CROSSINVEST (ASIA) PTE. LTD.
SINGAPORE DATA PROTECTION NOTICE
Your privacy is of utmost importance to us.
This data protection notice (the “Notice”) outlines how we collect, use, store and disclose your personal data in accordance with the Personal Data Protection Act (“PDPA”). The PDPA strives to protect personal data of individuals. Please take a moment to read about how we collect, use and/or disclose your personal data so that you know and understand the purposes for which we may collect, use and/or disclose your personal data.
This Notice supplements but does not supersede nor replace any other consent which you may have previously provided to us nor does it affect any rights that we may have at law in connection with the collection, use and/or disclosure of your personal data. We may from time to time update this Notice to ensure that this Notice is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, the prevailing terms of this Notice shall apply. For the avoidance of doubt, this Notice forms part of the terms and conditions governing your relationship with us and should be read in conjunction with such terms and conditions.
What is Personal Data?
Personal data refers to any data or information about you from which you can be identified either (a) from that data or (b) from that data and other information to which we have or are likely to have access. Depending on your relationship with us (e.g. prospective or current client, employee or business partner), the personal data about you that we may collect, use, store and disclose include:
- your contact details like your name, passport or other identification numbers, contact numbers, address, email;
- your personal details enabling us to evaluate and manage your client, employment or business relationship with us, e.g. your work experience, education, date of birth, bank details;
- your personal details enabling us to analyse your situation, determine suitable strategies and execute respective action, e.g. family status, financial status, transaction history;
- photos and videos of you from our events or office surveillances; and
- information about your use of our services and website, including cookies and IP address.
We Keep Your Personal Data Confidential and Secure
At each stage of data collection, use and disclosure, we implement physical, electronic, administrative and procedural safeguards to protect your personal data against loss, misuse, damage and unauthorized access, modifications or disclosures.
Purposes for Collection, Use and Disclosure of Your Personal Data
We collect, use and/or disclose your personal data to provide enhanced asset management services and/or family office services, including operations for these purposes. This may include the following (non-exhaustive) as applicable to the relationship we have with you:
- evaluating your standing, resources and capabilities to enter or maintain a relationship with you as a client, employee, business partner or other;
- analysing your financial situation and determining financial strategies and products suitable for you as our client;
- assessing and processing any applications, requests and instructions for financial products and services offered by us and/or other financial institutions or product providers for you as our client or prospective client;
- managing commercial and financial risks, including preventing, detecting and investigating crime, including fraud and any form of financial crime;
- reporting to you as our client on your financial situation and our performance of our services to you;
- evaluating your performance as our employee or business partner;
- updating you on developments in our services and special happenings;
- responding to your queries and requests and handling complaints;
- internal reporting and analysis related to our business operations;
- maintaining records of our interactions with you, through telephone recordings, documentation (hard copy and electronic), and
- any other purposes related to the above purposes.
If we wish to collect, use, retain and/or disclose your personal data for any other purposes, we will adequately seek your consent.
How We May Collect Your Personal Data
Generally, we may collect your personal data ourselves or through third parties in ways including the following:
- during our preliminary discussions with you to establish a new client relationship, enter into employment or for any other business relationship;
- when you interact with our employees, in particular with your Relationship Manager;
- when you communicate with us by email or telephone, your emails will be retained and we may monitor and/or record your voice calls to us;
- when you attend our events or enter our premises, we may take pictures or videos or you may be captured on our closed circuit television cameras surveillance;
- when you access our website;
- when you respond to our requests for additional personal data; or
- when you submit your personal data to us for any other reason.
When you access our website you generally do so anonymously. Your activity may however be monitored by Cookies or other navigational data. “Cookies” are small data files sent to your browser to store and track information about you when you enter our websites. The Cookie is used to track information such as the number of users and their frequency of use, profiles of users and their preferred sites. Our website uses Cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services. Should you wish to disable the Cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website. You are responsible for ensuring that the personal data you provide to us is accurate, complete, and not misleading and that such personal data is kept up to date. You acknowledge that failure on your part to do so may result in our inability to provide you with the products and services you have requested. To update your personal data, please reach out to your Relationship Manager or our Compliance Officer.
Where you provide us personal data concerning individuals other than yourself, you are responsible for obtaining all legally required consents from the concerned individuals and you shall retain proof of such consent(s), such proof to be provided to us upon our request.
If your personal data has to be transferred overseas, we will, where legally required, inform you of the extent to which your personal data will be protected, in the foreign jurisdiction(s) to which it will be transferred.
Who We May Disclose Your Personal Data to
Generally, we shall protect and keep confidential your personal data. We will disclose your personal data only with your consent, including your implicit consent where this is necessary for a specific service that you have requested for and/or agreed to, and for purposes that you have been informed about.
However, subject to applicable laws, we may disclose your personal data for the purposes set out above to parties such as those described below:
- banks, financial institutions, credit card companies and their respective service providers;
- companies providing services relating to insurance and/or reinsurance to us, and associations of insurance companies;
- agents, contractors or third party service providers who provide services to us such as telecommunications, information technology, payment, data processing, storage and archival;
- our professional advisers such as our auditors and lawyers; and
- regulators and authorities.
