1. ABOUT THIS POLICY
1.3. This policy sets out the manner in which and for what purposes we collect, use, disclose and process your personal data when you access or use our websites, applications and services (“Platforms”) or when you otherwise provide us with your personal data, regardless of the medium through which such personal data is provided.
3. COLLECTING PERSONAL DATA
3.1. What is personal data? “Personal data” is data that can be used to identify a natural person. Examples of personal data include name, address, contact details, identification numbers, financial information, transactional information based on your activities on our Platforms, telephone numbers, email address, images, and any other information of a personal nature.
3.2. Voluntary provision of personal data. We collect personal data that you voluntarily provide to us. What personal data we collect depends on the purposes for which the personal data is collected and what you have chosen to provide.
You can choose not to provide us with personal data. You also have the right to withdraw your consent for us to continue collecting, using, disclosing and processing your personal data, by contacting us as outlined in Clause 9.1. However, if you do withdraw your consent, it may then not be possible for us to fulfil the purposes for which we require the personal data, including processing your transactions or providing you with the products and services that you require.
3.4. Accuracy and completeness of personal data. You are responsible for ensuring that all personal data that you provide is true, accurate and complete, and to inform us of any changes to your personal data.
3.5. Minors. Our Platforms are not intended to be accessed or used by children, minors or persons who are not of legal age. If you are a parent or guardian and you have reason to believe your child or ward has provided us with their personal data without your consent, please contact us.
4. HOW WE COLLECT PERSONAL DATA
4.1. Personal data you provide. We collect personal data that is relevant to our relationship with you. We may collect your personal data directly or indirectly through various channels, such as when:
4.1.1. you provide us with your personal data for whatever reasons;
4.1.2. you authorise us to obtain your personal data from a third party;
4.1.3. you register for a user account on our Platforms;
4.1.4. you download or use our Platforms;
4.1.5. you transact with us, contact us or request that we contact you through various communication channels, for example, through social media platforms, messenger platforms, face-to-face meetings, telephone calls, emails, fax and letters;
4.1.6. you request to be included in an email or our mailing list;
4.1.7. your images are captured via CCTV cameras while you are within our premises;
4.1.8. your images are captured via photographs or videos taken by us or our representatives when you attend events organised by us;
4.1.9. when you participate in competitions, contests or games organised by us;
4.1.10. when you attend events or functions organised by us;
4.1.11. we seek information about you and receive your personal data in connection with your relationship with us, for example, if you are an investor or shareholder of Shenton Insurance Brokers; and / or
4.1.12. you submit an application for employment, internship or secondment, or when you provide documents or information including your resume in connection with any application.
4.2. Personal data provided by others. Depending on your relationship with us, we may also collect your personal data from third party sources, for example:
4.2.1. from our business partners such as third parties providing advertising, marketing and promotional services to us;
4.2.2. from your referees, educational institutions or previous employers (if you have applied to us for a job);
4.2.3. from your family members or friends who provide your personal data to us on your behalf; and / or
4.2.4. from public agencies or other public sources.
4.3. Automated Data Collection Technologies. Our Platforms may contain or we may deploy certain technologies (including those described below) that collect data from you, such as your Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Platforms that you visit, the time and date of your visit, your time spent on our Platforms, unique device identifiers and other diagnostic data.
4.3.2. Flash cookies. Certain features of our Platforms may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Platforms. In contrast to normal cookies, these cookies are not created and saved by the web browser but are governed by the Adobe Flash plug-in. These can contain more information than normal cookies and cannot be deleted or disabled via the browser; this is only possible using tools such as the Adobe Flash Player. You can also obtain more information about these cookies on their website.
4.3.4. Web Tracking Beacons and tracking links. Web beacons (also known as pixel tags and clean GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in our Platforms. In conjunction with cookies, these are primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites, as well as finding out if an e-mail has been received and opened and to see if there has been any response.
4.3.5. Third Party Analytical Tools. Our analytical tools include third party tools. We do not control these third parties, their technologies or how they may collect and use information through their tools.
Please do not use our Platforms if you do not wish to have your data collected through such means. Alternatively, you may also disable the operation of these technologies on your devices where it is possible to do so. Our Platforms do not support Do Not Track (“DNT“). However, you may enable or disable DNT, if supported by your web browser, by enabling or disabling this feature in the preferences or settings page of your web browser.
5. WHAT WE DO WITH PERSONAL DATA
5.1. What we do. We collect, use, disclose and process your personal data where:
5.1.1. you have given us consent;
5.1.2. necessary to comply with our legal or regulatory obligations, e.g. responding to valid requests from public authorities;
5.1.3. necessary to support our legitimate business interests, provided that this does not override your interests or rights; and
5.1.4. necessary to perform a transaction you have entered into with us, or provide a service that you have requested or require from us.
5.2. Purposes. Generally, we collect, use, disclose and process your personal data for purposes connected or relevant to our business, or to manage your relationship with us. Such purposes would include:
5.2.1. carrying out such transactions or taking steps as may be directed by you;
5.2.2. providing and maintaining our Platforms;
5.2.3. facilitating your use of our Platforms;
5.2.4. monitoring the usage of our Plaforms;
5.2.5. verifying and establishing your identity;
5.2.6. authenticating, operating and maintaining user accounts;
5.2.7. managing the safety and security of our premises;
5.2.8. facilitating business asset transactions;
5.2.9. communicating with you and assisting you with your enquiries, feedback, complaints, disputes and requests;
5.2.10. resolving any disputes, investigating any complaint, claim or dispute or ay actual or suspected illegal or unlawful conduct;
5.2.11. administrative purposes, e.g. accounting, risk management and record keeping, business research, data, planning and statistical analysis, and staff training;
5.2.12. security purposes, e.g. protecting our Platforms from unauthorised access or usage and to monitor for security threats;
5.2.13. performing data analytics and related technologies on data, to enable us to deliver relevant content and information to you, and to improve our Platforms;
5.2.14. managing and engaging third parties or data processors that provide services to us, e.g. IT services, delivery services, messaging marketing, and other professional services;
5.2.15. carrying out our legitimate business interests (listed below);
5.2.16. such purposes that may be informed to you when your personal data is collected; and / or
5.2.17. other reasonable purposes related to the above.
