your interest for any specific products or services;
- when you respond to our promotions;
- when you are referred to us from business partners, our corporate customers and other third parties;
- when we obtain it from other entities within the Group;
- when we lawfully seek information from third parties about you in connection with the products and services you have applied for;
- during recordings of calls when telephone contact is made (for example, via customer service hotlines) which may be recorded for training, quality control, business and/or other lawful purposes;
- during CCTV recordings when a person visits our outlets and our premises;
- when you generate data or link data to your account, e.g. account synchronization, sign-up authentication etc.;
- automatically, when you visit our websites and other websites which we own or manage, using technologies such as cookies (either by us or a third party), contracts with us or with any third parties via our websites, or downloads and/or uses any of our application programs and/or software; and
- when you (or any person authorised by you) provide us with personal data for any other reason.
5. Purposes. The purposes for which we and/or our service providers may collect, use, disclose, process, manage and/or transfer your personal data are as follows:
- to provide you with our services (including to fulfil our obligations under our contract with you for such services);
- to process the sale and purchase, and ownership, of units in our projects, including the provision of related services and privileges;
- to facilitate the set-up, operation, maintenance and/or administration of such services or any account you may have with us, and provide related services and support (including for billing purposes or to process orders and applications for such services);
- to maintain, test and/or operate our (or any of our service provider’s) systems required for the provision of any of our services, or in connection with the web site(s) or mobile application(s);
- to facilitate interconnection and inter-operability between service providers in connection with providing services to you;
- to respond and deal with enquiries or complaints and for other customer-care activities;
- to assess, process, respond or otherwise handle your enquiries, requests, feedback, questions, instructions or complaints and for other customer-care related activities;
- to verify your identity, and to process orders and applications for services;
- to carry out credit checks, for the preparation of credit reports and/or for the evaluation of creditworthiness;
- to market, promote (including offer to sell you any other products or services), improve and/or further the provision of services to you by us, or by our affiliates, partners, contractors or third-party service providers;
- to share with selected related entities, affiliates and business partners (including entities within the Group) to enable them to conduct market research, planning, customer surveys, trend analyses and/or other related forms of data analytics in order to better tailor offers, promotions and/or other direct marketing to you;
- to provide complementary or value-added services;
- to offer and administer customer loyalty benefits, reward benefits, promotional benefits, contests, lucky draws and other related benefits;
- to conduct market research, planning, customer surveys, trend analyses and/or other related forms of data analytics;
- to keep you informed of our services and products, and the services and products of our related entities, affiliates and partners;
- to conduct training and/or improve our service quality and/or marketing and advertising strategies;
- to improve your user experience and/or our product and service delivery to you;
- to establish, enhance and/or further improve payment systems, including the interface or interaction of such payment systems with the payment systems of other financial institutions, merchants and/or payment organisations;
- to seek professional advice, including legal advice, or enforce your obligations or enforce our rights, including, without limitation, collection of amounts owed by you or by any other person, or defending our rights, the rights of any related corporations, partners, contractors and/or third party service providers;
- to conduct investigations or take action in relation to bad debts, crime and fraud prevention, detection of prosecution, risk management, violation of our terms and conditions for services, or to prevent any individual from harm, illegal or unlawful activities;
- for internal / external audit or compliance purposes;
- to comply with regulatory, compliance, or legal obligations and/or requirements;
- as permitted or required by applicable law, regulations, industry codes or market rules;
- for any other purposes necessary, ancillary or consequential to the above specified purposes.
6. Who we might Disclose Personal Data to. We may disclose any of the personal data we collect about you, including the categories of personal data listed in Section 3, to any of the recipients listed below:
- other entities within the Group;
- external service providers, contractors and third parties, for the purpose of providing our services to you;
- other business partners and vendors we work with to deliver products and services, including but not limited to courier services companies and other entities within the delivery chain;
- banks, credit card companies, payment vendors and other entities within the payment processing chain for the purposes of processing payment;
- debt collection agencies;
- credit information companies and credit bureaus;
- government bodies, including any ministry, department, agency (including law enforcement agencies), or organ of state, judicial or quasi-judicial body or disciplinary, arbitral or mediatory body, or any other statutory body.
