Updated as at: August 24, 2021
Opal Fintech Pte. Ltd. (trading as Opal) (“we”, “us”, “our”, or “Opal”) respects the privacy and confidentiality of the personal data of our customers and others who have business dealings with us. We are committed to the implementation of policies, practices and processes to safeguard the collection, use and disclosure of the personal data provided to us, in compliance with the Personal Data Protection Act 2012 (“PDPA”) of Singapore.
We have developed this Personal Data Protection Policy (“Policy”) to assist you in understanding how we collect, use, disclose, process and retain your personal data with us.
We may update this Policy from time to time to ensure its consistency with our business operations, future development, industry trends and/or changes in legal or regulatory requirements. As such, you are encouraged to visit our website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
- Scope and Consent
By signing up for, accessing or using any product, service, content, features, technologies or functions offered on this website and its related sites, you confirm that you have read this Policy and that you accept the terms of this Policy. By using our services, interacting with us, submitting information to us and/or registering for an account, you also confirm that you have read this Policy and consent to our collection, use, disclosure and retention of your personal data as described in this Policy and in our Terms and Conditions.
The consent you give us under this Policy shall be in addition to any other consents you may have previously given to us in respect of your personal data.
- How We Collect Your Personal Data
The PDPA defines personal data as “data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access”. We do not consider personal data to include data that has been made anonymous or aggregated so that it can no longer be used, whether in combination with other information or otherwise, to identify an individual.
We collect personal data from you and the devices (including mobile devices) you use to access or use our services. You should ensure that all personal data submitted to us is complete, accurate, true and correct. If you fail to do so, we may be unable to provide you with the products and services you have requested.
- Types of Personal Data We Collect About You
The types of personal data we collect about you may include:
- Information collected automatically
We collect information about your interaction with our website and services, advertising, mobile notifications or e-mail communications. This is typically data we receive from your computer or other devices (including mobile devices) and includes:
- Device ID or unique identifier, device type, unique device token;
- geo-location information, including location information from your mobile device;
- computer and connection information; and
- statistics on page views, traffic to and from the sites, referral URL, IP address and web log information.
You may also be presented with an additional notice when using our services explaining any additional information we may collect from you that is not listed in this Policy.
- Information you give us when using our services
Such types of information include:
- identity-related information that you provide us when you register an account, including your name, physical address, email address, telephone and/or mobile phone number, business seller information, and identity-related information of the directors and executive officers of your corporate body authorised to operate your account;
- unique identification number (e.g. NRIC or password number), as required under applicable law.
- financial information such as your bank account information, credit card, or debit card;
- transactional information based on your activities conducted on our website and other related sites and through our services (such as information on your transactions and other content you generate or that relates to your account);
- shipping, billing and other information you provide to purchase or list a product or goods via our services;
- information provided through chats, dispute resolution, referral services, or added to a web form or when adding/updating your account information, or provided when you correspond through our sites and services, or where you correspond with our customer service team; and
- any additional information that we may ask you to provide in order to verify your account or listings.
- Information from other sources
We may combine information you give us with information we collect from other sources and use it for the purposes as stated in Section 5 of this Policy.
We may also obtain information about you from third parties. This may include:
- publicly available demographic information;
- additional contact information, user information or account information (including third-party account information) and other information required to verify you or your business’s identity or user information to assess fraud;
- your contact and professional details (e.g., your name, company, position, contact details and professional experience, preferences and interests) from business partners or services provides,
- credit check information;
- information from credit bureaus and financial institutions; and
- analytics data from your usage of our services
You may choose to provide us with access to certain personal data stored by third parties such as social media sites. The information we may receive varies by site and is controlled by that site. By associating an account managed by a third party with your account and authorising us to have access to this information, you agree that we may collect, use and share this information in accordance with this Policy.
As we rely on your personal data in our dealings with, and to provide products and services to, you, you shall ensure that at all times the information provided by you to us is correct, accurate and complete. You shall update us in a timely manner of all changes to the information provided to us.
