Data Protection and Privacy Notice

Data Protection and Privacy Notice
STATEMENT
  1. Introduction
    We at Edenred Pte. Ltd. (“Edenred”) respect the privacy and confidentiality of the personal data of our clients, customers, associates, partners, visitors, and other individuals whom we interact with from time to time or in the course of providing our products and services. We are committed to implementing policies, practices, and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act 2012 (“PDPA”).
  2. How Do We Collect your Personal Data
    Personal data refers to any information that can uniquely identify an individual person either (a) on its own (e.g. NRIC No., FIN No.), or (b) when combined with other information (e.g. Full Name + Full Address).
    We collect your personal data when you:

    • Visit our websites and leave behind your contact information;
    • Provide us with feedback on our services or quality of service;
    • Communicate with us via emails or written correspondences;
    • When you submit forms relating to any of our products or services;
    • When you register for or use any of our services on websites owned or operated by us or when you register as a member of websites owned and/or operated by us, or use services on such websites;
    • When you interact with our customer service officers;
    • When you use some of our services, e.g. our subscription service;
    • When you establish any online accounts with us;
    • When you request that we contact you;
    • When you are contacted by, and respond to, our marketing representatives and agents;
    • When you respond to our request for additional Personal Data
    • When you ask to be included in an email or other mailing list;
    • When you respond to our promotions and other initiatives;
    • When we receive references from business partners and third parties, for example, where you have been referred by them;
    • When you submit your Personal Data to us for any other reason.
  3. Why Do We Collect Your Personal Data
    • Responding to your queries and requests and responding to complaints;
    • Managing the infrastructure and business operations of Edenred and complying with internal policies and procedures;
    • Facilitating business asset transactions (which may extend to any merger, acquisition or asset sale;
    • Matching any Personal Data held which relates to you for any of the purposes listed herein;
    • Verifying your identity;
    • Preventing, detecting and investigating crime, including fraud and money-laundering, and analyzing and managing other commercial risks;
    • Protecting and enforcing our contractual and legal rights and obligations;
    • Conducting audits, reviews and analysis of our internal processes, action planning and managing commercial risks;
    • Preventing, detecting and investigating crime and managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances
    • Compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities; and/or
    • Any other purpose relating to any of the above.
  4. Types of Personal Data We Collect
    The types of personal data we collect about you include:

    • Personal contact information (Name, Address, Phone No., Email Address)
  5. How Do We Use Your Personal Data
    We use the personal data you provide us for one or more of the following purposes:

    • Investigate complaints, claims and disputes
    • Manage and improve our business and operations to serve you better or enhance client experience
    • Fulfil legal requirements
  6. Who Do We Disclose Your Personal Data To
    We disclose some of the personal data you provide us to the following entities or organizations outside Edenred in order to fulfil our services to you:

    • Our associated and affiliated companies
      Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.
  7. How Do We Manage the Collection, Use and Disclosure of Your Personal Data
    • Obtaining Consent
      Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.

      Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you submit a job application form or your CV to our HR Department.

    • Withdrawal of Consent
      If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to contact you relating to our new services or follow up with you on our client-related matters.

      Your request for withdrawal of consent can take the form of an email or letter to us.

    • Use of Cookies
      We may use “cookies” to collect information about your online activity on our website or online services. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognize you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website or when you fill in electronic forms.

      Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of your computer at the end of the session.

      You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.

  8. How Do We Ensure the Accuracy of Your Personal Data
    We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete and kept up-to-date.

    From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).

  9. How Do We Protect Your Personal Data
    We have implemented appropriate information security and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorized alteration/modification, access, disclosure; or similar risks.

    We have also put in place reasonable and appropriate organizational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorized persons on a ‘need to know’ basis.

    We have also put in place appropriate encryption solution to protect your personal data we store and/or transmit. Such encryption solutions are under review in accordance with the technology advancement. Our employees are educated from time to time on the use and importance of encryption to ensure your personal are well protected through.

  10. How Do We Retain Your Personal Data
    We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.

    We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.

  11. How You Can Access and Make Correction to Your Personal Data
    You may write to us to find out what personal data about you that we have in our possession or under our control and how it may have been used and/or disclosed by us in the previous one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.

    If you find that the personal data we hold about you is inaccurate, incomplete or not up-to-date, you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.

  12. Contacting Us
    If you have any query or feedback regarding this Data Protection Notice, or any complaint you have relating to how we manage your personal data, you may contact us through our Data Subject Access Request‘s webform.

    Any query or complaint should include, at least, the following details:

    • Your full name and contact information
    • Brief description of your query or complaint

    We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.

  13. Changes to this Data Protection Notice
    We may update this Data Protection Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to view the latest notice or changes.

    Changes to this Notice take effect as and when they are posted on our website.

  14. More Information on PDPA
    For more information about PDPA generally, please visit the Personal Data Protection Commission’s website at http://www.pdpc.gov.sg.
Effective Date: 13 April 2022
Last Updated: 13 April 2022
Version: 1.0