5.3. Legitimate business interests. Our legitimate business interests include to:
5.3.1. managing our business and relationship with you, and providing services to, our users and customers;
5.3.2. protecting our rights and interests and those of our users and customers;
5.3.3. preventing and investigating possible misuse of our Platforms;
5.3.4. complying with legal or regulatory obligations, internal policies and procedures;
5.3.5. enforcing our terms and conditions and obligations owed to us, or protecting ourselves from legal liability;
5.3.6. offer additional employment opportunities to job seekers or employees of Shenton Insurance Brokers;
5.3.7. manage our investor and shareholder relations; and
5.3.8. process or share your personal data to facilitate acquisitions, mergers or transfers of our business.
5.4. Marketing purposes. If you have provided us with your consent, we may use your personal data for the purposes of marketing our products, events and services and those of our strategic partners and business associates. e.g. by sending you marketing communications. In order for us to market products, events and services which are of specific interest and relevance to you, we may analyse and rely on your personal data provided to us, or data collected from your interactions with us.
5.5. Use permitted under applicable laws. We may also collect, use, disclose and process your personal data for other purposes, without your knowledge or consent, where this is required or permitted by law.
5.6. Contacting you. When using your personal data to contact you for the above purposes, we may contact you via e-mail, telephone or any other means. We will not contact you for marketing purposes unless with your consent, or we are exempted by applicable law from having to obtain consent. If you do not wish to receive any communication or information from us, or wish to restrict the manner by which we may contact or send you information, you may contact us.
6. DISCLOSURE OF PERSONAL DATA
6.1. Disclosure to related parties. We may disclose or share your personal data with our related organisations or business partners in connection with the purposes described in Clause 5 above.
6.2. Disclosure to third parties. We may also disclose your personal data to third parties in connection with purposes described in Clause 5, including without limitation the following circumstances:
6.2.1. disclosing your personal data to third parties who provide services to us (including, but not limited to, data providers, technology providers, insurance providers, financial institutions, credit card payment processors and auditors);
6.2.2. disclosing your personal data to third parties in order to fulfil such third party products and / or services as may be requested or directed by you;
6.2.3. disclosing your personal data to third parties that we conduct joint marketing ad cross promotions with; and
6.2.4. disclosing your personal data to authorities, governments, law enforcement agencies or public agencies.
6.3. When disclosing personal data to third parties, we will (where appropriate and permissible) enter into contracts with these third parties to protect your personal data in a manner that is consistent with all applicable laws and / or ensure that they only process your personal data in accordance with our instructions.
7. CROSS-JURISDICTIONAL TRANSFERS
7.1. Transfers. We may transfer your personal data to different jurisdictions in connection with the purpose described in Clause 5:
7.1.1. from the jurisdiction where it is collected (or where you are located) to any jurisdictions that we operate in; and
7.1.2. to third parties in other jurisdictions.
7.2. Safeguards. Where we transfer your personal data across jurisdictions, we will ensure that your personal data is treated securely in accordance with this policy and applicable laws regardless of the jurisdictions they are transferred to. For example, we may enter into contracts with recipients to protect your personal data. You may obtain details of these safeguards by contacting us.
8. PROTECTION OF PERSONAL DATA
8.1. Unauthorised access. While we take reasonable precautions to safeguard your personal data in our possession or under our control, you agree not to hold us liable or responsible for any loss or damage resulting from unauthorised or unintended access that is beyond our control, such as hacking or cybercrimes.
8.2. Vulnerabilities. We do not provide any guarantee against security breaches, nor do we make any warranty, guarantee, or representation that your use of our Platforms is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. We also do not guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.
8.3. Period of retention. We retain your personal data only for as long as is necessary to fulfil the purposes we collected it for, and to satisfy our business and / or legal purposes, including data analytics, audit, accounting or reporting purposes. How long we keep your personal data depends on the nature of the data, e.g. we keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings. Some information may also be retained for longer, e.g. where we are required to do so by law.
8.4. Anonymised data. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we are entitled to retain and use such data without restriction.
9. YOUR RIGHTS
9.1. Rights you may enjoy. You may enjoy certain rights at law in relation to our collection, use, disclosure and processing of your personal data. Such rights include:
9.1.1. Access: you may ask us if we hold your personal data and, if we do, you may request access to your personal data. This enables you to receive a copy of and information on the personal data we hold about you.
9.1.2. Correction: you may request that any incomplete or inaccurate personal data we hold about you in corrected.
9.1.3. Withdrawal of consent: you may withdraw consent for our use of your personal data.
If you wish to exercise your rights, you may contact us to do so. We may require that you submit certain forms or provide certain information to process your request. Where permitted by law, we may also charge you a fee to process your request.
9.2. Limitations. We may be permitted under applicable laws to refuse a request. For example, we may refuse (a) a request for erasure; or (b) an objection request and continue processing your personal data based on compelling legitimate grounds for the processing.
9.3. Complaints. If you are of the opinion that we have not complied with this policy or we have infringed applicable data protection laws, we encourage you to contact us so that we can resolve your concerns.
10. CONTACT US
When you contact us, we may require that you submit certain forms or provide certain information, including verification of your identity, before we are able to respond.