Where you provide personal data relating to a third party (e.g. your kin or any person that you nominate to correspond, or receive delivery of services, for and on your behalf) to us, you represent and warrant that the consent of that third party has been obtained for the collection, use and disclosure of his personal data for the purposes as stated in Section 5 of this Policy.
- How We Use Your Personal Data
We collect personal data for our core business purposes, and we may use the personal data we have collected about you for one or more of the following purposes:
- verifying your identity, including during account creation, password reset process and other actions that require identity verification;
- verifying your eligibility to register as a good faith user of the account (including detection and verification of any anti-money laundering, counter-terrorist financing or other unlawful activities) or to legally use any of the features and functions of the account;
- processing your registration as a user, allowing you to log-in using your account log-in ID and maintain and managing your registration;
- providing you with an account and related customer services, including, fund transfer, facilitating the settlement of purchase price for goods and services, charge-backs, sending notices about your transactions, and responding to your queries, feedback, claims or disputes;
- improving and expanding our offerings and services by way of research and development of new functions on your account or other new products and services that we may offer from time to time;
- performing research, statistical analysis or surveys, whether orally or in writing, in order to manage and protect our business including our information technology infrastructure, to measure the performance of your account and other services we offer and to ensure your satisfaction with our services;
- analysing trends, usages and other behaviours (whether on an individualised or aggregate basis), which helps us better understand how you and our collective user base access and use accounts and the underlying commercial activities conducted, including for purposes of improving our services and responding to customer queries and preferences;
- subject to having obtained your consent in accordance with applicable laws and regulations, we may provide you with direct marketing information relating to products and services offered by us or selected third parties, by means of contacting you with your personal data, including your telephone number, email address, physical address, social and media accounts;
- we may also conduct automated-decision making processes in accordance with any of the purposes herein mentioned in this Policy;
- managing risk, performing creditworthiness and solvency checks, or assessing, detecting, investigating, preventing and/or remediating fraud or other potentially prohibited or illegal activities and otherwise protecting the integrity of our platform and website;
- detecting, investigating, preventing or remediating violations of our terms and conditions relating to the services we provide you, any other applicable internal policies, relevant industry standards, guidelines, laws or regulations;
- making such disclosures as may be authorised by applicable laws and regulations of any country applicable to us or our affiliates, government official or other third parties, including any card association or other payment network. Disclosures may also be made pursuant to any court order, regulatory requests or other legal process or requirement in any country applicable to us or our affiliates;
- making such disclosure as may be authorised by applicable laws and regulations to prevent any harm or financial loss, to report any suspected illegal activity or to deal with any claim or potential claim brought against us or our affiliates.
- enabling due diligence and other appraisals or evaluations for actual or proposed merger, acquisition, financing transactions or joint ventures; and
- any other legitimate business purposes, such as protecting you and other users with an account from losses, maintaining the security or our systems and services, and protecting any of our other rights and/or properties.
We may also use your personal data in other ways for which we provide specific notice to you at the time of collection and for which you have subsequently consented (unless an exception under the PDPA or law exempts us from obtaining your consent)
We may collect, use or disclose your personal data for the purposes listed in this Section 5 even in situations where your relationship with us (e.g. pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you). Your personal data is retained as long as the purpose for which it was collected remains and until it is no longer necessary for any other legal or business purposes.
- To Whom We Disclose Your Personal Data
We may from time to time disclose your personal data to any personnel of our group or to third parties, whether located in Singapore or elsewhere, in order to carry out the purposes set out above in Section 5 of this Policy. We may disclose your personal data to:
- agents, contractors, partners or third-party service providers (including their employees, directors and offices) who provide operational, administrative or other services to us; the services they provide to us may include, where approved by applicable laws and regulations, fraud prevention, remittance, currency exchange, bill collection, data entry, database management, website hosting, software development, promotion, marketing, customer service, technology services, products and services alerts, payment extension services or any other services in connection with Opal’s business operations;
- any other person or entity (including its associated companies or affiliates, employees, directors and officers) who had established or proposes to establish any business relationship with Opal or perform services complementary to our own.