- advisors, including auditors, accountants and lawyers who advise us;
- any data intermediaries;
- any other party to whom you authorise us to disclose personal data to; and
- the prospective seller or buyer of our business or assets in the event that we sell or buy any business assets.
7. Transfer of Personal Data Overseas. In general, your data will be stored in Singapore. We may, in the course of providing services to you, disclose, transfer, store, process and/or deal with your personal data outside Singapore. In doing so, we will comply with all applicable data protection and privacy laws, and take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. For residents in the EU or UK, see the 'Additional Information for EU/UK Residents' section below for further information on transfers.
8. Withdrawal of Consent. You may subsequently withdraw your consent to our collection, use or disclosure of your personal data. However, should you choose to do so, we may not be able to provide you with our services, or perform any contract we may have with you. Accordingly, we may, insofar as such consent is integral to the provision of the services to you, cease to provide such services to you and will have the right to terminate any contract of service with you in its discretion, without liability to you. Notwithstanding any withdrawal of consent, unless otherwise agreed by the Group, you will still be bound by any contract of service with the relevant entity in the Group, and should you choose to terminate the relevant contract(s), early termination and other charges, liquidated damages or contractual consequences may apply in accordance with the relevant contract(s) or at law, and the Group reserves its rights thereof.
Please contact our Data Protection Officer by email (please see Section 14 (Contact Details and DPO) to request for withdrawal.
We shall process your withdrawal request within a reasonable time (depending on the complexity of the request and its impact on our relationship with you), and in any event no later than within ten (10) business days of receiving your request.
9. Retention of Personal Data. We will retain personal data for as long as it is necessary to fulfil the purpose for which it was collected, our legal or business purposes, or as required by relevant laws. We will usually keep your personal data for up to seven (7) years to ensure that any contractual disputes can be addressed. If you opt out or withdraw your consent to marketing, we will remove you from our marketing database.
10. Access, Update and Correction Requests. You must ensure that all personal data submitted to us is accurate, up-to-date and not misleading. Any submission of false or incorrect information may result in our failure to deliver the products and services you seek. We reserve the right to request for documentation to verify the information provided by you.
We encourage you to inform us when there are any changes to the personal data which you have provided to us, so as to ensure that we have the most current, accurate and complete information. Upon request by you, we may correct or complete any personal data found to be inaccurate or incomplete as soon as practicable.
You can access, update and correct your personal information anytime by accessing your account registered with us through the website or mobile application (if applicable). If you do not have an account with us, you may contact us (please see Section 14 (Contact Details and DPO). We will respond to your update and/or correct request as soon as reasonably possible, an in any event no later than within ten (10) days of receiving such update and/or correct request.
Subject to the PDPA, we will respond to access requests within a reasonable time (and in any event no later than within thirty (30) days of receiving such access request. We may charge a fee for processing your request for access. Such a fee would depend on the nature and complexity of your access request.
If you are a resident in the EU or UK, see the 'Additional Information for EU/UK Residents' section below for information on access, update and correction requests under the GDPR/ UK GDPR.
When you visit our website(s) and/or mobile application(s), our servers will automatically record information that is sent whenever you visit a website or mobile application. This data may include: (a) your computer’s IP address; (b) your browser type; (c) the webpage you were visiting before you visited the relevant website; (d) the pages within the website or mobile application which you visit; and/or (e) the time spent on such pages, item and information searched for in the website or mobile application, access time and dates, and other statistics.
A cookie does not give us access to your computer. Most internet browsers automatically accept cookies, but you can usually modify your browser settings according to your preference. If you choose not to accept cookies, you may not be able to experience all of the features of our website(s) and mobile application(s).
12. Other Websites. Our website(s) and mobile application(s) may contain links to other websites which are owned or operated by third parties, and which are not under our control. We are not responsible for the content on any such website, or the consequences of accessing or using any such website (including the protection and privacy of any information which you provide whilst visiting such sites) and such sites are not governed by this statement. You agree that your access to or use of such websites is entirely at your own risk. When visiting these third-party websites, you should read their privacy policies which will apply to your use of the websites.
13. Updates to this Policy. We will amend this Policy from time to time, and the updated versions will be posted on our website and/or mobile application; and date stamped so that you are aware of when the Policy was last updated. Please check back frequently to see any updates or changes to this Policy. If we make any material changes to this Policy, we will provide notice, for example, by way of a banner on our website. Subject to applicable laws, the English version of this Policy will prevail over any version of this Policy in another language.