When we disclose your personal data to third parties, we will ensure that they are contractually bound to protect your personal data in accordance with applicable laws and regulations, save in cases where your personal data is shared with governmental agencies and regulators, or where your personal data is publicly available, or where use/disclosure of your personal data is otherwise legally mandated and exempted.
How Long We Keep Your Personal Data For
We shall store your personal data for as long as necessary to fulfil the purposes for which such data was collected, our business purposes, our internal and legal needs or as is otherwise legally required; in client relationships this is in general for seven years after a transaction or the end of the business relationship, as applicable.
Queries, Access/Correction Requests and Withdrawal of Consent
If you:
- have queries about our data protection processes and practices;
- wish to request access to and/or make corrections to your personal data in our possession or under our control; or
- wish to withdraw your consent to our collection, use or disclosure of your personal data,
please submit a written request (with supporting documents, if any) to our Compliance Officer at:
Crossinvest (Asia) Pte. Ltd.
Attn: Compliance
1 Phillip Street, #15-00
Royal One Phillip
Singapore 048692
Our Compliance Officer shall strive to respond to you within 30 days of your submission.
Please note that if you withdraw your consent to any or all use or disclosure of your personal data, depending on the nature of your request, we may not be in a position to continue to provide our services or products to you or administer any contractual relationship in place. Such withdrawal may also result in the termination of any agreement you may have with us. Our legal rights and remedies are expressly reserved in such event
If You Have A Complaint
We are committed to protecting your personal data. If, however, you should be dissatisfied with our handling of your personal data, please submit a written complaint containing details of your dissatisfaction to our Compliance Officer.
Our Compliance Officer shall acknowledge in writing the receipt of your complaint within 2 business days. Within 10 business days, our Compliance Officer shall contact you to provide you with an estimated time frame for our investigations and resolution of your complaint. If your complaint requires more time beyond such estimation to resolve due to its complexity, our Compliance Officer shall inform you accordingly on or before the expiry of the original estimated time frame.
In the event that the Compliance Officer’s investigations conclude with a solution that is dis-satisfactory to you, you may wish to contact our Chief Executive Officer at,
Email: relations@crossinvest.com.sg
Our Chief Executive Officer will acknowledge your complaint within 2 business days and strive to provide a satisfactory solution to you within 10 business days. In the unlikely event that we cannot reach an agreement with you, you may wish to refer your complaint to the Personal Data Protection Commission or consider dispute resolution by way of mediation.
This Notice is effective from July 2014.
The EU General Data Protection Regulation (GDPR)
The GDPR is a new legal framework from the EU that takes effect on May 25, 2018.
This law is designed to accomplish two main things:
- Unify the current data protection privacy laws throughout the EU, and
- Enhance the rights of citizens of the EU to protect their personal information
REGULATIONS
- This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
- This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
- The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
POLICY
Crossinvest (“The Company”) is committed to processing data in accordance with its responsibilities under GDPR and protecting the rights and freedoms of data subjects; safely and securely processing your data in accordance with all of our legal obligations.
We hold personal data about our clients, employees, our partners and other individuals for a variety of business purposes. We are committed to protecting all personal information. The greater control over how personal information is used, that the GDPR strives to provide, is provided for under our personal data protection policies Singapore Personal Data Protection Act.
DATA PROTECTION PRINCIPLES
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
DATA MINIMISATION
- We have, when collecting personal data, ensured that all data collected is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
ACCURACY
- We take reasonable steps, at all times, to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps are always taken to ensure that personal data is kept up to date.
ARCHIVING/REMOVAL
- To ensure that personal data is kept for no longer than required or necessary, we have in place an archiving policy within the company.
- Our archiving policy states what data should/must be retained, for how long, and why.
SECURITY
- We always ensure that personal data is encrypted and securely stored and that it is kept-up-to-date.
- Access to personal data is limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information.
- All personal data collected is deleted where appropriate and is done so safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions are in place.
Queries, Access/Correction Requests and Withdrawal of Consent
If you have any queries, or you wish to access and/or correct your personal data, or you wish to withdraw your consent to our collection, use or disclosure of your personal data, please contact your Relationship Manager or submit a written request (with supporting documents, if any) to our Compliance Officer at:
Crossinvest (Asia) Pte. Ltd.
1 Phillip Street, #15-00
Royal One Phillip
Singapore 048692
Our Compliance Officer shall strive to respond to you within 30 days of your submission.
Please note that if you withdraw your consent to any or all use or disclosure of your personal data, depending on the nature of your request, we may not be in a position to continue to provide our services or products to you or administer any contractual relationship in place. Such withdrawal may result in the termination of any agreement you may have with us. All our rights are reserved in such event.
THE ABOVE GUIDELINE IS IN COMPLIANCE WITH THE EU REGULATIONS AND THE SINGAPORE DATA PROTECTION ACT
This Notice is effective from 25 MAY 2018