- business partners, investors, assignees or transferees (actual or prospective) to facilitate business transactions (including but not limited to any merger, acquisition or asset sale);
- merchants and other organizations, such as card associations, payment networks or financial institutions, to whom or through which payments are made using the account, or such other entities to enable your use of the account;
- professional advisers, law enforcement agencies, insurers, government and regulatory authorities or any other organizations to which we are under an obligation to make disclosures under the requirements of any applicable law, regulation or commercial arrangement, including arrangements with any card association or payment network; and
- any other party to whom you authorise us to disclose your personal data.
It should be noted that we may transfer, store, process and/or deal with your personal data outside Singapore, but we will ensure that your personal data will be provided a similar standard of protection with applicable laws and regulations, including but not limited to the PDPA. In any case, we will comply with applicable laws and regulations, including but not limited to the PDPA.
- How We Manage Your Personal Data
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. If you wish to withdraw consent, you should give us reasonable advance notice. You have to be aware, though, of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to continue corresponding with you. Your withdrawal may be considered a termination by you of any contractual relationship which you may have with us, and a breach of your contractual obligations or undertakings, and our legal rights and remedies in such event are expressly reserved.
Your request for withdrawal of consent can take the form of an email or letter to us at the contact details provided below in Section 13 below.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws and regulations.
- How You Can Access and Make Correction to Your Personal Data
You may write in to us, based on reasonable grounds, to: (i) find out what personal data we hold about you; (ii) find out how we have been using or disclosing your personal data within the last year; and (iii) correct an error or omission in your personal data that is in our possession or under our control. Before we accede to your request, we may need to verify your identity. We will try to respond to your request within 30 days. If we are unable to do so, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the effort involved in retrieving your records pursuant to your access request.
- How We Ensure the Accuracy of Your Personal Data
We will take reasonable precautions and verification checks to ensure that the personal data we collect from you is accurate, complete and up-to-date. You should be aware, however, that no method of transmission over the internet or method of electronic storage is completely secure. From time to time, we may do a verification exercise with you so as to allow you to update us on any changes to your personal data.
- How We Protect Your Personal Data
We will take reasonable security arrangements to protect your personal data that is in our possession or control to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. We will take reasonable and appropriate measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a ‘need to know’ basis after obtaining your consent to do so unless an exception under the PDPA or law applies
Third-parties engaged by us to process and maintain your personal data on our behalf will be bound by contractual information security arrangements we have with them to protect your personal data that is in their possession or control.
- How We Retain Your Personal Data
We will not retain any of your personal data under our charge when it is no longer necessary for any business or legal purposes and the purpose for which the personal data was collected is no longer being served by retention of the personal data. Certain retention periods are based on statutory or regulatory requirements. We will ensure that your personal data that no longer has any business or legal use will be destroyed or disposed of in a secure manner. This applies to both paper documents and electronic data stored in databases.
- Cookies and Websites
A pixel tag, also known as a web beacon, is an invisible tag placed on certain pages of our website but not on your computer. Pixel tags are usually used in conjunction with cookies and are used to monitor the behaviour of users visiting the website.
You may set up your web browser to block cookies which will in turn disable the pixel tags from monitoring your website visit. You may also remove cookies stored from your computer or mobile device. However, if you do block cookies and pixel tags, you may not be able to use certain features and functions of our website.
Our website may contain links to other websites which are not maintained by us. This Policy only applies to the website of Opal. When visiting these third party websites, you should read their privacy policies which will apply to your use of the websites. We have no control over the content of and the information contained in those websites, and accept no responsibility for any loss or damage that may arise from your use of them.
- How to Contact Us
If you have any query or feedback regarding this Policy, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer at:
Data Protection Officer
190 Clemenceau Avenue, #06-11, Singapore 239924
Contact Number: +65 67088276
Email Address: firstname.lastname@example.org
We treat such queries and complaints seriously and will deal with them confidentially and within reasonable time.
- Governing Law
This Policy is governed by the laws of the Republic of Singapore. You agree to submit to the exclusive jurisdiction of the courts of the Republic of Singapore in any dispute relating to this Policy.
- Effect of Policy and Changes to Policy
This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
We may revise this Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.