14. Contact Details and DPO. If you have any enquiries, comments or suggestions about how we collect, use or disclose your personal data or this Policy, or would like to receive information about your personal data which we retain, please contact our Data Protection Officer by email at firstname.lastname@example.org.
15. Relevant Group Entities. This Policy describes how one or more of the following Group entities process your personal data:
Keppel Land International (Management) Pte Ltd
1 Harbourfront Avenue
Level 2, Keppel Bay Tower, Singapore 098632
Keppel Land Retail Consultancy Pte Ltd
Keppel Land Real Estate Services Pte Ltd
Keppel Bay Pte Ltd
Living Solutions Holdings Pte Ltd
KLOUD Space Solutions Pte Ltd
Parksville Development Pte Ltd
Additional Information for EU/UK Residents
I. Basis for handling personal information. We need to ensure that there is a legal basis under the GDPR/UK GDPR (as applicable) to justify our processing of your personal information. There are a number of different ways that we are lawfully able to process your personal information. We will only process your personal data if and to the extent that at least one of the following legal bases apply. We have set these out below with reference to each of the purposes set out under Section 5 (Purposes) above. Most commonly we will use your personal data in the following circumstances:
- Where you have consented before the processing.
- Where we need to perform a contract we are about to enter or have entered with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Consent means processing your personal data where you have signified your agreement by a statement or clear opt-in to processing for a specific purpose.
Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Legitimate Interest means the interest of our business in conducting and managing our business and generating revenue to enable us to give you the best service and to grow and develop our business and our service offerings. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
See the table below to find out more about the types of legal basis that we will rely on to process your personal data. Section 3 above sets out the detail of the types of personal data we collect and process for these purposes.
II. Transfer of Personal Data Overseas. As indicated in Section 7 (Transfer of Personal Data Overseas) above, your personal data will be stored in a country outside of the EU/UK (as applicable), Singapore. In any event where your personal data is stored in a country outside of the EU/UK, and in this case including with reference to onward transfers within Singapore or to entities outside of Singapore, where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that any such transfers are undertaken in accordance with applicable data protection and privacy laws and that your data is treated securely and in accordance with this Policy.
However, please note that where personal data is stored in another country, it may be accessible to law enforcement agencies in accordance with domestic laws.
III. Your Rights. You have various rights in relation to the data which we hold about you as described below.
To get in touch with us about any of your rights under applicable data protection laws, please use the contact details set out above. We will seek to deal with your request without undue delay, and in any event within any time limits provided for in applicable data protection law (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
a) Right to object
This right enables you to object to us processing your personal data where we do so for one of the following reasons:
- because it is in our legitimate interests to do so;
- to enable us to perform a task in the public interest or exercise official authority;
- to send you direct marketing materials; or
- for scientific, historical, research, or statistical purposes.
b) Right to withdraw consent
If we obtain your consent to process your personal data for any activities, you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. You can withdraw your consent by using the contact details provided at Section 14 (Contact Details and DPO) above. Please note that if you withdraw your consent, this does not impact the lawfulness of our processing on the basis of consent before the consent was withdrawn.
c) Right to access a copy of your data
You may ask us for confirmation of the processing of your personal data, or a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
d) Right to erasure
You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:
- the data are no longer necessary;
- you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
- the data has been processed unlawfully;
- it is necessary for the data to be erased in order for us to comply with our obligations under law; or
- you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
e) Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
f) Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
g) Right of data portability
If you wish, you have the right to transfer your personal data between service providers and receive a copy of your data. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.
h) Rights in relation to automated decision making
You have the right to object to being subject to a decision based on solely automated processing where this decision adversely affects your legal rights. Where we use your personal data for automated decision making, we will ensure to give you specific information about that processing, and you will have the right to challenge and request a review of the decision.
i) Right to complain
You also have the right to complain to your data protection authority.
In the UK the data protection authority is the Information Commissioner's Office. You can contact them in the following ways:
- Phone: 0303 123 1113
- Email: email@example.com
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
If the relevant data protection authority is in the EU, please contact the data protection authority in the relevant country.